Remove packages pinning

[glensc]

Is your feature request related to a problem? Please describe.

your renovatebot integration pins dependencies which is also affecting downstream packages.
it's ok to pin your devDependencies, but pinning on dependencies has effect on downstream packages too, resulting duplicate instances in node_modules.

$ find node_modules -name value-or-promise
node_modules/value-or-promise
node_modules/@graphql-tools/mock/node_modules/value-or-promise
node_modules/@graphql-tools/schema/node_modules/value-or-promise

Describe the solution you'd like

Remove the version pinning and update your lock file only in your repo.

so currently:

• dependencies: value-or-promise "1.0.12"

future:

• value-or-promise "^1.0.0" (affects downstream packages)
• lockfile: value-or-promise "1.0.12" (does not affect downstream packages)

Describe alternatives you've considered

Additional context

[ardatan]

Would you create a PR for this change?

[glensc]

is the renovatebot also reconfigured not to pin back things? or it does that automatically if ranges are used?

[ardatan]

It respects ranges.