Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Codecov Results 📊Generated by Codecov Action |
node-overhead report 🧳Note: This is a synthetic benchmark with a minimal express app and does not necessarily reflect the real-world performance impact in an application.
|
# Conflicts: # lerna.json # package.json # yarn.lock
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
![sentry[bot]](https://avatars.githubusercontent.com/in/12637?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.
| } | ||
|
|
||
| const rootDir = path.join(__dirname, '..'); | ||
| const updatedCount = bumpVersions(rootDir, newVersion); |
There was a problem hiding this comment.
Version bump accepts invalid version strings
Low Severity
bump-version.js only checks that newVersion is present, not that it is a valid semver. Unlike lerna version, this allows malformed versions to be written into every workspace package.json and .version.json, leaving the repo in an invalid release state when bad input reaches scripts/craft-pre-release.sh.
Additional Locations (1)
There was a problem hiding this comment.
Kinda relevant. We just have to trust ourselves that we don't publish a version that is not compatible with semver
Lms24
left a comment
Lms24
left a comment
There was a problem hiding this comment.
Thanks! Couple of L comments but otherwise LGTM!
| job_check_lockfile: | ||
| name: Check lockfile | ||
| needs: [job_get_metadata] | ||
| timeout-minutes: 5 |
There was a problem hiding this comment.
l: Should we increase to 10 minutes? I think this is just on the edge of 5 minutes (at least it was in the last experimental release branch)
There was a problem hiding this comment.
l: I'm wondering if we should just remove build:types:watch. I don't think I ever used this. yarn build:dev:watch already crushes my machine. No strong feelings though.
| - '!**/*.js' | ||
| - '!**/*.ts' | ||
| # When versions are bumped on master (written by scripts/bump-version.js) | ||
| - '.version.json' |
There was a problem hiding this comment.
l: why did we remove the checks that no js or ts files were modified?
4 participants
lerna run→nx run-many). Lerna was already using Nx under the hood, so this removes the wrapper layer and uses Nx directly.lerna versionwith a customscripts/bump-version.jsfor release version bumping. The script replicateslerna version --force-publish --exact --no-git-tag-version --no-push– bumps all workspace package versions and updates internal dependency references to exact versions. Also added some unit tests.lerna.json,lernadevDependency) and addnxas a direct devDependency (22.5.0).job_check_lockfile) that runs in parallel with the build.yarn builddoesn't hang waiting for ESC..version.jsonas a single source of truth for the current version (this works well with triggering gitflow)CLAUDE.md,CONTRIBUTING.md,.cursor/rules) to reflect the migration.Closes #19340 (added automatically)