Update v1/composer.lock using composer1 update#5717
Merged
jeffwidman merged 1 commit intodependabot:mainfrom Oct 6, 2022
Merged
Update v1/composer.lock using composer1 update#5717jeffwidman merged 1 commit intodependabot:mainfrom
v1/composer.lock using composer1 update#5717jeffwidman merged 1 commit intodependabot:mainfrom
Conversation
jeffwidman
force-pushed
the
run-composer1-update
branch
from
c1e289a to
40bc7fb
Compare
jeffwidman
force-pushed
the
run-composer1-update
branch
2 times, most recently
from
ed0a758 to
f70b050
Compare
deivid-rodriguez
approved these changes
Sep 15, 2022
Contributor
deivid-rodriguez
left a comment
deivid-rodriguez
left a comment
There was a problem hiding this comment.
Seems fine! Not feel super confident when reviewing PRs for ecosystems I don't know since I don't know how stable this kind of thing is there, but I think our standard practice is to try keep everything up to date and mainly trust CI, so should be fine!
jurre
approved these changes
Sep 15, 2022
Member
jurre
left a comment
jurre
left a comment
There was a problem hiding this comment.
It's probably fine, if tests are passing let's just roll it out and keep an eye on production metrics etc
Member
Author
|
That's the spirit guys! Nothing like a good YOLO merge! 😀 Also, I hear there's this bot that can help keep your dependencies up to date... maybe if they ever add support for bumping transitive dependencies we could try it out. 😉 |
Used `composer1 update` to update the `v1/composer.lock` file: ``` [dependabot-core-dev] ~/dependabot-core/composer/helpers/v1 $ composer1 update Loading composer repositories with package information Warning from https://repo.packagist.org: Support for Composer 1 is deprecated and some packages will not be available. You should upgrade to Composer 2. See https://blog.packagist.com/deprecating-composer-1-support/ Info from https://repo.packagist.org: #StandWithUkraine Updating dependencies (including require-dev) Nothing to install or update Package php-cs-fixer/diff is abandoned, you should avoid using it. No replacement was suggested. Writing lock file Generating autoload files 28 packages you are using are looking for funding. Use the `composer fund` command to find out more! ``` I suspect the reason that Dependabot hasn't opened PR's to bump these versions is because they're transitive dependencies. I will open a sister PR for `composer` v2, but keeping them separate in case we need to revert anything.
jeffwidman
force-pushed
the
run-composer1-update
branch
from
f70b050 to
a220495
Compare
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Used
composer1 updateto update thev1/composer.lockfile:I suspect the reason that Dependabot hasn't opened PR's to bump these versions is because they're transitive dependencies.
I opened a sister PR for
composerv2, but keeping them separate in case we need to revert anything:#5718