Update dependencies to enable Greenkeeper 馃尨 #2621

merged 7 commits into from Dec 3, 2016


None yet

4 participants

greenkeeper bot commented Dec 2, 2016

Let鈥檚 get started with automated dependency management for mocha 馃挭

This pull request updates all your dependencies to their latest version. Having them all up to date really is the best starting point. I will look out for further dependency updates and make sure to handle them in isolation and in real-time, as soon as you merge this pull request.

If this pull request passes and everything is still working

This is really good news. Merge this pull request and I will keep you posted about dependency updates you shouldn鈥檛 miss.

If this pull request fails and things aren鈥檛 working

Note: I won鈥檛 start sending you further updates, unless you have merged this very pull request.

So, how do we proceed? I suggest you find out what dependency update is causing the problem. Adapt your code so things are working nicely together again. next-update is a really handy tool to help you with this.

Push the changes to this branch and merge it.

In case you can not, or do not want to update a certain dependency right now, you can of course just change the package.json file back to your liking.

Don鈥檛 forget to push your changes to this branch, and merge this pull request, so I can start sending you further updates.

How to update this pull request
# change into your repository鈥檚 directory
git fetch
git checkout greenkeeper/update-all
npm install-test
# adapt your code, so it鈥檚 working again
git commit -m 'chore: adapt code to updated dependencies'
git push origin greenkeeper/update-all
How to ignore certain dependencies

Add a greenkeeper.ignore field to your package.json, containing a list of dependencies you don鈥檛 want to update right now.

// package.json
  "greenkeeper": {
    "ignore": [
How the updates will look like

As soon as you merge this pull request I鈥檒l create a branch for every dependency update, with the new version applied. The branch creation should trigger your testing services to check the new version. Using the results of these tests I鈥檒l try to open meaningful and helpful pull requests and issues, so your dependencies remain working and up-to-date.

-  "underscore": "^1.6.0"
+  "underscore": "^1.7.0"

In the above example you can see an in-range update. 1.7.0 is included in the old ^1.6.0 range, because of the caret ^ character .
When the test services report success I鈥檒l delete the branch again, because no action needs to be taken 鈥 everything is fine.
When there is a failure however, I鈥檒l create an issue so you know about the problem immediately.

This way every single version update of your dependencies will either continue to work with your project, or you鈥檒l get to know of potential problems immediately.

-  "lodash": "^3.0.0"
+  "lodash": "^4.0.0"

In this example the new version 4.0.0 is not included in the old ^3.0.0 range.
For version updates like these 鈥 let鈥檚 call them 鈥渙ut of range鈥 updates 鈥 you鈥檒l receive a pull request.

Now you no longer need to check for exciting new versions by hand 鈥 I鈥檒l just let you know automatically.
And the pull request will not only serve as a reminder to update. In case it passes your decent test suite that鈥檚 a strong reason to merge right away :shipit:

Not sure how things are going to work exactly?

There is a collection of frequently asked questions and of course you may always ask my humans.

Good luck with your project and see you soon

Your Greenkeeper Bot 馃尨

@greenkeeper greenkeeper chore(package): update dependencies
jsf-clabot commented Dec 2, 2016 edited

CLA assistant check
Thank you for your submission, we really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
1 out of 2 committers have signed the CLA.


@greenkeeper greenkeeper bot added the greenkeeper label Dec 2, 2016

Lol, a bot asking a bot to sign the CLA. Gold.

@boneskull boneskull lint fixes for ESLint

We can't actually upgrade some of our production dependencies, and I don't want to upgrade phantomjs.

This should fail the sanity test on Node.js v0.10.


(If it doesn't, we need to fix the sanity test, which simply runs npm install mocha --production and tries to run a test. On npm 1.x this should fail if any of these newer production dependencies, or production dependencies thereof, have package.json's containing carets in semver ranges, or scoped packages.)

@boneskull boneskull hold lodash.create and phantomjs back
@boneskull boneskull referenced this pull request in JSFoundation/cla-assistant Dec 2, 2016

broken images #5

boneskull added some commits Dec 2, 2016
@boneskull boneskull sanity test uses npm v1.4.x under Node.js v0.10 (experimental)
@boneskull boneskull add debug msg about downgrading npm [ci skip] fbca233
@boneskull boneskull cleanup sanity test afterwards if using npm v1.4.x
@boneskull boneskull only run node-specific tests on appveyor; add node v7

Once this is merged, the requirements to install dev dependencies and run npm test in Mocha will be Node.js v4.x and npm v2.x. By holding lodash.create back to 3.x, we don't break production. Sounds like a patch release to me.

@boneskull boneskull merged commit bb743ff into master Dec 3, 2016

4 of 5 checks passed

licence/cla Contributor License Agreement is not signed yet.
continuous-integration/appveyor/branch AppVeyor build succeeded
continuous-integration/appveyor/pr AppVeyor build succeeded
continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed
@greenkeeper greenkeeper bot deleted the greenkeeper/update-all branch Dec 3, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment