Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump the dependencies group across 1 directory with 3 updates #791

Closed
wants to merge 1 commit into from
Closed

chore(deps): bump the dependencies group across 1 directory with 3 updates #791

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 15, 2024
edited
Loading

Bumps the dependencies group with 3 updates in the / directory: @easyops-cn/docusaurus-search-local, @openfga/sdk and assert-never.

Updates @easyops-cn/docusaurus-search-local from 0.44.0 to 0.44.3

Release notes

Sourced from @​easyops-cn/docusaurus-search-local's releases.

v0.44.3

0.44.3 (2024-07-08)

Bug Fixes

v0.44.2

0.44.2 (2024-06-20)

Bug Fixes

  • manually make the search bar be LTR even if in RTL (a5c7184)

v0.44.1

0.44.1 (2024-06-19)

Bug Fixes

Commits

Updates @openfga/sdk from 0.5.0 to 0.6.1

Release notes

Sourced from @​openfga/sdk's releases.

v0.6.1

0.6.1 (2024-07-11)

  • fix(metrics): add missing request model id attribute (#122)

[!IMPORTANT] In this release we have changed our TypeScript compile target to ES2020 to align with our stated supported environments

v0.6.0

0.6.0 (2024-06-28)

  • feat: add opentelemetry metrics reporting (#117)
Changelog

Sourced from @​openfga/sdk's changelog.

v0.6.1

0.6.1 (2024-07-11)

  • fix(metrics): add missing request model id attribute (#122)

[!IMPORTANT] In this release we have changed our TypeScript compile target to ES2020 to align with our stated supported environments

v0.6.0

0.6.0 (2024-06-28)

  • feat: add opentelemetry metrics reporting (#117)
Commits
  • d544153 release: v0.6.1 (#123)
  • 092943f release: v0.6.1
  • c807c37 chore: Target ES2020 for compilation, remove unnecessary Promise based code (...
  • 03dd54a refactor: remove unnecessary async functions
  • a550de1 build: use es2020 for target as supported environments all support this
  • 7575bde fix(metrics): add missing request model id attribute (#122)
  • 56aa225 fix(metrics): add missing request model id attribute
  • 565cea3 chore(deps): bump the dependencies group across 1 directory with 5 updates (#...
  • 97e4cec chore(deps): bump the dependencies group across 1 directory with 5 updates
  • 011b066 release: v0.6.0 (#119)
  • Additional commits viewable in compare view

Updates assert-never from 1.2.1 to 1.3.0

Commits
  • 129add2 1.3.0
  • c2cddb5 Merge pull request #7 from codeandcats/feat/add-custom-error-message
  • f8b3a2b test: add test runner & tests
  • 2cba510 feat: allow specifying error message function
  • 5259e13 feat: allow specifying error message to use
  • 774509a docs: update link in readme
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the dependencies group across 1 directory with 3 up…
3671fc2 
…dates

Bumps the dependencies group with 3 updates in the / directory: [@easyops-cn/docusaurus-search-local](https://github.com/easyops-cn/docusaurus-search-local/tree/HEAD/packages/docusaurus-search-local), [@openfga/sdk](https://github.com/openfga/js-sdk) and [assert-never](https://github.com/aikoven/assert-never).


Updates `@easyops-cn/docusaurus-search-local` from 0.44.0 to 0.44.3
- [Release notes](https://github.com/easyops-cn/docusaurus-search-local/releases)
- [Commits](https://github.com/easyops-cn/docusaurus-search-local/commits/v0.44.3/packages/docusaurus-search-local)

Updates `@openfga/sdk` from 0.5.0 to 0.6.1
- [Release notes](https://github.com/openfga/js-sdk/releases)
- [Changelog](https://github.com/openfga/js-sdk/blob/main/CHANGELOG.md)
- [Commits](openfga/js-sdk@v0.5.0...v0.6.1)

Updates `assert-never` from 1.2.1 to 1.3.0
- [Commits](aikoven/assert-never@v1.2.1...v1.3.0)

---
updated-dependencies:
- dependency-name: "@easyops-cn/docusaurus-search-local"
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: "@openfga/sdk"
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: assert-never
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested review from a team as code owners July 15, 2024 10:32
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 15, 2024
@dependabot dependabot bot mentioned this pull request Jul 15, 2024
Closed
@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Minder Vulnerability Report ✅

Minder analyzed this PR and found no vulnerable dependencies.

Vulnerability scan of 3671fc27:

  • 🐞 vulnerable packages: 0
  • 🛠 fixes available for: 0

@stacklok-cloud Stacklok Cloud
Copy link
Contributor

Dependency Information

Minder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile.

📦 Dependency: @openfga/sdk

Trusty Score: 4.8

Scoring details
Component Score
Trust-summary 4.4
Malicious false
Provenance 10
User activity 6.3
Repository activity 3.3
From activity
Package activity 4.8
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 26
Number of git tags or releases 26
Versions matched to tags or releases 25

This package has been digitally signed using sigtore.
Source repository https://github.com/openfga/js-sdk
Cerificate Issuer CN=sigstore-intermediate,O=sigstore.dev
GitHub action workflow .github/workflows/main.yaml
Rekor (public ledger) entry https://search.sigstore.dev/?logIndex=110867040

📦 Dependency: assert-never

Trusty Score: 3.6

Scoring details
Component Score
Malicious false
User activity 5.2
Repository activity 2.1
From activity
Package activity 3.6
Provenance 8
Trust-summary 3.8
Proof of Origin (Provenance)

This package can be linked back to its source code using a historical provenance map.

We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Published package versions 5
Number of git tags or releases 4
Versions matched to tags or releases 4

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jul 22, 2024

Superseded by #794.

@dependabot dependabot bot closed this Jul 22, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/dependencies-fda615675e branch July 22, 2024 10:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewanharris ewanharris ewanharris approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ewanharris