search

apollographql / apollo-link-rest

Use existing REST endpoints with GraphQL
MIT License
791 stars 122 forks source link

chore(deps): pin dependencies #313

Open svc-secops opened 1 year ago

svc-secops commented 1 year ago

This PR contains the following updates:

Package Type Update Change
@babel/core (source) devDependencies pin 7.x -> 7.26.0
@types/graphql devDependencies pin 14.x -> 14.5.0
@types/jest (source) devDependencies pin 23.x -> 23.3.14
@types/node (source) devDependencies pin 10.x -> 10.17.60
@types/qs (source) devDependencies pin 6.5.x -> 6.5.3
browserify devDependencies pin 16.2.x -> 16.2.3
bundlesize devDependencies pin 0.17.x -> 0.17.2
camelcase devDependencies pin 5.0.x -> 5.0.0
codecov devDependencies pin 3.x -> 3.8.3
danger devDependencies pin 6.x -> 6.1.13
fetch-mock (source) devDependencies pin 7.x -> 7.7.3
graphql devDependencies pin 14.x -> 14.7.0
isomorphic-fetch (source) devDependencies pin 2.2.x -> 2.2.1
jest (source) devDependencies pin 23.x -> 23.6.0
jest-fetch-mock devDependencies pin 2.x -> 2.1.2
lerna (source) devDependencies pin 3.6.x -> 3.6.0
lint-staged devDependencies pin 8.1.x -> 8.1.7
lodash (source) devDependencies pin 4.17.x -> 4.17.21
pre-commit devDependencies pin 1.2.x -> 1.2.2
prettier (source) devDependencies pin 1.15.x -> 1.15.3
qs devDependencies pin 6.6.x -> 6.6.1
rimraf devDependencies pin 2.6.x -> 2.6.3
rollup-plugin-local-resolve devDependencies pin 1.0.x -> 1.0.7
rollup-plugin-sourcemaps devDependencies pin 0.4.x -> 0.4.2
snake-case (source) devDependencies pin 2.1.x -> 2.1.0
ts-jest (source) devDependencies pin 23.10.x -> 23.10.5
typescript (source) devDependencies pin 3.x -> 3.9.10
uglify-js devDependencies pin 3.4.x -> 3.4.10

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday" in timezone America/Los_Angeles, Automerge - "after 8am and before 4pm on tuesday" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Renovate Bot.

fbartho commented 1 year ago

@svc-secops why are we pinning these dependencies?

This will cause much more maintenance burden on this repo, and noise for new releases.

The Types packages in particular don’t make sense to pin.

If you want to set up CI so releases happen automatically, then I would withdraw my objection, but since this currently would make more manual work for me, I’m not convinced.