Set Renovate rangeStrategy to bump#261
Merged
Merged
Conversation
The default rangeStrategy ("auto") leaves package.json ranges untouched
when a new version is still within range, updating only the lockfiles.
That rewrote lockfile entries (e.g. prettier@^3.8.4, react@^19.2.7) to
specs that no longer matched the package.json constraints (^3.2.5,
^19.0.0), so `yarn install --frozen-lockfile` failed and broke the
build on every such Renovate PR (#251, #257).
Setting rangeStrategy to "bump" makes Renovate bump the package.json
range to the new version and regenerate the lockfiles together, keeping
the manifest and lockfiles consistent.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ryandens
force-pushed
the
fix/renovate-range-strategy
branch
from
5388b4e to
24f669e
Compare
bdoyal
approved these changes
Jun 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Renovate has been opening dependency PRs that break the build. The default
rangeStrategy("auto", viaconfig:recommended) leavespackage.jsonversion ranges untouched whenever the new version is still within the existing range — it only updates the lockfiles. But it rewrote the lockfile entries to new specs (e.g.prettier@^3.8.4,react@^19.2.7) that no longer matched thepackage.jsonconstraints (^3.2.5,^19.0.0).The result:
yarn install --frozen-lockfile(in thetest-deployCI job) couldn't find a lockfile entry matching the declared constraint and failed → build broken. This bit #257 (prettier) and #251 (react monorepo), each of which had to be fixed by hand.Fix
Set
"rangeStrategy": "bump". Renovate now bumps thepackage.jsonrange to the new version and regenerates the lockfiles together, keeping the manifest and lockfiles consistent — the same thing we were doing manually.Note (follow-up, not in this PR)
The repo carries both
yarn.lockandpackage-lock.json; CI only uses yarn. The redundantpackage-lock.jsonis extra surface for these desyncs. Worth removing in a separate change so only one lockfile is maintained.