Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grouped NPM/Yarn update deletes a Git submodule when the submodule is managed as a workspace #9018

Open
1 task done
whitphx opened this issue Feb 8, 2024 · 1 comment
Open
1 task done

Grouped NPM/Yarn update deletes a Git submodule when the submodule is managed as a workspace #9018

whitphx opened this issue Feb 8, 2024 · 1 comment
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR T: bug 🐞 Something isn't working

Comments

@whitphx
Copy link

whitphx commented Feb 8, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Package ecosystem

yarn

Package manager version

1.22.21

Language version

Node 20.11.0

Manifest location and content before the Dependabot update

$ find . -type d \( -name 'node_modules' -o -name '.venv' \) -prune -o -type f -name 'package.json' -print

./streamlit/frontend/app/package.json
./streamlit/frontend/package.json
./streamlit/frontend/lib/package.json
./streamlit/component-lib/package.json
./package.json
./packages/sharing-editor/package.json
./packages/sharing/package.json
./packages/sharing-common/package.json
./packages/desktop/package.json
./packages/mountable/package.json
./packages/vscode-stlite/package.json
./packages/common/package.json
./packages/common-react/package.json
./packages/kernel/package.json
  • These are managed as a Yarn workspace.
  • ./streamlit is a Git submodule.

dependabot.yml content

version: 2
updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "daily"
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "daily"
  - package-ecosystem: "pip"
    directory: "/packages/kernel/py/stlite-server"
    schedule:
      interval: "daily"

Updated dependency

Example: whitphx/stlite#719

Dependabot updates streamlit/frontend/lib/package.json which is in the submodule, but it leads to deleting the submodule and commit the streamlit/frontend/lib/package.json as a new file.

What you expected to see, versus what you actually saw

  • The best would be create two PRs: one is for the main repo and the other is for the submodule repo.
  • Another solution is to ignore the submodule.
  • Anyway, deleting the submodule should be stopped.

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response
@whitphx whitphx added the T: bug 🐞 Something isn't working label Feb 8, 2024
@jas88
Copy link

jas88 commented Mar 13, 2024

I'm seeing the same issue with .Net (Nuget) dependencies and a submodule - Dependabot is trying to update a Directories.Packages.props file in a submodule, and deleting the entire submodule to do it, e.g. HicServices/RdmpExtensions#93

@abdulapopoola abdulapopoola added the F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR label Apr 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F: grouped-updates 🎳 Relates to bumping more than one dependency in a single PR T: bug 🐞 Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jas88 @abdulapopoola @whitphx