fix(release): --legacy-peer-deps when refreshing infra lockfiles#210
Merged
Conversation
The "Sync published workspace versions" step runs `npm install --package-lock-only` in each infra/*/ dir to refresh stale @bsv/* ranges after sync-versions. infra/message-box-server carries transitional lint devDeps with a peer conflict (eslint-plugin-react@7.37.x peers eslint <=9.7, but the package pins eslint 10), causing npm ERESOLVE and failing the release (also broke releases for #203 and #204). This step only regenerates the lockfile (--package-lock-only --ignore-scripts); no lint runs here, so accept the legacy peer resolution instead of failing the whole release on a dev-only graph. Deeper fix (realigning message-box-server's eslint/ts-standard stack) is a separate follow-up. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
This was referenced Jun 19, 2026
sirdeggen
added a commit
that referenced
this pull request
Jun 20, 2026
…--legacy-peer-deps from sync After the @bsv/sdk peerDependency refactor, infra apps that consume a peer-dep'd lib (e.g. chaintracks -> @bsv/wallet-toolbox) must record @bsv/sdk in their package-lock.json. The release sync-versions step refreshed infra lockfiles with --legacy-peer-deps, which drops peer deps, so `npm ci` in the Docker build failed: chaintracks: Missing: @bsv/sdk@2.1.6 from lock file message-box: Missing: openapi-types@12.1.3 from lock file - Regenerate both lockfiles peer-aware (node:20 npm, no --legacy-peer-deps); @bsv/sdk now present. Both Docker images build locally (linux/amd64). - Remove --legacy-peer-deps from the sync-versions infra refresh — it was added in #210 for a message-box eslint peer conflict that #212 already removed, and it now actively breaks peer-aware lockfiles. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



Problem
The Release workflow's
Sync published workspace versionsstep fails at the infra lockfile refresh:The step loops over
infra/*/runningnpm install --package-lock-only --ignore-scriptsto refresh@bsv/*ranges aftersync-versions.infra/message-box-servercarries transitional lint devDeps (eslint@^10alongsideeslint-plugin-react@^7.37.4+ts-standard@^12, whose plugin-react peer caps at eslint 9.7) →npmERESOLVE → whole release fails.This is pre-existing — the same step also failed the releases for #203 and #204. It is not specific to the PR that triggered this run.
Fix
Add
--legacy-peer-depsto thatnpm install --package-lock-onlystep. The step only regenerates lockfiles (no lint executes;--ignore-scripts), so accepting the legacy peer resolution for a dev-only dependency graph is appropriate and unblocks the release. Packages without peer conflicts are unaffected.Not done (out of scope)
infra/message-box-server's eslint/ts-standard stack (eslint 10 vs ts-standard 12 / eslint-plugin-react 7.37.x) — the real upstream mismatch; tracked as a follow-up.npm install→pnpm installformobile/clientdirs does not apply to this repo: there are nomobile/clientdirs, the failure is ERESOLVE (notEUNSUPPORTEDPROTOCOL), and infra components require npmpackage-lock.jsonfor their Dockernpm ci.🤖 Generated with Claude Code