Upgrade npm-check-updates to v17 in build-cli#26732
Open
frankmueller-msft wants to merge 1 commit intomainfrom
Open
Upgrade npm-check-updates to v17 in build-cli#26732frankmueller-msft wants to merge 1 commit intomainfrom
frankmueller-msft wants to merge 1 commit intomainfrom
Conversation
ncu@17 is fully bundled with zero dependencies, eliminating the transitive tar 6.x chain (ncu@16 → pacote → cacache → tar 6.x). Code changes: - Bump npm-check-updates from ^16.14.20 to ^17.1.18 - Remove deep type imports (build/src/types/) that no longer exist in v17 - Replace Index<VersionSpec> cast with equivalent Record<string, string> Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
4 tasks
Contributor
There was a problem hiding this comment.
Pull request overview
Upgrades npm-check-updates to v17 for @fluid-tools/build-cli, updating the lockfile and adjusting the one call site that relied on v16’s internal type paths.
Changes:
- Bump
npm-check-updatesdependency from^16.14.20to^17.1.18for@fluid-tools/build-cli - Update the build-tools workspace lockfile to include
npm-check-updates@17.1.18 - Remove v16 deep type imports and update the result type assertion in
npmCheckUpdates
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| build-tools/pnpm-lock.yaml | Updates the lockfile to resolve npm-check-updates@17.1.18 for the build-cli importer. |
| build-tools/packages/build-cli/src/library/package.ts | Removes deep type imports from ncu v16 and adjusts the typing of the ncu.run() result. |
| build-tools/packages/build-cli/package.json | Bumps the npm-check-updates dependency to ^17.1.18. |
Files not reviewed (1)
- build-tools/pnpm-lock.yaml: Language not supported
You can also share your feedback on Copilot code review. Take the survey.
Comment on lines
150
to
+160
| const result = (await ncu.run({ | ||
| filter: depsToUpdate, | ||
| cwd: repoPath, | ||
| packageFile: glob === "" ? "package.json" : `${glob}/package.json`, | ||
| target: depUpdateType, | ||
| pre: prerelease, | ||
| upgrade: writeChanges, | ||
| jsonUpgraded: true, | ||
| silent: true, | ||
| peer: true, | ||
| })) as Index<VersionSpec>; | ||
| })) as Record<string, string>; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
npm-check-updatesfrom v16 to v17 in@fluid-tools/build-clitar 6.xchain (ncu@16 → pacote → cacache → tar 6.x)build/src/types/) that no longer exist in v17, replacesIndex<VersionSpec>cast withRecord<string, string>Context
This is split from #26707. The tar override fix is in #26731 (pure config, no code changes). This PR contains the ncu upgrade which has a minor code change in
build-cli/src/library/package.ts.Once this is published in the next build-cli release, the tar overrides in non-root workspaces (which exist because they depend on the published
@fluid-tools/build-cli@0.63.0that still ships ncu@16) can be removed.Test plan
pnpm why tar --filter @fluid-tools/build-clireturns no results (ncu@17 has no tar dependency)flub check policy) still work correctly🤖 Generated with Claude Code