fix(ci): refresh lockfile for the new shared-auth lib #207
Reference in New Issue
Block a user
Delete Branch "fix/ci-lockfile-shared-auth"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
The auth-catalogue skeleton PR (#206) added
libs/shared/auth/with three dev dependencies (tslib,vitest,@nx/vite) in the new lib'spackage.jsonbut did not refreshpnpm-lock.yaml. As a result the post-mergepnpm install --frozen-lockfilestep in CI onmainfails with:Running
pnpm installlocally adds the missingimporters["libs/shared/auth"]block. No other dependency moves — every other version is pinned to whatmainalready resolved.What lands
pnpm-lock.yamlimporters["libs/shared/auth"]entry with the three deps resolved totslib@2.8.1,vitest@4.1.6,@nx/vite@22.7.2— same versions as the otherlibs/shared/*libs already use.Notes for the reviewer
pnpm-lock.yamlafterpnpm installhad refreshed it locally during the work. The lockfile delta should have been part of #206 but was missed at commit time. Post-merge CI onmainis the first run that exercises a clean--frozen-lockfileagainst the merged tree, which is when the gap shows.main. A separate small fix-up PR is cleaner than re-opening the merged history.pnpm installand stage the lockfile alongside the source. A future drift-gate (mentioned in ADR-0025 §"Confirmation" for catalogue drift) could be extended to also assert lockfile-vs-package-json alignment, but that's out of scope for this fix.Test plan
pnpm install --frozen-lockfilesucceeds locally on this branch.mainruns through the install step cleanly.