Skip to content

[code-infra] Update internal deps ranges to be non breaking #47454

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
oliviertassinari wants to merge 1 commit into from
Closed

[code-infra] Update internal deps ranges to be non breaking #47454

oliviertassinari wants to merge 1 commit into from
+16 −16

Conversation

@oliviertassinari
Copy link
Member

@oliviertassinari oliviertassinari commented Dec 9, 2025

@oliviertassinari oliviertassinari added dependencies Update of dependencies. scope: code-infra Involves the code-infra product (https://www.notion.so/mui-org/5562c14178aa42af97bc1fa5114000cd). labels Dec 9, 2025
@oliviertassinari oliviertassinari force-pushed the update-range-to-non-breaking branch from 97fc462 to 5d188a9 Compare December 9, 2025 23:19
@mui-bot
Copy link

mui-bot commented Dec 9, 2025
edited
Loading

Netlify deploy preview

https://deploy-preview-47454--material-ui.netlify.app/

Bundle size report

Bundle Parsed size Gzip size
@mui/material 0B(0.00%) 0B(0.00%)
@mui/lab 0B(0.00%) 0B(0.00%)
@mui/system 0B(0.00%) 0B(0.00%)
@mui/utils 0B(0.00%) 0B(0.00%)

Details of bundle changes

Generated by 🚫 dangerJS against e0ec9c7

@oliviertassinari oliviertassinari added type: enhancement It’s an improvement, but we can’t make up our mind whether it's a bug fix or a new feature. and removed dependencies Update of dependencies. labels Dec 9, 2025
@oliviertassinari oliviertassinari force-pushed the update-range-to-non-breaking branch from 5d188a9 to e0ec9c7 Compare December 9, 2025 23:39
@zannager zannager requested a review from Janpot December 10, 2025 06:52
Janpot
Janpot reviewed Dec 10, 2025
View reviewed changes
docs/package.json
"cross-fetch": "^4.1.0",
"gm": "^1.25.1",
"prettier": "^3.6.2",
"prettier": "~3.6.2",
Copy link
Member

@Janpot Janpot Dec 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't bother trying to control it this fine grained. If we want to minimize lock file updates causing breakage, then let's just pin every dev dependency. Renovate will update them weekly anyway, we don't need the lockfile update to bump their patch version.

How do you feel about we do

{
  "packageRules": [
    {
      "matchDepTypes": ["devDependencies"],
      "rangeStrategy": "pin"
    }
  ]
}

?

Keep in mind we grouped all (otherwise ungrouped) devdependencies as well in renovate, so one way or the other, there will be a PR with all of them updated and it will break CI anyway, just not on the lockfile update.

mui/mui-public#947

Copy link
Member Author

@oliviertassinari oliviertassinari Dec 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wouldn't bother trying to control it this fine grained. If we want to minimize lock file updates causing breakage, then let's just pin every dev dependency.

The idea is that only a handful of dependencies don't follow semver: prettier, typescript (but is less often an issue), and our internal packages. They are the only ones who need a ~ range or pin?

pin every dev dependency

We would lose the benefit of the lock file cleaning with this (low priority security fixes, deduplicate, mass update of low risk dependencies), if we pin, no?

Copy link
Member

@Janpot Janpot Dec 10, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would lose the benefit of the lock file cleaning with this (low priority security fixes, deduplicate, mass update of low risk dependencies), if we pin, no?

No not at all, Currently the lockfile maintenance is doing double duty:

  1. update all of our direct dependencies dev and prod, within their version range
  2. update all transitive dependencies + dedupe

But 1. is already handled by regular renovatebot PRs, no need to do it as well in lockfile maintenance. And we do those more frequently than lock file maintenance anyway. We can keep lockfile maintenance for prod and transitive dependencies only.

@Janpot Janpot mentioned this pull request Dec 10, 2025
Merged
@github-actions github-actions bot added the PR: out-of-date The pull request has merge conflicts and can't be merged. label Dec 10, 2025
@Janpot
Copy link
Member

Janpot commented Dec 19, 2025

Closing as all dev dependencies will be pinned during the next renovate update cycle

@Janpot Janpot closed this Dec 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Janpot Janpot Janpot left review comments

Assignees

No one assigned

Labels

PR: out-of-date The pull request has merge conflicts and can't be merged. scope: code-infra Involves the code-infra product (https://www.notion.so/mui-org/5562c14178aa42af97bc1fa5114000cd). type: enhancement It’s an improvement, but we can’t make up our mind whether it's a bug fix or a new feature.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@oliviertassinari @mui-bot @Janpot