Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump ejs and @11ty/eleventy #69

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2023

Bumps ejs to 3.1.9 and updates ancestor dependency @11ty/eleventy. These dependencies need to be updated together.

Updates ejs from 2.7.4 to 3.1.9

Release notes

Sourced from ejs's releases.

v3.1.9

Version 3.1.9

v3.1.8

Version 3.1.8

v3.1.7

Version 3.1.7

v3.1.6

Version 3.1.6

v3.1.5

Version 3.1.5

v3.0.2

No release notes provided.

Commits
  • aed0124 Version 3.1.9
  • 7083793 Updated dev deps
  • 87f1da6 Merge pull request #707 from mde/dependabot/npm_and_yarn/minimatch-3.1.2
  • e41a914 Removed old changelog, please rely on git log
  • 9ea36ba Merge pull request #719 from jportner/frozen-prototype-fix
  • 181a537 Fall back to assignment, update test
  • 58bc2eb Change approach to shadowing "toString" property for escapeXML
  • 76c9c61 Bump minimatch from 3.0.4 to 3.1.2
  • f818bce Merge pull request #706 from mde/dependabot/npm_and_yarn/flat-and-mocha-5.0.2
  • 0fca863 Bump flat and mocha
  • Additional commits viewable in compare view

Updates @11ty/eleventy from 0.12.0 to 2.0.0

Release notes

Sourced from @​11ty/eleventy's releases.

Eleventy v2.0.0: Now with twice as many Possums

🚨 The full release notes are available on The Eleventy Blog: Eleventy v2.0.0 or you can watch me talk about v2.0 on YouTube.

Eleventy v2.0.0 is now available! You can try it out now:

# Local project
npm install @11ty/eleventy@latest
Global install
npm install @​11ty/eleventy@​latest -g

New to Eleventy?

Eleventy is a flexible and production-ready site generator known for its zero-client JavaScript footprint, speedy sites, speedy builds, and full control over the output. Watch The State of Eleventy in Two Minutes or read more about Eleventy’s project goals.

The Big Features

Smaller, More Secure

Faster Builds

Plugins

... (truncated)

Changelog

Sourced from @​11ty/eleventy's changelog.

Dependency notes

List of dependencies that went ESM

  • @sindresorhus/slugify ESM at 2.x
  • multimatch is ESM at 6
  • bcp-47-normalize at 1.x

Release Procedure

  1. (Optional) Update minor dependencies in package.json
    • npx npm-check-updates
    • or npm outdated + npm update --save
  2. If the minimum Node version changed, make sure you update package.json engines property.
    • Make sure the error message works correctly for Node versions less than 10.
      • 0.12.x+ requires Node 10+
      • 1.x+ requires Node 12+
      • 2.x+ requires Node 14+
  3. rm -rf node_modules && rm -f package-lock.json && npm install
  4. npm audit
  5. Make sure npx ava runs okay
  6. Update version in package.json
    • (Alpha) Use -alpha.1 suffix
    • (Beta) Use -beta.1 suffix
  7. Run npm run coverage
  8. Check it all in and commit
  9. Tag new version
  10. Wait for GitHub Actions to complete to know that the build did not fail.
  11. Release
    • (Alpha) npm publish --access=public --tag=canary
    • (Beta) npm publish --access=public --tag=beta
    • (Main) npm publish --access=public
  12. (Optional) Build and commit a new the eleventy-edge-cdn project to generate a new Eleventy Edge lib.

Unfortunate note about npm and tags (specifically canary here): if you push a 1.0.0-canary.x to canary (even though 2.0.0-canary.x exists), it will use the last pushed tag when you npm install from @canary (not the highest version number)

Docs/Website (Main releases only)

  1. Maybe search for -alpha. (-canary.?) or -beta. in the docs copy to update to the stable release, if applicable.
  2. Check in a new 11ty-website site with updated package.json version.
  3. Add version to 11ty-website versions.json
  4. Commit it
  5. Create a new branch for branched version
  6. (Main) Check out the previous version git branch and add outdated: true to _data/config.json and commit/push.
  7. Go to https://app.netlify.com/sites/11ty/settings/domain and set up a subdomain for it.

Release Notes on GitHub (Main releases only)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot dependabot bot requested a review from Lisa-Stubert as a code owner March 24, 2023 15:35
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 24, 2023
Bumps [ejs](https://github.com/mde/ejs) to 3.1.9 and updates ancestor dependency [@11ty/eleventy](https://github.com/11ty/eleventy). These dependencies need to be updated together.


Updates `ejs` from 2.7.4 to 3.1.9
- [Release notes](https://github.com/mde/ejs/releases)
- [Commits](mde/ejs@v2.7.4...v3.1.9)

Updates `@11ty/eleventy` from 0.12.0 to 2.0.0
- [Release notes](https://github.com/11ty/eleventy/releases)
- [Changelog](https://github.com/11ty/eleventy/blob/master/docs/release-instructions.md)
- [Commits](11ty/eleventy@v0.12.0...v2.0.0)

---
updated-dependencies:
- dependency-name: ejs
  dependency-type: indirect
- dependency-name: "@11ty/eleventy"
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/ejs-and-11ty/eleventy-3.1.9 branch from d9dc1aa to 4b7f7ba Compare March 24, 2023 19:37
@socket-security
Copy link

New dependency changes detected. Learn more about Socket for GitHub ↗︎

👍 No new dependency issues detected in pull request

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore [email protected] bar@* or ignore all packages with @SocketSecurity ignore-all

Pull request alert summary
Issue Status
Install scripts ✅ 0 issues
Native code ✅ 0 issues
Bin script shell injection ✅ 0 issues
Unresolved require ✅ 0 issues
Invalid package.json ✅ 0 issues
HTTP dependency ✅ 0 issues
Git dependency ✅ 0 issues
Potential typo squat ✅ 0 issues
Known Malware ✅ 0 issues
Telemetry ✅ 0 issues
Protestware/Troll package ✅ 0 issues

📊 Modified Dependency Overview:

⬆️ Updated Package Version Diff Capability Access +/- Transitive Count Publisher
@11ty/[email protected] 0.12.0...2.0.0 filesystem, environment +101/-222 zachleat

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants