Closed dependabot[bot] closed 2 years ago
Incidentally, has dependabot changed recently so that it only updates the
package-lock.json
, rather than thepackage.json
as well?
Umm..., I'm not sure. 🤷🏼
Maybe, it seems necessary to change versioning-strategy: widen
to versioning-strategy: increase
like the stylelint/stylelint repo:
Do you happen to know which of those two strategies is best practice? We should use that consistently across repos.
According to the Dependabot document, if we'd like to update both package.json
and package-lock.json
, it seems necessary to set versioning-strategy: increase
.
FYI. https://github.com/search?q=org%3Astylelint+%27versioning-strategy%27&type=code
About 50/50 then :)
versioning-strategy When Dependabot edits a manifest file to update a version, it uses the following overall strategies:
- For apps, the version requirements are increased, for example: npm, pip and Composer.
- For libraries, the range of versions is widened, for example: Bundler and Cargo.
It sounds like we can just remove the config versioning-strategy
property, and it'll default to increase
which is what we want?
It sounds like we can just remove the config
versioning-strategy
property, and it'll default toincrease
which is what we want?
I am not sure, but I remember that when omitting versioning-strategy
, it did not work as I expected. 🤔
But it might be worth a try!
Let's give it a go in this repo. We can always explicitly set increase
next month if it doesn't work.
Superseded by #149.
Bumps eslint-plugin-regexp from 1.1.0 to 1.3.1.
Release notes
Sourced from eslint-plugin-regexp's releases.
Commits
787f1dc
1.3.104829b9
Improvesort-flags
to fix unknown patterns (#338)88cbfc9
1.3.0730b635
Fixno-useless-lazy
false negative (#335)9cc53a1
1.2.0e163036
Addregexp/no-control-character
rule (#333)26a3aa7
Addregexp/no-misleading-unicode-character
rule (#332)192455b
Addregexp/require-unicode-regexp
rule (#331)4960281
Addregexp/prefer-named-capture-group
rule (#330)f221d81
Addregexp/no-empty-character-class
rule (#329)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)