Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

fix(deps): update dependency inquirer to v8 #874

Merged
merged 1 commit into from
Jan 21, 2022
Merged

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 24, 2021

WhiteSource Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
inquirer 6.5.2 -> 8.2.0 age adoption passing confidence

Release Notes

SBoudrias/Inquirer.js

v8.2.0

Compare Source

  • checkbox prompt: Update the help message to be more complete. And the help message is now shown until a selection is made.

v8.1.5

Compare Source

Fix older Node version compatibility issue.

v8.1.4

Compare Source

  • Fix an error being thrown inside the rawlist prompt

v8.1.3

Compare Source

Bug Fixes
  • Fix password prompt appearing when doing async filtering/validation
  • User being prompted a question even though it was answered when using nested answer object format.
  • Fix extra space appearing when using custom prefix.

And bump of all dependencies.

v8.1.2

Compare Source

  • Fix bug on rawList prompt
  • Bump dependencies

v8.1.1

Compare Source

Fix: Number prompt default behavior.

v8.1.0

Compare Source

New features
  • Now display a loading spinner while asynchronously filtering or validating data.
  • inquirer.prompt() now accept a shorthand object syntax instead of an array with named prompts:
const { foo, bar } = await inquirer.prompt({
  foo: {
    message: '...',
    default: '...',
  },
  bar: {
    default: '...',
  }
}):

v8.0.1

Compare Source

Fixes

  • Fix issue with duplicate keys in expand prompt not being caught if casing didn't match
  • Fix rawlist prompt ignoring short option
  • Rollback dependencies migrated to ESM causing issue for some users

And lastly general dependency upgrade (to non-ESM versions)

v8.0.0

Compare Source

  • Drop support for Node 10 (through dependencies)
  • Add postfix option to the editor prompt to allow easily turning on proper syntax highlighting

v7.3.3

Compare Source

  • Fix to release the readline on errors
  • Security patch (lodash)

v7.3.2

Compare Source

Fix the loop: false option in the checkbox prompt.

v7.3.1

Compare Source

  • Fix the loop: false option in the list prompt.

v7.3.0

Compare Source

  • New option loop (boolean) for list type prompts. This prevents the list from looping when reaching the top or bottom of the selection.
  • Bug fix: multi line list type prompts
  • Core: Bumped dependencies

v7.2.0

Compare Source

Enhancement
Bug Fix

v7.1.0

Compare Source

v7.0.7

Compare Source

v7.0.6

Compare Source

v7.0.5

Compare Source

Errors when running in non-TTY environment are now marked and catchable.

v7.0.4

Compare Source

v7.0.3

Compare Source

Revert broken fix done in 7.0.2

v7.0.2

Compare Source

~Work around bug affecting Windows user with Node 10 (#​767)~ (Reverted in v7.0.3)

v7.0.1

Compare Source

v7.0.0

Compare Source

  • Drop support for Node 6.

Configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by WhiteSource Renovate. View repository job log here.

@ericcornelissen
Copy link

ericcornelissen commented Jan 8, 2022

Chiming in here to help move this one along since, as per #883, it would be nice if this could be merged and released to remove the npm audit warning associated with the commitizen CLI 1.

Looking at the release notes for Inquirer in the Pull Request description, the major version changes amount to 2 breaking changes in total, neither of which affect the commitizen CLI v4.2.4:

Judging by that this should be safe to merge. That is, of course, if we trust that Inquirer didn't accidentally introduce a breaking change without reporting it.

Footnotes

  1. I would be inclined to agree that the impact of the vulnerability is limited for the commitizen CLI, but especially if upgrading is trivial I see no reason not to upgrade. Even if just to avoid "polluting" the npm audit report of users.

@renovate renovate bot force-pushed the renovate/inquirer-8.x branch from fb01330 to d6a9862 Compare January 18, 2022 14:41
@yukha-dw
Copy link

+1
I look forward to this update!

@LinusU LinusU merged commit 9c7e863 into master Jan 21, 2022
@LinusU
Copy link
Contributor

LinusU commented Jan 21, 2022

Thanks for doing the research on this @ericcornelissen ❤️

@LinusU LinusU deleted the renovate/inquirer-8.x branch January 21, 2022 13:18
@cgaube
Copy link

cgaube commented Jan 27, 2022

Do we know when new release tags are created ? I see the last release is https://github.com/commitizen/cz-cli/releases from May (v4.2.4)

@yukha-dw
Copy link

Do we know when new release tags are created ? I see the last release is https://github.com/commitizen/cz-cli/releases from May (v4.2.4)

you can "watch" this repository with All Activity option or Custom->Releases.

@Zhengqbbb
Copy link
Contributor

Just need to refactor the cz-git adapter, come and see 🧐🧐🧐 still a little worried

Zhengqbbb added a commit to Zhengqbbb/cz-git that referenced this pull request Apr 26, 2022
@github-actions
Copy link

🎉 This PR is included in version 4.2.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants