Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): Bundle dependabot pull requests #678

Merged
merged 1 commit into from
Mar 21, 2023
Merged

Conversation

github-actions[bot]
Copy link
Contributor

Contains the following PRs:
#675
#674
#673

@github-actions github-actions bot added area/dependency Issues or PRs related to dependency changes kind/cleanup Removing things previously overlooked user-signing-required Applied to pull request when a repository maintainer needs to push a signing commit. labels Mar 20, 2023
@Skarlso Skarlso removed the user-signing-required Applied to pull request when a repository maintainer needs to push a signing commit. label Mar 20, 2023
@Skarlso
Copy link
Contributor

Skarlso commented Mar 20, 2023

Oh snap. This will require some additional editing...

Copy link
Contributor

@Skarlso Skarlso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs code update if we want to apply this update.

@codecov-commenter
Copy link

codecov-commenter commented Mar 21, 2023

Codecov Report

Patch and project coverage have no change.

Comparison is base (f6425b0) 56.29% compared to head (5062c1a) 56.29%.

❗ Current head 5062c1a differs from pull request most recent head 1d5e79b. Consider uploading reports for the commit 1d5e79b to get more accurate results

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

Additional details and impacted files
@@           Coverage Diff           @@
##             main     #678   +/-   ##
=======================================
  Coverage   56.29%   56.29%           
=======================================
  Files          57       57           
  Lines        2780     2780           
=======================================
  Hits         1565     1565           
  Misses       1071     1071           
  Partials      144      144           
Impacted Files Coverage Δ
infrastructure/containerd/convert.go 51.21% <ø> (ø)

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

Skarlso
Skarlso previously approved these changes Mar 21, 2023
Copy link
Contributor

@Skarlso Skarlso left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks okay now. Going to need @Callisto13 and @yitsushi to take a look as well. I'm going to squash the commits once you think this is okay. I had to update a couple of things...

yitsushi
yitsushi previously approved these changes Mar 21, 2023
Copy link
Contributor

@yitsushi yitsushi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, but this PR showed me why I preferred one dependency PR per dependabot alert 😆

:shipit:

@Skarlso
Copy link
Contributor

Skarlso commented Mar 21, 2023

Looks good to me, but this PR showed me why I preferred one dependency PR per dependabot alert 😆

Absolutely. Though I hope this is the exception and not the norm hahaha.

@Skarlso Skarlso dismissed stale reviews from yitsushi and themself via 1d5e79b March 21, 2023 12:00
@Skarlso Skarlso merged commit 96cba07 into main Mar 21, 2023
@Skarlso Skarlso deleted the bundler-1679270748 branch March 21, 2023 12:14
@yitsushi
Copy link
Contributor

Absolutely. Though I hope this is the exception and not the norm hahaha.

I mean, it's much harder to spot these kind of updates. Like if there are 4-7 package updates in one PR, and one of them may require human intervention.

I don't say remove the bot workflow. It's helpful, but can be painful on project where we have a lot of dependencies and those dependencies have even more dependencies and a security update is available for a package that's used by all of them (including us).

@Skarlso
Copy link
Contributor

Skarlso commented Mar 21, 2023

For sure. And I agree with you. And I'm really hoping that these kind of things won't happen often... 🤞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/dependency Issues or PRs related to dependency changes kind/cleanup Removing things previously overlooked
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants