Page MenuHomePhabricator
Create Task
Maniphest T352585

Pin all packages to exact versions
Closed, ResolvedPublic2 Estimated Story Points
Actions

Description

After dealing with some annoying side-effects as part of T340590 (including a minor SVGO patch update that leads to hundreds of new SVG files getting built as part of npm run test due to a small change in compression approach), I think we should adopt a strict versioning policy in regard to dependencies.

We should lock all packages that Codex depends on to exact versions, and periodically go in and update them (perhaps once per quarter).

In a perfect world this would not be necessary, but too much of the Node ecosystem sees semver as a polite suggestion as opposed to a mandate – we don't want to inflict these changes on our own users without clearly understanding each one.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Update Codex from v1.2.1 to v1.3.0mediawiki/coremaster+10 K -10 K
build: Pin dependencies to exact versionsdesign/codexmain+3 K -4 K
Customize query in gerrit

Related Objects

Event Timeline

egardner created this task.Dec 2 2023, 12:52 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 2 2023, 12:52 AM
Catrope renamed this task from Pin all packges to exact versions to Pin all packages to exact versions.Dec 2 2023, 1:01 AM
Volker_E added a project: Codex.Dec 5 2023, 10:38 AM
Volker_E mentioned this in T352765: Upgrade SVGO build dependency to 3.0.5.Dec 5 2023, 1:34 PM
CCiufo-WMF moved this task from Up Next to 2024 Quiet Week on the Design-System-Team board.Dec 11 2023, 7:24 PM
AnneT triaged this task as Low priority.Jan 8 2024, 6:55 PM
AnneT set the point value for this task to 2.
AnneT moved this task from 2024 Quiet Week to DST-Sprint-14 (2024-01-08 to 2024-01-19) on the Design-System-Team board.
AnneT edited projects, added Design-System-Team (DST-Sprint-14 (2024-01-08 to 2024-01-19)); removed Design-System-Team.
gerritbot added a comment.Jan 12 2024, 5:06 PM

Change 990150 had a related patch set uploaded (by VolkerE; author: VolkerE):

[design/codex@main] build: Pin dependencies to exact versions

https://gerrit.wikimedia.org/r/990150

gerritbot added a project: Patch-For-Review.Jan 12 2024, 5:06 PM
Volker_E claimed this task.Jan 12 2024, 5:11 PM
Volker_E moved this task from Committed to Code Review on the Design-System-Team (DST-Sprint-14 (2024-01-08 to 2024-01-19)) board.
Catrope moved this task from Code Review to Pending Release on the Design-System-Team (DST-Sprint-14 (2024-01-08 to 2024-01-19)) board.Jan 17 2024, 12:26 AM
gerritbot added a comment.Jan 17 2024, 12:37 AM

Change 990150 merged by jenkins-bot:

[design/codex@main] build: Pin dependencies to exact versions

https://gerrit.wikimedia.org/r/990150

Volker_E removed a project: Patch-For-Review.Jan 17 2024, 12:56 AM
gerritbot added a comment.Jan 23 2024, 9:22 PM

Change 992533 had a related patch set uploaded (by Eric Gardner; author: Eric Gardner):

[mediawiki/core@master] Update Codex from v1.2.1 to v1.3.0

https://gerrit.wikimedia.org/r/992533

gerritbot added a project: Patch-For-Review.Jan 23 2024, 9:22 PM
gerritbot added a comment.Jan 23 2024, 11:16 PM

Change 992533 merged by jenkins-bot:

[mediawiki/core@master] Update Codex from v1.2.1 to v1.3.0

https://gerrit.wikimedia.org/r/992533

egardner closed this task as Resolved.Jan 23 2024, 11:25 PM
Maintenance_bot removed a project: Patch-For-Review.Jan 23 2024, 11:32 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits