Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump Yarn to 4.3.1 #8265

Closed
wants to merge 20 commits into from
Closed

build(deps): bump Yarn to 4.3.1 #8265

wants to merge 20 commits into from

Conversation

yeikel
Copy link
Contributor

@yeikel yeikel commented Oct 24, 2023
edited
Loading

No description provided.

@yeikel yeikel force-pushed the patch-12 branch 4 times, most recently from 4722cf0 to 4bee431 Compare October 28, 2023 23:03
@yeikel yeikel changed the title build(deps): bump Yarn to 4.0 build(deps): bump Yarn to 4.0.1 Oct 28, 2023
@yeikel yeikel changed the title build(deps): bump Yarn to 4.0.1 build(deps): bump Yarn to 4.0.2 Nov 14, 2023
@yeikel yeikel mentioned this pull request Nov 15, 2023
Merged
@tyzh-dev tyzh-dev mentioned this pull request Jan 30, 2024
Open
1 task
@yeikel yeikel changed the title build(deps): bump Yarn to 4.0.2 build(deps): bump Yarn to 4.1.0 Jan 31, 2024
@yeikel yeikel mentioned this pull request Feb 2, 2024
Merged
@arusahni
Copy link

@yeikel Thank you for pushing this forward! It looks like a fix for failing check may have been merged in a few months ago (#9405). I wonder if a rebase would make this PR turn green?

@yeikel yeikel changed the title build(deps): bump Yarn to 4.1.0 build(deps): bump Yarn to 4.3.1 Jun 25, 2024
@yeikel
Copy link
Contributor Author

yeikel commented Jun 25, 2024

@yeikel Thank you for pushing this forward! It looks like a fix for failing check may have been merged in a few months ago (#9405). I wonder if a rebase would make this PR turn green?

Main is already using 4.1.1 after https://github.com/dependabot/dependabot-core/pull/9405/files

@yeikel yeikel marked this pull request as ready for review June 27, 2024 04:10
@yeikel yeikel requested a review from a team as a code owner June 27, 2024 04:10
@yeikel yeikel mentioned this pull request Dec 13, 2024
Merged
@yeikel
Copy link
Contributor Author

yeikel commented Dec 13, 2024

#11123

@jeffwidman
Copy link
Member

Actually @yeikel thanks for pointing me towards this, I hadn't seen it before.

Interesting that it's failing a smoke test, but that same smoke test is passing on a newer version of Yarn:

@yeikel
Copy link
Contributor Author

yeikel commented Dec 13, 2024

Actually @yeikel thanks for pointing me towards this, I hadn't seen it before.

Interesting that it's failing a smoke test, but that same smoke test is passing on a newer version of Yarn:

* [Bump yarn to 4.5.3 #11123](https://github.com/dependabot/dependabot-core/pull/11123)

The error failure is a bit misleading/hard to interpret because the diff seems identical to me? Maybe running it manually will show more info

--- smoke.yaml
+++ result.yaml
@@ -6520,7 +6520,7 @@
                   operation: update
                   support_file: false
                   type: file
-            pr-title: Bump @types/lodash from 4.14.189 to 4.14.191
+            pr-title: bump @types/lodash from 4.14.189 to 4.14.191
             pr-body: |
                 Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.14.189 to 4.14.191.
                 <details>
@@ -6531,7 +6531,7 @@
                 </details>
                 <br />
             commit-message: |-
-                Bump @types/lodash from 4.14.189 to 4.14.191
+                bump @types/lodash from 4.14.189 to 4.14.191
 
                 Bumps [@types/lodash](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/lodash) from 4.14.189 to 4.14.191.
                 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)

jeffwidman added a commit that referenced this pull request Dec 13, 2024
@jeffwidman
Update test to match new handling of peer deps
6aceb80 
This is the failing test: 

https://github.com/dependabot/dependabot-core/blob/8f037cf1be97f2a0c1f383d74479ebe2a48e0c17/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb#L855-L875

Full commit including lockfiles: 1dcda58

Interestingly, it doesn't fail in Yarn `4.3.1` as seen in:
* #8265

Poking through the changelog between 4.3.1 and 4.5.3, this seems to be relevant upstream PR:
* yarnpkg/berry#6517

My understanding of peer dependency handling in Yarn is hazy at best, but after reading the PR description, it _looks_ like the algorithm changed and now the peer dependency can be updated and not necessarily held back. 

That would explain [this test failure](https://github.com/dependabot/dependabot-core/actions/runs/12307737164/job/34351931150?pr=11123#step:5:56):
```
  1) Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#latest_resolvable_version with a yarn berry lockfile when updating a dependency with a peer requirement is expected to eq #<Gem::Version "15.2.0">
     Failure/Error: it { is_expected.to eq(Gem::Version.new("15.2.0")) }

       expected: #<Gem::Version "15.2.0">
            got: #<Gem::Version "16.3.1">

       (compared using ==)

       Diff:
       @@ -1 +1 @@
       -Gem::Version.new("15.2.0")
       +Gem::Version.new("16.3.1")
     # ./spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb:873:in `block (5 levels) in <top (required)>'
     # /home/dependabot/common/spec/spec_helper.rb:66:in `block (2 levels) in <top (required)>'
     # /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:39:in `block (2 levels) in <top (required)>'
```
@yeikel yeikel closed this Dec 13, 2024
@yeikel yeikel deleted the patch-12 branch December 13, 2024 03:37
jeffwidman added a commit that referenced this pull request Dec 13, 2024
@jeffwidman
Update test to match new handling of peer deps
bec32f4 
This is the failing test: 

https://github.com/dependabot/dependabot-core/blob/8f037cf1be97f2a0c1f383d74479ebe2a48e0c17/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb#L855-L875

Full commit including lockfiles: 1dcda58

Interestingly, it doesn't fail in Yarn `4.3.1` as seen in:
* #8265

Poking through the changelog between 4.3.1 and 4.5.3, this seems to be relevant upstream PR:
* yarnpkg/berry#6517

My understanding of peer dependency handling in Yarn is hazy at best, but after reading the PR description, it _looks_ like the algorithm changed and now the peer dependency can be updated and not necessarily held back. 

That would explain [this test failure](https://github.com/dependabot/dependabot-core/actions/runs/12307737164/job/34351931150?pr=11123#step:5:56):
```
  1) Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#latest_resolvable_version with a yarn berry lockfile when updating a dependency with a peer requirement is expected to eq #<Gem::Version "15.2.0">
     Failure/Error: it { is_expected.to eq(Gem::Version.new("15.2.0")) }

       expected: #<Gem::Version "15.2.0">
            got: #<Gem::Version "16.3.1">

       (compared using ==)

       Diff:
       @@ -1 +1 @@
       -Gem::Version.new("15.2.0")
       +Gem::Version.new("16.3.1")
     # ./spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb:873:in `block (5 levels) in <top (required)>'
     # /home/dependabot/common/spec/spec_helper.rb:66:in `block (2 levels) in <top (required)>'
     # /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:39:in `block (2 levels) in <top (required)>'
```
jeffwidman added a commit that referenced this pull request Dec 13, 2024
@jeffwidman
Update test to match new handling of peer deps
10155e8 
This is the failing test: 

https://github.com/dependabot/dependabot-core/blob/8f037cf1be97f2a0c1f383d74479ebe2a48e0c17/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb#L855-L875

Full commit including lockfiles: 1dcda58

Interestingly, it doesn't fail in Yarn `4.3.1` as seen in:
* #8265

Poking through the changelog between 4.3.1 and 4.5.3, this seems to be relevant upstream PR:
* yarnpkg/berry#6517

My understanding of peer dependency handling in Yarn is hazy at best, but after reading the PR description, it _looks_ like the algorithm changed and now the peer dependency can be updated and not necessarily held back. 

That would explain [this test failure](https://github.com/dependabot/dependabot-core/actions/runs/12307737164/job/34351931150?pr=11123#step:5:56):
```
  1) Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#latest_resolvable_version with a yarn berry lockfile when updating a dependency with a peer requirement is expected to eq #<Gem::Version "15.2.0">
     Failure/Error: it { is_expected.to eq(Gem::Version.new("15.2.0")) }

       expected: #<Gem::Version "15.2.0">
            got: #<Gem::Version "16.3.1">

       (compared using ==)

       Diff:
       @@ -1 +1 @@
       -Gem::Version.new("15.2.0")
       +Gem::Version.new("16.3.1")
     # ./spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb:873:in `block (5 levels) in <top (required)>'
     # /home/dependabot/common/spec/spec_helper.rb:66:in `block (2 levels) in <top (required)>'
     # /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:39:in `block (2 levels) in <top (required)>'
```
jeffwidman added a commit that referenced this pull request Dec 13, 2024
@jeffwidman
Bump yarn to 4.5.3 (#11123)
21cb492 
* Bump yarn to 4.5.3

* Update test to match new handling of peer deps

This is the failing test: 

https://github.com/dependabot/dependabot-core/blob/8f037cf1be97f2a0c1f383d74479ebe2a48e0c17/npm_and_yarn/spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb#L855-L875

Full commit including lockfiles: 1dcda58

Interestingly, it doesn't fail in Yarn `4.3.1` as seen in:
* #8265

Poking through the changelog between 4.3.1 and 4.5.3, this seems to be relevant upstream PR:
* yarnpkg/berry#6517

My understanding of peer dependency handling in Yarn is hazy at best, but after reading the PR description, it _looks_ like the algorithm changed and now the peer dependency can be updated and not necessarily held back. 

That would explain [this test failure](https://github.com/dependabot/dependabot-core/actions/runs/12307737164/job/34351931150?pr=11123#step:5:56):
```
  1) Dependabot::NpmAndYarn::UpdateChecker::VersionResolver#latest_resolvable_version with a yarn berry lockfile when updating a dependency with a peer requirement is expected to eq #<Gem::Version "15.2.0">
     Failure/Error: it { is_expected.to eq(Gem::Version.new("15.2.0")) }

       expected: #<Gem::Version "15.2.0">
            got: #<Gem::Version "16.3.1">

       (compared using ==)

       Diff:
       @@ -1 +1 @@
       -Gem::Version.new("15.2.0")
       +Gem::Version.new("16.3.1")
     # ./spec/dependabot/npm_and_yarn/update_checker/version_resolver_spec.rb:873:in `block (5 levels) in <top (required)>'
     # /home/dependabot/common/spec/spec_helper.rb:66:in `block (2 levels) in <top (required)>'
     # /home/dependabot/dependabot-updater/vendor/ruby/3.3.0/gems/webmock-3.24.0/lib/webmock/rspec.rb:39:in `block (2 levels) in <top (required)>'
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
L: javascript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@yeikel @arusahni @jeffwidman @kbukum1