Bump @vercel/ncc -> 0.38.1 and @actions/core -> 1.10.1 #268

graebm · 2024-01-19T01:33:21Z

Issue:
Dependabot wants to bump these npm dependencies. See:
#252
#253
#258
#259

But Github actions are weird and you need to run npm install and commit the artifacts after an npm update. So here's my own manual PR.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

bretambrose · 2024-01-19T02:21:40Z

Can we configure this to not get minor/patch PRs that aren't about security issues? This is kind of silly.

graebm · 2024-01-19T17:25:09Z

I don't see an option like that: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

I think it's supposed to be a painless thing where you just merge the PRs it puts up. These ones are weird thought because you're supposed to commit the build artifacts for Github Actions, and dependabot only does npm update it doesn't do npm install

Bump @vercel/ncc -> 0.38.1 and @actions/core -> 1.10.1

47e2d8c

graebm enabled auto-merge (squash) January 19, 2024 23:46

graebm disabled auto-merge January 19, 2024 23:46

graebm enabled auto-merge (squash) January 19, 2024 23:46

TingDaoK approved these changes Jan 20, 2024

View reviewed changes

graebm merged commit f6f2217 into main Jan 20, 2024
102 checks passed

graebm deleted the action-npm-updates branch January 20, 2024 00:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump @vercel/ncc -> 0.38.1 and @actions/core -> 1.10.1 #268

Bump @vercel/ncc -> 0.38.1 and @actions/core -> 1.10.1 #268

graebm commented Jan 19, 2024

bretambrose commented Jan 19, 2024

graebm commented Jan 19, 2024

Bump @vercel/ncc -> 0.38.1 and @actions/core -> 1.10.1 #268

Bump @vercel/ncc -> 0.38.1 and @actions/core -> 1.10.1 #268

Conversation

graebm commented Jan 19, 2024

bretambrose commented Jan 19, 2024

graebm commented Jan 19, 2024