Don't bump pin versions in README.md

We'd rather suggest folks pin to the floating tag `v1` so they default to automatically updated. If they'd rather pin deterministically, they should be pinning by SHA, not the full major/min/patch. Related: * https://github.com/dependabot/fetch-metadata/pull/246 * https://github.com/dependabot/fetch-metadata/pull/267#discussion_r983986989
2026-03-12 18:07:12 -04:00 · 2022-11-02 14:54:28 -07:00
parent 7db64c379f
commit f40d4c77c9
1 changed files with 1 additions and 3 deletions
--- a/bin/bump-version
+++ b/bin/bump-version
@@ -22,9 +22,7 @@ fi

 new_version=$(npm version "${patch_level}" --no-git-tag-version)
 git checkout -b "${new_version}"-release-notes
-sed -i.bak "s|dependabot/fetch-metadata@v[0-9.]*|dependabot/fetch-metadata@${new_version}|g" "README.md"
-rm README.md.bak
-git add package.json package-lock.json README.md
+git add package.json package-lock.json
 git commit -m "${new_version}"

 echo "Branch prepared for ${new_version}"