search

aws-powertools / powertools-lambda-typescript

Powertools is a developer toolkit to implement Serverless best practices and increase developer velocity.
https://docs.powertools.aws.dev/lambda/typescript/latest/
MIT No Attribution
1.58k stars 139 forks source link

Maintenance: manually bump `@aws-cdk/cli-lib-alpha` #3117

Open dreamorosi opened 1 month ago

dreamorosi commented 1 month ago

Summary

While we use Dependabot for automatically updating our dependencies, the @aws-cdk/cli-lib-alpha is being excluded by the updates (example) despite being included in the config.

We should update the dependency manually until we find a solution.

Why is this needed?

With the other AWS CDK related dependencies moving forward with versions and this one being left behind, the integration tests fail.

We need to manually update so that we can continue running the tests.

Which area does this relate to?

Other

Solution

No response

Acknowledgment

Future readers

Please react with 👍 and your use case to help us understand customer demand.

github-actions[bot] commented 1 month ago

⚠️ COMMENT VISIBILITY WARNING ⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

dreamorosi commented 1 month ago

Reopening the issue to track remaining tasks on this area.

It's still unclear why exactly Dependabot is not seeing the version, but @sthulb who has investigated the issue suggests it might be related to it being a pre-release.

Dependabot seems to ignore the latest release when checking for updates as evidenced by the logs here:

image

Looking at the Dependabot repo, there seem to be at least two related issues, one of which is directly related to our case as it involves an AWS CDK package:

I have left a comment under both, hoping they would get some traction given that a high level exploration of the Dependabot codebase seems to imply this type of update should work.

Depending on whether this is a bug on Dependabot side, the root cause of the issue could be that the package is published using a pre-release suffix while being tagged as latest which might confuse the bot. We could explore the option of asking CDK to publish pre-releases with the correct tag (i.e. alpha) but before doing this we should try reproducing the issue with a dummy package and see if having a different tag with the same version pattern would fix the issue.

We have also left a comment under the RFC for the package on CDK side to see what's the progress on the package becoming stable, which might probably bypass the issue entirely.