Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump minimist from 1.2.5 to 1.2.6 #1385

Closed
wants to merge 4 commits into from
Closed

Bump minimist from 1.2.5 to 1.2.6 #1385

wants to merge 4 commits into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 16, 2022

Bumps minimist from 1.2.5 to 1.2.6.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

amacado and others added 4 commits March 22, 2022 22:31
@amacado
Merge pull request #1084 from devicons/develop
e7a43b9 
Fix issue with npm publish script
@amacado
bump npm version to v2.15.1
619c806
@Thomas-Boi
Merge pull request #1085 from devicons/draft-release
1119b9f 
Build preparation for release v2.15.1
@dependabot
Bump minimist from 1.2.5 to 1.2.6
0e4a966 
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6.
- [Release notes](https://github.com/substack/minimist/releases)
- [Commits](https://github.com/substack/minimist/compare/1.2.5...1.2.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 16, 2022
@Panquesito7 Panquesito7 changed the base branch from master to develop September 16, 2022 16:11
Panquesito7
Panquesito7 approved these changes Sep 16, 2022
View reviewed changes
Copy link
Member

@Panquesito7 Panquesito7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. 🚀

__
sema-logo  Summary: 🏆 This code is awesome  |  Tags: Maintainable

@Snailedlt
Copy link
Collaborator

@Panquesito7 did you test it locally?
Also, did you see the changelog?

@Panquesito7
Copy link
Member

@Panquesito7 did you test it locally? Also, did you see the changelog?

I haven't tested it locally (we could use Gitpod to deploy the page, though).
The changelog or commits seem to be to fix a security issue. https://github.com/devicons/devicon/security/dependabot/6

@Snailedlt
Copy link
Collaborator

@Panquesito7 did you test it locally? Also, did you see the changelog?

I haven't tested it locally (we could use Gitpod to deploy the page, though). The changelog or commits seem to be to fix a security issue. https://github.com/devicons/devicon/security/dependabot/6

No need to deploy imo. Just a simple build and run would suffice. If it runs, and the code checks are all green, it probably should work.

We could add a build step to the CodeQL workflow though. Maybe just add npm ci, npm build and npm test?
Can probably just be added as a replacement of these lines:

devicon/.github/workflows/codeql-analysis.yml

Lines 45 to 55 in 1119b9f

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

@Panquesito7
Copy link
Member

@Panquesito7 did you test it locally? Also, did you see the changelog?

I haven't tested it locally (we could use Gitpod to deploy the page, though). The changelog or commits seem to be to fix a security issue. https://github.com/devicons/devicon/security/dependabot/6

No need to deploy imo. Just a simple build and run would suffice. If it runs, and the code checks are all green, it probably should work.

We could add a build step to the CodeQL workflow though. Maybe just add npm ci, npm build and npm test? Can probably just be added as a replacement of these lines:

devicon/.github/workflows/codeql-analysis.yml

Lines 45 to 55 in 1119b9f

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v1
# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

Sounds good. Feel free to make a PR for that. 🙂
To make deployment easier and faster, we could also use Gitpod.

@Snailedlt Snailedlt mentioned this pull request Sep 22, 2022
Open
@Snailedlt
Copy link
Collaborator

Having trouble building this locally. The build guide isn't really complete so it's hard to follow.
I made an issue to update it: #1414

@Panquesito7
Copy link
Member

Actually, it seems this PR has been merged previously 🤔 #1141

@Snailedlt
Copy link
Collaborator

Hmm, yeah you're right!
Did we update the package-lock accidentally somewhere along the way?

@Panquesito7
Copy link
Member

Hmm, yeah you're right! Did we update the package-lock accidentally somewhere along the way?

Hmm, what do you mean?

@Snailedlt
Copy link
Collaborator

I mean, how can it change the same thing twice without it having been removed in-between those two PRs?

I'll check the blame later to see if it got reverted or changed recently

@Panquesito7
Copy link
Member

I mean, how can it change the same thing twice without it having been removed in-between those two PRs?

I'll check the blame later to see if it got reverted or changed recently

That's because it has been merged in develop and there hasn't been any release since March. #1141 was merged in April.

@Snailedlt
Copy link
Collaborator

Ohhh, so it checks for dependencies in master, and sends a PR in develop? That doesn't seem right. If that's the case, then it's clearly a bug right?

@Panquesito7
Copy link
Member

Ohhh, so it checks for dependencies in master, and sends a PR in develop? That doesn't seem right. If that's the case, then it's clearly a bug right?

Nope, I changed the branch to develop manually so that it's merged there.

@Snailedlt
Copy link
Collaborator

Ahh, okey. Makes sense

@Panquesito7 Panquesito7 closed this Oct 3, 2022
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 3, 2022

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@Panquesito7 Panquesito7 added the duplicate Use this label for duplicated issues/pull requests label Oct 3, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/minimist-1.2.6 branch October 3, 2022 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Panquesito7 Panquesito7 Panquesito7 approved these changes

@Snailedlt Snailedlt Awaiting requested review from Snailedlt

@amacado amacado Awaiting requested review from amacado

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file duplicate Use this label for duplicated issues/pull requests
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Snailedlt @Panquesito7 @amacado @Thomas-Boi