Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): bump yaml and semantic-release #380

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Apr 24, 2023

Removes yaml. It's no longer used after updating ancestor dependency semantic-release. These dependencies need to be updated together.

Removes yaml

Updates semantic-release from 19.0.3 to 21.0.1

Release notes

Sourced from semantic-release's releases.

v21.0.1

21.0.1 (2023-04-01)

Bug Fixes

v21.0.0

21.0.0 (2023-03-24)

BREAKING CHANGES

  • deps: the npm plugin has updated the npm dependency to v9
  • legacy authentication using NPM_USERNAME and NPM_PASSWORD is no longer supported. Use NPM_TOKEN instead.

Bug Fixes

  • deps: bump @semantic-release/npm to ^10.0.0 (d647433)

v21.0.0-beta.6

21.0.0-beta.6 (2023-03-22)

Bug Fixes

  • deps: update dependency cosmiconfig to v8.1.2 (fbede54)
  • deps: update dependency execa to v7 (#2709) (31d9bfe)
  • deps: update dependency execa to v7.1.1 (c38b53a)

v21.0.0-beta.5

21.0.0-beta.5 (2023-03-22)

Bug Fixes

  • deps: updated to the latest version of the npm plugin (d647433)

v21.0.0-beta.4

21.0.0-beta.4 (2023-02-17)

Bug Fixes

  • deps: updated to the latest beta of the npm plugin, which updates npm to v9 (bef1d48)

... (truncated)

Commits
  • 4bddb37 fix(deps): update dependency env-ci to v9 (#2757)
  • aa90774 chore(deps): update dependency testdouble to v3.17.2 (#2751)
  • d7e14f6 docs(artifactory): removed details about using artifactory with legacy auth
  • 4a943a5 chore(deps): pin dependencies (#2744)
  • f47a510 chore(deps): lock file maintenance (#2737)
  • 05596bc chore(deps): update dependency prettier to ^2.8.4 (#2746)
  • c6e84ef chore(deps): update dependency sinon to v15.0.3 (#2748)
  • 0cbe804 chore(deps): update dependency fs-extra to ^11.1.0 (#2745)
  • ea32d10 chore(deps): update dependency testdouble to v3.17.1 (#2740)
  • deb1b7f Merge pull request #2741 from semantic-release/beta
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Removes [yaml](https://github.com/eemeli/yaml). It's no longer used after updating ancestor dependency [semantic-release](https://github.com/semantic-release/semantic-release). These dependencies need to be updated together.


Removes `yaml`

Updates `semantic-release` from 19.0.3 to 21.0.1
- [Release notes](https://github.com/semantic-release/semantic-release/releases)
- [Commits](semantic-release/semantic-release@v19.0.3...v21.0.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: indirect
- dependency-name: semantic-release
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 24, 2023
@dependabot dependabot bot requested a review from asyncapi-bot-eve as a code owner April 24, 2023 23:28
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@smoya
Copy link
Member

smoya commented Apr 25, 2023

Here is the entire list of breaking changes on semantic-release package from v19.x to v21.x:

v20.0.0
BREAKING CHANGES
esm: semantic-release is now ESM-only. since it is used through its own executable, the impact on consuming projects should be minimal
esm: references to plugin files in configs need to include the file extension because of executing in an ESM context
node-versions: node v18 is now the minimum required version of node. this is in line with our node support policy. please see our recommendations for releasing with a different node version than your project normally uses, if necessary.

21.0.0 (2023-03-24)
BREAKING CHANGES
deps: the npm plugin has updated the npm dependency to v9
legacy authentication using NPM_USERNAME and NPM_PASSWORD is no longer supported. Use NPM_TOKEN instead.

@smoya
Copy link
Member

smoya commented Apr 25, 2023

esm: semantic-release is now ESM-only. since it is used through its own executable, the impact on consuming projects should be minimal

I don't fully understand if this affects us. We do have projects that are ESM and others that are CommonJS.

node-versions: node v18 is now the minimum required version of node.

CI do not install node v18 but 14 in this case

deps: the npm plugin has updated the npm dependency to v9

Relates to the previous point.

legacy authentication using NPM_USERNAME and NPM_PASSWORD is no longer supported. Use NPM_TOKEN instead.

We already use NPM_TOKEN so we are good with this.

cc @derberg

@derberg
Copy link
Member

derberg commented Apr 25, 2023

actually asyncapi/.github#205 must be done to remove semantic-release from package.json, and other related dependencies and use the latest release configuration

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Apr 25, 2023

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Apr 25, 2023
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/yaml-and-semantic-release--removed branch April 25, 2023 13:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants