Bump dependabot/fetch-metadata from 1.3.0 to 1.3.1 (!33) · Merge requests · Johannes Arnold / kaffee-server

Johannes Arnold requested to merge dependabot/github_actions/dependabot/fetch-metadata-1.3.1 into main Apr 21, 2022

Created by: dependabot[bot]

Bumps dependabot/fetch-metadata from 1.3.0 to 1.3.1.

Release notes

Sourced from dependabot/fetch-metadata's releases.

v1.3.1

Highlights

This release is primarily catching up on our dependencies, but it also includes a few bug fixes:

Correctly populate Dependabot Alert metadata when a manifest is located in the project root, thanks @SalimBensiali

Add a workaround for a dependabot-core bug that causes the update-type to be blank occasionally, thanks @mwaddell

What's Changed

If the update-type is missing for some reason, calculate it by @mwaddell in dependabot/fetch-metadata#173

Updated readme to explain when you need to use a PAT by @mwaddell in dependabot/fetch-metadata#183

Updated auto approve example to minimizing notifications by @mwaddell in dependabot/fetch-metadata#188

Bump @types/node from 17.0.19 to 17.0.23 by @dependabot in dependabot/fetch-metadata#191

Bump @types/jest from 27.4.0 to 27.4.1 by @dependabot in dependabot/fetch-metadata#168

Fix incorrect vulnerable manifest path check by @SalimBensiali in dependabot/fetch-metadata#186

Bump @types/yargs from 17.0.8 to 17.0.10 by @dependabot in dependabot/fetch-metadata#181

Bump @typescript-eslint/parser from 5.12.1 to 5.17.0 by @dependabot in dependabot/fetch-metadata#194

Bump eslint from 8.9.0 to 8.12.0 by @dependabot in dependabot/fetch-metadata#190

Bump ts-node from 10.5.0 to 10.7.0 by @dependabot in dependabot/fetch-metadata#196

Bump eslint from 8.12.0 to 8.13.0 by @dependabot in dependabot/fetch-metadata#198

Bump typescript from 4.5.5 to 4.6.3 by @dependabot in dependabot/fetch-metadata#193

Bump minimist from 1.2.5 to 1.2.6 by @dependabot in dependabot/fetch-metadata#204

Bump yargs from 17.3.1 to 17.4.1 by @dependabot in dependabot/fetch-metadata#199

Bump @typescript-eslint/parser from 5.17.0 to 5.20.0 by @dependabot in dependabot/fetch-metadata#202

Bump @typescript-eslint/eslint-plugin from 5.12.1 to 5.20.0 by @dependabot in dependabot/fetch-metadata#203

Dependabot updates run monthly and attempt to auto-compile dist/ by @brrygrdn in dependabot/fetch-metadata#205

Bump @actions/github from 5.0.0 to 5.0.1 by @dependabot in dependabot/fetch-metadata#197

Bump eslint-plugin-import from 2.25.4 to 2.26.0 by @dependabot in dependabot/fetch-metadata#207

Bump @types/node from 17.0.23 to 17.0.25 by @dependabot in dependabot/fetch-metadata#208

Bump @vercel/ncc from 0.33.3 to 0.33.4 by @dependabot in dependabot/fetch-metadata#209

Bump yaml from 1.10.2 to 2.0.1 by @dependabot in dependabot/fetch-metadata#206

New Contributors

@SalimBensiali made their first contribution in dependabot/fetch-metadata#186

Full Changelog: https://github.com/dependabot/fetch-metadata/compare/v1.3.0...v1.3.1

Commits

bfac3fa Merge pull request #210 from dependabot/v1.3.1-release-notes
80173ff Small correction to bump-version script
525fbe9 v1.3.1
58f09fc Merge pull request #206 from dependabot/dependabot/npm_and_yarn/yaml-2.0.1
b1d2cf8 Bump dist/
70c6c9e Bump yaml from 1.10.2 to 2.0.1
7b49493 Merge pull request #209 from dependabot/dependabot/npm_and_yarn/vercel/ncc-0....
13f5830 Bump @vercel/ncc from 0.33.3 to 0.33.4
59ab888 Merge pull request #208 from dependabot/dependabot/npm_and_yarn/types/node-17...
aad4446 Bump @types/node from 17.0.23 to 17.0.25
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bump dependabot/fetch-metadata from 1.3.0 to 1.3.1

v1.3.1

Highlights

What's Changed

New Contributors

Merge request reports