chore(deps): bump 1st party deps to versions with available CodeQL scans #1989
Conversation
| "askcharacter": "^1.0.0", | ||
| "askpassword": "^1.2.4", | ||
| "askcharacter": "^2.0.4", | ||
| "askpassword": "^2.0.2", |
There was a problem hiding this comment.
Major version bumps because these included changes to the tested (= supported) Node.js versions. I stopped doing these after a bit because it turned out lots of packages needed updates 🙂
| "mongodb-connection-string-url": "^3.0.0", | ||
| "mongodb-log-writer": "^1.4.0", | ||
| "mongodb-connection-string-url": "^3.0.1", | ||
| "mongodb-log-writer": "^1.4.2", |
There was a problem hiding this comment.
Some of these versions got bumped twice because it turns out that CodeQL jobs with cron workflow triggers get disabled after 60 days of no activity in a repo and I didn't know that when doing the first set of releases 😕
There was a problem hiding this comment.
activity in the repo means commits to the main branch?
There was a problem hiding this comment.
I don't know, this is basically all the information available to me:
| "macos-export-certificate-and-key": "^1.1.1", | ||
| "mongodb-crypt-library-version": "^1.0.3", | ||
| "win-export-certificate-and-key": "^1.1.1" | ||
| "macos-export-certificate-and-key": "^1.1.2", |
There was a problem hiding this comment.
Was almost driven insane by the "fact" that this bump of the library made CI fail even though no code changed (it surely can't be a coincidence, right, this PR bumps the package that provides the error message that's leading to the CI errors??), then finally thought to check other runs on main, turns out the CI redness happens completely independently of this PR without any code changes at all: #1991 🫠
3 participants
No description provided.