Skip to content

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 17, 2024

Bumps the dependency-updates group with 3 updates: @npmcli/template-oss, @octokit/rest and semver.

Updates @npmcli/template-oss from 4.22.0 to 4.23.0

Release notes

Sourced from @​npmcli/template-oss's releases.

v4.23.0

4.23.0 (2024-06-27)

Features

Bug Fixes

Dependencies

Chores

Changelog

Sourced from @​npmcli/template-oss's changelog.

4.23.0 (2024-06-27)

Features

Bug Fixes

Dependencies

Chores

Commits
  • 9acf69e chore: release 4.23.0 (#445)
  • 8252fb2 deps: bump release-please from 16.10.2 to 16.12.0 (#452)
  • b07d17a chore: add .git-blame-ignore-revs for initial prettier (#448)
  • b35bca5 fix: run prettier
  • 210247e chore: add prettier:true to template-oss config
  • 60ee94f feat: add prettier support
  • 8aef509 fix: dont conclude checks if they were never set (#446)
  • 9440c4f fix: pass releases to publish check (#444)
  • 1a073e4 chore: bump @​npmcli/template-oss to 4.22.0
  • See full diff in compare view

Updates @octokit/rest from 21.0.0 to 21.0.1

Release notes

Sourced from @​octokit/rest's releases.

v21.0.1

21.0.1 (2024-07-17)

Bug Fixes

Commits

Updates semver from 7.6.2 to 7.6.3

Release notes

Sourced from semver's releases.

v7.6.3

7.6.3 (2024-07-16)

Bug Fixes

Documentation

Changelog

Sourced from semver's changelog.

7.6.3 (2024-07-16)

Bug Fixes

Documentation

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the dependency-updates group with 3 updates: [@npmcli/template-oss](https://github.com/npm/template-oss), [@octokit/rest](https://github.com/octokit/rest.js) and [semver](https://github.com/npm/node-semver).


Updates `@npmcli/template-oss` from 4.22.0 to 4.23.0
- [Release notes](https://github.com/npm/template-oss/releases)
- [Changelog](https://github.com/npm/template-oss/blob/main/CHANGELOG.md)
- [Commits](npm/template-oss@v4.22.0...v4.23.0)

Updates `@octokit/rest` from 21.0.0 to 21.0.1
- [Release notes](https://github.com/octokit/rest.js/releases)
- [Commits](octokit/rest.js@v21.0.0...v21.0.1)

Updates `semver` from 7.6.2 to 7.6.3
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](npm/node-semver@v7.6.2...v7.6.3)

---
updated-dependencies:
- dependency-name: "@npmcli/template-oss"
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependency-updates
- dependency-name: "@octokit/rest"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependency-updates
- dependency-name: semver
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependency-updates
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner July 17, 2024 09:36
@dependabot dependabot bot added the Dependencies Pull requests that update a dependency file label Jul 17, 2024
@wraithgar wraithgar merged commit 89e047a into main Jul 17, 2024
@wraithgar wraithgar deleted the dependabot/npm_and_yarn/main/dependency-updates-4de8b5bfcf branch July 17, 2024 14:21
hashtagchris added a commit to npm/template-oss that referenced this pull request Jul 17, 2024
<!-- What / Why -->
<!-- Describe the request in detail. What it does and why it's being
changed. -->

`steps.metadata.outputs.directory` is set to `/main`, not `/`, when
`package.json` is at the root of the repository. I suspect adding
`target-branch` to `dependabot.yml` (#330) added a `main` segment to
Dependabot PR branch names, which changed the value of
`steps.metadata.outputs.directory`.

By fixing this issue, we shouldn't need to routinely use stafftools to
fix up template-oss Dependabot PRs. 🤞🏼

I couldn't quickly find a `bump @npmcli/template-oss` Dependabot PR for
a workspace to inspect `steps.metadata.outputs.directory` and fix
workspaces support. If that's important, we may want to either enable
Dependabot for `npm/cli` or create a separate `template-oss-test` repo.
It's not clear if Dependabot will create a PR for
`workspace/test-workspace` upon our next release.

### Example Dependabot PR branch names

The first PR updates just `@npmcli/template-oss`. The second updates
multiple dependencies including `@npmcli/template-oss`.

PR | branch name | segments | steps.metadata.outputs.directory
-|-|-|-
npm/agent#110 |
`dependabot/npm_and_yarn/main/npmcli/template-oss-4.23.0` | 5 | `/main`
npm/statusboard#877 |
`dependabot/npm_and_yarn/main/dependency-updates-4de8b5bfcf` | 4 | `/`

## References
<!-- Examples:
  Related to #0
  Depends on #0
  Blocked by #0
  Fixes #0
  Closes #0
-->

Failed "Post Dependabot" run:
https://github.com/npm/agent/actions/runs/9963674341/job/27530225303

Fix manually tested here:
npm/agent@ef85b08


[branchNameToDirectoryName](https://github.com/dependabot/fetch-metadata/blob/ffa2dc8ffecf17d26f6a81b83f9ef5edd33ba93a/src/dependabot/update_metadata.ts#L31)

Bug report: dependabot/fetch-metadata#540
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants