depfu / feedback

🤔 Question, bugs and feedback for Depfu
https://depfu.com
MIT License
9 stars 4 forks source link

Yarn 2 Constraints Support #45

Open RuniBr opened 4 years ago

RuniBr commented 4 years ago

Opening this issues as we have a monorepo that uses Yarn 2 and its constraints feature and encountering compatibility issues with Depfu.

In short, constraints are essentially rules defined in a constraints.pro file at the root of the monorepo, which in our case are enforcing specific versions for certain dependencies throughout all workspaces in the repo. For example, one rule enforces that any workspace using typescript must also use version 3.9.5. We also run the command yarn constraints - which verifies all constraint rules are adhered to - as part of our CI pipeline, to prevent any PRs in violation of the constraints from being merged in.

As you may have already inferred, this becomes a problem as soon as Depfu tries updating any dependency with an associated constrain rule, as the constraint definition becomes "out of date" and the yarn constraints CI check consequently fails.

We have a workaround which is to pause all Depfu updates for the constrained dependencies. However, this necessitates manually managing those dependencies; although not a big deal, it would be much more favourable if Depfu was able to somehow support Yarn 2 constraints.

Perhaps Depfu could modify the version definition in constraints.pro in the same PR as the dependency update? This solution would, however, cause constraint violations if said dependency was only updated in a single workspace opposed to all relevant workspaces.

Being able to instruct Depfu to run yarn constraints --fix might be another potential solution, however, from personal experience that command does not seem very reliable as it doesn't always do anything.

Any thoughts/ideas?

theflow commented 2 years ago

Closing older issues