build(deps-dev): Move Duplicate Deps into Dev

[ZakaryH]

Motivations

we made a change some time ago that added a bunch of our external libraries to peerDeps. I believe this is all correct, and required for the overall ESM build change
https://github.com/GetJobber/atlantis/pull/1851/files#diff-2c76dc06185f93bec73660e15338433b95eac6707317564c0f778f5b9abe446cL78-R478

however, we did not then remove those same entires from dependencies so we find ourselves in a state where we have

  "dependencies": {
    "@floating-ui/react": "^0.27.5",
    "@jobber/formatters": "^0.5.0",
    **"@tanstack/react-table": "8.5.13",**
    "@types/color": "^3.0.1",
    "@types/lodash": "^4.14.136",
    "@types/react-router": "5.1.7",
    "@types/react-router-dom": "^5.3.3",
    **"axios": "^1.11.0",**
    **"classnames": "^2.3.2",**
    **"color": "^3.1.2",**
    **"filesize": "^6.1.0",**
    **"framer-motion": "^11.0.3",**
    **"lodash": "^4.17.21",**
    "react-aria-components": "^1.7.1",
    "react-countdown": "^2.3.2",
    "react-datepicker": "^8.7.0",
    "react-dropzone": "^11.0.2",
    **"react-hook-form": "^7.43.7",**
    "react-markdown": "^8.0.3",
    **"react-router-dom": "^5.3.4",**
    "ts-xor": "^1.0.8"
  },

and

"peerDependencies": {
    "@apollo/client": "^3",
    "@jobber/design": "*",
    "@jobber/hooks": ">=2",
    **"@tanstack/react-table": "^8",**
    **"axios": "^1.11.0",**
    **"classnames": "^2",**
    **"color": "^4",**
    **"filesize": "^6",**
    **"framer-motion": "^11",**
    **"lodash": "^4",**
    "react": "^18.2.0",
    "react-dom": "^18",
    **"react-hook-form": "^7",**
    **"react-router-dom": "^6"**
  },

and finally in rollup.config for components

 external: [
    "react",
    **"react-hook-form",**
    **"react-router-dom",**
    "react-dom",
    "react-dom/client",
    **"axios",**
    **"lodash",**
    **"filesize",**
    **"color",**
    **"framer-motion",**
    **"classnames",**
    "@apollo/client",
    "@jobber/design",
    "@jobber/design/foundation",
    "@jobber/formatters",
    "@jobber/hooks",
    **"@tanstack/react-table",**
  ],

while a few of us have previously noticed this and remarked that it's not how we should be defining our deps, the main catalyst for this for me personally was getting stuck on trying to upgrade "framer-motion" and running into blockers with the version getting picked up, and then all these other "dependencies" getting their version specifier changed from the "peerDependencies" specifier, which leads to even more problems since for example react-router-dom is specified as ^6 vs our 5. actually this is likely still an issue, having a full major version difference doesn't seem right.

there's a small rabbit hole with that though because >6 ships with types, and you no longer need to import types - nor can you because they stop existing on later versions. so to deal with this we need to update our versions, imports and a few other small things.

Changes

Added

wrapping my head around this all took a moment and we don't have it documented anywhere. as such I've added a guide that provides context and hopefully helps us make the right dependency decision going forward.

it is largely LLM generated with some edits that I suggested, so please be as critical as you like with it. I will do the same.

Changed

moved some duplicated "dependencies" that also appear in "peerDependencies" into "devDependencies"

with the benefits of that being:

• Better bundling: avoids accidentally shipping externals inside our dist (since devDeps aren’t published).
• Smaller install surface: fewer transitive installs for consumers, faster installs.
• Single source of truth: consumer provides one copy via peerDeps, preventing duplicate singletons and version drift.
• Fewer resolver conflicts: removing dep+peer duplication reduces npm workspace lockfile churn and “range normalization.”
• Clearer API contract: peers signal “app must provide this,” dependencies signal “we bundle this.”
• Less hoisting weirdness: fewer chances of nested vs hoisted duplicates causing “works on my machine” issues.
• Easier upgrades: consumers can bump peers without us republishing for trivial version changes.

Deprecated

Removed

Fixed

Security

Testing

Changes can be
tested via Pre-release

---

In Atlantis we use Github's built in pull request reviews.

[cloudflare-workers-and-pages]

Deploying atlantis with    Cloudflare Pages

Latest commit:	99be0f8
Status:	✅  Deploy successful!
Preview URL:	https://44897bba.atlantis.pages.dev
Branch Preview URL:	https://move-duplicate-dependencies.atlantis.pages.dev

View logs

[jdeichert]

Looks great, just a few suggestions!

I also diffed the bundle outputs against master and zero changes, so I'm positive this is working as expected 👍

[jdeichert]

Great documentation 👍

Is this meant to be live on storybook or the docs site? Looks like it's not available/showing in SB.

docs/guides/ i think is mostly for SBv7. Ideally all new docs are just stored within packages/site/src/content and configured to load up on the docs site.

However, this is not a blocker IMO. The doc is still visible as raw markdown in the repo, though discoverability might be difficult for now until we set up a proper docs page for it.

[ZakaryH]

good question. I hadn't thought about where it should go that thoroughly.... docs site seems better than storybook for sure.

I'll see how that feels with the other guides that are more focused on how to use Atlantis rather than internal docs on how to build Atlantis, though iirc we do have at least a couple bits of documentation talking about internal build processes.

[ZakaryH]

added the extra entries required for it to show up on the docs site now. it does feel slightly out of place, getting into some details that realistically very few contributors outside of the primary team are going to need to think about, but I don't think it hurts to have documented like this 🤷

there's really nothing sensitive or secretive in it. if we felt like it though, could always move it to some internal docs.

[jdeichert]

Storing under "Guides" makes sense to me, seeing we have "Contributing" docs under there too.

Nice improvements 👍

[ZakaryH]

this is a notable change that has theoretical impacts. I talked to Scott about it, and we're quite confident this was just an oversight since we want something in the ^5 range in our deps/devDeps

looking at our projects, we do have one that has ^6, but that's coming in from another dependency.

then the other project, interestingly it's only got 5.3.4 being used which is kind of weird. clearly our peerDep is not being respected which is fair, it's a very confusing defintion we have, and I guess it's resulting in being ignore so it should functionally have no difference there

probably worth using a pre-release on this to verify though, so I'll kick one off

[github-actions]

Published Pre-release for 99be0f8 with versions:

  - @jobber/[email protected]+99be0f87a
  - @jobber/[email protected]+99be0f87a
  - @jobber/[email protected]+99be0f87a
  - @jobber/[email protected]+99be0f87a
  - @jobber/[email protected]+99be0f87a
  - @jobber/[email protected]+99be0f87a
  - @jobber/[email protected]+99be0f87a
  - @jobber/[email protected]+99be0f87a

To install the new version(s) for Web run:

npm install @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a

To install the new version(s) for Mobile run:

npm install @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a @jobber/[email protected]+99be0f87a

[jdeichert]

Looks great 👍

Just removing my approval after we discovered some issues with the pre-release in 1 consumer. Because deps of moved to devDeps, we're no longer shipping a thing we require as a peerDep and this specific consumer has various apps that are missing that peerDep.... because we supplied it before..