Skip to content

[tools] Capture unquoted pnpm catalog keys in dependabot changeset generator#14646

Merged
penalosa merged 2 commits into
mainfrom
fix/dependabot-changeset-unquoted-catalog-keys
Jul 10, 2026
Merged

[tools] Capture unquoted pnpm catalog keys in dependabot changeset generator#14646
penalosa merged 2 commits into
mainfrom
fix/dependabot-changeset-unquoted-catalog-keys

Conversation

@penalosa

Copy link
Copy Markdown
Contributor

Describe your change...

Fixes the Dependabot changeset generator (tools/dependabot/generate-dependabot-pr-changesets.ts) dropping workerd from the auto-generated changelog.

The parseDiffForChanges() regex required dependency keys to be quoted (JSON style). In the pnpm-workspace.yaml catalog, "@cloudflare/workers-types" is a quoted YAML key but workerd is an unquoted YAML key, so it was silently skipped. This normally went unnoticed because Dependabot also bumps the quoted "workerd" pins in packages/miniflare/package.json, so workerd got captured from there — but in #14642 Dependabot bumped workerd only in the catalog, so it was missing from the generated changeset entirely.

The regex now treats the quotes around the key as optional, capturing both "workerd": "1.2.3" (JSON) and workerd: "1.2.3" (unquoted YAML).


  • Tests
    • Tests included/updated
    • Automated tests not possible - manual testing has been completed as follows:
    • Additional testing not necessary because:
  • Public documentation
    • Cloudflare docs PR(s):
    • Documentation not necessary because: internal build tooling change with no user-facing surface

@changeset-bot

changeset-bot Bot commented Jul 10, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 0b9c121

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-project-automation github-project-automation Bot moved this to Untriaged in workers-sdk Jul 10, 2026
@penalosa penalosa marked this pull request as ready for review July 10, 2026 12:07
@penalosa penalosa added the ci:no-changeset-required Skip pull request checks for a valid changeset label Jul 10, 2026
@workers-devprod workers-devprod requested review from a team and edmundhung and removed request for a team July 10, 2026 12:07
@workers-devprod

workers-devprod commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

Codeowners approval required for this PR:

  • ✅ @cloudflare/wrangler
Show detailed file reviewers

@ask-bonk

ask-bonk Bot commented Jul 10, 2026

Copy link
Copy Markdown
Contributor

The lazy quantifier works correctly here because the required "?:\s" anchor forces the match to extend to the actual colon+space+quote delimiter. The regex is correct for all realistic inputs.

My review findings:

  • The regex change correctly makes the key quotes optional and captures both JSON and unquoted YAML catalog keys.
  • The character class [^":]+? properly excludes quotes and colons, preventing false matches on diff headers.
  • Values containing colons (npm aliases, git URLs) still parse correctly.
  • The tests directly reproduce the reported bug (Bump the workerd-and-workers-types group across 1 directory with 2 updates #14642) and the merge-consistency scenario.
  • The regex change is minimal and well-commented.

One minor consideration: the PR body notes "Documentation not necessary — internal build tooling change" and the change is to a tools/ file, so no changeset is required (matches the no-changeset-required convention). This is consistent with the changeset-bot warning being acceptable.

I found no logic bugs, security issues, or behavioral regressions.

LGTM

github run

@pkg-pr-new

pkg-pr-new Bot commented Jul 10, 2026

Copy link
Copy Markdown
@cloudflare/autoconfig

npm i https://pkg.pr.new/@cloudflare/autoconfig@14646

create-cloudflare

npm i https://pkg.pr.new/create-cloudflare@14646

@cloudflare/deploy-helpers

npm i https://pkg.pr.new/@cloudflare/deploy-helpers@14646

@cloudflare/kv-asset-handler

npm i https://pkg.pr.new/@cloudflare/kv-asset-handler@14646

miniflare

npm i https://pkg.pr.new/miniflare@14646

@cloudflare/pages-shared

npm i https://pkg.pr.new/@cloudflare/pages-shared@14646

@cloudflare/unenv-preset

npm i https://pkg.pr.new/@cloudflare/unenv-preset@14646

@cloudflare/vite-plugin

npm i https://pkg.pr.new/@cloudflare/vite-plugin@14646

@cloudflare/vitest-pool-workers

npm i https://pkg.pr.new/@cloudflare/vitest-pool-workers@14646

@cloudflare/workers-auth

npm i https://pkg.pr.new/@cloudflare/workers-auth@14646

@cloudflare/workers-editor-shared

npm i https://pkg.pr.new/@cloudflare/workers-editor-shared@14646

@cloudflare/workers-utils

npm i https://pkg.pr.new/@cloudflare/workers-utils@14646

wrangler

npm i https://pkg.pr.new/wrangler@14646

commit: 0b9c121

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no potential bugs to report.

View in Devin Review to see 1 additional finding.

Open in Devin Review

@workers-devprod workers-devprod left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Codeowners reviews satisfied

@github-project-automation github-project-automation Bot moved this from Untriaged to Approved in workers-sdk Jul 10, 2026
@penalosa penalosa force-pushed the fix/dependabot-changeset-unquoted-catalog-keys branch from 16e03d3 to 7c2b61b Compare July 10, 2026 12:32
@penalosa penalosa enabled auto-merge (squash) July 10, 2026 12:32
@penalosa penalosa disabled auto-merge July 10, 2026 13:24
@penalosa penalosa force-pushed the fix/dependabot-changeset-unquoted-catalog-keys branch from 7c2b61b to 0b9c121 Compare July 10, 2026 13:25
@penalosa penalosa merged commit 13c194b into main Jul 10, 2026
56 checks passed
@penalosa penalosa deleted the fix/dependabot-changeset-unquoted-catalog-keys branch July 10, 2026 13:38
@github-project-automation github-project-automation Bot moved this from Approved to Done in workers-sdk Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

ci:no-changeset-required Skip pull request checks for a valid changeset

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

4 participants