Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding PNPM catalog protocol support #11418

Merged
merged 16 commits into from
Jan 29, 2025
Merged

Adding PNPM catalog protocol support #11418

merged 16 commits into from
Jan 29, 2025

Conversation

robaiken
Copy link
Contributor

@robaiken robaiken commented Jan 27, 2025
edited
Loading

What are you trying to accomplish?

Adding support for pnpm's catalog versioning system in Dependabot's core update logic. This allows Dependabot to track and update versions defined in pnpm-workspace.yaml under catalog keys.

Currently, Dependabot doesn't detect version updates for packages defined in catalog sections. This change enables Dependabot to:

  • Parse package versions from the catalog section
  • Create PRs for version bumps when updates are available

Anything you want to highlight for special attention from reviewers?

The core complexity is handling the source of truth for versions - catalog entries in pnpm-workspace.yaml take precedence over package.json versions. Also focused on maintaining lock file integrity during updates.

How will you know you've accomplished your goal?

  1. Dependabot detects when newer versions are available for catalog-defined packages
  2. Creates PRs with correct version bumps
  3. Updates pnpm-lock.yaml accordingly

Checklist

  • I have run the complete test suite to ensure all tests and linters pass.
  • I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
  • I have written clear and descriptive commit messages.
  • I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
  • I have ensured that the code is well-documented and easy to understand.

@robaiken robaiken mentioned this pull request Jan 27, 2025
Closed
1 task
@robaiken robaiken force-pushed the robaiken/add-pnpm-catalog-protocol-support branch from 83e1664 to c5691f2 Compare January 28, 2025 20:15
@robaiken robaiken added the L: javascript:pnpm npm packages via pnpm label Jan 28, 2025
@robaiken robaiken marked this pull request as ready for review January 29, 2025 13:15
@robaiken robaiken requested a review from a team as a code owner January 29, 2025 13:15
sachin-sandhu
sachin-sandhu previously approved these changes Jan 29, 2025
View reviewed changes
Copy link
Contributor

@sachin-sandhu sachin-sandhu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving after reviewing

@robaiken robaiken force-pushed the robaiken/add-pnpm-catalog-protocol-support branch from 1e351d9 to 6205232 Compare January 29, 2025 14:44
@robaiken robaiken force-pushed the robaiken/add-pnpm-catalog-protocol-support branch from bfa16a9 to 494c2fa Compare January 29, 2025 16:03
@robaiken robaiken merged commit bf0fafa into main Jan 29, 2025
86 checks passed
@robaiken robaiken deleted the robaiken/add-pnpm-catalog-protocol-support branch January 29, 2025 17:05
sachin-sandhu pushed a commit that referenced this pull request Jan 31, 2025
@robaiken @sachin-sandhu
Adding PNPM catalog protocol support (#11418)
0a83d74 
* adding pnpm catalog protocol support

* adding feature flag

* fixing lint for yaml file

* adding catalog experiment to tests

* adding pnpm_workspace method to get workspace file

* removing exception

* adding sorbet typing

* disabling class length cop

* moving yarn workspace fixture to pnpm

* Adding tests cases to file parser and updater

* adding typing to enable_pnpm_workspace_catalog?

* fixing test fixtures

* lint

* moving rubocop disable

* removing unneeded imports

added create_workspace_dependency

* refactoring `create_dependency` function
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markhallen markhallen markhallen approved these changes

@sachin-sandhu sachin-sandhu sachin-sandhu approved these changes

Assignees
No one assigned
Labels
L: javascript:pnpm npm packages via pnpm L: javascript
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@robaiken @markhallen @sachin-sandhu