Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update pnpm-lock #2631

Merged
merged 3 commits into from
Jan 30, 2024
Merged

chore(deps): update pnpm-lock #2631

merged 3 commits into from
Jan 30, 2024

Conversation

ST-DDT
Copy link
Member

@ST-DDT ST-DDT commented Jan 28, 2024

This PR hopefully fixes the irrelevant warning during push:
https://github.com/faker-js/faker/security/dependabot/16

- vite: 5.0.11(@types/[email protected])
+ vite: 5.0.12(@types/[email protected])

For the future we should let renovate do this, but I just want the warning gone.

@ST-DDT ST-DDT added p: 1-normal Nothing urgent c: dependencies Pull requests that adds/updates a dependency labels Jan 28, 2024
@ST-DDT ST-DDT added this to the v8.x milestone Jan 28, 2024
@ST-DDT ST-DDT requested review from a team January 28, 2024 23:10
@ST-DDT ST-DDT self-assigned this Jan 28, 2024
@codecov Codecov
Copy link

codecov bot commented Jan 28, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (793730a) 99.57% compared to head (a1db63b) 99.56%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             next    #2631      +/-   ##
==========================================
- Coverage   99.57%   99.56%   -0.01%     
==========================================
  Files        2807     2807              
  Lines      250452   250452              
  Branches     1152     1147       -5     
==========================================
- Hits       249390   249372      -18     
- Misses       1034     1052      +18     
  Partials       28       28

see 1 file with indirect coverage changes

xDivisionByZerox
xDivisionByZerox approved these changes Jan 29, 2024
View reviewed changes
Copy link
Member

@xDivisionByZerox xDivisionByZerox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the future we should let renovate do this, but I just want the warning gone.

Isn't u/dependabot the bot that usually creates security auto fix PR's?

@ST-DDT
Copy link
Member Author

ST-DDT commented Jan 29, 2024

grafik

I'm not sure why exactly but this is either because it is not a direct dependency, or because we have at least two major versions of that dependency in the lock file.

@Shinigami92
Copy link
Member

Shinigami92 commented Jan 30, 2024
edited
Loading

grafik

I'm not sure why exactly but this is either because it is not a direct dependency, or because we have at least two major versions of that dependency in the lock file.

That could be right 🤔
We definitely have one from Vitest and one from VitePress

Normally in that case de-duplication takes place if possible.
I cannot look right now into the change because of mobile screen

Edit:

We do have v5 and v4 in our dependency-tree. I'm not totally sure what you are referring to now. Maybe lets talk later on Discord to show and clarify what the problems are.

@ST-DDT
Copy link
Member Author

ST-DDT commented Jan 30, 2024
edited
Loading

I'm not totally sure what you are referring to now. Maybe lets talk later on Discord to show and clarify what the problems are.

The issue is that dependabot does not create a fix PR itself and I had to do that myself.

There is no problem with this PR itself.

@ST-DDT ST-DDT enabled auto-merge (squash) January 30, 2024 09:43
@ST-DDT ST-DDT merged commit 8ccc49d into next Jan 30, 2024
20 checks passed
@ST-DDT ST-DDT deleted the deps/pnpm-lock branch January 30, 2024 09:54
@dagistan-tuncbilek dagistan-tuncbilek mentioned this pull request Jun 14, 2024
Open
This was referenced Sep 13, 2024
Open
Open
Merged
@sindhuhack sindhuhack mentioned this pull request Sep 24, 2024
Open
@jiisuominen jiisuominen mentioned this pull request Nov 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xDivisionByZerox xDivisionByZerox xDivisionByZerox approved these changes

@Shinigami92 Shinigami92 Shinigami92 approved these changes

Assignees

@ST-DDT ST-DDT

Labels
c: dependencies Pull requests that adds/updates a dependency p: 1-normal Nothing urgent
Projects
None yet
Milestone
v8.x
Development

Successfully merging this pull request may close these issues.
3 participants
@ST-DDT @Shinigami92 @xDivisionByZerox