Skip to content

Releases: Simek/yarn-lock-changes

v0.12.0

21 Jan 20:30
Compare
Choose a tag to compare

Changes visible for end-users:

Note

For Node <18 support, you can change the action version tag in your workflow to v0.11.0 , to use the latest action prior this release:

- name: Yarn Lock Changes
  uses: Simek/yarn-lock-changes@v0.11.0

v0.11.3

22 Oct 11:39
Compare
Choose a tag to compare

Changes visible for end-users:

  • fix error while parsing lock files with optional name key in entries (thanks to @nathanforce for the issue report and initial fix)

Note

In the next major action release the support for Node 14 and 16 will be dropped because of the latest @actions/github release which drops the support for those engines due to Octokit packages update.

If you are running the action using different runner than the default one, it might be a good time to make sure that your workflow uses at least Node 18. Otherwise, the future Node version switch should be seamless for you.

v0.11.2

03 Sep 17:07
2352c3d
Compare
Choose a tag to compare

Changes visible for end-users:

  • add groupByType boolean config option to group row in the comment table by the change type, the following order will be used:

    • Added
    • Updated
    • Downgraded
    • Removed

    The dependencies within the groups will still be ordered alphabetically.

v0.11.1

11 Jul 10:35
551a2ff
Compare
Choose a tag to compare

Changes visible for end-users:

  • [Berry] fix error while parsing locally linked packages with no dependencies (thanks to @ValentinH for the issue report)

v0.11.0

10 Jul 14:09
49be33b
Compare
Choose a tag to compare

Changes visible for end-users:

  • action now includes support for parsing and diffing Yarn Berry (v2 & v3) locks

    Note If you notice any problems or experience failures while using action with newer locks, please let me know and fill an issue.

v0.10.0

10 Jul 08:26
200e871
Compare
Choose a tag to compare

Changes visible for end-users:

None, see notes below.

⚠️ Additional notes

This version includes the switch to new and internal Yarn lock parser, which introduction aims for better extensibility and general action performance. At least for now, the new parser outputs the same data structure as the official Yarn package, so there should not be any visible changes for the end-users.

v0.9.0

19 Apr 21:10
b6e17ea
Compare
Choose a tag to compare

Changes visible for end-users:

  • action default runner has been changed from Node 12 to Node 16

v0.8.1

22 Aug 11:19
3655ac7
Compare
Choose a tag to compare

Changes visible for end-users:

  • in certain cases, action could report dependency incorrectly as "Downgraded" because parse and compare mechanism is sensitive to the order of entries, the problem behind this issue has been fixed in this release, if you are seeing regression in downgrade detection in your CI after this update please open the issue and attach the lock files (if possible)

v0.8.0

04 Aug 21:51
Compare
Choose a tag to compare

Changes visible for end-users:

  • add basic debug logs to help users investigate the issues in their workflows, you can read more in the new section of Readme
  • improve fail messages seen in the action output
  • action now creates comparison using the correct target branch instead of default repository branch, however the default branch is still the fallback, if for some reason, the target branch no longer exist

⚠️ Additional notes

If the action fails in your repository for the Dependabot PRs please check the "Common Issues" section in the Readme, which includes the guide how to update the workflow file and why you need to do this to fix the issue.

v0.7.0

15 Jul 12:54
573d067
Compare
Choose a tag to compare

Changes visible for end-users:

  • if path input is set to the custom value, the bot comment will now include the note about lock file location, this should help to differentiate the comments when multiple locks have been changeg within the same Pull Request
  • (💥) Boolean inputs are now validated by build-in @actions/core package helper method getBooleanInput, which only supports the reduced set of YAML Boolean values, so this might be considered as breaking change for the small portion of users who were using yes/no, on/off or y/n input values (however, the error message will be quite descriptive, so it should be easy to migrate the workflow setup)