convos icon indicating copy to clipboard operation
convos copied to clipboard

Published 20 hours ago verified publisher icon convos-chat

Dependency Dashboard

Open renovate[bot] opened this issue 3 years ago • 2 comments

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Config Migration Needed

  • [ ] Select this checkbox to let Renovate create an automated Config Migration PR.

[!WARNING] These dependencies are deprecated:

Datasource Name Replacement PR?
npm querystring Unavailable

Other Branches

These updates are pending. To force PRs open, click the checkbox below.

  • [ ] chore(deps): update dependency vite to v6.0.12 [security]

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

  • [ ] chore(deps): update all non-major dependencies (@fortawesome/fontawesome-free, docker/login-action, docker/metadata-action)
  • [ ] chore(deps): update actions/checkout action to v4
  • [ ] chore(deps): update dependency eslint-plugin-svelte to v3
  • [ ] chore(deps): update dependency jsdom to v26
  • [ ] chore(deps): update docker/build-push-action action to v6
  • [ ] Click on this checkbox to rebase all open PRs at once

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

  • [ ] chore(deps): update dependency svelte to v5
  • [ ] chore(deps): update dependency vitest to v3

Detected dependencies

dockerfile
Dockerfile
github-actions
.github/workflows/alpha.yml
  • actions/checkout v4
  • docker/login-action v3.3.0
  • docker/setup-qemu-action v3
  • docker/setup-buildx-action v3
  • docker/metadata-action v5.5.1
  • docker/build-push-action v5.4.0
.github/workflows/docker.yml
  • actions/checkout v4
  • docker/login-action v3.3.0
  • docker/setup-qemu-action v3
  • docker/setup-buildx-action v3
  • docker/build-push-action v5
.github/workflows/linux.yml
  • actions/checkout v3
  • actions/setup-node v4
  • actions/checkout v3
npm
package.json
  • svelte-check ^4.0.0
  • @fortawesome/fontawesome-free 6.6.0
  • @sveltejs/vite-plugin-svelte ^5.0.0
  • eslint ^9.0.0
  • eslint-plugin-svelte ^2.34.0
  • highlight.js ^11.9.0
  • js-cookie ^3.0.5
  • jsdoc ^4.0.2
  • jsdom ^25.0.0
  • jsonhtmlify ^0.1.0
  • lodash ^4.17.21
  • qs ^6.11.2
  • querystring ^0.2.1
  • sass ^1.69.3
  • svelte ^4.2.19
  • svelte-preprocess ^6.0.0
  • vite ^6.0.0
  • vitest ^2.1.9
  • [ ] Check this box to trigger a request for Renovate to run again on this repository

renovate[bot] avatar Aug 23 '22 06:08 renovate[bot]

I don't understand this change. What's the point of pinning package.json when you have a lock file? Same goes for

  • #769
  • #770
  • #772
  • #779
  • #780

jhthorsen avatar Aug 27 '22 00:08 jhthorsen

I don't understand this change. What's the point of pinning package.json when you have a lock file? Same goes for

So, there's a discussion here on the pros/cons https://docs.renovatebot.com/dependency-pinning/ - i actually wanted to discuss with you if we should configure renovate to not do this but suddenly busy at work which is why they were left open. If you're opposed to pinning we can turn it off in the config and close related prs

marcusramberg avatar Aug 27 '22 06:08 marcusramberg