Skip to content

chore(deps): update dependency @metamask/auto-changelog to v5.3.0 #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency @metamask/auto-changelog to v5.3.0 #273

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 26, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@metamask/auto-changelog 5.1.0 -> 5.3.0 age confidence

Release Notes

MetaMask/auto-changelog (@​metamask/auto-changelog)

v5.3.0

Compare Source

Added
  • Add --requirePrNumbers flag to auto-changelog update CLI command for generation-time filtering (#​253)
    • When enabled, commits without PR numbers are filtered out from the changelog
    • Disabled by default for backward compatibility
    • The updateChangelog function also supports this option via the requirePrNumbers parameter

v5.2.0

Compare Source

Added
  • Deduplicate commits with no PR number in subject (#​254)
    • For commits with no PR number in the subject (non-"Squash & Merge" commits), deduplication now checks if exact description text already exists in changelog
    • Merge commits are deduplicated using commit body instead of the generic merge subject

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@claude
Copy link
Contributor

claude bot commented Nov 26, 2025

PR Review: Update @metamask/auto-changelog to v5.2.0

Summary

This is a routine dependency update from Renovate bot updating @metamask/auto-changelog from v5.1.0 to v5.2.0. The change is low-risk and recommended for merge.

Code Quality ✅

Positive:

  • Clean, minimal change (only package-lock.json affected)
  • Follows semantic versioning (minor version bump)
  • No changes to actual codebase or configuration

Observations:

  • The dependency is in devDependencies (line 67 in package.json)
  • Currently not actively used in the codebase (no direct imports found)
  • CHANGELOG.md is managed by release-please, not @metamask/auto-changelog

Changes in v5.2.0

According to the release notes, v5.2.0 adds:

  • Deduplication of commits with no PR number - For non-"Squash & Merge" commits, now checks if exact description text already exists in changelog
  • Merge commit deduplication - Uses commit body instead of generic merge subject

Impact: These are quality-of-life improvements for changelog generation. No breaking changes.

Potential Issues ⚠️

Low Priority:

  1. Unused dependency - This package appears to be in devDependencies but may not be actively used:
    • CHANGELOG.md follows "Keep a Changelog" format (per CLAUDE.md)
    • release-please handles changelog management (.github/workflows/release-please.yml)
    • No scripts in package.json reference auto-changelog
    • Consider removing if truly unused (separate issue/PR)

Security Considerations ✅

  • No known security vulnerabilities in either version
  • Package from trusted source (MetaMask organization)
  • Confidence score shown in PR description indicates stable release

Testing Recommendations

Before merge:

# Verify no breaking changes
npm ci
npm run build
npm test
npm run lint

Note: Based on project patterns, this should pass all checks since:

  • Only lockfile changed (no code/config changes)
  • Dependency is dev-only
  • Minor version bump (non-breaking)

Performance Considerations ✅

  • No performance impact (dev dependency)
  • Version size difference negligible

Test Coverage N/A

  • No code changes requiring tests
  • Existing test suite should validate no regressions

Recommendations

  1. ✅ APPROVE - Safe to merge

  2. Future optimization: Consider auditing whether @metamask/auto-changelog is needed:

    • If using release-please for CHANGELOG management, this may be redundant
    • Could save ~8MB in node_modules if unused
    • Create separate issue to investigate if desired

  3. Merge strategy:

    • Standard merge acceptable
    • No need for manual testing beyond CI checks
    • Renovate PRs like this are typically auto-mergeable

Verdict: ✅ LGTM (Looks Good To Me)

Risk Level: Low
Merge Confidence: High
Action: Approve and merge once CI passes

@renovate renovate bot force-pushed the renovate/metamask-auto-changelog-5.x-lockfile branch from 214f9da to 2fe4a39 Compare December 3, 2025 13:50
@renovate renovate bot changed the title chore(deps): update dependency @metamask/auto-changelog to v5.2.0 chore(deps): update dependency @metamask/auto-changelog to v5.3.0 Dec 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants