-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: npm-check-updates and yarn upgrade #10402
Conversation
523902c
to
06d8513
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This will cause unsolicited major upgrades to dependencies
@MrArnoldPalmer Is this PR supposed to resolve the security alert? Because an old version of Its coming from an old dependency on |
ce67467
to
3d6fe59
Compare
Upgrade dependency versions when available. Change the yarn-upgrade workflow to only upgrade minor versions automatically. This will prevent major version dependency upgrades from happening automatically in the future. Exclude `aws-sdk` from automatic upgrades temporarily due to changes in TS type definitions that removed `ConfigurationOptions` from the `aws-sdk/lib/config` entrypoint. See aws/aws-sdk-js#3453 for details.
3d6fe59
to
b81adc7
Compare
Removed
@eladb was this referring to the auto-updates in the yarn-upgrade workflow? Or does this refer to the dependencies that are upgraded to a new major version in this PR? The majority of dependencies with a new major version are devDependencies, all of the runtime dependencies receiving an upgraded version aren't exposed on public APIs. The exception here is Jest, which is a peer-dependency in |
AWS CodeBuild CI Report
Powered by github-codebuild-logs, available on the AWS Serverless Application Repository |
Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork). |
Upgrade dependency versions when available. Change the yarn-upgrade
workflow to only upgrade minor versions automatically. This will prevent
major version dependency upgrades from happening automatically in the
future.
Exclude
aws-sdk
from automatic upgrades temporarily due to changes inTS type definitions that removed
ConfigurationOptions
from theaws-sdk/lib/config
entrypoint. Seeaws/aws-sdk-js#3453 for details.
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license