Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use pnpm@9 for lockfile >= 9.0 #9668

Merged
merged 1 commit into from May 6, 2024
Merged

Use pnpm@9 for lockfile >= 9.0 #9668

merged 1 commit into from May 6, 2024

Conversation

tusbar
Copy link
Contributor

@tusbar tusbar commented May 3, 2024

Related: #9522

@tusbar tusbar requested a review from a team as a code owner May 3, 2024 21:20
@tusbar tusbar force-pushed the support-pnpm-lockfile-9 branch 2 times, most recently from 608a521 to f8c0232 Compare May 3, 2024 21:37
pboling
pboling reviewed May 6, 2024
View reviewed changes
Copy link

@pboling pboling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, but perhaps perma-fix it?

npm_and_yarn/lib/dependabot/npm_and_yarn/helpers.rb
if pnpm_lockfile_version(pnpm_lock).to_f >= 6.0
if pnpm_lockfile_version(pnpm_lock).to_f >= 9.0
9
elsif pnpm_lockfile_version(pnpm_lock).to_f >= 6.0
8
elsif pnpm_lockfile_version(pnpm_lock).to_f >= 5.4
7
Copy link

@pboling pboling May 6, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might be better to invert the checks:

pnpm_version = pnpm_lockfile_version(pnpm_lock).to_f;

if pnpm_version < 5.4
  6
elsif pnpm_version < 6
  7
elsif pnpm_version < 9
  8
else
  pnpm_version.to_i
end

Then you'll likely never have to fix it again. ;). Just be done fixing it. @jeffwidman @bdragon @tusbar

It seems quite likely that from now on, for future versions of pnpm, it will be safe to install the same major version as the lockfile indicates (kinda wild to even have to say that 😆 ).

@thavaahariharangit thavaahariharangit merged commit bb0fe65 into dependabot:main May 6, 2024
48 checks passed
@fflaten
Copy link

fflaten commented May 6, 2024
edited

🥳 Is pnpm 9 supported at github immediately or are we waiting on a release?

@robaiken
Copy link
Contributor

robaiken commented May 7, 2024

@fflaten The update to support pnpm 9 is live, Dependabot is ready to handle your pnpm projects. If you have any other issues, please raise them in the issues tab.

@HenryQW HenryQW mentioned this pull request May 7, 2024
Merged
9 tasks
@wJoenn wJoenn mentioned this pull request May 7, 2024
Open
1 task
@tusbar
Copy link
Contributor Author

tusbar commented May 8, 2024

@robaiken – although lockfiles v9.0 can be parsed, pnpm 9 won’t be used as long as this is not released.

Lockfiles will get re-generated using v6.0 format.

@jeffwidman
Copy link
Member

jeffwidman commented May 8, 2024
edited

We deploy main at GitHub before it goes into an official tagged release.

Deploys are invisible to the public, but we often follow a deploy-then-merge strategy, and if we don't, we generally merge a couple of low-risk PR's and then do a fast-follow deploy which will pick up the whole 🚂 .

So this is already live on GitHub.com.

If you're still seeing issues with the GitHub.com hosted version of :dependabot: , then please file an issue or better yet raise a PR.

@tusbar tusbar deleted the support-pnpm-lockfile-9 branch May 10, 2024 16:02
@pboling pboling mentioned this pull request May 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pboling pboling pboling left review comments

@bdragon bdragon bdragon approved these changes

@jeffwidman jeffwidman jeffwidman approved these changes

Assignees
No one assigned
Labels
L: javascript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@tusbar @fflaten @robaiken @jeffwidman @pboling @bdragon @thavaahariharangit