Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): lock file maintenance #31

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): lock file maintenance #31

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 15, 2021
edited
Loading

This PR contains the following updates:

Update Change
lockFileMaintenance All locks refreshed

🔧 This Pull Request updates lock files to use the latest dependency versions.

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from ec8714f to 38d2aba Compare November 15, 2021 21:55
dominykas
dominykas requested changes Nov 15, 2021
View reviewed changes
Copy link
Member

@dominykas dominykas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't right. Not sure why renovate removes all the integrity fields - will investigate later.

@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 38d2aba to 2c7dda1 Compare January 2, 2022 12:38
@dominykas dominykas mentioned this pull request Jan 2, 2022
Merged
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 2c7dda1 to 4291345 Compare January 5, 2022 21:26
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 4291345 to 30c7fcb Compare January 16, 2022 09:06
@dominykas
Copy link
Member

Not sure why renovate removes all the integrity fields

This is not renovate doing it - it's npm. And npm seems to do it, because renovate effectively re-runs npm install after removing the lock files (including the hidden lock file). Since we already have node_modules, npm does not bother with fetching anything from the network, so it does not get to see any integrity from the registry (or so it seems).

One could argue this is a bug on npm side, but I can also see this being declared a "won't fix" (I wouldn't hold my breath for a fix anyways), so probably it should be up to renovate to remove node_modules before the install run. Ideally, renovate would also have the option to automatically commit the node_modules into the repo after renovation as well. That said, the behavior we're seeing here is not because renovate is doing something wrong either...

Not sure where best to raise an issue (or possibly in both places). Will have to think about this a little.

@Eomm
Copy link
Contributor

Eomm commented Jan 29, 2022

I think it is a matter of renovate Node.js runtime.

https://docs.npmjs.com/cli/v8/configuring-npm/package-lock-json#lockfileversion

Both (the original and the edited package-lock) are processed by npm>=7

Maybe a re-run solve the issue

@dominykas
Copy link
Member

No, re-running or changing lockfile version does not help.

I was able to reproduce locally.

Ideally, renovate would support wiping node_modules before renovation, and checking in after. I'll probably raise an issue there.

@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 30c7fcb to 014f911 Compare January 30, 2022 11:14
@dominykas dominykas mentioned this pull request Jan 31, 2022
Open
@dominykas
Copy link
Member

dominykas commented Jan 31, 2022
edited
Loading

Created an issue on renovate side: renovatebot/renovate#13926.

Also checked if there's any packages to be updated - there are none at the moment.

@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 014f911 to 12b5d32 Compare February 1, 2022 17:53
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 12b5d32 to 452fff5 Compare April 15, 2022 11:56
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 452fff5 to 2e93458 Compare May 9, 2022 15:38
@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 2e93458 to 5e65f83 Compare October 18, 2022 16:06
@renovate renovate bot changed the title chore(deps): lock file maintenance Lock file maintenance Dec 17, 2022
@renovate renovate bot changed the title Lock file maintenance chore(deps): lock file maintenance Dec 17, 2022
@wesleytodd wesleytodd closed this Oct 2, 2023
@dominykas dominykas deleted the renovate/lock-file-maintenance branch October 10, 2023 15:26
@dominykas dominykas restored the renovate/lock-file-maintenance branch October 10, 2023 15:26
@dominykas dominykas reopened this Oct 10, 2023
@wesleytodd
Copy link
Member

Sorry, I bet this was one of those ones I accidentally closed. I had this repo open looking at the pkgjs/create-pkg repo and just got confused.

@dominykas
Copy link
Member

No worries!

@renovate renovate bot force-pushed the renovate/lock-file-maintenance branch from 5e65f83 to 7ab5771 Compare November 20, 2023 13:37
This was referenced Mar 2, 2024
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dominykas dominykas dominykas requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dominykas @Eomm @wesleytodd