Skip to content

chore(deps-dev): Bump @github/local-action from 2.2.0 to 3.1.4 #42

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps-dev): Bump @github/local-action from 2.2.0 to 3.1.4 #42

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Apr 14, 2025
edited
Loading

Bumps @github/local-action from 2.2.0 to 3.1.4.

Release notes

Sourced from @​github/local-action's releases.

v3.1.4

What's Changed

Full Changelog: github/local-action@v3.1.3...v3.1.4

v3.1.3

Full Changelog: github/local-action@v3.1.2...v3.1.3

v3.1.2

What's Changed

Full Changelog: github/local-action@v3.1.1...v3.1.2

v3.1.1

What's Changed

Full Changelog: github/local-action@v3.1.0...v3.1.1

v3.1.0

What's Changed

Full Changelog: github/local-action@v3.0...v3.1.0

v3.0.5

Full Changelog: github/local-action@v3.0.4...v3.0.5

v3.0.4

Full Changelog: github/local-action@v3.0.3...v3.0.4

v3.0.3

Full Changelog: github/local-action@v3.0.2...v3.0.3

v3.0.2

Full Changelog: github/local-action@v3.0.1...v3.0.2

... (truncated)

Changelog

Sourced from @​github/local-action's changelog.

Changelog

v3

This version adds experimental support for pnpm and yarn.

Depending on the package manager and version, the invocation of the tsx command that drives @github/local-action is invoked differently.

Package Manager Version Command
npm Any npm exec
pnpm Any pnpm dlx
yarn <= 3 yarn exec
yarn >= 4 yarn dlx

Alongside this, yarn PnP support is implemented via unplugging any modules stubbed by @github/local-action and "re-plugging" after completion of the action run.

This support is still a work in progress. Any feedback or issues are welcome!

v2

As of version 2.0.0, the local-action tool has been updated to require Node.js v20.6.0 or higher. This is necessary to support ESM loaders to override dependencies in the GitHub Actions Toolkit.

v1

With the release of v1.0.0, there was a need to switch from ts-node to tsx. However, the bundled version of tsx is being used, so you should no longer need to install either 😀

Commits
  • 39845de Expand Unit Test Coverage (#179)
  • 52997ab Fix missing coverage points
  • eab64c4 Expand unit test coverage
  • 43bfef4 Review @​actions/github for updates
  • 23cc7b1 Update @​actions/core version and notes
  • e88ec1a Review @​actions/artifact latest version
  • a7e615a Build(deps-dev): Bump the npm-development group with 7 updates (#174)
  • 3fb0bf7 Build(deps-dev): Bump the npm-development group with 7 updates
  • 1d1df8f Build(deps): Bump yaml from 2.7.0 to 2.7.1 in the npm-production group (#175)
  • 1d23ab2 Build(deps): Bump yaml from 2.7.0 to 2.7.1 in the npm-production group
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore(deps-dev): Bump @github/local-action from 2.2.0 to 3.1.4
9d7e4b5 
Bumps [@github/local-action](https://github.com/github/local-action) from 2.2.0 to 3.1.4.
- [Release notes](https://github.com/github/local-action/releases)
- [Changelog](https://github.com/github/local-action/blob/main/CHANGELOG.md)
- [Commits](github/local-action@v2.2...v3.1.4)

---
updated-dependencies:
- dependency-name: "@github/local-action"
  dependency-version: 3.1.4
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 14, 2025
@github-actions
Copy link


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@github-actions
Copy link

Check SPDX headers

✅ 24 files have valid headers.

@github-actions
Copy link

Check License Compliance

✅ There are 1227 dependencies with allowed licenses.

⚠️ There are 6 dependencies with dangerous licenses:

  • NPM:@cspell/dict-en-common-misspellings@2.0.10: CC-BY-SA-4.0
    • Transitive dependency of NPM:cspell@8.15.5. Defined in package.json
  • NPM:jsuri@1.3.1: unknown
    • Transitive dependency of NPM:confluence.js@1.7.4, NPM:@telefonica/markdown-confluence-sync@2.0.0. Defined in package.json
  • NPM:buffers@0.1.1: unknown
    • Transitive dependency of NPM:@github/local-action@3.1.4. Defined in package.json
  • NPM:exit@0.1.2: unknown
    • Transitive dependency of NPM:jest@29.7.0. Defined in package.json
  • NPM:khroma@2.1.0: unknown
    • Transitive dependency of NPM:@telefonica/markdown-confluence-sync@2.0.0. Defined in package.json
  • NPM:format@0.2.2: unknown
    • Transitive dependency of NPM:@telefonica/markdown-confluence-sync@2.0.0. Defined in package.json

❌ There are 2 dependencies with forbidden licenses:

  • NPM:@protobuf-ts/runtime@2.9.6: Apache-2.0 AND BSD-3-Clause
    • Transitive dependency of NPM:@github/local-action@3.1.4. Defined in package.json
  • NPM:@protobuf-ts/plugin-framework@2.9.6: Apache-2.0 AND BSD-3-Clause
    • Transitive dependency of NPM:@github/local-action@3.1.4. Defined in package.json

❌ Result: Not valid licenses

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants