Bump eslint-utils from 1.4.0 to 1.4.2 in /sdks/nodejs #1014
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
|
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here with What to do if you already signed the CLAIndividual signers
Corporate signers
ℹ️ Googlers: Go here for more info. |
|
This will likely need to be manually implemented - dependabot and googlebot don't play well together at the moment. |
|
Build Failed 😱 Build Id: c96a4db7-5b2f-4ada-816a-1bf6709ad25b To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
|
@thisisnotapril - should we leave this open? Close it and hope the CLA stuff has worked out before the next dependabot PR gets filed? |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/sdks/nodejs/eslint-utils-1.4.2
branch
from
02bb864 to
7795828
Compare
|
Build Succeeded 👏 Build Id: 7d086381-172c-4f1f-83b4-a037fc83ac48 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
markmandel
added
the
feature-freeze-do-not-merge
|
@dependabot rebase |
Bumps [eslint-utils](https://github.com/mysticatea/eslint-utils) from 1.4.0 to 1.4.2. - [Release notes](https://github.com/mysticatea/eslint-utils/releases) - [Commits](mysticatea/eslint-utils@v1.4.0...v1.4.2) Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/sdks/nodejs/eslint-utils-1.4.2
branch
from
7795828 to
24b9af0
Compare
|
All checks passed! ℹ️ Googlers: Go here for more info. |
|
@markmandel - now that the CLA signing is working, wdyt about merging this security fix during the freeze window? |
|
Build Failed 😱 Build Id: 92d0b080-feb8-4978-9dc1-e3f3bac99d12 To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
|
Build Failed 😱 Build Id: a70508e9-9cbe-4b93-bc6f-2e0995e5fa7c To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
|
Build Succeeded 👏 Build Id: f66a91b0-1238-4566-8239-f70ce6f2d5b4 The following development artifacts have been built, and will exist for the next 30 days:
A preview of the website (the last 30 builds are retained): To install this version:
|
|
Is there a reason to hold off on a security fix until after the release cut? |
|
@roberthbailey: GitHub didn't allow me to request PR reviews from the following users: steven-supersolid. Note that only googleforgames members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
I don't think so - we don't specifically mention security in our release guide, but we probably should. |
|
LGTM The dev dependencies are currently unpinned so any user can do We can also consider not committing package-lock.json although having this is a best practice for the dependencies. |
markmandel
removed
the
feature-freeze-do-not-merge
|
Build Failed 😱 Build Id: 1ef77233-ca44-4bb6-8278-9b5a7259dc8f To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
|
e2e failure in deploy-site-static:
Trying again. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: dependabot[bot], roberthbailey The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
dependabot
bot
deleted the
dependabot/npm_and_yarn/sdks/nodejs/eslint-utils-1.4.2
branch
|
Build Failed 😱 Build Id: 309f094f-0100-4dd6-bef9-055cca87c4ce To get permission to view the Cloud Build view, join the agones-discuss Google Group. |
Bumps eslint-utils from 1.4.0 to 1.4.2.
Commits
4e1bc071.4.2e4cb014🐛 add null test230a4e21.4.108158db🐛 fix getStaticValue security issue587cca2🐛 fix getStringIfConstant to handle literals correctlyc119e83🐛 fix getStaticValue to handle bigint correctlyDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot ignore this [patch|minor|major] versionwill close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.