build(deps-dev): bump tsx from 3.14.0 to 4.0.0 in /single-pool/js/packages/classic #5797
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
automerge
mergify
bot
removed
the
automerge
|
automerge label removed due to a CI failure |
Bumps [tsx](https://github.com/privatenumber/tsx) from 3.14.0 to 4.0.0. - [Release notes](https://github.com/privatenumber/tsx/releases) - [Changelog](https://github.com/privatenumber/tsx/blob/develop/release.config.cjs) - [Commits](privatenumber/tsx@v3.14.0...v4.0.0) --- updated-dependencies: - dependency-name: tsx dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/single-pool/js/packages/classic/tsx-4.0.0
branch
from
010235f to
b86bbdd
Compare
|
@joncinque i notice you ported us to pnpm, nice work! why do we have a global lockfile tho? is there something you did so that the lockfile works with ci on your packages? |
|
Superseded by #5802. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/single-pool/js/packages/classic/tsx-4.0.0
branch
|
I was getting fed up merging the same exact dependabot pull request 5 times for each JS library every day, and was hoping that a global lockfile would make things simpler to manage. It's not clear how dependabot handles pnpm workspaces, so I decided to just roll the dice and give it a shot. It might need some more tweaks because if you point it at each sub-project, it doesn't update the lockfile, as you noticed. And it also hasn't created any new PRs today (except for recreating the tsx ones, but those might have been grandfathered in). We might need to add a repo-level package.json, which is fine, since that'll be needed to use a different build tool like turbo. |
|
yea looking at the new file it seems like the problem is theres no package.json to update in the root so it just does nothing. but just making a fake package.json would result in it making broken prs because it wouldnt update the local ones. and im not sure if its possible to get rid of the local packages json because the concept of pnpm workspaces seems to be similar to cargo where everything has its Cargo.toml a simple solution would be if dependabot can execute some post-hook like "after updating a dependency cd to the root and pnpm i to update the lockfile" but that doesnt fix the one pr per package problem. alternatively if theres a smarter logic like "search all packages json for this dep and update it in all of them and then cd to root and pnpm i"... but idk if it provides that level of control or if we would be writing our own tooling at that point lol |
|
Yeah I see what you mean. I'll try making a top-level package.json similar to https://github.com/solana-labs/solana-web3.js/blob/master/package.json and see if that fixes the dependabot stuff, since web3.js has working dependabot PRs. I was meaning to do it anyway so we can use |
Bumps tsx from 3.14.0 to 4.0.0.
Release notes
Sourced from tsx's releases.
Commits
2995601test: improve flaky test (#375)0e83db7perf: strip source map when unused (#374)c6133e5feat(resolver): support tsx,jsx extensions (#367)4853443perf: check if js needs compilation (#365)b32b135feat(cjs): allow query in import specifier (#366)ddf6fcctest(repl): refactor to useprocessInteract(#373)a06da32feat: rename env vars to use TSX prefix (#372)f8a8540chore: change repository org (#371)3375e62test: refactor to smoke test (#360)acb709cfeat: drop support for outdated Node.js versions (#324)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)