Fix npm package lockfile #2429
Merged
Fix npm package lockfile #2429
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
DavidBiddle
approved these changes
Dec 11, 2025
Contributor
DavidBiddle
left a comment
DavidBiddle
left a comment
There was a problem hiding this comment.
Nice! Runs for me locally without rrding the peer dependencies 🎉
There was a bug in npm v11.6.0 and prior that would mark dependencies as peer dependencies incorrectly (see npm/cli#8579). This was fixed in v11.6.1 (see the [npm changelog], but it seems that at some point our package lockfile was updated with incorrectly marked peer dependencies, and now when we run `npm install` on our machines with the latest version of npm it updates the package lockfile to remove the marks, leading to noise in git. This commit updates the package lockfile with the (hopefully) correct peer dependency marks. I don't think we need to worry about Dependabot changing things back, as looking at the logs of a [recent Dependabot run] it looks like that is now using npm v11.6.2. [npm changelog]: https://github.com/npm/cli/blob/latest/CHANGELOG.md#1161-2025-09-23 [recent Dependabot run]: https://github.com/alphagov/forms-runner/actions/runs/20049289324/job/57501554830
lfdebrux
force-pushed
the
ldeb-fix-package-lock-peer-true
branch
from
cdb5240 to
ea6cf14
Compare
|
|
🎉 A review copy of this PR has been deployed! You can reach it at: https://pr-2429.admin.review.forms.service.gov.uk/ It may take 5 minutes or so for the application to be fully deployed and working. If it still isn't ready For the sign in details and more information, see the review apps wiki page. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What problem does this pull request solve?
There was a bug in npm v11.6.0 and prior that would mark dependencies as peer dependencies incorrectly (see npm/cli#8579). This was fixed in v11.6.1 (see the npm changelog, but it seems that at some point our package lockfile was updated with incorrectly marked peer dependencies, and now when we run
npm installon our machines with the latest version of npm it updates the package lockfile to remove the marks, leading to noise in git.This commit updates the package lockfile with the (hopefully) correct peer dependency marks.
I don't think we need to worry about Dependabot changing things back, as looking at the logs of a recent Dependabot run it looks like that is now using npm v11.6.2.
Note
Note to devs: if you find your local machine adding
peer: trueto the package lockfiles (and not making any other changes), make sure to runnpm install -g npm@latestif running Node locally, and/ordocker compose build --no-cacheif using Docker Compose.Things to consider when reviewing