Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: dependabot/fetch-metadata
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.2.0
Choose a base ref
...
head repository: dependabot/fetch-metadata
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.3.0
Choose a head ref
  • 19 commits
  • 13 files changed
  • 7 contributors

Commits on Jul 7, 2024

  1. Bump actions/create-github-app-token from 1.10.2 to 1.10.3

    Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.10.2 to 1.10.3.
    - [Release notes](https://github.com/actions/create-github-app-token/releases)
    - [Commits](actions/create-github-app-token@ad38cff...31c86eb)
    
    ---
    updated-dependencies:
    - dependency-name: actions/create-github-app-token
      dependency-type: direct:production
      update-type: version-update:semver-patch
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    dependabot[bot] authored Jul 7, 2024

    Verified

    This commit was signed with the committer’s verified signature.
    woodruffw William Woodruff
    Copy the full SHA
    910e327 View commit details

Commits on Jul 15, 2024

  1. Merge pull request #537 from dependabot/dependabot/github_actions/act…

    …ions/create-github-app-token-1.10.3
    
    Bump actions/create-github-app-token from 1.10.2 to 1.10.3

    Verified

    This commit was signed with the committer’s verified signature.
    woodruffw William Woodruff
    Copy the full SHA
    ffa2dc8 View commit details

Commits on Aug 26, 2024

  1. Specify if conditional

    Also update all fetch-metadata@v1 references to v2
    Nishnha authored Aug 26, 2024
    Copy the full SHA
    e10dfc6 View commit details
  2. Remove ${{ }}

    Nishnha committed Aug 26, 2024
    Copy the full SHA
    af75c3e View commit details
  3. Copy the full SHA
    9e29706 View commit details
  4. Add the pull_request_target permissions note

    Nishnha committed Aug 26, 2024
    Copy the full SHA
    46e21c9 View commit details
  5. Merge pull request #548 from dependabot/nishnha/specify-if-conditional

    Update readme to include an if conditional
    Nishnha authored Aug 26, 2024
    Copy the full SHA
    67945c0 View commit details

Commits on Sep 4, 2024

  1. Silence audit and funding messages from npm (#550)

    While reviewing some logs, I noticed the following:
    ```shell
    added 1 package, changed 30 packages, and audited 382 packages in 6s
    
    58 packages are looking for funding
      run `npm fund` for details
    
    found 0 vulnerabilities
    ```
    
    While I'm not against security, nor supporting OSS maintainers (I
    co-maintain 10+ projects myself!), I am against noisy logs that add no
    value.
    
    So let's silence these:
    
    1. When they appear in CI, they add no value.
    1. We've got our own security tools for vulnerable deps, which we rely
       on instead of `npm audit` results.
    1. When I'm skimming logs looking for debug information, these just get
       in my way.
    1. There may be a speed boost if the audit/fix metadata requires an additional API call, 
       and silencing actually skips that rather than merely silencing it.
    
    There's multiple ways to silence these: https://benjamincrozat.com/disable-packages-are-looking-for-funding
    
    Originally I tackled this by adding `--no-audit --no-fund` flags, but
    there's a lot of different entrypoints and workflows that call `npm ci`
    or `npm install`. Even if I do manage to get them all, there's always a
    risk someone will come along later and add another entrypoint. So that's
    why I went the `.npmrc` route.
    
    After this change, the logs are much better:
    ```shell
    added 1 package, changed 30 packages, and audited 382 packages in 6s
    ```
    jeffwidman authored Sep 4, 2024
    Copy the full SHA
    efb8718 View commit details

Commits on Sep 15, 2024

  1. Bump actions/create-github-app-token from 1.10.3 to 1.11.0

    Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 1.10.3 to 1.11.0.
    - [Release notes](https://github.com/actions/create-github-app-token/releases)
    - [Commits](actions/create-github-app-token@31c86eb...5d869da)
    
    ---
    updated-dependencies:
    - dependency-name: actions/create-github-app-token
      dependency-type: direct:production
      update-type: version-update:semver-minor
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    dependabot[bot] authored Sep 15, 2024
    Copy the full SHA
    d664895 View commit details

Commits on Sep 27, 2024

  1. Merge pull request #554 from dependabot/dependabot/github_actions/act…

    …ions/create-github-app-token-1.11.0
    
    Bump actions/create-github-app-token from 1.10.3 to 1.11.0
    Copy the full SHA
    b0d0393 View commit details

Commits on Oct 21, 2024

  1. fix readme action example

    CloudNStoyan committed Oct 21, 2024
    Copy the full SHA
    bbfca7e View commit details

Commits on Oct 23, 2024

  1. Merge pull request #563 from CloudNStoyan/main

    fix readme action example
    Nishnha authored Oct 23, 2024
    Copy the full SHA
    06ea45a View commit details
  2. Fixed missing outputs in action.yml

    CatChen committed Oct 23, 2024
    Copy the full SHA
    5a7546a View commit details

Commits on Jan 24, 2025

  1. Merge pull request #564 from CatChen/fixed-missing-outputs-in-action-yml

    Fixed missing outputs in action.yml
    Nishnha authored Jan 24, 2025
    Copy the full SHA
    0d27069 View commit details
  2. Copy the full SHA
    59d2b1f View commit details
  3. update build

    CloudNStoyan authored and Nishnha committed Jan 24, 2025
    Copy the full SHA
    de52f60 View commit details
  4. Merge pull request #565 from CloudNStoyan/main

    Handle branch names containing dependency group
    Nishnha authored Jan 24, 2025
    Copy the full SHA
    3da9521 View commit details
  5. v2.3.0

    github-actions[bot] authored and Nishnha committed Jan 24, 2025
    Copy the full SHA
    e3dd295 View commit details
  6. Merge pull request #543 from dependabot/bump-to-v2.3.0

    v2.3.0
    Nishnha authored Jan 24, 2025
    Copy the full SHA
    d7267f6 View commit details
Loading