-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump 1st party deps to versions with available CodeQL scans #1989
Conversation
"askcharacter": "^1.0.0", | ||
"askpassword": "^1.2.4", | ||
"askcharacter": "^2.0.4", | ||
"askpassword": "^2.0.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Major version bumps because these included changes to the tested (= supported) Node.js versions. I stopped doing these after a bit because it turned out lots of packages needed updates 🙂
"mongodb-connection-string-url": "^3.0.0", | ||
"mongodb-log-writer": "^1.4.0", | ||
"mongodb-connection-string-url": "^3.0.1", | ||
"mongodb-log-writer": "^1.4.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some of these versions got bumped twice because it turns out that CodeQL jobs with cron workflow triggers get disabled after 60 days of no activity in a repo and I didn't know that when doing the first set of releases 😕
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
activity in the repo means commits to the main branch?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"macos-export-certificate-and-key": "^1.1.1", | ||
"mongodb-crypt-library-version": "^1.0.3", | ||
"win-export-certificate-and-key": "^1.1.1" | ||
"macos-export-certificate-and-key": "^1.1.2", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was almost driven insane by the "fact" that this bump of the library made CI fail even though no code changed (it surely can't be a coincidence, right, this PR bumps the package that provides the error message that's leading to the CI errors??), then finally thought to check other runs on main
, turns out the CI redness happens completely independently of this PR without any code changes at all: #1991 🫠
No description provided.