-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump authlogic from 4.1.1 to 4.4.2 #3778
Conversation
Bumps [authlogic](https://github.com/binarylogic/authlogic) from 4.1.1 to 4.4.2. - [Release notes](https://github.com/binarylogic/authlogic/releases) - [Changelog](https://github.com/binarylogic/authlogic/blob/master/CHANGELOG.md) - [Commits](binarylogic/authlogic@v4.1.1...v4.4.2) Signed-off-by: dependabot[bot] <support@dependabot.com>
Thanks for opening this pull request! This space is protected by our Code of Conduct - and we're here to help. |
Generated by 🚫 Danger |
@greysteil anything to watch out for here either? This is also a pretty common gem. Is there anywhere we can look to see if this caused issues in other repositories? We have pretty good testing, but... you never know. Any data on how often these fail (i'm assuming pretty low, but just being extra cautious!) Thank you!!!!! This is cool!!!! 🎉 |
I'm surprised we don't have better data on this one - look like Dependabot has done very few updates of it (according to this screen). Again, though - I think you can be pretty confident here - the changelog suggests its only deprecations and fixes that have been shipped, except for a removal of Ruby 2.2 support (that won't affect this repo). |
OK! So, https://dependabot.com/compatibility-score/?dependency-name=authlogic&package-manager=bundler&version-scheme=semver is kind of like using /everyone else's/ tests to see how much this breaks stuff? That's a great feature. Have you considered including a link to that in Dependabot's message, like:
|
Actually i like the language on that page! I guess it'd be neat to see a bit more of it on the message, especially as a first-time dependabot user, as I didn't know what the badge meant. But thank you for helping me with it! |
We should be OK, indeed - we test the Authlogic authentication both in functional and integration tests, i believe: https://github.com/publiclab/plots2/blob/master/test/functional/user_sessions_controller_test.rb |
Useful feedback - thanks! |
https://github.com/publiclab/plots2/blob/master/test/integration/login_flow_test.rb Its kind of cool to think that our tests might substantially increase confidence in someone else running this upgrade! It's an additional incentive to help out, you know? |
Could you also provide links to the PRs where it broke the build, so if the score is low enough, we could look at the discussions of whoever else had issues with it? Sorry, i hope these are helpful suggestions -- i'm excited by your service! Don't mean to sound demanding! 😄 |
Yeah! That's totally how I want people to feel about Dependabot! It's funny, having built it it's hard to put myself 100% in the shoes of users, but I really want it to help everyone help each other.
We do! Check out https://dependabot.com/compatibility-score/?dependency-name=rails&package-manager=bundler&previous-version=5.2.0&new-version=5.2.1 for example! Should get better and better with more data 😄 |
ohhhhhh cooool! was authlogic not showing that bc it was private repos?
…On Thu, Oct 25, 2018 at 6:54 PM Grey Baker ***@***.***> wrote:
Its kind of cool to think that our tests might substantially increase
confidence in someone else running this upgrade! It's an additional
incentive to help out, you know?
Yeah! That's totally how I want people to feel about Dependabot! It's
funny, having built it it's hard to put myself 100% in the shoes of users,
but I really want it to help everyone help each other.
Could you also provide links to the PRs where it broke the build, so if
the score is low enough, we could look at the discussions of whoever else
had issues with it?
We do! Check out
https://dependabot.com/compatibility-score/?dependency-name=rails&package-manager=bundler&previous-version=5.2.0&new-version=5.2.1
for example! Should get better and better with more data 😄
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#3778 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABfJxt94jHysIP4Qd8iTlWzh0_ozMY5ks5uokDsgaJpZM4X7K1z>
.
|
Yep - exactly. |
awesome, thanks again! I'll schedule time to run another batch tomorrow. If
we do 10 or more per week, i hope we can catch up... maybe we schedule time
for even more until we do...
…On Thu, Oct 25, 2018 at 6:59 PM Grey Baker ***@***.***> wrote:
Yep - exactly.
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#3778 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AABfJwOeldUxlh_w1vE4-vSGd1v6__hNks5uokIhgaJpZM4X7K1z>
.
|
Yeah I don't think you're too far behind, and once you catch up it'll only be 1-2 patch release PRs a week. |
Hmm, I'm seeing: https://travis-ci.org/publiclab/plots2/builds/446422257#L2500
In a subsequent PR test run. I don't know why it wouldn't have failed here but I'll investigate in the morning! |
Hmm, it's intermittent -- latest master branch passed. It is also related to |
OK, i'm attempting to remove those old plugins in a new PR, here: #3803 |
👍 - removing unnecessary dependencies is much better than updating them! Wish Dependabot coud do that for you. One day... |
Bumps [authlogic](https://github.com/binarylogic/authlogic) from 4.1.1 to 4.4.2. - [Release notes](https://github.com/binarylogic/authlogic/releases) - [Changelog](https://github.com/binarylogic/authlogic/blob/master/CHANGELOG.md) - [Commits](binarylogic/authlogic@v4.1.1...v4.4.2) Signed-off-by: dependabot[bot] <support@dependabot.com>
Bumps authlogic from 4.1.1 to 4.4.2.
Changelog
Sourced from authlogic's changelog.
Commits
ed17ba0
Release 4.4.24587666
Improve deprecation warning re: validations4d25b83
Release 4.4.12f072e1
Tests: Configure SCrypt to be as fast as possible71c2b0d
Only warn when configuring, not using deprecated validationabb34bf
Do not produce warning when disabling deprecated validations62d7ec9
Release 4.4.0dfebebf
Backport: Deprecate unnecessary validation features36fb593
Backport: Deprecate authenticates_manye747554
Release 4.3.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.
You can always request more updates by clicking
Bump now
in your Dependabot dashboard.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge@dependabot reopen
will reopen this PR if it is closed@dependabot ignore this [patch|minor|major] version
will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and language@dependabot badge me
will comment on this PR with code to add a "Dependabot enabled" badge to your readmeAdditionally, you can set the following in your Dependabot dashboard:
Finally, you can contact us by mentioning @dependabot.