Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(deps): update semantic-release to 23.1.1 #849

Merged
merged 1 commit into from
Jun 25, 2024
Merged

feat(deps): update semantic-release to 23.1.1 #849

merged 1 commit into from
Jun 25, 2024

Conversation

MikeMcC399
Copy link
Collaborator

@MikeMcC399 MikeMcC399 commented Jun 22, 2024
edited
Loading

Issue

npm audit reports 5 vulnerabilities (4 moderate, 1 high) due to [email protected]

Background

[email protected] requires Node.js >= v20.6.0
[email protected] requires Node.js >= v20.8.1
[email protected] has no change for Node.js, however it is currently using beta dependencies

Change

Update package.json to [email protected]
Run npm audit fix after update.

Update the release job in .circleci/config.yml to use [email protected] and to run under Node.js 20.13.1.

(Node.js 18.16.1 is not compatible with [email protected] and above which requires a minimum of Node.js 18.17.0.)

Verification

npm audit should report

found 0 vulnerabilities

@cypress-app-bot
Copy link
Collaborator

@MikeMcC399
Copy link
Collaborator Author

MikeMcC399 commented Jun 23, 2024
edited
Loading

@MikeMcC399 MikeMcC399 force-pushed the update/semantic-release branch 2 times, most recently from c6400d4 to e8ef501 Compare June 23, 2024 12:08
@MikeMcC399 MikeMcC399 marked this pull request as ready for review June 23, 2024 13:45
@jennifer-shehane
Copy link
Member

@MikeMcC399 Should this be tagged as a 'feat' for the example kitchensink?

@MikeMcC399
feat(deps): update semantic-release to 23.1.1
5f9c33e 
update release job to run under node-version 20.13.1
@MikeMcC399 MikeMcC399 force-pushed the update/semantic-release branch from e8ef501 to 5f9c33e Compare June 24, 2024 18:47
@MikeMcC399
Copy link
Collaborator Author

@jennifer-shehane

Should this be tagged as a 'feat' for the example kitchensink?

Using the commit type feat is a workaround.

  • If chore(deps) were used, then the change would not be tested, because there would be no release triggered.
  • To trigger a release we need fix or feat
  • If fix(deps) were used then the release would be labeled under "Bug fixes", which could be misleading
  • feat(deps) causes a release with minor version update. This tests the change by triggering a release and the label is "Features".

I`ve used this method elsewhere and it seemed like the best compromise to achieve the desired result of testing the PR and producing a release which is least misleading.

@jennifer-shehane jennifer-shehane merged commit b2c085d into cypress-io:master Jun 25, 2024
10 checks passed
@cypress-app-bot
Copy link
Collaborator

🎉 This PR is included in version 3.1.0 🎉

The release is available on:

Your semantic-release bot 📦🚀

@MikeMcC399 MikeMcC399 deleted the update/semantic-release branch June 25, 2024 15:12
@MikeMcC399 MikeMcC399 mentioned this pull request Jun 26, 2024
Closed
@MikeMcC399 MikeMcC399 mentioned this pull request Aug 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jennifer-shehane jennifer-shehane jennifer-shehane approved these changes

Assignees

@MikeMcC399 MikeMcC399

Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@MikeMcC399 @cypress-app-bot @jennifer-shehane