Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dependency Dashboard #771

Open
4 tasks
renovate bot opened this issue Aug 23, 2022 · 2 comments
Open
4 tasks

Dependency Dashboard #771

renovate bot opened this issue Aug 23, 2022 · 2 comments
Assignees
@marcusramberg
Labels
dependencies Pull requests that update a dependency file
Milestone
dependabot

Comments

@renovate
Copy link
Contributor

renovate bot commented Aug 23, 2022
edited
Loading

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Warning

These dependencies are deprecated:

Datasource Name Replacement PR?
npm querystring Unavailable

Other Branches

These updates are pending. To force PRs open, click the checkbox below.

  • chore(deps): update dependency vite to v5.1.8 [security]

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

Detected dependencies

dockerfile
Dockerfile
github-actions
.github/workflows/alpha.yml
  • actions/checkout v4
  • docker/login-action v3.3.0
  • docker/setup-qemu-action v3
  • docker/setup-buildx-action v3
  • docker/metadata-action v5.5.1
  • docker/build-push-action v5.4.0
.github/workflows/docker.yml
  • actions/checkout v4
  • docker/login-action v3.3.0
  • docker/setup-qemu-action v3
  • docker/setup-buildx-action v3
  • docker/build-push-action v5
.github/workflows/linux.yml
  • actions/checkout v3
  • actions/setup-node v4
  • actions/checkout v3
npm
package.json
  • svelte-check ^4.0.0
  • @fortawesome/fontawesome-free 6.6.0
  • @sveltejs/vite-plugin-svelte ^3.0.0
  • eslint ^9.0.0
  • eslint-plugin-svelte ^2.34.0
  • highlight.js ^11.9.0
  • js-cookie ^3.0.5
  • jsdoc ^4.0.2
  • jsdom ^25.0.0
  • jsonhtmlify ^0.1.0
  • lodash ^4.17.21
  • qs ^6.11.2
  • querystring ^0.2.1
  • sass ^1.69.3
  • svelte ^4.2.19
  • svelte-preprocess ^6.0.0
  • vite ^5.0.12
  • vitest ^2.0.0
  • Check this box to trigger a request for Renovate to run again on this repository
@jhthorsen
Copy link
Collaborator

jhthorsen commented Aug 27, 2022
edited
Loading

I don't understand this change. What's the point of pinning package.json when you have a lock file? Same goes for

@marcusramberg
Copy link
Contributor

I don't understand this change. What's the point of pinning package.json when you have a lock file? Same goes for

So, there's a discussion here on the pros/cons https://docs.renovatebot.com/dependency-pinning/ - i actually wanted to discuss with you if we should configure renovate to not do this but suddenly busy at work which is why they were left open. If you're opposed to pinning we can turn it off in the config and close related prs

@jhthorsen jhthorsen added the dependencies Pull requests that update a dependency file label Sep 4, 2022
@jhthorsen jhthorsen added this to the dependabot milestone Sep 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marcusramberg marcusramberg

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
dependabot
Development

No branches or pull requests
2 participants
@marcusramberg @jhthorsen