Open
Conversation
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-6760
Contributor
|
You'll want to do this @romaricpascal
I've tried it on my fork and it's all working No more automatically added or removed packages: Install steps for Linux and Windows all working:
|
govuk-design-system-ci
temporarily deployed
to
govuk-frontend-pr-6760
📋 StatsNo changes to any distributed file sizes! Action run for ef4ffcb |
The separation causes issues for Dependabot which hoists some dependencies, and leads to missing sub-dependencies in the `package-lock.json` (like `@octokit/core`), which cause npm 11.8.0 not to be able to run `npm ci`. Regrouping the `optionalDependencies` into `devDependencies` solves the issue with npm 11.8.0, and shouldn't have any adverse effect as we don't use `--omit=optional` anywhere I could see.
The strict version causes issues on GitHub CI when running on Windows, as we require a strict 11.6.2 version but the installed version is 11.8.0: - https://github.com/alphagov/govuk-frontend/actions/runs/22199182869/job/64207330184?pr=6756 - https://github.com/alphagov/govuk-frontend/actions/runs/22193376028/job/64187136429?pr=6755 The pinned version also did not match the minimum Node version as Node 24.11.0 installs with npm 11.6.1. We do want to [skip 11.6.3](#6455) which has issues with the `overrides` field of `package.json`
romaricpascal
force-pushed
the
relax-npm-version-requirement
branch
from
bdf4836 to
ef4ffcb
Compare
romaricpascal
changed the title
npmnpm@11.8.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Move
optionalDependenciesintodevDependenciesas it leads to sub-dependencies of theoptionalDependenciesnot to be listed insidepackage.json, which makesnpm@11.8.0unable to runnpm ci.This should also help with Dependabot hoisting some optional dependencies in the
package-lock.jsonfile.Also tidies up the required versions in our
enginesfield ofpackage.jsonto keep a wide range of version available to facilitate contribution.Why
We had a couple of CI fails from Dependabot updates:
These updates try to install our project using
npm@11.8.0where ourenginesfieldin
package.jsonspecifiesnpm@11.6.2(as an exact version).PRs not updating
package.jsonandpackage-lock.jsonseem unaffected (for now), so benefit from the cached dependencies on CI.Thanks @colinrotherham for pointing out that freezing the version numbers wasn't a good idea and pointing me in the right direction for the fix.