Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

npm(deps-dev): bump standard from 17.1.0 to 17.1.1 #38

Closed
wants to merge 1 commit into from
Closed

npm(deps-dev): bump standard from 17.1.0 to 17.1.1 #38

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 12, 2024

Bumps standard from 17.1.0 to 17.1.1.

Release notes

Sourced from standard's releases.

v17.1.1

  • Pin eslint-plugin-react to 7.35.2 (#1976) d535d98

standard/standard@v17.1.0...v17.1.1

Changelog

Sourced from standard's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
npm(deps-dev): bump standard from 17.1.0 to 17.1.1
a6a029d 
Bumps [standard](https://github.com/standard/standard) from 17.1.0 to 17.1.1.
- [Release notes](https://github.com/standard/standard/releases)
- [Changelog](https://github.com/standard/standard/blob/master/CHANGELOG.md)
- [Commits](standard/standard@v17.1.0...v17.1.1)

---
updated-dependencies:
- dependency-name: standard
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 12, 2024
@gooroo-dev Gooroo.dev
Copy link

gooroo-dev bot commented Sep 12, 2024

Please double check the following review of the pull request:

Issues counts

🐞Mistake 🤪Typo 🚨Security 🚀Performance 💪Best Practices 📖Readability ❓Others
0 0 0 0 0 0 0

Changes in the diff

  • 🛠️ Added "dev": true to several dependencies in package-lock.json.
  • ➖ Removed array.prototype.toreversed dependency.
  • ➕ Added string.prototype.repeat dependency.
  • 🛠️ Updated eslint-plugin-react from 7.34.3 to 7.35.2.
  • 🛠️ Updated standard from 17.1.0 to 17.1.1.
  • 🛠️ Updated standard-engine from 15.0.0 to 15.1.0.

Identified Issues

ID Type Details Severity Confidence
1 💪Best Practices Ensure dependencies are correctly categorized between dependencies and devDependencies. 🟠Medium 🟠Medium

Issue 1: Ensure dependencies are correctly categorized between dependencies and devDependencies.

Explanation:
The diff shows that several dependencies have been marked as devDependencies by adding "dev": true. While this is generally good practice, it's crucial to ensure that all dependencies are correctly categorized. Dependencies that are only needed during development should be in devDependencies, while those required for production should be in dependencies.

Fix:
Review the dependencies and ensure they are correctly categorized.

{
  "dependencies": {
    "axios": "^1.7.7"
  },
  "devDependencies": {
    "@babel/preset-typescript": "^7.24.7",
    "eslint": "^8.57.0",
    "eslint-config-standard-with-typescript": "^43.0.1",
    "eslint-plugin-import": "^2.30.0",
    "eslint-plugin-n": "^16.6.2",
    "eslint-plugin-promise": "^6.6.0",
    "jest": "^29.7.0",
    "rimraf": "^6.0.1",
    "standard": "^17.1.1",
    "string.prototype.repeat": "^1.0.0"
  }
}

Explanation of the Fix:
The fix ensures that only axios is listed under dependencies as it might be required for production, while all other dependencies are correctly listed under devDependencies.

Missing Tests

Since the changes are primarily related to dependency updates and re-categorization, no new tests are required. However, ensure that existing tests are run to verify that the updates do not break any functionality.

Summon me to re-review when updated! Yours, Gooroo.dev
Please add a reaction or reply to share your thoughts.

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 13, 2024

Superseded by #39.

@dependabot dependabot bot closed this Sep 13, 2024
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/standard-17.1.1 branch September 13, 2024 15:34
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants