Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: npm-check-updates and yarn upgrade #10402

Merged
merged 2 commits into from
Sep 18, 2020
Merged

chore: npm-check-updates and yarn upgrade #10402

merged 2 commits into from
Sep 18, 2020

Conversation

MrArnoldPalmer
Copy link
Contributor

@MrArnoldPalmer MrArnoldPalmer commented Sep 16, 2020
edited
Loading

Upgrade dependency versions when available. Change the yarn-upgrade
workflow to only upgrade minor versions automatically. This will prevent
major version dependency upgrades from happening automatically in the
future.

Exclude aws-sdk from automatic upgrades temporarily due to changes in
TS type definitions that removed ConfigurationOptions from the
aws-sdk/lib/config entrypoint. See
aws/aws-sdk-js#3453 for details.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@MrArnoldPalmer MrArnoldPalmer requested review from RomainMuller and a team September 16, 2020 23:08
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Sep 16, 2020
@MrArnoldPalmer MrArnoldPalmer mentioned this pull request Sep 16, 2020
Closed
@MrArnoldPalmer MrArnoldPalmer force-pushed the mrarnoldpalmer/chore/yarn-upgrade branch 2 times, most recently from 523902c to 06d8513 Compare September 17, 2020 00:01
nija-at
nija-at reviewed Sep 17, 2020
View reviewed changes
.github/workflows/yarn-upgrade.yml Outdated Show resolved Hide resolved
.github/workflows/yarn-upgrade.yml Show resolved Hide resolved
eladb
eladb previously requested changes Sep 17, 2020
View reviewed changes
Copy link
Contributor

@eladb eladb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will cause unsolicited major upgrades to dependencies

@iliapolo
Copy link
Contributor

@MrArnoldPalmer Is this PR supposed to resolve the security alert? Because an old version of yargs-parser will still be mentioned in the lock file.

Its coming from an old dependency on yargs coming from the make-runnable dependency in prlint.

@MrArnoldPalmer MrArnoldPalmer force-pushed the mrarnoldpalmer/chore/yarn-upgrade branch 3 times, most recently from ce67467 to 3d6fe59 Compare September 17, 2020 20:04
@MrArnoldPalmer
chore: npm-check-updates and yarn upgrade
b81adc7 
Upgrade dependency versions when available. Change the yarn-upgrade
workflow to only upgrade minor versions automatically. This will prevent
major version dependency upgrades from happening automatically in the
future.

Exclude `aws-sdk` from automatic upgrades temporarily due to changes in
TS type definitions that removed `ConfigurationOptions` from the
`aws-sdk/lib/config` entrypoint. See
aws/aws-sdk-js#3453 for details.
@MrArnoldPalmer
Copy link
Contributor Author

@MrArnoldPalmer Is this PR supposed to resolve the security alert? Because an old version of yargs-parser will still be mentioned in the lock file.

Its coming from an old dependency on yargs coming from the make-runnable dependency in prlint.

Removed make-runnable dependency as discussed.

This will cause unsolicited major upgrades to dependencies

@eladb was this referring to the auto-updates in the yarn-upgrade workflow? Or does this refer to the dependencies that are upgraded to a new major version in this PR?

The majority of dependencies with a new major version are devDependencies, all of the runtime dependencies receiving an upgraded version aren't exposed on public APIs.

The exception here is Jest, which is a peer-dependency in @monocdk-experiment/assert. It is only declared as a peerDep in the monocdk version of assert, its a devDependency in @aws-cdk/assert. So this may cause users to get the "peerDependency jest doesn't satisfy version x.x.x" warning when using monocdk-experiment, but shouldn't break them. Do you think excluding the Jest MV upgrade is prudent in this case?

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject6AEA49D1-qxepHUsryhcu
  • Commit ID: 73f18c6
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Sep 18, 2020

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@MrArnoldPalmer MrArnoldPalmer merged commit cb30d20 into master Sep 18, 2020
@MrArnoldPalmer MrArnoldPalmer deleted the mrarnoldpalmer/chore/yarn-upgrade branch September 18, 2020 17:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nija-at nija-at nija-at approved these changes

@RomainMuller RomainMuller Awaiting requested review from RomainMuller

@eladb eladb Awaiting requested review from eladb

Assignees
No one assigned
Labels
contribution/core This is a PR that came from AWS.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@MrArnoldPalmer @iliapolo @aws-cdk-automation @eladb @nija-at