search

Tencent / feflow

🚀 A command line tool aims to improve front-end engineer workflow and standard, powered by TypeScript.
https://feflowjs.com/
Other
1.36k stars 231 forks source link

chore(deps): bump parse-url and lerna #417

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps parse-url to 8.1.0 and updates ancestor dependency lerna. These dependencies need to be updated together.

Updates parse-url from 6.0.2 to 8.1.0

Release notes

Sourced from parse-url's releases.

8.1.0

parse-url@8.1.0

  • fix: cjs to load normalize-url /cc #58
  • fix: Include index.d.ts in package.json /cc #63
  • feat: support custom SSH username /cc #60
  • feat: improve regex pattern /cc #59

Thanks to @​privatenumber and @​briancoit for their contributions! :cake:

8.0.0

parse-url 8.0.0

Breaking Changes

  • The resource property will not contain the port, but the host one will.
  • Throw an error if the input is invalid. Hence, file paths like /home/path/to/dir will only be valid if the file:// protocol is added (file://home/path/to/dir)
  • Throw an error if the input length exceeds the maximum length (parse.MAX_URL_LENGTH), by default 2048.

Fixes

Other changes

7.0.2

Add the url in the error object, fixes #14

7.0.1

:memo: docs

7.0.0

parse-url 7.0.0

:star: This is a major release of parse-url! :star:

Breaking changes

  • If the input url has a trailing slash, the trailing slash will be added in the pathname too.
  • The port field is a string. By default empty.
  • Added the password field (default: "")
  • The resource may contain the port in it (e.g. resource: "domain.com:4200").

Features

  • Faster
  • More secure
  • Cleaner codebase
Commits


Updates lerna from 4.0.0 to 6.0.1

Release notes

Sourced from lerna's releases.

v6.0.1

6.0.1 (2022-10-14)

Bug Fixes

  • run: allow for loading of env files to be skipped (#3375) (5dbd904)

v6.0.0

6.0.0 (2022-10-12)

Super fast, modern task-runner implementation for lerna run

As of version 6.0.0, Lerna will now delegate the implementation details of the lerna run command to the super fast, modern task-runner (powered by Nx) by default.

If for some reason you wish to opt in to the legacy task-runner implementation details (powered by p-map and p-queue), you can do so by setting "useNx": false in your lerna.json. (Please let us know via a Github issue if you feel the need to do that, however, as in general the new task-runner should just work how you expect it to as a lerna user).

Interactive configurtion for lerna run caching and task pipelines via the new lerna add-caching command

When using the modern task-runner implementation described above, the way to get the most out of it is to tell it about the outputs of your various scripts, and also any relationships that exist between them (such as needing to run the build script before the test, for example).

Simply run lerna add-caching and follow the instructions in order to generate all the relevant configuration for your workspace.

You can learn more about the configuration it generates here: https://lerna.js.org/docs/concepts/task-pipeline-configuration

Automatic loading of .env files in lerna run with the new task-runner implementation

By default the modern task runner powered by Nx will automatically load .env files for you. You can set --load-env-files to false if you want to disable this behavior for any reason.

For more details about what .env files will be loaded by default please see: https://nx.dev/recipes/environment-variables/define-environment-variables

Obselete options in lerna run with the new task-runner implementation

There are certain legacy options for lerna run which are no longer applicable to the modern task-runner. Please see full details about those flags, and the reason behind their obselence, here:

https://lerna.js.org/docs/lerna6-obsolete-options

New lerna repair command

When configuration changes over time as new versions of a tool are published it can be tricky to keep up with the changes and sometimes it's possible to miss out on optimizations as a result.

When you run the new command lerna repair, lerna will execute a serious of code migrations/codemods which update your workspace to the latest and greatest best practices for workspace configuration.

The actual codemods which run will be added to over time, but for now one you might see run on your workspace is that it will remove any explicit "useNx": true references from lerna.json files, because that is no longer necessary and it's cleaner not to have it.

We are really excited about this feature and how we can use it to help users keep their workspaces up to date.

... (truncated)

Changelog

Sourced from lerna's changelog.

6.0.1 (2022-10-14)

Bug Fixes

  • run: allow for loading of env files to be skipped (#3375) (5dbd904)

6.0.0 (2022-10-12)

Note: Version bump only for package lerna

6.0.0-alpha.2 (2022-10-12)

Bug Fixes

6.0.0-alpha.1 (2022-10-09)

6.0.0-alpha.0 (2022-10-07)

Note: Version bump only for package lerna

5.6.2 (2022-10-09)

Note: Version bump only for package lerna

5.6.1 (2022-09-30)

Bug Fixes

  • add-caching: ensure lerna.json is configured automatically (9677cda)

5.6.0 (2022-09-29)

Features

5.5.4 (2022-09-28)

Note: Version bump only for package lerna

5.5.3 (2022-09-28)

Note: Version bump only for package lerna

5.5.2 (2022-09-20)

Note: Version bump only for package lerna

... (truncated)

Commits
  • 4fcefff chore(release): v6.0.1
  • 5dbd904 fix(run): allow for loading of env files to be skipped (#3375)
  • 6fa5951 chore(release): v6.0.0
  • 154b939 chore(release): v6.0.0-alpha.2
  • 130f490 fix(run): update docs for v6 (#3366)
  • 8a1660e chore(release): v6.0.0-alpha.1
  • a926c6a Merge branch 'main' into next
  • 04f85a3 chore(release): v5.6.2
  • 84597c5 chore(release): v6.0.0-alpha.0
  • 8991812 feat(run)!: legacy task runner implementations no longer used by default (#3355)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jameshenry, a new releaser for lerna since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/Tencent/feflow/network/alerts).
tencent-adm commented 2 years ago

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

xqxian commented 2 years ago

@dependabot ignore this major version

dependabot[bot] commented 2 years ago

This option is only available on single-dependency pull requests, as the versions in multi-dependency pull requests may differ.

If you'd like to ignore all updates for these dependencies just reply @dependabot ignore these dependencies.

xqxian commented 2 years ago

@dependabot ignore these dependencies

dependabot[bot] commented 2 years ago

OK, I won't notify you about any of these dependencies again, unless you re-open this PR. 😢