ci: fix next release exact version

[alexandre-abrioux-rf]

Context

Prereleases currently contain version attributes like so in their package.json file (see example):

"dependencies": {
    "@requestnetwork/advanced-logic": "^0.54.1-next.99afa915.0",
    "@requestnetwork/currency": "^0.28.1-next.99afa915.0",
    "@requestnetwork/data-access": "^0.45.1-next.99afa915.0",
    ...

Issue

Package managers do not correctly update transitive dependencies when bumping from one prerelease to another, as only the hash changes, but the semantic versioning (semver) part remains the same.

Change

Prerelease versions should contain exact attributes like so:

"dependencies": {
    "@requestnetwork/advanced-logic": "0.54.1-next.99afa915.0",
    "@requestnetwork/currency": "0.28.1-next.99afa915.0",
    "@requestnetwork/data-access": "0.45.1-next.99afa915.0",
    ...

Summary by CodeRabbit

• Chores
  • Updated pre-release publishing scripts to include exact version matching configuration for improved release consistency.

[coderabbitai]

Walkthrough

Two npm scripts in package.json were updated to include the --exact flag. The publish-manual-prerelease script now places --exact before --dist-tag next, while publish-prerelease adds --exact while preserving existing --yes and --force-publish arguments.

Changes

Cohort / File(s)	Change Summary
NPM publish script updates package.json	Added --exact flag to publish-manual-prerelease and publish-prerelease scripts to enforce exact version specifications during Lerna publish operations

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

• Minimal surface area: single file with script flag additions
• No logic changes, testing requirements, or functional impact
• Straightforward verification needed: confirm flag placement and syntax correctness

Possibly related PRs

• ci: fix next-release #1576: Modifies the same publish-manual-prerelease and publish-prerelease scripts in package.json
• fix: prerelease command #1532: Updates identical npm publish scripts in package.json with related Lerna configuration changes
• ci: fix next-release with git tag #1577: Alters Lerna publish flags and arguments in the same package.json scripts

Suggested reviewers

• kevindavee
• yomarion
• leoslr
• rodrigopavezi
• aimensahnoun

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: adding the --exact flag to publish scripts for prerelease versions, which directly relates to the core objective of fixing how prerelease versions are specified.
Description check	✅ Passed	The description provides comprehensive context, explains the issue with current prerelease dependencies, and clearly articulates the solution with concrete examples of before and after.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch next-exact

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 99afa91 and 2406dcc.

📒 Files selected for processing (1)

• package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (5)

📓 Common learnings

Learnt from: giorgi-kiknavelidze
Repo: RequestNetwork/requestNetwork PR: 1482
File: packages/payment-processor/package.json:42-42
Timestamp: 2024-11-04T12:18:12.407Z
Learning: In the RequestNetwork project, dependencies in `package.json` files are pinned to exact versions to prevent unexpected breakages with examples. Therefore, caret version ranges (e.g., `^0.0.167`) should not be suggested.

Learnt from: rodrigopavezi
Repo: RequestNetwork/requestNetwork PR: 1475
File: packages/epk-cypher/package.json:49-67
Timestamp: 2024-11-18T12:33:47.986Z
Learning: In the `packages/epk-cypher/package.json` file, avoid suggesting updates to development dependencies unless essential, as the maintainer prefers to prevent potential instability.

Learnt from: rodrigopavezi
Repo: RequestNetwork/requestNetwork PR: 1512
File: package.json:34-37
Timestamp: 2024-12-06T12:36:30.969Z
Learning: In the `package.json` scripts, the team prefers to use shell commands for the `link` and `unlink` scripts (e.g., `for d in packages/*; do cd $d; yarn link; cd -; done`) and opts not to replace them with Node.js scripts for cross-platform compatibility.

📚 Learning: 2024-11-18T12:33:47.986Z

Learnt from: rodrigopavezi
Repo: RequestNetwork/requestNetwork PR: 1475
File: packages/epk-cypher/package.json:49-67
Timestamp: 2024-11-18T12:33:47.986Z
Learning: In the `packages/epk-cypher/package.json` file, avoid suggesting updates to development dependencies unless essential, as the maintainer prefers to prevent potential instability.

Applied to files:

• package.json

📚 Learning: 2024-12-06T12:36:30.969Z

Learnt from: rodrigopavezi
Repo: RequestNetwork/requestNetwork PR: 1512
File: package.json:34-37
Timestamp: 2024-12-06T12:36:30.969Z
Learning: In the `package.json` scripts, the team prefers to use shell commands for the `link` and `unlink` scripts (e.g., `for d in packages/*; do cd $d; yarn link; cd -; done`) and opts not to replace them with Node.js scripts for cross-platform compatibility.

Applied to files:

• package.json

📚 Learning: 2024-11-01T18:40:38.306Z

Learnt from: MantisClone
Repo: RequestNetwork/requestNetwork PR: 1481
File: packages/request-client.js/package.json:57-57
Timestamp: 2024-11-01T18:40:38.306Z
Learning: In the Request Network codebase (a Lerna monorepo), the `yarn.lock` file is located at the root of the repository, outside the individual package directories.

Applied to files:

• package.json

📚 Learning: 2024-11-04T12:18:18.615Z

Learnt from: giorgi-kiknavelidze
Repo: RequestNetwork/requestNetwork PR: 1482
File: packages/usage-examples/package.json:42-42
Timestamp: 2024-11-04T12:18:18.615Z
Learning: In the RequestNetwork project, the `dotenv` package version is maintained at `10.0.0` across packages, including `packages/smart-contracts/package.json`, to ensure consistency.

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-and-test

🔇 Additional comments (1)

package.json (1)

29-30: LGTM! Changes correctly implement the PR objective.

Both prerelease publishing scripts now include the --exact flag, ensuring dependencies are published with exact versions rather than caret-prefixed ranges. This aligns with:

• The PR intent to fix transitive dependency updates for prerelease versions
• The project's preference for exact version pinning (as per team learnings)
• The existing pattern in the publish-npm script (line 28)

The flag placement and command structure look correct, and all other script arguments are preserved.

Can you confirm that the --exact flag behavior in lerna works as intended—that it will force exact version specifications in the published package.json files (e.g., "0.54.1-next.99afa915.0" instead of "^0.54.1-next.99afa915.0")? This would be worth verifying against the lerna documentation or testing in a prerelease run.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}