Skip to content

fix: keep package-lock.json version in sync on version bumps#22

Merged
larryjclai merged 1 commit into
mainfrom
fix/ai-lockfile-version-sync
Jul 15, 2026
Merged

fix: keep package-lock.json version in sync on version bumps#22
larryjclai merged 1 commit into
mainfrom
fix/ai-lockfile-version-sync

Conversation

@larryjclai

Copy link
Copy Markdown
Owner

scripts/version-bump.mjs bumped package.json, tauri.conf.json, Cargo.toml and Cargo.lock, but never package-lock.json. The lockfile therefore sat at 0.1.0-alpha.60 while package.json reached 0.1.0-alpha.62, and any fresh npm install (CI job or git worktree) rewrote its two version fields, producing a spurious diff that had to be reverted by hand.

Add bumpPackageLock() to the script, mirroring the existing bumpCargoLock() fix for the same class of drift on the Rust side. It edits the two version fields in place instead of shelling out to npm install --package-lock-only, which would re-resolve dependency ranges and risk churning unrelated entries into the bump commit.

Also bring package-lock.json up to 0.1.0-alpha.62 as a one-time correction (version fields only, no dependency changes), and update RELEASING.md, which still documented three files when the script already handled four.

RELEASING.md now also warns against npm version: "version" is registered as an npm script here, so npm's lifecycle hook would invoke it with no argument and abort the bump.

Verified: npm ci exits 0, and npm install no longer rewrites the lockfile.

摘要 / Summary

相關 Issue / Linked issue

檢查清單 / Checklist

  • 已簽署 CLA / Signed the CLA(首次開 PR 時 bot 會留言提示 / the bot will prompt on your first PR)
  • npm test 通過、npm run lint 無錯、npx tsc --noEmit 無錯、(碰到 Rust 時)npm run check:tauri 通過 / npm test, npm run lint, npx tsc --noEmit pass; npm run check:tauri when touching Rust
  • UI 文案經 copy.csv round-trip(npm run copy:export / npm run copy:import),未直接改 .tsx 字串 / UI copy went through the copy.csv round-trip, not hand-edited in .tsx
  • 無非預期的金融計算語意變更(correctness-first);必要時附測試 / No unintended changes to financial-calculation semantics (correctness-first); add tests when relevant
  • 未提交機密 / 個人財務資料 / 未遮蔽截圖 / No secrets, personal finance data, or unredacted screenshots committed

scripts/version-bump.mjs bumped package.json, tauri.conf.json, Cargo.toml
and Cargo.lock, but never package-lock.json. The lockfile therefore sat at
0.1.0-alpha.60 while package.json reached 0.1.0-alpha.62, and any fresh
`npm install` (CI job or git worktree) rewrote its two version fields,
producing a spurious diff that had to be reverted by hand.

Add bumpPackageLock() to the script, mirroring the existing bumpCargoLock()
fix for the same class of drift on the Rust side. It edits the two version
fields in place instead of shelling out to `npm install --package-lock-only`,
which would re-resolve dependency ranges and risk churning unrelated entries
into the bump commit.

Also bring package-lock.json up to 0.1.0-alpha.62 as a one-time correction
(version fields only, no dependency changes), and update RELEASING.md, which
still documented three files when the script already handled four.

RELEASING.md now also warns against `npm version`: "version" is registered as
an npm script here, so npm's lifecycle hook would invoke it with no argument
and abort the bump.

Verified: npm ci exits 0, and npm install no longer rewrites the lockfile.
@larryjclai larryjclai merged commit 2ba7190 into main Jul 15, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant