Skip to content

Pin dependencies #776

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Pin dependencies #776

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 6, 2024
edited
Loading

This PR contains the following updates:

Package Type Update Change
@azure/identity (source) dependencies pin ^4.12.04.12.0
fastify (source) dependencies pin ^4.28.14.29.1
is-interactive dependencies pin ^1.0.01.0.0
mergician (source) dependencies pin ^2.0.22.0.2
p-limit dependencies pin ^3.1.03.1.0
proper-lockfile dependencies pin ^4.1.24.1.2
shell-quote dependencies pin ^1.8.11.8.3

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the renovate label Sep 6, 2024
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from 037686d to 9860e9c Compare September 11, 2024 20:28
@ecraig12345
Copy link
Member

ecraig12345 commented Sep 11, 2024

@kenotron FYI, I previously updated lage to pin most of its deps for the reasons outlined in the comment below. It seems like probably a good idea to keep that strategy unless you know of some reason it won't work now. (It doesn't appear to be causing dupes for the pinned packages based on the lock file updates.)

lage/renovate.json5

Lines 53 to 64 in 3fb589f

// lage bundles its dependencies, so any updates should to dependencies should be explicit
// so that they trigger a new lage version (with proper documentation of included updates).
// The standard approach of using ^ dependencies and allowing implicit updates via the lock file
// (which with a published bundle, are guaranteed to affect consumers) makes it very hard to
// track when an issue was introduced if it's discovered in another repo.
"rangeStrategy": "pin",
"matchFileNames": ["packages/**"], // ignore this for docs, scripts, root
"matchDepTypes": ["dependencies"],
// lage packages aren't an issue since they're within the repo and the latest version is always used
"excludePackagePrefixes": ["@lage-run/"],
// this is a runtime dependency of lage since it publishes binaries
"excludePackageNames": ["glob-hasher"]

@renovate renovate bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from c6958c7 to 7dec2cc Compare September 11, 2024 20:41
@renovate renovate bot requested a review from kenotron as a code owner September 11, 2024 20:41
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from d263719 to 406f693 Compare September 13, 2024 18:06
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from 85f7811 to 70bb5b4 Compare October 2, 2024 20:23
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 10 times, most recently from 73ce8f0 to ad72438 Compare October 9, 2024 17:21
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from ad72438 to aaf153a Compare October 10, 2024 20:13
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 3 times, most recently from 3593d83 to 01f333c Compare September 1, 2025 08:12
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from 853010c to 449bcf8 Compare September 16, 2025 21:20
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from 01a52f9 to 61899f8 Compare September 25, 2025 18:17
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 3 times, most recently from 516888e to 7bfdb26 Compare October 10, 2025 07:50
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from eccb710 to cee63d4 Compare October 23, 2025 21:39
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from cee63d4 to 6522c26 Compare October 31, 2025 19:01
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 6522c26 to 929bb4e Compare November 11, 2025 01:51
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 929bb4e to 29c907f Compare November 18, 2025 12:59
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 29c907f to 74e6ea9 Compare December 3, 2025 18:14
@renovate renovate bot force-pushed the renovate/pin-dependencies branch 7 times, most recently from d3ab29a to d095f78 Compare December 18, 2025 20:56
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from d095f78 to 570498d Compare December 31, 2025 16:48
@renovate renovate bot force-pushed the renovate/pin-dependencies branch from 570498d to 9db58c2 Compare January 8, 2026 18:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kenotron kenotron Awaiting requested review from kenotron

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

renovate

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ecraig12345