search

Staffbase / plugins-client-sdk

Staffbase plugins client SDK for JavaScript
Apache License 2.0
1 stars 2 forks source link

chore(deps): bump Simek/yarn-lock-changes from 0.6.0 to 0.11.1 #106

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps Simek/yarn-lock-changes from 0.6.0 to 0.11.1.

Release notes

Sourced from Simek/yarn-lock-changes's releases.

v0.11.1

Changes visible for end-users:

  • [Berry] fix error while parsing locally linked packages with no dependencies (thanks to @​ValentinH for the issue report)

v0.11.0

Changes visible for end-users:

  • action now includes support for parsing and diffing Yarn Berry (v2 & v3) locks

    Note If you notice any problems or experience failures while using action with newer locks, please let me know and fill an issue.

v0.10.0

Changes visible for end-users:

None, see notes below.

⚠️ Additional notes

This version includes the switch to new and internal Yarn lock parser, which introduction aims for better extensibility and general action performance. At least for now, the new parser outputs the same data structure as the official Yarn package, so there should not be any visible changes for the end-users.

v0.9.0

Changes visible for end-users:

  • action default runner has been changed from Node 12 to Node 16

v0.8.1

Changes visible for end-users:

  • in certain cases, action could report dependency incorrectly as "Downgraded" because parse and compare mechanism is sensitive to the order of entries, the problem behind this issue has been fixed in this release, if you are seeing regression in downgrade detection in your CI after this update please open the issue and attach the lock files (if possible)

v0.8.0

Changes visible for end-users:

  • add basic debug logs to help users investigate the issues in their workflows, you can read more in the new section of Readme
  • improve fail messages seen in the action output
  • action now creates comparison using the correct target branch instead of default repository branch, however the default branch is still the fallback, if for some reason, the target branch no longer exist

⚠️ Additional notes

If the action fails in your repository for the Dependabot PRs please check the "Common Issues" section in the Readme, which includes the guide how to update the workflow file and why you need to do this to fix the issue.

v0.7.0

Changes visible for end-users:

  • if path input is set to the custom value, the bot comment will now include the note about lock file location, this should help to differentiate the comments when multiple locks have been changeg within the same Pull Request
  • (💥) Boolean inputs are now validated by build-in @actions/core package helper method getBooleanInput, which only supports the reduced set of YAML Boolean values, so this might be considered as breaking change for the small portion of users who were using yes/no, on/off or y/n input values (however, the error message will be quite descriptive, so it should be easy to migrate the workflow setup)
Commits
  • 551a2ff fix error while parsing locally linked dependencies (#56)
  • 49be33b update Jest, prepare for release (#54)
  • f565fa2 revert test workflow triggers change (#53)
  • e9ca78e initial support for the Yarn Berry (v2 & v3) locks (#52)
  • 9431646 small changes in repository workflows (#51)
  • 200e871 update action dependencies, regenerate dist file (#50)
  • 43d6089 add internal lock parser for extensibility and performance (#49)
  • b6e17ea use Node 16 as default runner, bump dependencies (#47)
  • 79275f1 Bump minimist from 1.2.5 to 1.2.6 (#46)
  • 4bd515f Bump node-fetch from 2.6.1 to 2.6.7 (#45)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Looks like Simek/yarn-lock-changes is up-to-date now, so this is no longer needed.