Should not overwrite `workspace:*` when release ( pnpm workspace )

[zigang93]

Pre-Checks

• Follow our Code of Conduct.
• Read the Contributing Guidelines.
• Check that there isn't already an issue that reports the same bug to avoid creating a duplicate.
• Make sure this is a semantic-release issue and not related to a combination with another package.
• Check that this is a concrete bug. For Q&A open a GitHub Discussion.
• The provided reproduction is a minimal reproducible example of the bug.
• I am willing to provide a PR.

Describe the bug

I wonder how to prevent overwrite workspace:*?

example:
package-a ( v1.0.0 )

app's package.json after release
"package-a": "workspace:*" to "package-a": "1.0.0"

Minimal reproduction code

No response

Additional Context

No response

Environment Info

System:
    OS: macOS 14.5
    CPU: (8) arm64 Apple M1
    Memory: 41.81 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 20.9.0 - ~/.nvm/versions/node/v20.9.0/bin/node
    npm: 10.1.0 - ~/.nvm/versions/node/v20.9.0/bin/npm
    pnpm: 9.1.1 - ~/.nvm/versions/node/v20.9.0/bin/pnpm
    bun: 1.0.25 - /opt/homebrew/bin/bun
  Browsers:
    Chrome: 126.0.6478.61
    Safari: 17.5
  npmPackages:
    @anolilab/multi-semantic-release: ^1.1.3 => 1.1.3 
    @anolilab/semantic-release-pnpm: ^1.1.3 => 1.1.3

Which module system do you use?

• CJS
• ESM

Used Package Manager

pnpm

[github-actions]

It looks like this is your first issue. Welcome! 👋 One of the project maintainers will be with you as soon as possible. We appreciate your patience. To safeguard the health of the project, please take a moment to read our code of conduct.

[prisis]

Hey @zigang93, this not really possible, the npm registry needs this version information to know how to handle npm packages dependencies.

One "maybe" working way would be that you could add a new step after semantic-release that rewrites the version that was add before the "semantic-release-git" do a push to your repo back.

Or you can use the pnpm overwrite in you root package.json to make this overwrite so this will work like the "workspace:*" in you packages

Example:

    "pnpm": {
        "overrides": {
            "@visulima/pail": "workspace:*",
        },
    },

ref qiwi/multi-semantic-release#95

[zigang93]

@prisis I don't care about npm register to publish, all my app/package is private. how can I just do some patch? can u help me which line of code to stop this behavior? I can use pnpm patch to do so

[prisis]

Hey :), it should be around this function

semantic-release/packages/multi-semantic-release/lib/update-deps.js

Lines 70 to 89 in 173e5c6

	const bumpDependency = (scope, name, nextVersion) => {
	// eslint-disable-next-line security/detect-object-injection
	const currentVersion = scope[name];
	if (!nextVersion || !currentVersion) {
	return false;
	}
	// eslint-disable-next-line no-use-before-define
	const resolvedVersion = resolveNextVersion(currentVersion, nextVersion, bumpStrategy, prefix);
	if (currentVersion !== resolvedVersion) {
	// eslint-disable-next-line no-param-reassign,security/detect-object-injection
	scope[name] = resolvedVersion;
	return true;
	}
	return false;
	};

[github-actions]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
Please note this issue tracker is not a help forum. We recommend using our GitHub Discussions tab for questions.