search

theupdateframework / go-tuf

Go implementation of The Update Framework (TUF)
https://theupdateframework.com
Apache License 2.0
630 stars 108 forks source link

chore(deps): bump arnested/go-version-action from 1.1.8 to 1.1.9 #499

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps arnested/go-version-action from 1.1.8 to 1.1.9.

Release notes

Sourced from arnested/go-version-action's releases.

Release v1.1.9

(2023-06-01)

1.1.9 (2023-06-01)

  • Add author to action.yml (fea0b6d)
  • Bump @​babel/preset-env from 7.21.4 to 7.21.5 (01ff84d)
  • Bump @​babel/preset-env from 7.21.5 to 7.22.4 (b7ab9fa)
  • Bump anothrNick/github-tag-action from 1.61.0 to 1.62.0 (2b7608b)
  • Bump anothrNick/github-tag-action from 1.62.0 to 1.66.0 (0e5be8a)
  • Bump eslint from 8.38.0 to 8.39.0 (c9c2eb3)
  • Bump eslint from 8.39.0 to 8.41.0 (c0af718)
  • Bump node-fetch from 2.6.9 to 2.6.11 (6df98af)
  • Bump prettier from 2.8.7 to 2.8.8 (8e0cc49)
  • Bump semver from 7.5.0 to 7.5.1 (00338fd)
  • Language improvements (5155ef2)
  • Publish dist (07a3c27)
  • Update copyright years (02c860b)
  • Update test.yml with new go versions (d1ffefa)
Commits
  • 07a3c27 Publish dist
  • 00338fd Bump semver from 7.5.0 to 7.5.1
  • 6df98af Bump node-fetch from 2.6.9 to 2.6.11
  • b7ab9fa Bump @​babel/preset-env from 7.21.5 to 7.22.4
  • 0e5be8a Bump anothrNick/github-tag-action from 1.62.0 to 1.66.0
  • c0af718 Bump eslint from 8.39.0 to 8.41.0
  • 39c53b5 Merge pull request #336 from arnested/Update-test-versions
  • d1ffefa Update test.yml with new go versions
  • 8e0cc49 Bump prettier from 2.8.7 to 2.8.8
  • c9c2eb3 Bump eslint from 8.38.0 to 8.39.0
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
trishankatdatadog commented 1 year ago

Is it possible to batch and reduce the frequency of non-security-critical Dependabot PRs to once a month or something similar? If so, would there be any disagreements to this?

znewman01 commented 1 year ago

seems like no :( https://github.com/dependabot/dependabot-core/issues/2233

renovate does but IMO switching over is more work than it's worth

i have no objections to batching in principle though

trishankatdatadog commented 1 year ago

seems like no :( dependabot/dependabot-core#2233

renovate does but IMO switching over is more work than it's worth

i have no objections to batching in principle though

Thanks for looking into this! Looks like something GitHub is working on, so we can live with this for now.