Closed dependabot[bot] closed 2 years ago
ybiquitous
commented
2 years ago Incidentally, has dependabot changed recently so that it only updates the
package-lock.json, rather than thepackage.jsonas well?
Umm..., I'm not sure. 🤷🏼
Maybe, it seems necessary to change versioning-strategy: widen to versioning-strategy: increase like the stylelint/stylelint repo:
jeddy3
commented
2 years ago Do you happen to know which of those two strategies is best practice? We should use that consistently across repos.
ybiquitous
commented
2 years ago According to the Dependabot document, if we'd like to update both package.json and package-lock.json, it seems necessary to set versioning-strategy: increase.
ybiquitous
commented
2 years ago jeddy3
commented
2 years ago FYI. https://github.com/search?q=org%3Astylelint+%27versioning-strategy%27&type=code
About 50/50 then :)
versioning-strategy When Dependabot edits a manifest file to update a version, it uses the following overall strategies:
- For apps, the version requirements are increased, for example: npm, pip and Composer.
- For libraries, the range of versions is widened, for example: Bundler and Cargo.
It sounds like we can just remove the config versioning-strategy property, and it'll default to increase which is what we want?
ybiquitous
commented
2 years ago It sounds like we can just remove the config
versioning-strategyproperty, and it'll default toincreasewhich is what we want?
I am not sure, but I remember that when omitting versioning-strategy, it did not work as I expected. 🤔
But it might be worth a try!
jeddy3
commented
2 years ago Let's give it a go in this repo. We can always explicitly set increase next month if it doesn't work.
dependabot[bot]
commented
2 years ago Superseded by #149.
Bumps eslint-plugin-regexp from 1.1.0 to 1.3.1.
Release notes
Sourced from eslint-plugin-regexp's releases.
Commits
787f1dc1.3.104829b9Improvesort-flagsto fix unknown patterns (#338)88cbfc91.3.0730b635Fixno-useless-lazyfalse negative (#335)9cc53a11.2.0e163036Addregexp/no-control-characterrule (#333)26a3aa7Addregexp/no-misleading-unicode-characterrule (#332)192455bAddregexp/require-unicode-regexprule (#331)4960281Addregexp/prefer-named-capture-grouprule (#330)f221d81Addregexp/no-empty-character-classrule (#329)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)