dependabot/fetch-metadata
2
0
Fork 0
mirror of https://github.com/dependabot/fetch-metadata.git synced 2026-03-13 18:17:13 -04:00
Code Issues Packages Projects Releases Wiki Activity
525 Commits 8 Branches 28 Tags
a5c13b47b4530d0f8538cdc8794d96c890c19d54
Commit Graph

525 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Bryan Dragon
a5c13b47b4 Rebuild dist/ 2023-07-07 14:25:34 -06:00
dependabot[bot]
33879963bc Bump yaml from 2.2.1 to 2.3.1 
Bumps [yaml](https://github.com/eemeli/yaml) from 2.2.1 to 2.3.1.
- [Release notes](https://github.com/eemeli/yaml/releases)
- [Commits](https://github.com/eemeli/yaml/compare/v2.2.1...v2.3.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-07 18:50:22 +00:00
fetch-metadata-action-automation[bot]
c2e5012eda Merge pull request #411 from dependabot/dependabot/npm_and_yarn/types/node-20.4.0 
Bump @types/node from 20.3.3 to 20.4.0
 2023-07-07 12:49:08 -06:00
dependabot[bot]
d43bd7310a Bump @types/node from 20.3.3 to 20.4.0 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.3.3 to 20.4.0.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-06 23:04:31 +00:00
Bryan Dragon
f390a39403 Merge pull request #410 from dependabot/bdragon/dependabot-schedule 
Update dependabot.yml
 2023-07-06 17:03:33 -06:00
Bryan Dragon
c75f584732 Update dependabot.yml 
Schedule weekly on Mondays at 16:00 UTC
 2023-07-06 16:09:07 -06:00
fetch-metadata-action-automation[bot]
e5c39dcf3b Merge pull request #409 from dependabot/dependabot/npm_and_yarn/eslint-dependencies-fabf7f40b7 
Bump the eslint-dependencies group with 4 updates
 2023-07-06 10:38:55 -06:00
dependabot[bot]
61b3b46675 Bump the eslint-dependencies group with 4 updates 
Bumps the eslint-dependencies group with 4 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser), [eslint](https://github.com/eslint/eslint) and [eslint-config-standard](https://github.com/standard/eslint-config-standard).


Updates `@typescript-eslint/eslint-plugin` from 5.59.7 to 5.61.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.61.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 5.59.7 to 5.61.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.61.0/packages/parser)

Updates `eslint` from 8.41.0 to 8.44.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.41.0...v8.44.0)

Updates `eslint-config-standard` from 17.0.0 to 17.1.0
- [Changelog](https://github.com/standard/eslint-config-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/standard/eslint-config-standard/compare/v17.0.0...v17.1.0)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint-dependencies
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint-dependencies
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint-dependencies
- dependency-name: eslint-config-standard
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-05 15:59:43 +00:00
fetch-metadata-action-automation[bot]
373c296555 Merge pull request #407 from dependabot/dependabot/npm_and_yarn/types/node-20.3.3 
Bump @types/node from 20.2.3 to 20.3.3
 2023-07-05 09:58:35 -06:00
dependabot[bot]
c430de5769 Bump @types/node from 20.2.3 to 20.3.3 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.2.3 to 20.3.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-07-05 15:55:32 +00:00
fetch-metadata-action-automation[bot]
c178a20f9e Merge pull request #404 from dependabot/dependabot/npm_and_yarn/dotenv-16.3.1 
Bump dotenv from 16.0.3 to 16.3.1
 2023-07-05 09:54:52 -06:00
dependabot[bot]
00f65608c9 Bump dotenv from 16.0.3 to 16.3.1 
Bumps [dotenv](https://github.com/motdotla/dotenv) from 16.0.3 to 16.3.1.
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](https://github.com/motdotla/dotenv/compare/v16.0.3...v16.3.1)

---
updated-dependencies:
- dependency-name: dotenv
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-06-27 18:32:22 +00:00
Nish Sinha
c9c4182bf1 Merge pull request #403 from dependabot/bump-to-v1.6.0 
v1.6.0
v1.6.0 		2023-06-27 20:31:40 +02:00
github-actions[bot]
aa6ff64b72 v1.6.0 
Release notes: https://github.com/dependabot/fetch-metadata/releases/tag/v1.6.0
 2023-06-27 18:08:43 +00:00
Nish Sinha
62c4c8daf6 Merge pull request #396 from dependabot/nishnha/grouped-updates-support 
Support for Grouped Updates
 2023-06-27 20:07:55 +02:00
Nish Sinha
11c0ea46b8 build 2023-06-26 14:42:38 -04:00
Nish Sinha
b8e8f8c79b Pull the group name from commit metadata 2023-06-22 16:04:51 -04:00
Nish Sinha
b534cb5e81 FIXME: prevVersion and newVersion are blank for grouped updates 2023-06-08 15:00:44 -04:00
Nish Sinha
9e8fb5b31b Add tests for grouped updates 2023-06-08 14:57:21 -04:00
Nish Sinha
b3648a31bd Use commit data to infer dependency groups instead of the PR body 2023-06-08 13:52:48 -04:00
Nish Sinha
cfab22f699 Add dependency group metadata 2023-06-08 13:48:27 -04:00
Timothy
73e8a46e9e Add .vscode folder to .gitignore (#385) 2023-05-24 09:28:33 -07:00
fetch-metadata-action-automation[bot]
cd6e996708 v1.5.1 (#384) 
Release notes: https://github.com/dependabot/fetch-metadata/releases/tag/v1.5.1

Patch release incorporating the bugfix in #380 and a few internal-infra-facing PR's.

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
v1.5.1 		2023-05-23 18:16:23 -07:00
Kenichi Kamiya
64bd9b825f Fix library parser to trim trailing LF (#380) 
* Fix test fixture for update requirement pattern

* Fix to parse update fragment with considering "\n"

* `npm run build`
 2023-05-24 01:12:53 +00:00
fetch-metadata-action-automation[bot]
0908fa19ff Merge pull request #382 from dependabot/dependabot/npm_and_yarn/types/node-20.2.3 
Bump @types/node from 20.2.1 to 20.2.3
 2023-05-23 18:05:52 -07:00
dependabot[bot]
2624edc352 Bump @types/node from 20.2.1 to 20.2.3 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.2.1 to 20.2.3.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-24 01:02:38 +00:00
Jeff Widman
d1defa4769 Switch to using an app token instead of a PAT (#362) 
The app token will persist even as users come/go from the :dependabot:
team.

It also allows us more finegrained access controls from the app settings
page if we need to suddenly lockdown something, we don't have to rely on
the person who created the PAT.
 2023-05-23 18:01:02 -07:00
Barry Gordon
cb17c9e1eb Merge pull request #379 from dependabot/dependabot/npm_and_yarn/yargs-17.7.2 
Bump yargs from 17.7.1 to 17.7.2
 2023-05-22 18:27:17 +01:00
dependabot[bot]
c6f9c16b9f Bump yargs from 17.7.1 to 17.7.2 
Bumps [yargs](https://github.com/yargs/yargs) from 17.7.1 to 17.7.2.
- [Release notes](https://github.com/yargs/yargs/releases)
- [Changelog](https://github.com/yargs/yargs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/yargs/yargs/compare/v17.7.1...v17.7.2)

---
updated-dependencies:
- dependency-name: yargs
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-22 17:26:35 +00:00
Barry Gordon
0f533276d7 Merge pull request #378 from dependabot/dependabot/npm_and_yarn/eslint-dependencies/prototype-1684776060 
Bump the eslint-dependencies group with 2 updates
 2023-05-22 18:25:47 +01:00
dependabot[bot]
398ed41843 Bump the eslint-dependencies group with 2 updates 
Bumps the eslint-dependencies group with 2 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) and [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser).

Updates `@typescript-eslint/eslint-plugin` from 5.59.6 to 5.59.7
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.7/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 5.59.6 to 5.59.7
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.7/packages/parser)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-22 17:21:01 +00:00
Barry Gordon
801acabef1 Merge pull request #375 from dependabot/dependabot/npm_and_yarn/eslint-dependencies/prototype-1684775786 
Bump the eslint-dependencies group with 3 updates
 2023-05-22 18:19:40 +01:00
dependabot[bot]
d7bff0acb9 Bump the eslint-dependencies group with 3 updates 
Bumps the eslint-dependencies group with 3 updates: [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin), [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) and [eslint](https://github.com/eslint/eslint).

Updates `@typescript-eslint/eslint-plugin` from 5.59.0 to 5.59.6
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.6/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 5.59.0 to 5.59.6
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v5.59.6/packages/parser)

Updates `eslint` from 8.38.0 to 8.41.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v8.38.0...v8.41.0)

---
updated-dependencies:
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: "@typescript-eslint/parser"
  dependency-type: direct:development
  update-type: version-update:semver-patch
- dependency-name: eslint
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-22 17:16:26 +00:00
Jeff Widman
3077e54b98 Group :dependabot: PR's for eslint-related deps (#374) 
There are multiple deps that are `eslint`-related, and since they're all related to a linter, it's very safe to merge them as a single group.

So try kicking the tires on the new "grouping" feature that the :dependabot: team is working on.
 2023-05-22 10:15:05 -07:00
Barry Gordon
28a846a119 v1.5.0 (#372) 
Release notes: https://github.com/dependabot/fetch-metadata/releases/tag/v1.5.0

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
v1.5.0 		2023-05-22 09:27:18 -07:00
Jeff Widman
a2a3a43b4a Add workflow for floating the v1 tag to the latest release (#361) 
This adds a workflow for floating the `v1` tag to the latest release.

This way we reduce the chance of someone fat-fingering the necessary
`git` commands.
 2023-05-19 08:37:20 -07:00
Jeff Widman
6c5b8c2d48 Add workflow for creating release PR's (#360) 
Add a workflow for creating release PR's. This way we don't have to do
it locally, and we guarantee the `npm` version used to generate the
version bump is consistent and stays in-sync with the repo instead of
whatever the dev happened to have on their local computer.
 2023-05-18 11:56:46 -07:00
Jeff Widman
c40140bc51 Stop using deprecated set-output (#370) 
The initial impetus for this change was:
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

However, it turns out the entire step is unnecesary since
`actions/setup-node` supports directly reading the `.nvmrc` file.
 2023-05-18 11:05:35 -07:00
Jeff Widman
042f8db0bc Add a deeplink for tagging releases to the Readme (#369) 2023-05-18 10:36:01 -07:00
Jeff Widman
fd7c300f7c Simplify bin/bump-version (#368) 
Over in
https://github.com/dependabot/fetch-metadata/pull/360#discussion_r1196155497,
I noticed that bash was complaining about this script:
```bash
bin/bump-version: line 9: ((: patch_level == 'major' || patch_level == 'minor' || patch_level == 'patch': syntax error: operand expected (error token is "'major' || patch_level == 'minor' || patch_level == 'patch'")
```

I started to dig into it, but the `while` loop isn't needed, the `case`
statement felt unecessarily complex so I simplified it to use an `if`
statement.

I also changed the argument from a flag-based argument to simple ordered
argument, as again it seemed simpler and it matches the style of the
bump version script over in `dependabot-core` so it's easier for
engineers working across repos. If we later have additional flags, we
can always switch it back later.

Lastly, I found `patch_version` confusing given that `patch` is a
specific value that can be used, so I renamed it to `version_type`.
 2023-05-18 10:24:14 -07:00
Barry Gordon
9cc71e706f Merge pull request #366 from dependabot/dependabot/npm_and_yarn/nock-13.3.1 
Bump nock from 13.3.0 to 13.3.1
 2023-05-18 17:41:01 +01:00
dependabot[bot]
f29558c5b5 Bump nock from 13.3.0 to 13.3.1 
Bumps [nock](https://github.com/nock/nock) from 13.3.0 to 13.3.1.
- [Release notes](https://github.com/nock/nock/releases)
- [Changelog](https://github.com/nock/nock/blob/main/CHANGELOG.md)
- [Commits](https://github.com/nock/nock/compare/v13.3.0...v13.3.1)

---
updated-dependencies:
- dependency-name: nock
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-18 15:49:24 +00:00
Barry Gordon
ec762ddf3e Merge pull request #364 from dependabot/dependabot/npm_and_yarn/types/node-20.2.1 
Bump @types/node from 18.15.11 to 20.2.1
 2023-05-18 16:48:08 +01:00
dependabot[bot]
e79c5ea20c Bump @types/node from 18.15.11 to 20.2.1 
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 18.15.11 to 20.2.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-05-18 15:47:18 +00:00
Jeff Widman
4ada81eca0 Remove unused step (#358) 
The output of looking for metadata is never used in this workflow, so
delete the step.
 2023-05-17 10:49:26 -07:00
Jeff Widman
14d75f3862 No need to request escalated permissions for GITHUB_TOKEN (#357) 
Several of these job steps that use `GITHUB_TOKEN` are read-only
operations, so they don't need elevated permissions for the
`GITHUB_TOKEN`.

And the jobs that _do_ need elevated permissions we're already using a
PAT, so it's not even using the `GITHUB_TOKEN`.

So no need for any custom permissions on the `GITHUB_TOKEN` at all.
 2023-05-17 10:46:35 -07:00
Jeff Widman
597dd46738 Inline the PR URL (#359) 
I'm not sure why this went to the trouble of using an env token, I am
fairly sure this can be inlined.
 2023-05-17 10:32:42 -07:00
Jeff Widman
b3bc7993c0 Use the full email for the GitHub Actions bot (#354) 
This is an aesthetic tweak to let the proper avatar show up:
* https://github.com/orgs/community/discussions/26560
* https://github.com/actions/checkout/pull/1184
 2023-05-01 20:17:34 -07:00
Michael Waddell
32fd3a60da Added flag if "Maintainer changes" appears in the PR body (#174) 
Ideally this would get passed over in the commit message instead of being part of the (editable) PR body. For now though we can just use the PR body.
 2023-04-24 13:14:30 -07:00
Jeff Widman
5a033be007 Simplify the release process (#347) 
There's a chicken-and-egg scenario where we don't have the release notes
to include in the version bump PR until we create a GitHub release...
but we don't want to publish the release until the commit bumping the
version actually lands.

The last few times I've cut a `fetch-metadata` release, I've been
surprised how I always forget the intricate dance to navigate this
chicken-and-egg.

I don't think the juice is worth the squeeze... no one really looks at
the changelog notes in the PR, and if in fact having the release notes
two different places introduces a risk of drift because both the PR
description and the git tag for the release can be edited later on...
only the commit history is actually immutable. So if either is edited
w/o editing the other, they're out of sync.

The odds of that are low--we rarely edit release notes--but still life
is simpler if we merely point the commit/PR description at the URL for
the release notes and manage those in a single place.

This also lets us script creating the PR, which is one less thing to do
manually.
 2023-04-24 08:37:28 -07:00