Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Overrides are not reflected in deps.json causing renovate trying to update those

See original GitHub issue

Currently there’s 3 overrides in our constructs:

  "overrides": {
    "@types/responselike": "1.0.0",
    "got": "12.3.1",
    "@types/prettier": "2.6.0"
  },

When renovate runs, it tries to offer updated for those, which causes failure as projen run would revert versions (and we check in pipeline that code is not mutated).

upgrade task seems to be ignoring overrides, but Renovate doesn’t.

Not sure which one works incorrectly, as at least in Renovate support to overrides was explicitly added: https://github.com/renovatebot/renovate/issues/15278.

Expected result

Renovate should ignore overrides, or at least offer flag to ignore those.

As versions are not in .projen/deps.json, some additional logic is needed.

Issue Analytics

State:
Created a year ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

Hi-Ficommented, Sep 26, 2022

Those overrides are on normal CDK construct, so something that’s not explicitly added. Those are also internal, so CIs are not on GitHub that would be easy option for Projen project. That’s also one reason why Renovate is in use. Other is that same mechanism for dependency maintenance is used on applications and constructs.

Renovate is quite similar to dependabot, but offers some nice additions to it like grouping of dependencies to same PR.

Handling of those overrides was added to Renovate last May, so I doubt that handling of those is not going to be removed.

So for the options I don’t see any of those work, and actually started to check the projen code how those overrides could be got to renovate’s ignore list like now packages with defined versions (by projen) are.

0reactions

mrgraincommented, Sep 26, 2022

My bad @Hi-Fi I wasn’t aware Renovate Bot is supported in projen 🤯

Thanks for finding this and for working on the PR!

Top Results From Across the Web

[BUG] Overrides are not updating after running npm install

I'm seeing this issue on 8.5.5 currently; removing node_modules and package-lock.json and doing npm install does install the overridden ...

Configuration Options - Renovate Docs

Constraints are used in package managers which use third-party tools to update "artifacts" like lock files or checksum files. Typically, the constraint is ......

Renovate: Dependency updates on steroids - LogRocket Blog

This article addresses an important issue in software development projects: keeping dependencies up to date. Updating dependencies closes ...

What is deps.json, and how do I make it use relative paths?

MyApp.deps.json is a list of dependencies, as well as compilation context data and compilation dependencies. Not technically required ...

NuGet Package Dependency Resolution - Microsoft Learn

Details on the process through which a NuGet package's dependencies are resolved and installed in both NuGet 2.x and NuGet 3.x+.