lockbox-extension icon indicating copy to clipboard operation
lockbox-extension copied to clipboard

Published 20 hours ago verified publisher icon mozilla-lockwise

Greenkeeper doesn't seem to make PRs for patch-level version changes

Open jimporter opened this issue 7 years ago • 3 comments

I've noticed that Greenkeeper is only updating stuff whose major or minor version has changed, not the patch version. This seems like a problem, since it means we'd have to check regularly for patch-level changes, nullifying the benefits of Greenkeeper managing this for us.

Maybe there's just something wrong with our config? @linuxwolf Any ideas?

jimporter avatar Feb 15 '18 18:02 jimporter

Without a lockfile, updates that are within semver matches are completely unnecessary. With a lockfile, it gets more complicated.

What we can do is one of two things:

  1. Enable greenkeeper-lockfile in our Travis-CI builds; this will push updates to the package-lock.json periodically, which might get more noisy
  2. Remove the package-lock.json and add it to .gitignore

linuxwolf avatar Feb 15 '18 19:02 linuxwolf

I'd lean towards the former, especially if there's a way to rate-limit Greenkeeper PRs (though I'd be kind of surprised if there were).

I'm not too keen on removing package-lock.json, since it reduces the reproducibility of our builds. Matt B may end up doing tests on [email protected] and then we end up shipping with [email protected] which breaks something for users. That should be rare for patch-level updates, but it's always a possibility.

@m8ttyB, what do you think about the above?

jimporter avatar Feb 16 '18 03:02 jimporter

+1 to @jimporter's concern

m8ttyB avatar Feb 16 '18 15:02 m8ttyB