Bump rc-tree from 5.4.3 to 5.7.0 #4528
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
|
I've enabled yarn berry support on this repo, so if you comment with It's not quite clear to me why this is happening, but it occurs while dependabot runs I am not able to reproduce the issue locally on my mac, but in the image that runs Dependabot I get it consistently when running any yarn command in the repo in question. Next I tried reproducing it in a clean node image: So it seems the issue may be related to running yarn on linux for this project? Could it be related to one of the plugins maybe? |
|
Thanks for the detailed writeup. I followed your docker instructions and confirmed I saw the same error. It is indeed the plugins which are also stored with lfs. Do I understand correctly that the container that dependabot runs in does not have git lfs installed? There is an in-progress PR to automatically install missing plugins during How are you handling this for other repos? Or are we alone in tracking these plugin files via lfs? Will dependabot remain enabled for this repo? We can explore moving these files to regular git tracking and try asking dependabot to recreate this PR. |
Yeah that's right
I've not seen it before, we see it used for storing large blobs but those are basically never relevant for the dependency updating process. Some background context on this is that prior to yarn berry support, for npm and yarn projects, dependabot would just pull in the The usage of LFS in this case seems a bit out of the ordinary to me, but maybe it's a trend that I've just not seen before? We can enable it, but it would mean having to pull in large files that are most likely not going to be relevant, I think we can only pull all of it in or nothing, so we risk doing unnecessary work that slows down updates 🤔
Up to you, I'm absolutely fine keeping it on for as long as is helpful for y'all 👍 |
It does seem like it's possible to tell lfs to only pull specific files (i.e. things under |
👍 It's definitely helpful for us and we will keep iterating until we get dependabot working. Thank you! |
|
This seems to work: |
For some context on why we do this. These plugin files (like the yarn script itself) are typically bundled/built/minified javascript sources. The git diff on these is meaningless for review much like a diff for binary files so there's no value in to us in storing them in a way that makes them diff-able. While LFS was originally developed as a large file store we have historically used it for binary or compiled files - anywhere where the diff is meaningless and we just need to store the file content. We currently have 4 plugins. These are their on-disk sizes:
So while some are relatively small, you can see that others are not and when we pull in a new version of the larger ones we don't care about storing a diff of them in our history (which similarly bloats the git clone of the repo). |
|
Yeah I can definitely understand the thought behind this, but it doesn't really play nice with our tooling at the moment. You could consider using gitattributes to hide the diffs by default, but it doesn't help with the repo size. |
|
I've proposed a change to dependabot-core that would run |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
7 similar comments
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting |
|
@dependabot recreate |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/rc-tree-5.7.0
branch
from
48ae9c9
to
5eb6e34
Compare
|
@jurre This has gotten a lot further! ❤️🔥 🎉 |
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/rc-tree-5.7.0
branch
from
5eb6e34
to
1f0d577
Compare
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/rc-tree-5.7.0
branch
from
1f0d577
to
dd83667
Compare
|
@dependabot rebase |
Bumps [rc-tree](https://github.com/react-component/tree) from 5.4.3 to 5.7.0. - [Release notes](https://github.com/react-component/tree/releases) - [Changelog](https://github.com/react-component/tree/blob/master/CHANGELOG.md) - [Commits](react-component/tree@v5.4.3...v5.7.0) --- updated-dependencies: - dependency-name: rc-tree dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/rc-tree-5.7.0
branch
from
dd83667
to
5f03462
Compare
Bumps rc-tree from 5.4.3 to 5.7.0.
Release notes
Sourced from rc-tree's releases.
... (truncated)
Commits
5635072v5.7.0953d96dRevert "Revert "fix: disabled draggable node should have draggable className ...a486403v5.6.9654edb7Revert "fix: disabled draggable node should have draggable className (#632)"b2d382dv5.6.84c3f962v5.6.7bdfe4b2fix: disabled draggable node should have draggable className (#632)63644b4type: add id prop (#627)41721d8chore(deps-dev): bump@umijs/fabricfrom 2.12.2 to 3.0.0 (#612)2ed2c095.6.6Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)