search

fsprojects / Argu

A declarative CLI argument parser for F#
https://fsprojects.github.io/Argu
MIT License
453 stars 75 forks source link

Bump fake-cli from 5.23.1 to 6.0.0 #197

Closed dependabot[bot] closed 9 months ago

dependabot[bot] commented 9 months ago

Bumps fake-cli from 5.23.1 to 6.0.0.

Release notes

Sourced from fake-cli's releases.

6.0.0

ENHANCEMENT: Site UI fixes and documentation link fixes.

6.0.0-beta001

BUGFIX: Error detecting msbuild version on Linux, thanks @​yazeedobaid - fsprojects/FAKE#2709 ENHANCEMENT: Add ignoreConflicts parameter to paket push, thanks @​gdziadkiewicz - fsprojects/FAKE#2720 ENHANCEMENT: Add GitHub API to create a pull request, thanks @​yazeedobaid - fsprojects/FAKE#2724

6.0.0-alpha004

BUGFIX: Fix build by pinning Microsoft.build packages now that .NET 7 is out and fix links in website, thanks @​yazeedobaid - fsprojects/FAKE#2721 BUGFIX: Fix docs URL in Choco template., thanks @​yazeedobaid - fsprojects/FAKE#2718

6.0.0-alpha003

6.0.0-alpha002

  • ENHANCEMENT: Fix website assets loading

6.0.0-alpha001

Changelog

Sourced from fake-cli's changelog.

6.0.0 - 2023-02-20

  • ENHANCEMENT: Site UI fixes and documentation link fixes.

6.0.0-beta001 - 2022-12-21

6.0.0-alpha004 - 2022-11-17

6.0.0-alpha003 - 2022-11-11

6.0.0-alpha002 - 2022-11-02

  • ENHANCEMENT: Fix website assets loading

6.0.0-alpha001 - 2022-11-01

Commits
  • 40dfff0 Merge pull request #2732 from FoothillSolutions/master
  • d4fbede site fixes and release notes.
  • 8dbf221 Merge pull request #2727 from fsprojects/bump-version-to-6.0.0-beta001
  • ebba263 Bump version to 6.0.0-beta001
  • 27bedef 6.0.0-beta001 release notes
  • 10f79f8 Merge pull request #2724 from FoothillSolutions/master
  • 832e9f1 Merge pull request #2716 from FoothillSolutions/2709
  • 4b53a2d Merge pull request #2720 from gdziadkiewicz/Add_paket_push_ignoreConflicts
  • 7531ac8 Add test for new ignoreConflicts parameter.
  • 449e99d Add ignoreConflicts parameter to paket push
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 9 months ago

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

nojaf commented 9 months ago

Out of curiosity, why did you close this one? (And the Paket one)

bartelink commented 9 months ago

No real good reason; I spend too much time in github notifications so stuff that normal humans can ignore brings out the tidy freak in me.

In general, dependabot PRs esp for build pieces feel like needless clutter. I mean I understand the benefits, esp if there is a security sensitivity.

In the case of this repo, having separate PRs (and commits on master) for checkout, setup-dotnet, fake, paket etc is too much.

If someone wants to update paket, great. But a dependabot PR and a merge per paket release? No thanks. There will be a V9 of paket at some point. And we'll upgrade to dotnet 8. And many FAKE releases. Better to pick a point in time to do a clump of them proactively rather than have a busywork loop.

Similarly, I use minver and things like that in other projects - having 15 dependabot PRs per release of it is definitely not helpful.

I've only ever glanced but assume dependabot have yet to build a way to consolidate build deps into a single PR and/or otherwise make things less noisy. At its worst dependabot is a kid with their first phone with the keyboard sounds turned on and alerts turned on for all the things.

(I'm similar about making up ones mind on issues rather than just letting them sit and fester. A lot of this is probably from watching Nick manage Serilog; the issue lists and PR queues are reasonable there despite insane usage numbers)

bartelink commented 9 months ago

Also, as I discovered just now, just updating the tool dep doesnt begin to solve anything as:

If it was solely my project, I guess I'd consider turning off dependabot's tool checking entirely (though having said that, if there was e.g. a GHA reference that fixed a security issue is a build pipeline, I'd like to hear about it...)