Pin dependencies #776

renovate · 2024-09-06T20:01:51Z

This PR contains the following updates:

Package	Type	Update	Change
@azure/identity (source)	dependencies	pin	`^4.0.1` -> `4.4.1`
@bufbuild/protobuf (source)	dependencies	pin	`^1.10.0` -> `1.10.0`
@connectrpc/connect (source)	dependencies	pin	`^1.4.0` -> `1.4.0`
@connectrpc/connect-fastify (source)	dependencies	pin	`^1.4.0` -> `1.4.0`
@connectrpc/connect-node (source)	dependencies	pin	`^1.4.0` -> `1.4.0`
fastify (source)	dependencies	pin	`^4.28.1` -> `4.28.1`

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

ecraig12345 · 2024-09-11T20:32:40Z

@kenotron FYI, I previously updated lage to pin most of its deps for the reasons outlined in the comment below. It seems like probably a good idea to keep that strategy unless you know of some reason it won't work now. (It doesn't appear to be causing dupes for the pinned packages based on the lock file updates.)

lage/renovate.json5

Lines 53 to 64 in 3fb589f

    
           // lage bundles its dependencies, so any updates should to dependencies should be explicit 
        
           // so that they trigger a new lage version (with proper documentation of included updates). 
        
           // The standard approach of using ^ dependencies and allowing implicit updates via the lock file 
        
           // (which with a published bundle, are guaranteed to affect consumers) makes it very hard to 
        
           // track when an issue was introduced if it's discovered in another repo. 
        
           "rangeStrategy": "pin", 
        
           "matchFileNames": ["packages/**"], // ignore this for docs, scripts, root 
        
           "matchDepTypes": ["dependencies"], 
        
           // lage packages aren't an issue since they're within the repo and the latest version is always used 
        
           "excludePackagePrefixes": ["@lage-run/"], 
        
           // this is a runtime dependency of lage since it publishes binaries 
        
           "excludePackageNames": ["glob-hasher"]

renovate bot added the renovate label Sep 6, 2024

renovate bot force-pushed the renovate/pin-dependencies branch 4 times, most recently from 037686d to 9860e9c Compare September 11, 2024 20:28

renovate bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from c6958c7 to 7dec2cc Compare September 11, 2024 20:41

renovate bot requested a review from kenotron as a code owner September 11, 2024 20:41

renovate bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from d263719 to 406f693 Compare September 13, 2024 18:06

renovate bot force-pushed the renovate/pin-dependencies branch 5 times, most recently from 85f7811 to 70bb5b4 Compare October 2, 2024 20:23

Pin dependencies

7ca5d26

renovate bot force-pushed the renovate/pin-dependencies branch from 70bb5b4 to 7ca5d26 Compare October 2, 2024 20:27

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pin dependencies #776

Pin dependencies #776

renovate bot commented Sep 6, 2024 •

edited

Loading

ecraig12345 commented Sep 11, 2024

Pin dependencies #776

Are you sure you want to change the base?

Pin dependencies #776

Conversation

renovate bot commented Sep 6, 2024 • edited Loading

Configuration

ecraig12345 commented Sep 11, 2024

renovate bot commented Sep 6, 2024 •

edited

Loading