Skip to content

feat: add automated dependency bump checker and changelog validator #267

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
cryptodev-2s wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

feat: add automated dependency bump checker and changelog validator #267

cryptodev-2s wants to merge 1 commit into from

Conversation

@cryptodev-2s
Copy link
Contributor

@cryptodev-2s cryptodev-2s commented Dec 5, 2025
edited
Loading

Description

Adds a new check-deps command to automatically detect, validate, and update dependency bump entries in CHANGELOGs.

Key Features

  • Detects dependency bumps from git diffs in package.json files
  • Validates exact versions in changelog entries (catches stale entries)
  • Auto-updates changelogs with --fix flag
  • Preserves PR history when bumping same dependency multiple times
  • Release-aware - adds entries to ## [X.Y.Z] section when package version changes, or [Unreleased] otherwise
  • Repository agnostic - reads repo URL from package.json
  • Handles renamed packages - automatically detects package rename info from package.json scripts to correctly parse changelogs with old package name tags

Example:

# Before (PR #7007):
- Bump `@metamask/transaction-controller` from `^61.0.0` to `^61.1.0` ([#7007](...))

# After fix (PR #1234):
- Bump `@metamask/transaction-controller` from `^61.0.0` to `^62.0.0` ([#7007](...), [#1234](...))

Testing in MetaMask/core

# Build tool
cd /path/to/create-release-branch && yarn build

# From core
cd /path/to/core
git checkout -b test-dep-bumps

# In one or more packages, modify package.json to:
# - Bump some dependencies
# - Bump some peerDependencies  
# - Bump some devDependencies (to verify they're correctly excluded)
# - Change the package version (to test release detection)

git add . && git commit -m "Test: bump dependencies"

# Validate
node /path/to/auto-changelog/dist/cli.js check-deps

# Fix without PR number
node /path/to/auto-changelog/dist/cli.cjs check-deps --fix

# Fix with PR number
node /path/to/auto-changelog/dist/cli.cjs check-deps --fix --pr 4532

# Validate with github-tools (https://github.com/MetaMask/github-tools)
cd /path/to/github-tools
yarn run changelog:check "/path/to/core" "main" "4532"

Note

Cursor Bugbot is generating a summary for commit a6b2b18. Configure here.

@cryptodev-2s cryptodev-2s marked this pull request as draft December 5, 2025 16:26
@cryptodev-2s cryptodev-2s force-pushed the feat/add-dependency-bump-checker branch from a6b2b18 to cd10640 Compare December 5, 2025 16:27
@cryptodev-2s cryptodev-2s mentioned this pull request Dec 5, 2025
Draft
@cryptodev-2s cryptodev-2s force-pushed the feat/add-dependency-bump-checker branch 13 times, most recently from 517a329 to 16089f8 Compare December 5, 2025 21:11
@cryptodev-2s cryptodev-2s force-pushed the feat/add-dependency-bump-checker branch from 16089f8 to 3d0c830 Compare December 5, 2025 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cryptodev-2s