Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump shelljs from 0.8.4 to 0.8.5 in /common-npm-packages/packaging-common-v3 #15811

Closed
wants to merge 1 commit into from
Closed

Bump shelljs from 0.8.4 to 0.8.5 in /common-npm-packages/packaging-common-v3 #15811

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 22, 2022
edited
Loading

Bumps shelljs from 0.8.4 to 0.8.5.

Release notes

Sourced from shelljs's releases.

v0.8.5

This was a small security fix for #1058.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 5 times, most recently from 7686e77 to d877d78 Compare January 31, 2022 08:03
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 6 times, most recently from fe43f6e to 7ecb676 Compare February 7, 2022 07:02
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 3 times, most recently from 34b8279 to fd78893 Compare February 8, 2022 14:35
@shadargee1982
Copy link
Contributor

shadargee1982 commented Feb 8, 2022
edited
Loading

@anatolybolshakov
Running E2E testing isn't something our team can do at this time. The Canary Pipeline tests are run after a task has been deployed, which is already too late. Generally, it would be better if the team/individual making changes has a way to verify the changes in a test/dev environment before submitting a PR, as this gives the Task owners the confidence about any potential breaking changes. Specifically, for this PR, its important to get a signal of whether this breaks any of our tasks as its putting a restriction on files/folders that were not there previously. Especially for something that is affecting the common packaging library, this requires testing every task our team owns, which is unplanned (non-trivial) work for us.

I've also noticed that there are multiple PRs to make some dependency changes to some tasks (such as this bump to Node10). When making changes to tasks, the owning teams must sign off on these so that we are better prepared should IcMs come up related to task failures.

The way I've tested tasks in the past was to setup a pipeline in a (production) testing environment, created a local agent, and dropped in the new version of the task in my agent's execution folder. Perhaps you can do something similar by cloning the Pipeline Canary task definitions and running the tests in a way that tests the various configurations (MacOs, Windows, Ubuntu)?

Please provide evidence of what testing you have done to confirm this change doesn't break the impacted tasks.

@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 5 times, most recently from 68c59a7 to d1cd877 Compare February 16, 2022 08:27
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch from d1cd877 to e81a2ad Compare February 21, 2022 10:29
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 4 times, most recently from 6b01a0c to 655f469 Compare March 8, 2022 23:00
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 4 times, most recently from 802121c to 1c38487 Compare March 10, 2022 23:14
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 11 times, most recently from e520c28 to ebd55ad Compare October 31, 2022 19:43
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch 14 times, most recently from 4f1c0ec to 95fa948 Compare November 9, 2022 20:57
@dependabot
Bump shelljs in /common-npm-packages/packaging-common-v3
754d247 
Bumps [shelljs](https://github.com/shelljs/shelljs) from 0.8.4 to 0.8.5.
- [Release notes](https://github.com/shelljs/shelljs/releases)
- [Changelog](https://github.com/shelljs/shelljs/blob/master/CHANGELOG.md)
- [Commits](shelljs/shelljs@v0.8.4...v0.8.5)

---
updated-dependencies:
- dependency-name: shelljs
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch from 95fa948 to 754d247 Compare November 9, 2022 21:27
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 9, 2022

Looks like shelljs is up-to-date now, so this is no longer needed.

@dependabot dependabot bot closed this Nov 9, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/common-npm-packages/packaging-common-v3/shelljs-0.8.5 branch November 9, 2022 22:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
environment:external-dependency
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@shadargee1982