apollo-link-rest icon indicating copy to clipboard operation
apollo-link-rest copied to clipboard
verified publisher icon apollographql

chore(deps): pin dependencies

Open svc-secops opened this issue 2 years ago • 1 comments

This PR contains the following updates:

Package Type Update Change
@babel/core (source) devDependencies pin 7.x -> 7.28.5
@types/graphql devDependencies pin 14.x -> 14.5.0
@types/jest (source) devDependencies pin 23.x -> 23.3.14
@types/node (source) devDependencies pin 10.x -> 10.17.60
@types/qs (source) devDependencies pin 6.5.x -> 6.5.3
browserify devDependencies pin 16.2.x -> 16.2.3
bundlesize devDependencies pin 0.17.x -> 0.17.2
camelcase devDependencies pin 5.0.x -> 5.0.0
codecov devDependencies pin 3.x -> 3.8.3
danger devDependencies pin 6.x -> 6.1.13
fetch-mock (source) devDependencies pin 7.x -> 7.7.3
graphql devDependencies pin 14.x -> 14.7.0
isomorphic-fetch (source) devDependencies pin 2.2.x -> 2.2.1
jest (source) devDependencies pin 23.x -> 23.6.0
jest-fetch-mock devDependencies pin 2.x -> 2.1.2
lerna (source) devDependencies pin 3.6.x -> 3.6.0
lint-staged devDependencies pin 8.1.x -> 8.1.7
lodash (source) devDependencies pin 4.17.x -> 4.17.21
pre-commit devDependencies pin 1.2.x -> 1.2.2
prettier (source) devDependencies pin 1.15.x -> 1.15.3
qs devDependencies pin 6.6.x -> 6.6.1
rimraf devDependencies pin 2.6.x -> 2.6.3
rollup-plugin-local-resolve devDependencies pin 1.0.x -> 1.0.7
rollup-plugin-sourcemaps devDependencies pin 0.4.x -> 0.4.2
snake-case (source) devDependencies pin 2.1.x -> 2.1.0
ts-jest (source) devDependencies pin 23.10.x -> 23.10.5
typescript (source) devDependencies pin 3.x -> 3.9.10
uglify-js devDependencies pin 3.4.x -> 3.4.10

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

Configuration

📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday" in timezone America/Los_Angeles, Automerge - "after 8am and before 4pm on tuesday" in timezone America/Los_Angeles.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Renovate Bot.

svc-secops avatar Jul 17 '23 11:07 svc-secops

@svc-secops why are we pinning these dependencies?

This will cause much more maintenance burden on this repo, and noise for new releases.

The Types packages in particular don’t make sense to pin.

If you want to set up CI so releases happen automatically, then I would withdraw my objection, but since this currently would make more manual work for me, I’m not convinced.

fbartho avatar Aug 08 '23 18:08 fbartho