mirror of
https://github.com/maplibre/martin.git
synced 2024-12-22 14:21:39 +03:00
9b969d58a1
Bumps [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) from 1.5.0 to 1.5.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v1.5.1</h2> <h2>What's Changed</h2> <p>Bugfix:</p> <ul> <li>Fix library parser to trim trailing LF by <a href="https://github.com/kachick"><code>@kachick</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/380">dependabot/fetch-metadata#380</a></li> </ul> <p>Dep bumps that are trivial so decided to keep this a patch release:</p> <ul> <li>Bump yargs from 17.7.1 to 17.7.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/379">dependabot/fetch-metadata#379</a></li> <li>Bump <code>@types/node</code> from 20.2.1 to 20.2.3 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/382">dependabot/fetch-metadata#382</a></li> </ul> <p>Internal-facing infra changes:</p> <ul> <li>Group :dependabot: PR's for <code>eslint</code>-related deps by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/374">dependabot/fetch-metadata#374</a></li> <li>Bump the eslint-dependencies group with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/375">dependabot/fetch-metadata#375</a></li> <li>Bump the eslint-dependencies group with 2 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/378">dependabot/fetch-metadata#378</a></li> <li>Switch to using an app token instead of a PAT by <a href="https://github.com/jeffwidman"><code>@jeffwidman</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/362">dependabot/fetch-metadata#362</a></li> <li>v1.5.1 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/384">dependabot/fetch-metadata#384</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v1...v1.5.1">https://github.com/dependabot/fetch-metadata/compare/v1...v1.5.1</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="cd6e996708
"><code>cd6e996</code></a> v1.5.1 (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/384">#384</a>)</li> <li><a href="64bd9b825f
"><code>64bd9b8</code></a> Fix library parser to trim trailing LF (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/380">#380</a>)</li> <li><a href="0908fa19ff
"><code>0908fa1</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/382">#382</a> from dependabot/dependabot/npm_and_yarn/types/node-20...</li> <li><a href="2624edc352
"><code>2624edc</code></a> Bump <code>@types/node</code> from 20.2.1 to 20.2.3</li> <li><a href="d1defa4769
"><code>d1defa4</code></a> Switch to using an app token instead of a PAT (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/362">#362</a>)</li> <li><a href="cb17c9e1eb
"><code>cb17c9e</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/379">#379</a> from dependabot/dependabot/npm_and_yarn/yargs-17.7.2</li> <li><a href="c6f9c16b9f
"><code>c6f9c16</code></a> Bump yargs from 17.7.1 to 17.7.2</li> <li><a href="0f533276d7
"><code>0f53327</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/378">#378</a> from dependabot/dependabot/npm_and_yarn/eslint-depend...</li> <li><a href="398ed41843
"><code>398ed41</code></a> Bump the eslint-dependencies group with 2 updates</li> <li><a href="801acabef1
"><code>801acab</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/375">#375</a> from dependabot/dependabot/npm_and_yarn/eslint-depend...</li> <li>Additional commits viewable in <a href="https://github.com/dependabot/fetch-metadata/compare/v1.5.0...v1.5.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=1.5.0&new-version=1.5.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
28 lines
944 B
YAML
28 lines
944 B
YAML
name: Dependabot auto-merge
|
|
on: pull_request
|
|
|
|
permissions: write-all
|
|
|
|
jobs:
|
|
dependabot:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.actor == 'dependabot[bot]' }}
|
|
steps:
|
|
- name: Dependabot metadata
|
|
id: metadata
|
|
uses: dependabot/fetch-metadata@v1.5.1
|
|
with:
|
|
github-token: "${{ secrets.GITHUB_TOKEN }}"
|
|
- name: Approve Dependabot PRs
|
|
if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
|
|
run: gh pr review --approve "$PR_URL"
|
|
env:
|
|
PR_URL: ${{github.event.pull_request.html_url}}
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|
|
- name: Enable auto-merge for Dependabot PRs
|
|
if: ${{steps.metadata.outputs.update-type == 'version-update:semver-patch'}}
|
|
run: gh pr merge --auto --squash "$PR_URL"
|
|
env:
|
|
PR_URL: ${{github.event.pull_request.html_url}}
|
|
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
|