Skip to content

Pin dependencies #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Pin dependencies #776

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 6, 2024

This PR contains the following updates:

Package Type Update Change
@azure/identity (source) dependencies pin ^4.0.1 -> 4.4.1
@bufbuild/protobuf (source) dependencies pin ^1.10.0 -> 1.10.0
@connectrpc/connect (source) dependencies pin ^1.4.0 -> 1.4.0
@connectrpc/connect-fastify (source) dependencies pin ^1.4.0 -> 1.4.0
@connectrpc/connect-node (source) dependencies pin ^1.4.0 -> 1.4.0
fastify (source) dependencies pin ^4.28.1 -> 4.28.1
p-limit dependencies pin ^3.1.0 -> 3.1.0
proper-lockfile dependencies pin ^4.1.2 -> 4.1.2
shell-quote dependencies pin ^1.8.1 -> 1.8.1

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Sep 6, 2024
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from 037686d to 9860e9c Compare September 11, 2024 20:28
@ecraig12345
Copy link
Member

@kenotron FYI, I previously updated lage to pin most of its deps for the reasons outlined in the comment below. It seems like probably a good idea to keep that strategy unless you know of some reason it won't work now. (It doesn't appear to be causing dupes for the pinned packages based on the lock file updates.)

lage/renovate.json5

Lines 53 to 64 in 3fb589f

// lage bundles its dependencies, so any updates should to dependencies should be explicit
// so that they trigger a new lage version (with proper documentation of included updates).
// The standard approach of using ^ dependencies and allowing implicit updates via the lock file
// (which with a published bundle, are guaranteed to affect consumers) makes it very hard to
// track when an issue was introduced if it's discovered in another repo.
"rangeStrategy": "pin",
"matchFileNames": ["packages/**"], // ignore this for docs, scripts, root
"matchDepTypes": ["dependencies"],
// lage packages aren't an issue since they're within the repo and the latest version is always used
"excludePackagePrefixes": ["@lage-run/"],
// this is a runtime dependency of lage since it publishes binaries
"excludePackageNames": ["glob-hasher"]

@renovate renovate bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from c6958c7 to 7dec2cc Compare September 11, 2024 20:41
@renovate renovate bot requested a review from kenotron as a code owner September 11, 2024 20:41
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from d263719 to 406f693 Compare September 13, 2024 18:06
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from 85f7811 to 70bb5b4 Compare October 2, 2024 20:23
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 10 times, most recently from 73ce8f0 to ad72438 Compare October 9, 2024 17:21
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from ad72438 to aaf153a Compare October 10, 2024 20:13
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from 7a0ffce to 16e1b75 Compare March 8, 2025 02:31
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 12 times, most recently from dc449a3 to fb6526d Compare April 2, 2025 08:11
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 8 times, most recently from ece9c0c to 856206c Compare April 17, 2025 08:11
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from 64b5ce4 to 25f00ef Compare April 29, 2025 08:11
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from 21c811c to 0833f97 Compare May 6, 2025 15:59
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 0833f97 to 2055079 Compare May 6, 2025 20:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant