Releases: Simek/yarn-lock-changes
Releases · Simek/yarn-lock-changes
v0.10.0
Changes visible for end-users:
None, see notes below.
⚠️ Additional notes
This version includes the switch to new and internal Yarn lock parser, which introduction aims for better extensibility and general action performance. At least for now, the new parser outputs the same data structure as the official Yarn package, so there should not be any visible changes for the end-users.
v0.9.0
Changes visible for end-users:
- action default runner has been changed from Node 12 to Node 16
v0.8.1
Changes visible for end-users:
- in certain cases, action could report dependency incorrectly as "Downgraded" because parse and compare mechanism is sensitive to the order of entries, the problem behind this issue has been fixed in this release, if you are seeing regression in downgrade detection in your CI after this update please open the issue and attach the lock files (if possible)
v0.8.0
Changes visible for end-users:
- add basic debug logs to help users investigate the issues in their workflows, you can read more in the new section of Readme
- improve fail messages seen in the action output
- action now creates comparison using the correct target branch instead of default repository branch, however the default branch is still the fallback, if for some reason, the target branch no longer exist
⚠️ Additional notes
If the action fails in your repository for the Dependabot PRs please check the "Common Issues" section in the Readme, which includes the guide how to update the workflow file and why you need to do this to fix the issue.
v0.7.0
Changes visible for end-users:
- if
pathinput is set to the custom value, the bot comment will now include the note about lock file location, this should help to differentiate the comments when multiple locks have been changeg within the same Pull Request - (💥) Boolean inputs are now validated by build-in
@actions/corepackage helper methodgetBooleanInput, which only supports the reduced set of YAML Boolean values, so this might be considered as breaking change for the small portion of users who were usingyes/no,on/offory/ninput values (however, the error message will be quite descriptive, so it should be easy to migrate the workflow setup)
v0.6.0
Changes visible for end-users:
- new
failOnDowngradeoptional input, when set totrueaction will fail when dependency downgrade has been detected, but will still post the detected changes comment - SVG image labels URLs in bot comment has been shortened (via https://git.io/) to reduce the risk of reaching GitHub comment content charter limit
v0.5.0
Changes visible for end-users:
- support for large
yarn.lockfiles (size above 1 MB) - if generated comment will exceed GitHub comment character limit, image statuses will be replaced with plain text (to reduce the number of characters)
v0.4.0
Changes visible for end-users:
- if
updateCommentinput is set to'true', bot should remove the comment, if changes to theyarn.lockin PR has been reverted - better validation of action inputs, especially
booleans, (not only'true', but also other values like'yes'or'on'will be resolved totrue)
v0.3.0
Changes visible for end-users:
- lock changes table can be collapsed or expanded by users
- new
collapsibleThresholdinput which will determine if table should be expanded or collapsed by default - new summary table will appear on the top of comment if count of changes is greater than
collapsibleThreshold
v0.2.0
Changes visible for end-users:
- strategy for fetching base lock file has been changed, which enables action to run in private repositories
- bot now updates the comment by default, instead of creating new one on each commit,
updateCommentoptional input, set it to"false"to enforce creating new comment- new, updated and more verbose error messages