Skip to content

Fix publish flag handling: --snapshot rejected and --no-git-tag ignored for private packages#1941

Open
mixelburg wants to merge 2 commits into
changesets:mainfrom
mixelburg:fix/publish-snapshot-and-private-git-tag
Open

Fix publish flag handling: --snapshot rejected and --no-git-tag ignored for private packages#1941
mixelburg wants to merge 2 commits into
changesets:mainfrom
mixelburg:fix/publish-snapshot-and-private-git-tag

Conversation

@mixelburg
Copy link
Copy Markdown
Contributor

@mixelburg mixelburg commented Apr 23, 2026

Summary

Two related fixes for the changeset publish command, both stemming from CLI flag handling issues.

1. --snapshot flag incorrectly rejected by changeset publish (#1939)

Regression from #1889. The unknown-flag validation added in 2.31.0 rejects --snapshot when passed to changeset publish, even though it was silently accepted in 2.30.0.

The flag is a no-op for publish, but users commonly pass shared flags when chaining commands:

changeset version --snapshot && changeset publish --snapshot

Fix: Destructure snapshot from flags in the publish case so it's not passed to validateCommandFlags as an unknown flag.

2. --no-git-tag still creates git tags for private packages (#1938)

When privatePackages.tag: true, changeset publish --no-git-tag still creates git tags for untagged private packages because the gitTag guard only wraps the public package tagging path, not the private one.

if (gitTag) {
  await tagPublish(tool, successfulNpmPublishes, cwd);   // public: guarded ✓
}
// ...
await tagPublish(tool, untaggedPrivatePackageReleases, cwd);  // private: NOT guarded ✗

Fix: Wrap the private package tagPublish call in the same if (gitTag) guard.

Changes

  • packages/cli/src/run.ts: Add snapshot to the publish case destructuring
  • packages/cli/src/commands/publish/index.ts: Guard private package tagging with if (gitTag)
  • Changesets for both fixes

Tests

All existing tests pass (157 passed, 1 skipped).

@mixelburg
fix: use minor bump for 0.x packages when peer dependency causes major
8730448 
By semver convention, 0.x packages are allowed to contain breaking
changes in minor versions. When a peer dependency change triggers
a major bump for a 0.x dependent, bump minor instead to avoid
prematurely jumping to 1.0.0.

Fixes changesets#1887
@mixelburg
Fix publish flag handling: --snapshot rejected and --no-git-tag ignor…
6871119 
…ed for private packages

Two fixes for the publish command:

1. Accept --snapshot flag in publish without error (regression from changesets#1889).
   The flag is a no-op for publish but users commonly pass it when piping
   `changeset version --snapshot && changeset publish` with shared args.

2. Respect --no-git-tag for private packages when privatePackages.tag is
   enabled. The gitTag guard was only applied to public package tagging
   but not to the private package tagging path.

Fixes changesets#1939
Fixes changesets#1938
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 23, 2026

🦋 Changeset detected

Latest commit: 6871119

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@changesets/cli Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 23, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 0% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 83.78%. Comparing base (5c4731f) to head (6871119).
⚠️ Report is 12 commits behind head on main.

Files with missing lines Patch % Lines
packages/cli/src/commands/publish/index.ts 0.00% 2 Missing ⚠️
packages/cli/src/run.ts 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1941      +/-   ##
==========================================
+ Coverage   83.23%   83.78%   +0.54%     
==========================================
  Files          56       56              
  Lines        2434     2467      +33     
  Branches      734      749      +15     
==========================================
+ Hits         2026     2067      +41     
+ Misses        402      394       -8     
  Partials        6        6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Andarist
Andarist reviewed Apr 30, 2026
View reviewed changes
Comment thread packages/assemble-release-plan/src/determine-dependents.ts
Comment on lines +92 to +98
// For 0.x versions, peer dependency major bump should be minor
// since semver allows breaking changes in minor versions for 0.x
if (dependentPackage.packageJson.version.startsWith("0.")) {
type = "minor";
} else {
type = "major";
}
Copy link
Copy Markdown
Member

@Andarist Andarist Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is unrelated change, please revert it

Andarist
Andarist reviewed Apr 30, 2026
View reviewed changes
Comment thread packages/cli/src/run.ts
}
case "publish": {
const { otp, tag, gitTag, ...rest }: CliOptions = flags;
const { otp, tag, gitTag, snapshot, ...rest }: CliOptions = flags;
Copy link
Copy Markdown
Member

@Andarist Andarist Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we want to fix this, the usage was incorrect and accidentally accepted. So far we only have a single user report about this. So I'd revert this from here.

Andarist
Andarist reviewed Apr 30, 2026
View reviewed changes
Comment thread packages/cli/src/commands/publish/index.ts
Comment on lines +110 to +112
if (gitTag) {
await tagPublish(tool, untaggedPrivatePackageReleases, cwd);
}
Copy link
Copy Markdown
Member

@Andarist Andarist Apr 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm double-checking - this isn't related to a recent regression, right?

@beeequeue
Copy link
Copy Markdown
Member

beeequeue commented Apr 30, 2026
edited
Loading

this seems to be a bot opening PRs randomly without oversight

storybookjs/storybook#34453 (comment)

image

@Filipoliko
Copy link
Copy Markdown

Filipoliko commented May 5, 2026

Note that rejecting the --snapshot flag on changeset publish command was a breaking change released as a minor update. Although it was a noop until now, it was a documented usage of snapshot feature until 27.5.2025 #1578

We ran into the same problem in our CIs, which broke after a package-lock.json update. Fix is quite simple (removing the --snapshot parameter from publish command), so we patched everything up now and moved on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Andarist Andarist Andarist left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@mixelburg @beeequeue @Filipoliko @Andarist