Version number of webpack-log dependency is incorrect

[svicalifornia]

Issue #310 rightly pointed out that the version 1.0.1 of webpack-log does not work with webpack-dev-middleware, so "^1.0.1" is an invalid semvar dependency specification for this package. "^1.0.1" indicates that version 1.0.1 should work, which is false. The resolution of "^1.0.1" to a later version of webpack-log on a fresh install is not a valid argument, for multiple reasons:

1. It disregards the semvar specification defining the meaning of the ^ syntax.
2. A fresh install of node_modules should not be required to use webpack-dev-middleware.
3. A project may have already installed version 1.0.1 (or some other version that matches "^1.0.1" yet is incompatible with webpack-dev-middleware), and therefore the correct later version (1.2.0) will not be installed.

As the reporter of #310 (somewhat snarkily) pointed out, this trouble could be avoided by you folks being good stewards of your package.json and updating the version number of webpack-log to match only the versions that are compatible with webpack-dev-middleware.

I will make it easy for you by contributing the PR momentarily.

[alexander-akait]

@svicalifornia why just doesn't update own packages?

[svicalifornia]

Telling people to blow away their node_modules and re-install is not only stupid but can also be dangerous. Due to inconsistencies in how npm modules use version numbers, you can never be sure that the updates you'll get will be safe, and sometimes you can't afford the full regression test required to validate the new updates.

The whole point of listing the dependencies in package.json is so that the package manager can decide what needs to be installed or upgraded. We shouldn't have to second-guess the package manager and force-update because your library didn't specify its dependencies correctly. If this package only works with webpack-log 1.2.0 and above, then you should specify that in package.json, and then npm/yarn would know when it needs to update that package if an older version is already installed.

The current version range "webpack-log": "^1.0.1" is not correct, because webpack-dev-middleware doesn't work with version webpack-log 1.0.1. This is not user error; this is just bad dependency specification. Please fix it.

[alexander-akait]

/cc @michael-ciniawsky

[svicalifornia]

My exasperation above resulted from reading through the first attempt to get this fixed in #310, seeing it dismissed for no good reason, and then seeing the same thing happen again when I re-raised the issue herein. I'm not understanding why there have been so many defenses or shrugs from the maintainers regarding a bad dependency spec, especially after it is reported by multiple users of this library.

[michael-ciniawsky]

There is no harm in bumping the dependency to start from ^1.2.0 (more the opposite) instead of ^1.0.1, especially when mutliple user report problems in this area. I don't really understand the fuss here :). Normally folks need to update there lockfiles if stuck on an outdated version correct, but the issue here is that 'outdated' means broken, so better bump the minimum to the last working version like in #318 which should get in asap 😛

[svicalifornia]

Thank you.