Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #650 +/- ##
=======================================
Coverage 75.90% 75.90%
=======================================
Files 145 145
Lines 13735 13735
Branches 992 992
=======================================
Hits 10426 10426
Misses 3303 3303
Partials 6 6 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
There was a problem hiding this comment.
Pull request overview
Updates the project’s npm lockfile strategy by aligning the repo metadata/versioning with package-lock.json (vs. shrinkwrap-style behavior) to improve install determinism and avoid cross-platform install failures from platform-specific optional native bindings.
Changes:
- Bump package version from
1.0.0to1.0.1. - Update
package-lock.jsonto match the new version and refreshed lock metadata (including peer/optional markers).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Bumps package version to 1.0.1. |
| package-lock.json | Updates lockfile version fields and package entries/metadata to match 1.0.1 and current npm lock output. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
MattIPv4
left a comment
MattIPv4
left a comment
There was a problem hiding this comment.
Can we do a review of all our dependencies and check we're comfortable with their semver ranges? This big change here, as you noted, is going to be that usage of this tooling is no longer pinned to the exact dependency versions we define, so we must be comfortable that the semver ranges we define for our dependencies will be safe and aren't going to cause issues for consumers of this tooling.
We should be fine as is. The only semver issue was Preact, which we fixed a few days ago. |
ovflowd
left a comment
ovflowd
left a comment
There was a problem hiding this comment.
I'm stamping with an approval... for the sake of continuity. I won't even check what changed on package-lock as I'm scared.
This is on you Aviv to please verify this won't blow up the universe 😭
|
The
|
|
Just do it Aviv, and if you do it, do it fast 😆 |
|
Like now |
|
Or maybe yesterday. |
MattIPv4
left a comment
MattIPv4
left a comment
There was a problem hiding this comment.
I'm also okay with this, but we should be prepared to revert or fix-forward if we run into issues with dependencies not being pinned as we need them.
Smh, no respect for the 48hr PR grace period. |
As Claudio said, trusting you on this. The only one that stood out to me was that we're on an |
So disrespectful right? 🤧😮💨 |
On that I can share that rolldown is alpha an their rc's is their effort to become stable/get out of experimental. But agreed we should honestly speaking apply our dependency pinning strategy on our package.json as I said before. @avivkeller would you mind first doing a PR that does that and then conversion PR? |
|
Sure! After my Slack discussion with @wraithgar, it's important to note that there is / might be an npm bug somewhere in the mix here, so we should also keep an eye out on that |
Ref: nodejs/node#62139
Ref: https://openjs-foundation.slack.com/archives/CTEDKHCTB/p1772830019698849