Skip to content

build(deps-dev): Bump lerna from 4.0.0 to 5.3.0#207

Closed
dependabot[bot] wants to merge 1 commit intodependabot_developfrom
dependabot/npm_and_yarn/dependabot_develop/lerna-5.3.0
Closed

build(deps-dev): Bump lerna from 4.0.0 to 5.3.0#207
dependabot[bot] wants to merge 1 commit intodependabot_developfrom
dependabot/npm_and_yarn/dependabot_develop/lerna-5.3.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 1, 2022
edited
Loading

Bumps lerna from 4.0.0 to 5.3.0.

Release notes

Sourced from lerna's releases.

v5.3.0

5.3.0 (2022-07-27)

Bug Fixes

  • run-lifecycle: lifecycle events should run to completion in series (#3262) (2f51588)
  • version: inherit stdio for lerna version lifecycle scripts (#3264) (9083a23)

Features

  • publish: include all dependencies in package graph by default, allow no-sort (#3263) (3b0c79c)

v5.2.0

5.2.0 (2022-07-22)

Bug Fixes

  • prompt: update inquirer to v8.2.4 (80c17d8)

Features

  • add json schema for lerna.json (#3229) (5075eae)
  • init: default useNx and useWorkspaces to true for new lerna workspaces (#3255) (a0e83e5)
  • publish: disable legacy verifyAccess behavior by default (#3249) (94174c1)

v5.1.8

5.1.8 (2022-07-07)

Bug Fixes

v5.1.7

5.1.7 (2022-07-06)

Bug Fixes

  • run: add double quotes around script target containing colon (#3218) (ead461e)

v5.1.6

5.1.6 (2022-06-24)

Bug Fixes

... (truncated)

Changelog

Sourced from lerna's changelog.

5.3.0 (2022-07-27)

Features

  • publish: include all dependencies in package graph by default, allow no-sort (#3263) (3b0c79c)

5.2.0 (2022-07-22)

Features

  • add json schema for lerna.json (#3229) (5075eae)
  • init: default useNx and useWorkspaces to true for new lerna workspaces (#3255) (a0e83e5)

5.1.8 (2022-07-07)

Note: Version bump only for package lerna

5.1.7 (2022-07-06)

Note: Version bump only for package lerna

5.1.6 (2022-06-24)

Note: Version bump only for package lerna

5.1.5 (2022-06-24)

Note: Version bump only for package lerna

... (truncated)

Commits
  • 535afac chore(release): v5.3.0
  • 3b0c79c feat(publish): include all dependencies in package graph by default, allow no...
  • 4f43ba1 chore(release): v5.2.0
  • a0e83e5 feat(init): default useNx and useWorkspaces to true for new lerna workspaces ...
  • a568e3b chore: simplify test helpers (#3241)
  • 5075eae feat: add json schema for lerna.json (#3229)
  • c567a29 chore(release): v5.1.8
  • 0e47379 chore(release): v5.1.7
  • edf59da chore(release): v5.1.6
  • ef1ff4b chore(release): v5.1.5
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jameshenry, a new releaser for lerna since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from aleksaToljic as a code owner August 1, 2022 11:17
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 1, 2022
@dependabot dependabot bot mentioned this pull request Aug 1, 2022
Closed
@socket-security
Copy link

socket-security bot commented Aug 1, 2022

Socket Security Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 New install scripts detected

A dependency change in this PR is introducing new install scripts to your install step.

Package Script field Location
@parcel/watcher@2.0.4 (added) binding.gyp package.json via lerna@5.3.0, nx@14.5.1
nx@14.5.1 (added) postinstall package.json via lerna@5.3.0
@parcel/watcher@2.0.4 (added) install package.json via lerna@5.3.0, nx@14.5.1
🫣 Native code

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Package Location
@parcel/watcher@2.0.4 (added) package.json via lerna@5.3.0, nx@14.5.1
Socket.dev scan summary
Issue Status
Did you mean? ✅ no new possible package typos
Install scripts ⚠️ 3 new install scripts detected
Telemetry ✅ no new telemetry
Troll package ✅ no new troll packages
Malware ✅ no new malware
Native code ⚠️ 1 new native module detected

Powered by socket.dev

@dependabot
build(deps-dev): Bump lerna from 4.0.0 to 5.3.0
35dc497 
Bumps [lerna](https://github.com/lerna/lerna/tree/HEAD/core/lerna) from 4.0.0 to 5.3.0.
- [Release notes](https://github.com/lerna/lerna/releases)
- [Changelog](https://github.com/lerna/lerna/blob/main/core/lerna/CHANGELOG.md)
- [Commits](https://github.com/lerna/lerna/commits/v5.3.0/core/lerna)

---
updated-dependencies:
- dependency-name: lerna
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dependabot_develop/lerna-5.3.0 branch from 034b938 to 35dc497 Compare August 1, 2022 11:31
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 1, 2022

Superseded by #224.

@dependabot dependabot bot closed this Sep 1, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/dependabot_develop/lerna-5.3.0 branch September 1, 2022 11:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aleksaToljic aleksaToljic Awaiting requested review from aleksaToljic aleksaToljic is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

Comments