Add .npmrc next to package.json and add lockfile for PublishAIEvaluationReport#7108
Add .npmrc next to package.json and add lockfile for PublishAIEvaluationReport#7108akoeplinger merged 5 commits intomainfrom
Conversation
The .npmrc is not transitively looked up in parent directories like other config files, it needs to be next to the package.json Also remove the always-auth entry since it is deprecated/unused in npm and will be removed: actions/setup-node#1305
github-actions
bot
added
the
area-ai-eval
There was a problem hiding this comment.
Pull request overview
This PR improves npm configuration by placing .npmrc files directly adjacent to package.json files, as npm does not transitively search parent directories for .npmrc like it does for other configuration files. The PR also removes the deprecated always-auth setting from the root configuration.
Key changes:
- Added
.npmrcfiles next topackage.jsonin two npm workspace locations - Removed deprecated
always-auth=truesetting from root.npmrc
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
src/ProjectTemplates/.npmrc |
New npm registry configuration for the project templates workspace |
src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/.npmrc |
New npm registry configuration for the AI evaluation reporting TypeScript workspace |
.npmrc |
Removed deprecated always-auth setting while keeping registry configuration |
|
@peterwald Could you please take a quick look - looks like the .NET part of the build is failing |
…enticated developer
|
@shyamnamboodiripad the failure was actually related, I found that you ran Using One wrinkle is that whenever you actually want to bump versions you need to do that locally with an authenticated user for the dotnet-public-npm feed so that it ingests the packages. And one more issue is that npm by default only fetches the optional dependencies for e.g. esbuild or rollup for the current platform (e.g. @rollup/rollup-win32-x64-msvc), so if you restore on Windows it will only ingest those matching packages which won't be enough on Linux/Mac. aspnetcore uses this script to manually fetch optionalDependencies: https://github.com/dotnet/aspnetcore/blob/a9aaa320f1c4c771b2dee8c000409a5f04397339/eng/scripts/update-npm-dependencies.ps1#L45-L63, I used a modified version of that to get both rollup and esbuild. I can port it here if you want. |
akoeplinger
changed the title
|
FYI @ericstj @jeffhandley this will probably conflict with #7113 |
|
Thank you @akoeplinger.
I may be wrong, but I think it was already the case that we had to update the lock file manually when updating packages. (For example, I remember some of the dependabot created PRs for bumping dependency versions would fail without cloning the bot's branch and running the build locally to update the lock file...) So, this sounds reasonable.
Ah interesting... Is this a limitation only with
Yes, given the above limitation, it seems like a good idea to port it. Thanks! That said I would defer to @peterwald who is more familiar with the build authoring and publishing for the JavaScript assets in the evaluation reporting library - especially the changes in the Azure DevOps extension that are also happening in this PR. @peterwald Could you please review? |
Thanks @shyamnamboodiripad. These changes look good to me. |
Yes this was already the case with |
|
@akoeplinger There were no conflicts from #7113 when it merged so I think this is good to go. |
Updated [csharpier](https://github.com/belav/csharpier) from 1.2.5 to 1.2.6. <details> <summary>Release notes</summary> _Sourced from [csharpier's releases](https://github.com/belav/csharpier/releases)._ ## 1.2.6 ## What's Changed ### [Bug]: XML with DOCTYPE results in "invalid xml" warning [#1809](belav/csharpier#1809) CSharpier was not formatting xml that included a doctype and instead reporting that it was invalid xml. ```xml <?xml version="1.0"?> <!DOCTYPE staff SYSTEM "staff.dtd"[ <!ENTITY ent1 "es"> ]> <staff></staff> ``` ### [Bug]: Initializing a span using `stackalloc` leads to different formatting compared to `new` [#1808](belav/csharpier#1808) When initializing a spacn using stackalloc, it was not being formatting consistently with other code ```c# // input & expected output Span<int> metatable = new int[] { 00000000000000000000000001, 00000000000000000000000002, 00000000000000000000000003, }; Span<int> metatable = stackalloc int[] { 00000000000000000000000001, 00000000000000000000000002, 00000000000000000000000003, }; // 1.2.5 Span<int> metatable = new int[] { 00000000000000000000000001, 00000000000000000000000002, 00000000000000000000000003, }; Span<int> metatable = stackalloc int[] { 00000000000000000000000001, 00000000000000000000000002, 00000000000000000000000003, }; ``` ### [Bug]: Comments in otherwise empty object pattern disappear when formatting [#1804](belav/csharpier#1804) CSharpier was removing comments if they were the only content of an object pattern. ```c# // input & expected output var match = obj is { //Property: 123 ... (truncated) Commits viewable in [compare view](belav/csharpier@1.2.5...1.2.6). </details> Updated [Microsoft.Extensions.Http.Resilience](https://github.com/dotnet/extensions) from 10.2.0 to 10.3.0. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Http.Resilience's releases](https://github.com/dotnet/extensions/releases)._ ## 10.3.0 ## What's Changed * Bump version to 10.3.0 for next development cycle by @Copilot in dotnet/extensions#7197 * Fix race condition in UnreliableL2Tests.WriteFailureInvisible by @Copilot in dotnet/extensions#7075 * Set Microsoft.McpServer.ProjectTemplates version to align with MCP packages by @jeffhandley in dotnet/extensions#7170 * ToChatResponse: Merge AdditionalProperties into ChatMessage instead of ChatResponse by @Copilot in dotnet/extensions#7194 * Fix NRT resolution for AIFunction parameters. by @eiriktsarpalis in dotnet/extensions#7200 * Bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in dotnet/extensions#7198 * Add .npmrc next to package.json and add lockfile for PublishAIEvaluationReport by @akoeplinger in dotnet/extensions#7108 * Bump qs from 6.14.0 to 6.14.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in dotnet/extensions#7189 * Bump js-yaml from 4.1.0 to 4.1.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in dotnet/extensions#7054 * Bump validator from 13.15.20 to 13.15.23 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in dotnet/extensions#7103 * Update AI changelogs by @stephentoub in dotnet/extensions#7206 * Merge changes from internal after 10.2 release by @joperezr in dotnet/extensions#7205 * Merge changes from release/10.2 to main by @joperezr in dotnet/extensions#7209 * Categorize MEAI001 experimental APIs by @Copilot in dotnet/extensions#7116 * [main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/extensions#7212 * Update Package Validation Baseline to 10.2.0 by @Copilot in dotnet/extensions#7208 * Enable package validation for M.E.AmbientMetadata.Build by @evgenyfedorov2 in dotnet/extensions#7213 * [5752] FakeLogCollector waiting capabilities by @Demo30 in dotnet/extensions#6228 * Set network isolation policy for extensions-ci by @wtgodbe in dotnet/extensions#7221 * Fix FunctionInvokingChatClient invoke_agent span detection with exact match or space delimiter by @Copilot in dotnet/extensions#7224 * Add Ordinal into ordering by @cincuranet in dotnet/extensions#7225 * Remove AIFunctionDeclaration tools on last iteration in FunctionInvokingChatClient by @Copilot in dotnet/extensions#7207 * Remove unnecessary description tags by @gewarren in dotnet/extensions#7226 * Fix FunctionInvokingChatClient to respect ChatOptions.Tools modifications by function tools by @Copilot in dotnet/extensions#7218 * Add LoadFromAsync and SaveToAsync helper methods to DataContent by @Copilot in dotnet/extensions#7159 * Bump lodash from 4.17.21 to 4.17.23 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in dotnet/extensions#7227 * Add logging to FunctionInvokingChatClient for approval flow, error handling, and loop control by @Copilot in dotnet/extensions#7228 * [main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in dotnet/extensions#7230 * Allow FunctionResultContent pass-through when CallId matches by @Copilot in dotnet/extensions#7229 * Propagate CachedInputTokenCount in OpenTelemetry telemetry by @Copilot in dotnet/extensions#7234 * Add InvocationRequired property to FunctionCallContent by @Copilot in dotnet/extensions#7126 * Escape the JSON data before embedding in Evaluation reports by @peterwald in dotnet/extensions#7238 * Update mcpserver template to ModelContextProtocol 0.7.0-preview.1 by @Copilot in dotnet/extensions#7236 * Update aiagent-webapi template to Agent Framework 1.0.0-preview.260127.1 by @Copilot in dotnet/extensions#7237 * Fix token metric unit to use UCUM format {token} by @stephentoub in dotnet/extensions#7241 * Add server tool call support to OpenTelemetryChatClient per semantic conventions by @Copilot in dotnet/extensions#7240 * Preserve extra JSON schema properties in ToolJson serialization by @Copilot in dotnet/extensions#7250 * Bring new cpu.requests formula from Kubernetes by @amadeuszl in dotnet/extensions#7239 * Update M.E.AI changelogs with recent changes by @stephentoub in dotnet/extensions#7242 * Fix DataUriParser to default to text/plain;charset=US-ASCII per RFC 2397 by @Copilot in dotnet/extensions#7247 * Fix deadlock in ServiceEndpointWatcher when disposing change token registration by @ReubenBond in dotnet/extensions#7255 * Rename FunctionCallContent.InvocationRequired to InformationalOnly with inverted polarity by @Copilot in dotnet/extensions#7262 * Fix approval request/response correlation in FunctionInvokingChatClient by @Copilot in dotnet/extensions#7261 * Add ReasoningOptions to ChatOptions by @Copilot in dotnet/extensions#7252 ## New Contributors * @cincuranet made their first contribution in dotnet/extensions#7225 * @ReubenBond made their first contribution in dotnet/extensions#7255 ... (truncated) Commits viewable in [compare view](dotnet/extensions@v10.2.0...v10.3.0). </details> Updated [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/dotnet) from 10.0.2 to 10.0.3. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Logging.Abstractions's releases](https://github.com/dotnet/dotnet/releases)._ ## 10.0.3 [Release](https://github.com/dotnet/core/releases/tag/v10.0.3) Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits/v10.0.3). </details> Updated [Microsoft.SourceLink.GitHub](https://github.com/dotnet/dotnet) from 10.0.102 to 10.0.103. <details> <summary>Release notes</summary> _Sourced from [Microsoft.SourceLink.GitHub's releases](https://github.com/dotnet/dotnet/releases)._ ## 10.0.103 You can build .NET 10.0 from the repository by cloning the release tag `v10.0.103` and following the build instructions in the [main README.md](https://github.com/dotnet/dotnet/blob/v10.0.103/README.md#building). Alternatively, you can build from the sources attached to this release directly. More information on this process can be found in the [dotnet/dotnet repository](https://github.com/dotnet/dotnet/blob/v10.0.103/README.md#building-from-released-sources). Attached is the PGP signature for the GitHub generated tarball. You can find the public key at https://dot.net/release-key-2023 Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits/v10.0.103). </details> Updated [Serilog](https://github.com/serilog/serilog) from 4.3.0 to 4.3.1. <details> <summary>Release notes</summary> _Sourced from [Serilog's releases](https://github.com/serilog/serilog/releases)._ ## 4.3.1 ## What's Changed * Remove SourceLink by @SimonCropp in serilog/serilog#2183 * Handle Exception.ToString failures in text formatter by @krisbiradar in serilog/serilog#2197 * Remove char[] allocation by @karpinsn in serilog/serilog#2198 * Remove backpressure from XMLDoc by @timothycoleman in serilog/serilog#2203 * Don't enable XDOC for tests by @nblumhardt in serilog/serilog#2205 * Target and test on net10 by @SimonCropp in serilog/serilog#2206 * Fix trimming error when Serilog is a transitive dependency by @Numpsy in serilog/serilog#2214 * Inline TraceId and SpanId JSON string formatting by @SimonCropp in serilog/serilog#2215 ## New Contributors * @krisbiradar made their first contribution in serilog/serilog#2197 * @karpinsn made their first contribution in serilog/serilog#2198 * @timothycoleman made their first contribution in serilog/serilog#2203 * @Numpsy made their first contribution in serilog/serilog#2214 **Full Changelog**: serilog/serilog@v4.3.0...v4.3.1 Commits viewable in [compare view](serilog/serilog@v4.3.0...v4.3.1). </details> Updated [System.CommandLine](https://github.com/dotnet/dotnet) from 2.0.2 to 2.0.3. <details> <summary>Release notes</summary> _Sourced from [System.CommandLine's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Pieter Viljoen <ptr727@users.noreply.github.com>
5 participants
The .npmrc is not transitively looked up in parent directories like other config files, it needs to be next to the package.json
Add a lockfile for PublishAIEvaluationReport and make sure we're using
npm ciinstead ofnpm installeverywhere so that we only restore the dependencies but not upgrade them.Also remove the always-auth entry since it is deprecated/unused in npm and will be removed: actions/setup-node#1305
Microsoft Reviewers: Open in CodeFlow