-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump stylelint from 16.2.1 to 16.3.1 #1
Conversation
Bumps [stylelint](https://github.com/stylelint/stylelint) from 16.2.1 to 16.3.1. - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@16.2.1...16.3.1) --- updated-dependencies: - dependency-name: stylelint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
@jgarber623 My apologies for missing this (2 weeks? yikes). It's the first dependabot PR on this repo! 🎉 What do you think is a good way to go about testing the changes? Right now, the marketing site is the only app pulling in Is it even possible to test the marketing site pulling in this branch? Or would we "just" update it here and then go check the marketing site? (Either way: I don't see anything in the release notes that is concerning.) |
@dotsara Following up here this morning after our hasty conversation in Slack yesterday afternoon.
Certainly no need for apologies. I missed it, too!
The short answer here is "Yes, absolutely!" The less short answer (which I'll get into in depth below) is, "Yes, absolutely! But we probably don't need to." I'll share here what I shared with you in Slack, but better explained and more public. The package.json documentation has a lengthy dependencies section that goes over how you define dependencies and their versions/sources. For our purposes, the relevant sub-sub-section is GitHub URLs.
What that means is that we could update CargoSense/cargosense.com's - "@cargosense/stylelint-config-scss": "^0.1.0",
+ "@cargosense/stylelint-config-scss": "CargoSense/stylelint-config-scss#dependabot/npm_and_yarn/stylelint-16.3.1", We would then run In the past I've used pattern documented in the "Local Paths" sub-sub-sub-sub-section of the documentation. That's been handy for testing out in-development stuff in a package like stylelint-config-scss. A well, actually.Okay, so the above info is handy, good to know, and may serve us well in the future. For this PR, though, it probably doesn't matter. Brains are weird and what follows are some details that occurred to me while making coffee this morning. Stupid, stupid brain. The below gets into some very weedy weeds, so bear with me. What this PR is updatingThe diff shows the changes here are confined to
Merging this PR wouldn't change anything about projects relying on this package (like CargoSense/cargosense.com). Stylelint is a peer dependencyNode.js dependencies are a nightmare. One part of that nightmare is This configuration is (to the best of my understanding) a way to specify that your package (a plugin!) is compatible with a version of the "main" package (Stylelint, in this case) without explicitly requiring it as a dependency. In practice, that's nonsense and super hand wave-y and use of Yarn 😑CargoSense/cargosense.com#196 goes deep on this, but in short: Yarn does not install peer dependencies. On the other hand, npm does. Good grief. Why's that relevant? Great question. Not a lot in the context of this PR, but it reminded me of that difference in behavior between the two package managers. FWIW, CargoSense/cargosense.com is using Stylelint v16.2.1 (see here). I'm not sure why Dependabot hasn't yet opened a PR on that repo. But, as noted way up above, the changes in this PR wouldn't force a change in CargoSense/cargosense.com anyway. So what should we do?
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After talking this through with @jgarber623, I understand now that this version bump only impacts this repo during development and not the sites loading this repo as a dependency. 👍🏽
Superseded by #3. |
Bumps stylelint from 16.2.1 to 16.3.1.
Release notes
Sourced from stylelint's releases.
Changelog
Sourced from stylelint's changelog.
Commits
2d74e26
16.3.19b2ca9c
Try fixingnpm run version
onnpm run version
d469bcd
Prepare 16.3.1 (#7580)b9ae2b2
Bump postcss-import from 16.0.1 to 16.1.0 (#7575)6bbc5f5
Bump np from 10.0.1 to 10.0.2 (#7574)a422972
Bump the typescript group with 1 update (#7573)f69c57b
Fixselector-max-id
end positions (#7571)412ae2b
Fix import errors for configs and plugins omitting/index.js
(#7578)e01617e
16.3.03158781
Fixnpm run release
(np
) error (#7570)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)