chore: Update dependabot to capture package-lock.json#3212
Merged
ashwinb merged 2 commits intollamastack:mainfrom Aug 20, 2025
Merged
chore: Update dependabot to capture package-lock.json#3212ashwinb merged 2 commits intollamastack:mainfrom
ashwinb merged 2 commits intollamastack:mainfrom
Conversation
Signed-off-by: Francisco Javier Arceo <farceo@redhat.com>
franciscojavierarceo
requested review from
ashwinb,
bbrowning,
ehhuang,
hardikjshah,
leseb,
mattf,
raghotham,
reluctantfuturist,
slekkala1,
terrytangyuan and
yanxi0830
as code owners
meta-cla
bot
added
the
CLA Signed
ashwinb
reviewed
Aug 20, 2025
| commit-message: | ||
| prefix: chore(python-deps) | ||
|
|
||
| - package-ecosystem: npm |
Contributor
There was a problem hiding this comment.
can we make it so all these updates result in one PR (maybe one for python and one for node) vs. N different PRs for each dependency bump? right now we get a stream of updates every week, feels a lot. but maybe this is not a good idea.
Collaborator
Author
There was a problem hiding this comment.
I personally tend to prefer independence so changes are isolated and can be reverted if something consequential happens.
I got burned pretty badly when a dependabot update wrecked my release automation.
ashwinb
changed the title
ashwinb
approved these changes
Aug 20, 2025
franciscojavierarceo
added a commit
to franciscojavierarceo/llama-stack
that referenced
this pull request
Aug 22, 2025
# What does this PR do? This should fix dependabot based on this thread: https://stackoverflow.com/questions/60201543/dependabot-only-updates-lock-file <!-- If resolving an issue, uncomment and update the line below --> <!-- Closes #[issue-number] --> ## Test Plan <!-- Describe the tests you ran to verify your changes with result summaries. *Provide clear instructions so the plan can be easily re-executed.* --> Signed-off-by: Francisco Javier Arceo <farceo@redhat.com>
franciscojavierarceo
added a commit
that referenced
this pull request
Aug 22, 2025
# What does this PR do? 1. Adds `scripts/run-ui-linter.sh` - Light script that checks whether `node_modules`,`eslint`, and `prettier` exist before running linter - When I introduced [the linter for the UI](https://github.com/llamastack/llama-stack/pull/3156/files#diff-63a9c44a44acf85fea213a857769990937107cf072831e1a26808cfde9d096b9) it forced the UI linter on all users, the small `node_modules` check means that only users that have installed the UI locally (since `node_modules` is in the gitignore) will actually end up having this run. Additionally this does not do any install and just runs the existing linter/prettier as requested by @mattf 2. Updates `.github/workflows/pre-commit.yml` to run CI again - When I introduced the UI linter in the CI [in this PR](#3191) a failure occurred because dependabot needed to be updated to also bump the `package-lock.json` which was done [in this PR](#3212). All of this to say, we shouldn't observe failures from dependabot again. 3. Updates `.pre-commit-config.yaml` - Calls `scripts/run-ui-linter.sh` ## AI Assistance Notice I used Copilot minimally. ## Test Plan As [requested](#3207 (comment)) by @mattf I ran this after removing all of my `node_modules` and the linter passed. Signed-off-by: Francisco Javier Arceo <farceo@redhat.com>
franciscojavierarceo
added a commit
to franciscojavierarceo/llama-stack
that referenced
this pull request
Aug 25, 2025
# What does this PR do? 1. Adds `scripts/run-ui-linter.sh` - Light script that checks whether `node_modules`,`eslint`, and `prettier` exist before running linter - When I introduced [the linter for the UI](https://github.com/llamastack/llama-stack/pull/3156/files#diff-63a9c44a44acf85fea213a857769990937107cf072831e1a26808cfde9d096b9) it forced the UI linter on all users, the small `node_modules` check means that only users that have installed the UI locally (since `node_modules` is in the gitignore) will actually end up having this run. Additionally this does not do any install and just runs the existing linter/prettier as requested by @mattf 2. Updates `.github/workflows/pre-commit.yml` to run CI again - When I introduced the UI linter in the CI [in this PR](llamastack#3191) a failure occurred because dependabot needed to be updated to also bump the `package-lock.json` which was done [in this PR](llamastack#3212). All of this to say, we shouldn't observe failures from dependabot again. 3. Updates `.pre-commit-config.yaml` - Calls `scripts/run-ui-linter.sh` ## AI Assistance Notice I used Copilot minimally. ## Test Plan As [requested](llamastack#3207 (comment)) by @mattf I ran this after removing all of my `node_modules` and the linter passed. Signed-off-by: Francisco Javier Arceo <farceo@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What does this PR do?
This should fix dependabot based on this thread: https://stackoverflow.com/questions/60201543/dependabot-only-updates-lock-file
Test Plan