martin/.github/workflows/dependabot.yml
dependabot[bot] 6d6f833786
chore(deps): Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0 (#1267)
Bumps
[dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata)
from 1.6.0 to 2.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0 - Switch to <code>node20</code></h2>
<h2>What's Changed</h2>
<ul>
<li>Upgrade from node16 to node20 by <a
href="https://github.com/Nishnha"><code>@​Nishnha</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/443">dependabot/fetch-metadata#443</a>
👈 this is a potentially breaking change for some workflows</li>
<li><code>v2</code> is the new tracking tag by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/506">dependabot/fetch-metadata#506</a></li>
<li>v2.0.0 by <a
href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/508">dependabot/fetch-metadata#508</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dependabot/fetch-metadata/compare/v1.7.0...v2.0.0">https://github.com/dependabot/fetch-metadata/compare/v1.7.0...v2.0.0</a></p>
<h2>v1.7.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump dotenv from 16.0.3 to 16.3.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/404">dependabot/fetch-metadata#404</a></li>
<li>Bump <code>@​types/node</code> from 20.2.3 to 20.3.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/407">dependabot/fetch-metadata#407</a></li>
<li>Bump the eslint-dependencies group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/409">dependabot/fetch-metadata#409</a></li>
<li>Update dependabot.yml by <a
href="https://github.com/bdragon"><code>@​bdragon</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/410">dependabot/fetch-metadata#410</a></li>
<li>Bump <code>@​types/node</code> from 20.3.3 to 20.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/411">dependabot/fetch-metadata#411</a></li>
<li>Bump yaml from 2.2.1 to 2.3.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/390">dependabot/fetch-metadata#390</a></li>
<li>Bump tough-cookie from 4.0.0 to 4.1.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/412">dependabot/fetch-metadata#412</a></li>
<li>Bump <code>@​types/node</code> from 20.4.0 to 20.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/413">dependabot/fetch-metadata#413</a></li>
<li>Generate Dependabot PRs on Sundays weekly by <a
href="https://github.com/abdulapopoola"><code>@​abdulapopoola</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/417">dependabot/fetch-metadata#417</a></li>
<li>Aggressively group prod and dev dependencies for NPM by <a
href="https://github.com/abdulapopoola"><code>@​abdulapopoola</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/420">dependabot/fetch-metadata#420</a></li>
<li>Update .nvmrc to latest node 16 LTS version by <a
href="https://github.com/abdulapopoola"><code>@​abdulapopoola</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/422">dependabot/fetch-metadata#422</a></li>
<li>Bump the dev-dependencies group with 9 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/421">dependabot/fetch-metadata#421</a></li>
<li>Bump the dev-dependencies group with 1 update by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/423">dependabot/fetch-metadata#423</a></li>
<li>Check for uncommitted files beyond the <code>diff</code> directory
by <a href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/278">dependabot/fetch-metadata#278</a></li>
<li>Bump the dev-dependencies group with 6 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/424">dependabot/fetch-metadata#424</a></li>
<li>Bump the dev-dependencies group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/425">dependabot/fetch-metadata#425</a></li>
<li>Bump the dev-dependencies group with 6 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/428">dependabot/fetch-metadata#428</a></li>
<li>Bump the dev-dependencies group with 7 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/429">dependabot/fetch-metadata#429</a></li>
<li>Bump tibdex/github-app-token from 1.8.0 to 1.8.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/430">dependabot/fetch-metadata#430</a></li>
<li>Bump the dev-dependencies group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/432">dependabot/fetch-metadata#432</a></li>
<li>Bump actions/checkout from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/436">dependabot/fetch-metadata#436</a></li>
<li>Bump the dev-dependencies group with 6 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/440">dependabot/fetch-metadata#440</a></li>
<li>Change actions/checkout@v3 to v4 in readme by <a
href="https://github.com/Nishnha"><code>@​Nishnha</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/444">dependabot/fetch-metadata#444</a></li>
<li>Bump the dev-dependencies group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/445">dependabot/fetch-metadata#445</a></li>
<li>Bump <code>@​vercel/ncc</code> from 0.36.1 to 0.38.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/435">dependabot/fetch-metadata#435</a></li>
<li>Bump the dev-dependencies group with 4 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/447">dependabot/fetch-metadata#447</a></li>
<li>Bump the dev-dependencies group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/448">dependabot/fetch-metadata#448</a></li>
<li>Bump <code>@​babel/traverse</code> from 7.22.8 to 7.23.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/457">dependabot/fetch-metadata#457</a></li>
<li>Add blurbs about using a PAT to the readme by <a
href="https://github.com/Nishnha"><code>@​Nishnha</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/466">dependabot/fetch-metadata#466</a></li>
<li>Bump <code>@​vercel/ncc</code> from 0.38.0 to 0.38.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/462">dependabot/fetch-metadata#462</a></li>
<li>Bump actions/setup-node from 3 to 4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/461">dependabot/fetch-metadata#461</a></li>
<li>Bump the dev-dependencies group with 13 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/497">dependabot/fetch-metadata#497</a></li>
<li>Bump tibdex/github-app-token from 1.8.2 to 2.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/442">dependabot/fetch-metadata#442</a></li>
<li>Scope app token to only this repo for security by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/501">dependabot/fetch-metadata#501</a></li>
<li>Switch to the official action for managing app tokens by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/504">dependabot/fetch-metadata#504</a></li>
<li>v1.7.0 by <a
href="https://github.com/fetch-metadata-action-automation"><code>@​fetch-metadata-action-automation</code></a>
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/505">dependabot/fetch-metadata#505</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/bdragon"><code>@​bdragon</code></a> made
their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/410">dependabot/fetch-metadata#410</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="0fb21704c1"><code>0fb2170</code></a>
v2.0.0 (<a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/508">#508</a>)</li>
<li><a
href="dc2c459ae6"><code>dc2c459</code></a>
<code>v2</code> is the new tracking tag (<a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/506">#506</a>)</li>
<li><a
href="f2f0ad1522"><code>f2f0ad1</code></a>
Upgrade from node16 to node20 (<a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/443">#443</a>)</li>
<li><a
href="8348ea7f5d"><code>8348ea7</code></a>
v1.7.0 (<a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/505">#505</a>)</li>
<li><a
href="e21c9fbf3d"><code>e21c9fb</code></a>
Switch to the official action for managing app tokens (<a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/504">#504</a>)</li>
<li><a
href="3e1bcb99a1"><code>3e1bcb9</code></a>
Scope app token to only this repo for security (<a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/501">#501</a>)</li>
<li><a
href="7187f3911e"><code>7187f39</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/442">#442</a>
from dependabot/dependabot/github_actions/tibdex/gith...</li>
<li><a
href="f9af96f1e7"><code>f9af96f</code></a>
Bump tibdex/github-app-token from 1.8.2 to 2.1.0</li>
<li><a
href="9977d7bbd8"><code>9977d7b</code></a>
Merge pull request <a
href="https://redirect.github.com/dependabot/fetch-metadata/issues/497">#497</a>
from dependabot/dependabot/npm_and_yarn/dev-dependenc...</li>
<li><a
href="4e1067b348"><code>4e1067b</code></a>
run npm build</li>
<li>Additional commits viewable in <a
href="https://github.com/dependabot/fetch-metadata/compare/v1.6.0...v2.0.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dependabot/fetch-metadata&package-manager=github_actions&previous-version=1.6.0&new-version=2.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-03-21 22:59:11 +00:00

28 lines
927 B
YAML

name: Dependabot auto-merge
on: pull_request
permissions: write-all
jobs:
dependabot:
runs-on: ubuntu-latest
if: github.actor == 'dependabot[bot]'
steps:
- name: Dependabot metadata
id: metadata
uses: dependabot/fetch-metadata@v2.0.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
- name: Approve Dependabot PRs
if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
run: gh pr review --approve "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
- name: Enable auto-merge for Dependabot PRs
if: steps.metadata.outputs.update-type == 'version-update:semver-patch'
run: gh pr merge --auto --squash "$PR_URL"
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}