Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: pin dependencies with lockfile #729

Merged
merged 7 commits into from
Feb 4, 2023
Merged

chore: pin dependencies with lockfile #729

merged 7 commits into from
Feb 4, 2023

Conversation

Belco90
Copy link
Member

@Belco90 Belco90 commented Feb 2, 2023
edited
Loading

Checks

Changes

  • Pin dependencies with package-lock.json

Context

I'm tired of getting unexpected errors in CI because our dev dependencies aren't fixed by a lock file. I'm fixing them with the npm lock file.

In a follow-up PR, I'll set up Renovatebot to keep our dev dependencies up to date automatically for us (disabling dependabot too).

@Belco90 Belco90 added the chore Changes that affect the build system, CI config or other changes that don't modify src/test files label Feb 2, 2023
@Belco90 Belco90 self-assigned this Feb 2, 2023
@Belco90 Belco90 marked this pull request as ready for review February 2, 2023 11:18
@Belco90 Belco90 requested a review from a team February 2, 2023 13:52
MichaelDeBoey
MichaelDeBoey requested changes Feb 2, 2023
View reviewed changes
Copy link
Member

@MichaelDeBoey MichaelDeBoey left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why would you change to Renovatebot?
Dependabot would create PRs for updating as well once we have the lock file

package.json Outdated Show resolved Hide resolved
@Belco90 @MichaelDeBoey
Update package.json
a4bf4e3 
Co-authored-by: Michaël De Boey <[email protected]>
Signed-off-by: Mario Beltrán <[email protected]>
@Belco90
Copy link
Member Author

Belco90 commented Feb 3, 2023

@MichaelDeBoey Because Renovatebot is way smarter than Dependabot, has more granular control, and provides lockfile maintenance.

@MichaelDeBoey
Copy link
Member

@Belco90 Dependabot will update lock files as well

@Belco90
Copy link
Member Author

Belco90 commented Feb 3, 2023

@MichaelDeBoey Didn't mean just updating a dependency in the lockfile, but updating the lockfile regularly so transitive dependencies are deduped and up to date.

@Belco90 Belco90 requested review from MichaelDeBoey and a team February 3, 2023 18:12
@MichaelDeBoey
Copy link
Member

@Belco90 Dependabot does that as well

@Belco90
Copy link
Member Author

Belco90 commented Feb 4, 2023
edited
Loading

@Belco90 Dependabot does that as well

That's great! I'll check if Dependabot can do what we need then.

@Belco90 Belco90 merged commit e2c1a6f into main Feb 4, 2023
@Belco90 Belco90 deleted the pin_dependencies_with_lockfile branch February 4, 2023 10:14
@github-actions
Copy link

github-actions bot commented Feb 8, 2023

🎉 This PR is included in version 5.10.1 🎉

The release is available on:

Your semantic-release bot 📦🚀

@github-actions
Copy link

github-actions bot commented Aug 5, 2023

🎉 This PR is included in version 6.0.0-alpha.15 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MichaelDeBoey MichaelDeBoey MichaelDeBoey approved these changes

Assignees

@Belco90 Belco90

Labels
chore Changes that affect the build system, CI config or other changes that don't modify src/test files released on @alpha released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Belco90 @MichaelDeBoey