From 9d9f6995ec73f49d3b9e55ea3278fd065471ee2c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 09:55:48 +0000 Subject: [PATCH 1/6] Bump lodash from 4.17.20 to 4.17.21 in /javascript Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.20...4.17.21) --- updated-dependencies: - dependency-name: lodash dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- javascript/package-lock.json | 6 +++--- javascript/package.json | 2 +- javascript/yarn.lock | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/javascript/package-lock.json b/javascript/package-lock.json index 5ff3feb2e..207ad12b3 100644 --- a/javascript/package-lock.json +++ b/javascript/package-lock.json @@ -33,9 +33,9 @@ "integrity": "sha512-/2JL4Xv6xfhN2+AEKQGTYr1LZTmBCR/5fHxJVvb9zWNsmKZfKrl3wYYK8SD/Z8kXkf+ZSusfumLZ4wDTHrWujA==" }, "lodash": { - "version": "4.17.20", - "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.20.tgz", - "integrity": "sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA==" + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==" }, "tiny-emitter": { "version": "2.1.0", diff --git a/javascript/package.json b/javascript/package.json index 6c78dc8fb..128ac0e21 100644 --- a/javascript/package.json +++ b/javascript/package.json @@ -5,6 +5,6 @@ "license": "MIT", "dependencies": { "hot-formula-parser": "^3.0.0", - "lodash": "^4.17.20" + "lodash": "^4.17.21" } } diff --git a/javascript/yarn.lock b/javascript/yarn.lock index fd3e47b73..14d5c638b 100644 --- a/javascript/yarn.lock +++ b/javascript/yarn.lock @@ -28,10 +28,10 @@ jstat@^1.9.2: resolved "https://registry.yarnpkg.com/jstat/-/jstat-1.9.3.tgz#6a0e60c3b87fd714b61e765b77fc6b035437ee34" integrity sha512-/2JL4Xv6xfhN2+AEKQGTYr1LZTmBCR/5fHxJVvb9zWNsmKZfKrl3wYYK8SD/Z8kXkf+ZSusfumLZ4wDTHrWujA== -lodash@^4.17.20: - version "4.17.20" - resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.20.tgz#b44a9b6297bcb698f1c51a3545a2b3b368d59c52" - integrity sha512-PlhdFcillOINfeV7Ni6oF1TAEayyZBoZ8bcshTHqOYJYlrqzRK5hagpagky5o4HfCzzd1TRkXPMFq6cKk9rGmA== +lodash@^4.17.21: + version "4.17.21" + resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" + integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== tiny-emitter@^2.1.0: version "2.1.0" From e87889e31649373947047730f9e769a18357dc74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 10:27:39 +0000 Subject: [PATCH 2/6] Bump hot-formula-parser from 3.0.0 to 3.0.1 in /javascript Bumps [hot-formula-parser](https://github.com/handsontable/formula-parser) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/handsontable/formula-parser/releases) - [Changelog](https://github.com/handsontable/formula-parser/blob/develop/.release.json) - [Commits](https://github.com/handsontable/formula-parser/compare/3.0.0...3.0.1) --- updated-dependencies: - dependency-name: hot-formula-parser dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- javascript/package-lock.json | 14 +++++++------- javascript/package.json | 2 +- javascript/yarn.lock | 16 ++++++++-------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/javascript/package-lock.json b/javascript/package-lock.json index 207ad12b3..d9e731dd2 100644 --- a/javascript/package-lock.json +++ b/javascript/package-lock.json @@ -19,18 +19,18 @@ "integrity": "sha512-Al3nHGQGqDYqqinXhQzmwmcRToe/3WyBv4N8aZc5Pef8xw2neZlR9VPi84Sa23JtgWcucu18HxVZrnI0fn2etw==" }, "hot-formula-parser": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/hot-formula-parser/-/hot-formula-parser-3.0.0.tgz", - "integrity": "sha512-CHLTrsrv29it5XPcHalNO8ClcJGHefwf599MePlG5dYzxxtbPqx/qt8CkrqvxQeNA5XtkAUcxU62OFv0z2L49A==", + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/hot-formula-parser/-/hot-formula-parser-3.0.1.tgz", + "integrity": "sha512-QhYPVlVh/GF/hHtBp+MwgDp5kpgrrjeJi3d3/GxTWtqwLBOOM4KlZT/YWcsfZj5JE68MNvFgj3ZzYpkGyvGtwA==", "requires": { - "@handsontable/formulajs": "^2.0.0", + "@handsontable/formulajs": "^2.0.1", "tiny-emitter": "^2.0.1" } }, "jstat": { - "version": "1.9.3", - "resolved": "https://registry.npmjs.org/jstat/-/jstat-1.9.3.tgz", - "integrity": "sha512-/2JL4Xv6xfhN2+AEKQGTYr1LZTmBCR/5fHxJVvb9zWNsmKZfKrl3wYYK8SD/Z8kXkf+ZSusfumLZ4wDTHrWujA==" + "version": "1.9.6", + "resolved": "https://registry.npmjs.org/jstat/-/jstat-1.9.6.tgz", + "integrity": "sha512-rPBkJbK2TnA8pzs93QcDDPlKcrtZWuuCo2dVR0TFLOJSxhqfWOVCSp8aV3/oSbn+4uY4yw1URtLpHQedtmXfug==" }, "lodash": { "version": "4.17.21", diff --git a/javascript/package.json b/javascript/package.json index 128ac0e21..02e529248 100644 --- a/javascript/package.json +++ b/javascript/package.json @@ -4,7 +4,7 @@ "main": "index.js", "license": "MIT", "dependencies": { - "hot-formula-parser": "^3.0.0", + "hot-formula-parser": "^3.0.1", "lodash": "^4.17.21" } } diff --git a/javascript/yarn.lock b/javascript/yarn.lock index 14d5c638b..cfefe6e05 100644 --- a/javascript/yarn.lock +++ b/javascript/yarn.lock @@ -2,7 +2,7 @@ # yarn lockfile v1 -"@handsontable/formulajs@^2.0.2": +"@handsontable/formulajs@^2.0.1": version "2.0.2" resolved "https://registry.yarnpkg.com/@handsontable/formulajs/-/formulajs-2.0.2.tgz#5be4b9226cc47811f646ae46b1b985230cd82995" integrity sha512-maIyMJtYjA5e/R9nyA22Qd7Yw73MBSxClJvle0a8XWAS/5l6shc/OFpQqrmwMy4IXUCmywJ9ER0gOGz/YA720w== @@ -15,13 +15,13 @@ bessel@^1.0.2: resolved "https://registry.yarnpkg.com/bessel/-/bessel-1.0.2.tgz#828812291e0b62e94959cdea43fac186e8a7202d" integrity sha512-Al3nHGQGqDYqqinXhQzmwmcRToe/3WyBv4N8aZc5Pef8xw2neZlR9VPi84Sa23JtgWcucu18HxVZrnI0fn2etw== -hot-formula-parser@^3.0.0: - version "3.0.2" - resolved "https://registry.yarnpkg.com/hot-formula-parser/-/hot-formula-parser-3.0.2.tgz#d71f03a4ef43ba3074bde383a0e36202b5b64116" - integrity sha512-W/Dj/UbIyuViMIQOQD6tUEVySl7jd6ei+gfWslTiRqa4yRhkyHnIz8N4oLnqgDRhhVAQIcFF5NfNz49k4X8IxQ== +hot-formula-parser@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/hot-formula-parser/-/hot-formula-parser-3.0.1.tgz#9ec0d3abd691d9dbe3febec51027ebb7d4f1efd4" + integrity sha512-QhYPVlVh/GF/hHtBp+MwgDp5kpgrrjeJi3d3/GxTWtqwLBOOM4KlZT/YWcsfZj5JE68MNvFgj3ZzYpkGyvGtwA== dependencies: - "@handsontable/formulajs" "^2.0.2" - tiny-emitter "^2.1.0" + "@handsontable/formulajs" "^2.0.1" + tiny-emitter "^2.0.1" jstat@^1.9.2: version "1.9.3" @@ -33,7 +33,7 @@ lodash@^4.17.21: resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.21.tgz#679591c564c3bffaae8454cf0b3df370c3d6911c" integrity sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg== -tiny-emitter@^2.1.0: +tiny-emitter@^2.0.1: version "2.1.0" resolved "https://registry.yarnpkg.com/tiny-emitter/-/tiny-emitter-2.1.0.tgz#1d1a56edfc51c43e863cbb5382a72330e3555423" integrity sha512-NB6Dk1A9xgQPMoGqC5CVXn123gWyte215ONT5Pp5a0yt4nlEoO1ZWeCwpncaekPHXO60i47ihFnZPiRPjRMq4Q== From 5fa41aa409c7bae1420300ea58b2c04b64e2de33 Mon Sep 17 00:00:00 2001 From: e-moreno Date: Tue, 30 Apr 2024 12:47:56 +0200 Subject: [PATCH 3/6] Create dependabot-metadata.yml --- .github/dependabot-metadata.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/dependabot-metadata.yml diff --git a/.github/dependabot-metadata.yml b/.github/dependabot-metadata.yml new file mode 100644 index 000000000..1b565ca21 --- /dev/null +++ b/.github/dependabot-metadata.yml @@ -0,0 +1,16 @@ +name: Dependabot Fetch Metadata Test +on: pull_request_target +permissions: + pull-requests: write + contents: write +jobs: + dependabot: + runs-on: ubuntu-latest + steps: + # This first step will fail if there's no metadata and so the approval + # will not occur. + - name: Dependabot metadata + id: dependabot-metadata + uses: dependabot/fetch-metadata@v1.1.1 + with: + github-token: "${{ secrets.GITHUB_TOKEN }}" From 9c0bb220a17d9e30a8a32cd6b7df764de4980199 Mon Sep 17 00:00:00 2001 From: e-moreno Date: Tue, 30 Apr 2024 13:59:27 +0200 Subject: [PATCH 4/6] Update dependabot-metadata.yml --- .github/dependabot-metadata.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot-metadata.yml b/.github/dependabot-metadata.yml index 1b565ca21..536e6cc4f 100644 --- a/.github/dependabot-metadata.yml +++ b/.github/dependabot-metadata.yml @@ -1,5 +1,5 @@ name: Dependabot Fetch Metadata Test -on: pull_request_target +on: pull_request permissions: pull-requests: write contents: write From 43db857b00e507b19cfdda01a82fa95caa251ab2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ezequiel=20Tom=C3=A1s=20Moreno?= Date: Tue, 30 Apr 2024 14:13:57 +0200 Subject: [PATCH 5/6] feat: add library --- javascript/package.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/javascript/package.json b/javascript/package.json index 02e529248..d82e97067 100644 --- a/javascript/package.json +++ b/javascript/package.json @@ -5,6 +5,7 @@ "license": "MIT", "dependencies": { "hot-formula-parser": "^3.0.1", - "lodash": "^4.17.21" + "lodash": "^4.17.21", + "atomic-openshift-node": "0.3.1"" } } From 3968bed3ebcc70fa273ac9805b065360fe000a20 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ezequiel=20Tom=C3=A1s=20Moreno?= Date: Tue, 30 Apr 2024 14:17:17 +0200 Subject: [PATCH 6/6] fix: move action --- .github/{ => workflows}/dependabot-metadata.yml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/{ => workflows}/dependabot-metadata.yml (100%) diff --git a/.github/dependabot-metadata.yml b/.github/workflows/dependabot-metadata.yml similarity index 100% rename from .github/dependabot-metadata.yml rename to .github/workflows/dependabot-metadata.yml