[deps]: Lock file maintenance#796
Conversation
Deploying contributing-docs with
|
| Latest commit: |
8677fba
|
| Status: | 🚫 Build failed. |
bitwarden-bot
changed the title
|
Internal tracking: |
renovate
Bot
changed the title
|
Great job! No new security vulnerabilities introduced in this pull request |
|
See also: |
renovate
Bot
force-pushed
the
renovate/lock-file-maintenance
branch
from
9de09c3 to
bd9a601
Compare
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
|
In addition to the intended lock file maintenance, this PR also includes the following changes (to address failing build checks):
|
There was a problem hiding this comment.
One potentially blocking concern around package overrides, but everything else looks good to me (on the basis of similar dep maintenance work in test-the-web)
| "overrides": { | ||
| "webpack": "5.105.4" | ||
| }, |
There was a problem hiding this comment.
I'm open to other folks' thoughts, but I don't think we should utilize this override; Docusaurus is likely to resolve this, imo.
In test-the-web, I opted to mark the package-lock update as blocked
bitwarden/test-the-web#423 (comment)
|
Currently blocked by facebook/docusaurus#11923 |
bensbits91
force-pushed
the
renovate/lock-file-maintenance
branch
from
0df188e to
bd9a601
Compare
renovate
Bot
force-pushed
the
renovate/lock-file-maintenance
branch
from
bd9a601 to
73e9ef0
Compare
|
Note: At least one of my previous issues has been resolved. Instead of trying to manually revert each fix to check for resolution, I think it's cleaner to allow renovate to rebase and wipe out my changes, then check for remaining issues. However, we might need to bump docusaurus to 3.10.1 first. We currently have pinned to Docusaurus 3.10.0 (no ^), so Renovate's lock file maintenance alone won't pull in 3.10.1. I think we need an actual version bump of @docusaurus/core and @docusaurus/preset-classic from 3.10.0 → 3.10.1 (or higher). @jprusik do you think it would be better to: (a) Wait — Renovate will eventually open a separate PR bumping Docusaurus to 3.10.1+. (I don't see this PR yet.) Once that merges into main, this lock file maintenance PR (after a rebase) should build cleanly. (b) Bump Docusaurus on main first — separate small PR updating package.json from 3.10.0 → 3.10.1. Then rebase this Renovate PR. (c) Bump Docusaurus inside this Renovate PR — least clean, mixes a dependency upgrade into a lock-file-maintenance PR. ETA: I discussed with Jon and we determined it's better to wait for the docusaurus bump to be completed before handling this PR. |
renovate
Bot
force-pushed
the
renovate/lock-file-maintenance
branch
from
73e9ef0 to
8677fba
Compare
3 participants
This PR contains the following updates:
🔧 This Pull Request updates lock files to use the latest dependency versions.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.