Conversation
- Run checks across all workspace members (apps/*, benchmarks/*, packages/*, playground) - For packages/*: only enforce pinned dev dependencies - For apps/*, benchmarks/*, playground, and workspace root: enforce all dependencies are pinned Co-authored-by: Gabriel Miranda <gabrielmfern@outlook.com>
|
Cursor Agent can help with this pull request. Just |
|
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
2 issues found across 1 file
Confidence score: 3/5
- There is some risk here:
scripts/check-dependency-versions.tscurrently swallowsreadFileandreaddirerrors beyondENOENT, which could let dependency checks silently pass on real failures. - The impact is user-facing in CI/validation—unexpected filesystem errors would be ignored instead of failing fast, so regressions could slip through.
- Pay close attention to
scripts/check-dependency-versions.ts- ensure onlyENOENTis ignored and other errors are surfaced.
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="scripts/check-dependency-versions.ts">
<violation number="1" location="scripts/check-dependency-versions.ts:32">
P2: Do not swallow all `readFile` errors; only ignore missing files (`ENOENT`) and rethrow other failures so dependency checks cannot silently pass.</violation>
<violation number="2" location="scripts/check-dependency-versions.ts:58">
P2: Avoid treating all `readdir` failures as empty directories; only ignore `ENOENT` when intentional and rethrow other errors.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
- apps/web: pin @react-three/drei, @react-three/fiber, lucide-react, three to exact versions - packages/preview-server: pin cross-env and rimraf to exact versions - scripts/check-dependency-versions.ts: fix biome formatting Co-authored-by: Gabriel Miranda <gabrielmfern@outlook.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
- Regenerate pnpm-lock.yaml to match exact specifiers for cross-env and rimraf - Only swallow ENOENT errors in readFile/readdir; rethrow all other errors Co-authored-by: Gabriel Miranda <gabrielmfern@outlook.com>
commit: |
2 participants
Checklist: Misc/Chore
<type>(<scope>): <Message>Description
This PR refines the
check-dependency-versionsscript to apply more targeted dependency pinning rules across the monorepo.Why:
The previous check was not granular enough for a monorepo structure. This update ensures:
apps/*,benchmarks/*, andplayground: BothdependenciesanddevDependenciesare strictly pinned to ensure consistent and stable builds for applications and the root.packages/*: OnlydevDependenciesare checked for pinning. Production dependencies in publishable library packages are intentionally left flexible, as they are typically peer dependencies or consumed via catalog references, allowing consumers to define their versions.This change improves the relevance and effectiveness of the dependency pinning check, already identifying existing unpinned dependencies that require attention.
Slack Thread
Summary by cubic
Expand monorepo dependency pinning with scoped rules (root,
apps/*,benchmarks/*,playground: all deps;packages/*: onlydevDependencies) and stricter CI. Pinned@react-three/drei,@react-three/fiber,lucide-react,three,cross-env, andrimraf, improved check error handling and messages, and updated the lockfile.workspace:,catalog:,npm:, or exact SemVer (e.g., 1.2.3 or 1.2.3-beta.1).Written for commit 73a2e82. Summary will update on new commits.