Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): bump semver from 6.3.0 to 6.3.1 #253

Merged
merged 1 commit into from Aug 6, 2023
Merged

chore(deps): bump semver from 6.3.0 to 6.3.1 #253

merged 1 commit into from Aug 6, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 11, 2023

Bumps semver from 6.3.0 to 6.3.1.

Release notes

Sourced from semver's releases.

v6.3.1

6.3.1 (2023-07-10)

Bug Fixes

Changelog

Sourced from semver's changelog.

6.3.1 (2023-07-10)

Bug Fixes

6.2.0

  • Coerce numbers to strings when passed to semver.coerce()
  • Add rtl option to coerce from right to left

6.1.3

  • Handle X-ranges properly in includePrerelease mode

6.1.2

  • Do not throw when testing invalid version strings

6.1.1

  • Add options support for semver.coerce()
  • Handle undefined version passed to Range.test

6.1.0

  • Add semver.compareBuild function
  • Support * in semver.intersects

6.0

  • Fix intersects logic.

    This is technically a bug fix, but since it is also a change to behavior that may require users updating their code, it is marked as a major version increment.

5.7

  • Add minVersion method

5.6

  • Move boolean loose param to an options object, with backwards-compatibility protection.
  • Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump semver from 6.3.0 to 6.3.1
ab9d581 
Bumps [semver](https://github.com/npm/node-semver) from 6.3.0 to 6.3.1.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/v6.3.1/CHANGELOG.md)
- [Commits](npm/node-semver@v6.3.0...v6.3.1)

---
updated-dependencies:
- dependency-name: semver
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jul 11, 2023
@github-actions
Copy link

Current branch is dependabot/npm_and_yarn/semver-6.3.1.
(execution 5522172642 / attempt 1)

@github-actions
Copy link

Comment Pull Request - GitHub Actions

What is it ?

A GitHub action that comments with a given message the pull request linked to the pushed branch.
You can even put dynamic data thanks to Contexts and expression syntax.

Usage

Classic usage

on: pull_request

jobs:
  example_comment_pr:
    runs-on: ubuntu-latest
    name: An example job to comment a PR
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Comment PR
        uses: thollander/actions-comment-pull-request@v2
        with:
          message: |
            Hello world ! :wave:

Comment a file content

Thanks to the filePath input, a file content can be commented.
You can either pass an absolute filePath or a relative one that will be by default retrieved from GITHUB_WORKSPACE.
(Note that if both a message and filePath are provided, message will take precedence.)

- name: PR comment with file
  uses: thollander/actions-comment-pull-request@v2
  with:
    filePath: /path/to/file.txt

Setting reactions

You can also set some reactions on your comments through the reactions input.
It takes only valid reactions and adds it to the comment you've just created. (See https://docs.github.com/en/rest/reactions#reaction-types)

- name: PR comment with reactions
  uses: thollander/actions-comment-pull-request@v2
  with:
    message: |
      Hello world ! :wave:
    reactions: eyes, rocket

Specifying which pull request to comment on

You can explicitly input which pull request should be commented on by passing the pr_number input.
That is particularly useful for manual workflow for instance (workflow_run).

...
- name: Comment PR
  uses: thollander/actions-comment-pull-request@v2
  with:
    message: |
      Hello world ! :wave:
    pr_number: 123 # This will comment on pull request #123

Update a comment

Editing an existing comment is also possible thanks to the comment_tag input.

Thanks to this parameter, it will be possible to identify your comment and then to upsert on it.
If the comment is not found at first, it will create a new comment.

That is particularly interesting while committing multiple times in a PR and that you just want to have the last execution report printed. It avoids flooding the PR.

...
- name: Comment PR with execution number
  uses: thollander/actions-comment-pull-request@v2
  with:
    message: |
      _(execution **${{ github.run_id }}** / attempt **${{ github.run_attempt }}**)_
    comment_tag: execution

Note: the input mode can be used to either upsert (by default) or recreate the comment (= delete and create)

Delete a comment

Deleting an existing comment is also possible thanks to the comment_tag input combined with mode: delete.

This will delete the comment at the end of the job.

...
- name: Write a comment that will be deleted at the end of the job
  uses: thollander/actions-comment-pull-request@v2
  with:
    message: |
      The PR is being built...
    comment_tag: to_delete
    mode: delete

Inputs

Action inputs

Name Description Required Default
GITHUB_TOKEN Token that is used to create comments. Defaults to ${{ github.token }}
message Comment body
filePath Path of the file that should be commented
reactions List of reactions for the comment (comma separated). See https://docs.github.com/en/rest/reactions#reaction-types
pr_number The number of the pull request where to create the comment current pull-request/issue number (deduced from context)
comment_tag A tag on your comment that will be used to identify a comment in case of replacement
mode Mode that will be used to update comment (upsert/recreate/delete) upsert
create_if_not_exists Whether a comment should be created even if comment_tag is not found true

Permissions

Depending on the permissions granted to your token, you may lack some rights.
To run successfully, this actions needs at least :

permissions: 
   pull-requests: write

Add this in case you get Resource not accessible by integration error.
See jobs.<job_id>.permissions for more information.

Contributing

Build

The build steps transpiles the src/main.ts to lib/index.js which is used in a NodeJS environment.
It is handled by vercel/ncc compiler.

$ npm run build

@github-actions
Copy link

Content of file referenced with absolute path

@ViacheslavKudinov
Copy link

Hi @thollander
could be good to merge when you have a time due to GHSA-c2qf-rxjj-qqgw

@thollander thollander merged commit c9b7b9c into main Aug 6, 2023
3 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/semver-6.3.1 branch August 6, 2023 19:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@thollander thollander thollander approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@ViacheslavKudinov @thollander