Bump prettier from 3.2.5 to 3.3.0 in /requirements #2104
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [prettier](https://github.com/prettier/prettier) from 3.2.5 to 3.3.0. - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.2.5...3.3.0) --- updated-dependencies: - dependency-name: prettier dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
dependencies
| @@ -2,6 +2,6 @@ | |||
| "name": "torchgeo", | |||
| "private": "true", | |||
| "dependencies": { | |||
| "prettier": ">=3.0.0" | |||
| "prettier": ">=3.3.0" | |||
There was a problem hiding this comment.
@Domejko any idea how to prevent dependabot from updating this file?
There was a problem hiding this comment.
I will take a look on that tomorrow and will find some solution.
There was a problem hiding this comment.
I think that the simple and clean solution will be to remove npm from .github/dependabot.yml since prettier is the only npm package in the project.
- package-ecosystem: "npm"
directory: "/requirements"
schedule:
interval: "weekly"There was a problem hiding this comment.
But then we wouldn't be able to update the lock file anymore. We want to update the latest version used in CI, we just don't want to bump the minimum required version.
There was a problem hiding this comment.
It appears that with dependabot the only solution is to update package-lock.json manually since there is no option to ignore a specific file. There is also a alternative to Dependabot, it's Renovate with this dependency bot it would be possible to ignore a specific file, in our case package.json.
There was a problem hiding this comment.
I guess the other option would be to keep package.json in the root of the project where most Node projects keep it. Not ideal, let me think about it.
|
Superseded by #2115. |
dependabot
bot
deleted the
dependabot/npm_and_yarn/requirements/prettier-3.3.0
branch
Bumps prettier from 3.2.5 to 3.3.0.
Release notes
Sourced from prettier's releases.
Changelog
Sourced from prettier's changelog.
Commits
c4ab460Release 3.3.08a88cdcRespecttrailingCommain angular templates (#15926)c2e20fbchore(deps): update babel to v7.24.6 (#16326)41f1dffAdd newline between markdown footnote definitions (#16063)da5ad84chore(deps): update babel to v7.24.6 (#16325)f790be8chore(deps): update dependency file-entry-cache to v9 (#16324)7250556chore(deps): update dependency meriyah to v4.4.3 (#16323)96e057achore(deps): update dependency@angular/compilerto v18 (#16322)a4ea5a2chore(deps): update dependency eslint-plugin-regexp to v2.6.0 (#16320)229006cchore(deps): update dependency micromatch to v4.0.7 (#16319)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)