Bump ansi-regex from 3.0.0 to 3.0.1 #362
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
|
@ToothlessGear This needs to be rebased on master, but I don't see the button. Could you do that, or elevate my permissions then I'll do it? |
|
@mtrezza I can merge it sure, but you are a full collaborator. Rebase merging is enabled, can you recheck? |
|
The thing is that this PR doesn't seem to be based on the latest commit on master. The CI doesn't show the new job titles but the old ones. Usually I'd see a button to rebase and merging should be blocked. But in this case either I don't have the permissions to rebase, or the button is not displayed because the rebase isn't required to merge, which IMO should be set as required in the repo settings. If we allow to merge a PR without rebase, the CI tests are less effective and may fail only after merging. |
|
@dependabot rebase |
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/ansi-regex-3.0.1
branch
from
a740932
to
f913f65
Compare
|
@mtrezza I've added the latest update requirements for npm, snyk. For node it's only 16 of the matrix since it's LTS. |
|
Yes, but I guess we are still officially supporting Node 12, even though it's out of LTS. If we decide to stop supporting Node 12, we'd have to do a major version increment because it's a breaking change, to follow semver. As for now, we still need to test for Node 12 until we announce that breaking change. In fact, officially we are still supporting Node >=4: Lines 83 to 85 in e034e7d To clean this up, I think we could:
Regardless, the original issue I mentioned seems to be solved now, I see the update button in another PR: |
|
I see you've also disabled all merge options except for "Rebase and merge", I wouldn't do that. I would only enable "Squash and merge" and disable all others. We'll also need that for release-automation. A rebase as part of a merge is rather unpredictable. This btw. has nothing to do with requiring a PR to be up-to-date with the base branch, which is a separate setting that you have already set. |
Done.
I'd rather keep all of them. If the commits of the PR are nice to follow, well described and atomic, I'd rather rebase than squash. You have the choice when merging. |
|
Once we implement release automation we can only allow "squash and merge", other merge types create a commit history that is not parsable for that purpose. A "rebase and merge" (which is still enabled) doesn't make much sense in our workflow IMO, because a rebase always needs to happen before we approve a PR as the CI needs to run on it. Otherwise the CI runs tests on something that will not be the end result (pre-rebase) of that "rebase and merge" operation. |
Bumps ansi-regex from 3.0.0 to 3.0.1.
Commits
f545bdb3.0.1c57d4c2fix a few old XO issues for backport419250fFix potential ReDoS (#37)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.