-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): Bundle dependabot pull requests #678
Conversation
413d057
to
168ae0b
Compare
Oh snap. This will require some additional editing... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Needs code update if we want to apply this update.
Codecov ReportPatch and project coverage have no change.
📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more Additional details and impacted files@@ Coverage Diff @@
## main #678 +/- ##
=======================================
Coverage 56.29% 56.29%
=======================================
Files 57 57
Lines 2780 2780
=======================================
Hits 1565 1565
Misses 1071 1071
Partials 144 144
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks okay now. Going to need @Callisto13 and @yitsushi to take a look as well. I'm going to squash the commits once you think this is okay. I had to update a couple of things...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me, but this PR showed me why I preferred one dependency PR per dependabot alert 😆
Absolutely. Though I hope this is the exception and not the norm hahaha. |
39280ea
to
1d5e79b
Compare
I mean, it's much harder to spot these kind of updates. Like if there are 4-7 package updates in one PR, and one of them may require human intervention. I don't say remove the bot workflow. It's helpful, but can be painful on project where we have a lot of dependencies and those dependencies have even more dependencies and a security update is available for a package that's used by all of them (including us). |
For sure. And I agree with you. And I'm really hoping that these kind of things won't happen often... 🤞 |
Contains the following PRs:
#675
#674
#673