chore: Prep for dependabot #242

seebees · 2020-02-09T16:45:19Z

lerna link convert

This links all the packages to the root
and removed the need for lerna bootstrap
This moves all the devDependencies from the individual
package.json files to the root,
and links the internal modules together.
This does make things complicated
for integration-browser and integration-node
because these files compile the TS to JS for a CLI.
But this JS file does not exists because it is build from the Typescript.
So there is a chicken/egg situation where the file needs to exists to be installed,
but the file needs to be built.
I added a hack to touch the file when the monorepo is built.

This should help with dependabot PRs
as well as making npm audit just work.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Check any applicable:

Were any files moved? Moving files changes their URL, which breaks all hyperlinks to the files.

`lerna link convert` This links all the packages to the root and removed the need for `lerna bootstrap` This moves all the `devDependencies` from the individual `package.json` files to the root, and links the internal modules together. This does make things complicated for `integration-browser` and `integration-node` because these files compile the TS to JS for a CLI. But this JS file does not exists because it is build from the Typescript. So there is a chicken/egg situation where the file needs to exists to be installed, but the file needs to be built. I added a hack to `touch` the file when the monorepo is built. This should help with dependabot PRs as well as making `npm audit` just work.

This is an explicit update to versions. Additionally all sub modules package-lock.json files are removed. When `lerna link` was run, in aws#242 all modules were linked together at the root. This means that the root package-lock.json file is responsible for all sub modules state. Lerna does not maintain the state on these modules package-lock.json anymore. So this information is redundant. Finaly, update `local_verdaccio_publish` to not reset package-lock.json files as they do not exist.

This is an explicit update to versions. Additionally all sub modules package-lock.json files are removed. When `lerna link` was run, in aws#242 all modules were linked together at the root. This means that the root package-lock.json file is responsible for all sub modules state. Lerna does not maintain the state on these modules package-lock.json anymore. So this information is redundant. Finally, update `local_verdaccio_publish` to not reset package-lock.json files as they do not exist.

This is an explicit update to versions. Additionally all sub modules package-lock.json files are removed. When `lerna link` was run, in #242 all modules were linked together at the root. This means that the root package-lock.json file is responsible for all sub modules state. Lerna does not maintain the state on these modules package-lock.json anymore. So this information is redundant. Finally, update `local_verdaccio_publish` to not reset package-lock.json files as they do not exist.

seebees requested a review from a team February 14, 2020 23:43

scottarc approved these changes Feb 17, 2020

View reviewed changes

Merge branch 'master' into dependabot

4e96b90

seebees merged commit 4d8974c into aws:master Feb 18, 2020

seebees deleted the dependabot branch February 18, 2020 02:06

seebees mentioned this pull request Apr 1, 2020

Update tests for dependencies #285

Merged

1 task

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore: Prep for dependabot #242

chore: Prep for dependabot #242

Uh oh!

seebees commented Feb 9, 2020

Uh oh!

Uh oh!

chore: Prep for dependabot #242

chore: Prep for dependabot #242

Uh oh!

Conversation

seebees commented Feb 9, 2020

Check any applicable:

Uh oh!

Uh oh!