You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, when bumping dependencies in packages that didn't themselves change, there's some inconsistent behavior regarding bumpDeps, scope, and ranges like workspace:/catalog:/file:/*.
Normal case (works)
Behavior is reasonable with the default bumpDeps: true, no scope, and internal dependencies specified with semver ranges (like ^1.2.3):
package version is bumped by dependentChangeType
package.json dependency ranges are updated
changelog has entry for dependent-bumped version with "Update some-dependency to x.y.z"
In other cases, various things get weird...
Issues with bumpDeps and scope
bumpDeps: false has some odd behavior today. scope shares some similar issues for out-of-scope packages.
It still updates package.json dependency versions in dependent packages which don't have changed files and/or are out of scope (whether this should happen is discussed below)
It includes those dependent packages in dependentChangedBy, which means writeChangelog creates at least a CHANGELOG.json entry for them with undefined change type.
In bumpInMemory, those extra dependents are added to modifiedPackages.
modifiedPackages including the questionable dependents is used by:
performBump -> updatePackageJsons (during bump or publish) to update package.json on disk
publishToRegistry -> getPackagesToPublish to determine which packages to consider publishing
with scope, out-of-scope packages would be skipped at this point
with bumpDeps: false, could add code to skip them if no calculatedChangeTypes entry (this would be a better way to ensure publishing doesn't fail via validatePackageVersions if a dependent package wasn't bumped and the version already exists in the registry--Skip publishing packages that aren't bumped #1126 improved the behavior but it's not a full fix)
publish -> getNewPackages to determine which packages aren't already being published and might not exist in the registry
publish -> bumpAndPush -> tagPackages to create git tag for package version (problem: could try to create a tag that already exists since the version wasn't bumped)
Design/conceptual issues
There are also some significant conceptual issues with bumpDeps: false (some of which extend to scope) as originally outlined in #620 (comment)...
Say you have these packages and use bumpDeps: false:
If bar bumps to 1.0.1 and bumpDeps is false, that's fine because the range is still satisfied (though syncpack/similar might complain). Same with minor changes for that range.
But if bar bumps to 2.0.0 or a prerelease version, the range is no longer satisfied. So foomust be bumped to avoid potential duplication within the dependency tree.
Potential better behavior:
If the new version doesn't satisfy an existing range, updateRelatedChangeType's dependents logic should bump it anyway.
In setDependentVersion, for packages which weren't previously in modifiedPackages, it should only modify dependency ranges if the new version doesn't satisfy the current range.
potential issue: even if the new version is in range, if the dep range isn't updated but the package is published later, the different ranges might cause package managers to introduce unnecessary duplicates
maybe add some logic to update only the package.json but ignore for npm-publish/git-tag?
potential issue: could get out of sync with linters such as syncpack
It's less clear what should happen with scope in a similar case where the dep is bumped to a version incompatible with the current range. That issue applies regardless of bumpDeps.
Issues with workspace:/catalog: ranges
Assuming bumpDeps: true, dependent bumps for workspace:/catalog: dependencies will mostly work as expected. The exception is that dependent bump changelog entries will be missing (#981) since the version isn't modified by setDependentVersions, and currently in such cases it skips adding to dependentChangedBy.
With bumpDeps: false or scope, the dependent packages won't be considered at all since they don't end up in dependentChangedBy.
Currently, when bumping dependencies in packages that didn't themselves change, there's some inconsistent behavior regarding
bumpDeps,scope, and ranges likeworkspace:/catalog:/file:/*.Normal case (works)
Behavior is reasonable with the default
bumpDeps: true, noscope, and internal dependencies specified with semver ranges (like^1.2.3):dependentChangeTypepackage.jsondependency ranges are updatedIn other cases, various things get weird...
Issues with
bumpDepsandscopebumpDeps: falsehas some odd behavior today.scopeshares some similar issues for out-of-scope packages.setDependentVersions:package.jsondependency versions in dependent packages which don't have changed files and/or are out of scope (whether this should happen is discussed below)dependentChangedBy, which meanswriteChangelogcreates at least aCHANGELOG.jsonentry for them withundefinedchange type.--scopeis used #1033bumpInMemory, those extra dependents are added tomodifiedPackages.modifiedPackagesincluding the questionable dependents is used by:performBump -> updatePackageJsons(during bump or publish) to updatepackage.jsonon diskpublishToRegistry -> getPackagesToPublishto determine which packages to consider publishingscope, out-of-scope packages would be skipped at this pointbumpDeps: false, could add code to skip them if nocalculatedChangeTypesentry (this would be a better way to ensure publishing doesn't fail viavalidatePackageVersionsif a dependent package wasn't bumped and the version already exists in the registry--Skip publishing packages that aren't bumped #1126 improved the behavior but it's not a full fix)publish -> getNewPackagesto determine which packages aren't already being published and might not exist in the registrypublish -> bumpAndPush -> tagPackagesto create git tag for package version (problem: could try to create a tag that already exists since the version wasn't bumped)Design/conceptual issues
There are also some significant conceptual issues with
bumpDeps: false(some of which extend toscope) as originally outlined in #620 (comment)...Say you have these packages and use
bumpDeps: false:barbumps to1.0.1andbumpDepsis false, that's fine because the range is still satisfied (though syncpack/similar might complain). Same with minor changes for that range.barbumps to2.0.0or a prerelease version, the range is no longer satisfied. Sofoomust be bumped to avoid potential duplication within the dependency tree.Potential better behavior:
updateRelatedChangeType'sdependentslogic should bump it anyway.setDependentVersion, for packages which weren't previously inmodifiedPackages, it should only modify dependency ranges if the new version doesn't satisfy the current range.package.jsonbut ignore for npm-publish/git-tag?syncpackIt's less clear what should happen with
scopein a similar case where the dep is bumped to a version incompatible with the current range. That issue applies regardless ofbumpDeps.Issues with
workspace:/catalog:rangesAssuming
bumpDeps: true, dependent bumps forworkspace:/catalog:dependencies will mostly work as expected. The exception is that dependent bump changelog entries will be missing (#981) since the version isn't modified bysetDependentVersions, and currently in such cases it skips adding todependentChangedBy.With
bumpDeps: falseorscope, the dependent packages won't be considered at all since they don't end up independentChangedBy.