Bump the development-dependencies group across 1 directory with 3 updates (#2546)
* Bump the development-dependencies group across 1 directory with 3 updates Bumps the development-dependencies group with 3 updates in the / directory: [brakeman](https://github.com/presidentbeef/brakeman), [faker](https://github.com/faker-ruby/faker) and [selenium-webdriver](https://github.com/SeleniumHQ/selenium). Updates `brakeman` from 7.1.2 to 8.0.1 - [Release notes](https://github.com/presidentbeef/brakeman/releases) - [Changelog](https://github.com/presidentbeef/brakeman/blob/main/CHANGES.md) - [Commits](https://github.com/presidentbeef/brakeman/compare/v7.1.2...v8.0.1) Updates `faker` from 3.5.3 to 3.6.0 - [Release notes](https://github.com/faker-ruby/faker/releases) - [Changelog](https://github.com/faker-ruby/faker/blob/main/CHANGELOG.md) - [Commits](https://github.com/faker-ruby/faker/compare/v3.5.3...v3.6.0) Updates `selenium-webdriver` from 4.39.0 to 4.40.0 - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](https://github.com/SeleniumHQ/selenium/compare/selenium-4.39.0...selenium-4.40.0) --- updated-dependencies: - dependency-name: brakeman dependency-version: 8.0.1 dependency-type: direct:development update-type: version-update:semver-major dependency-group: development-dependencies - dependency-name: faker dependency-version: 3.6.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies - dependency-name: selenium-webdriver dependency-version: 4.40.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * Auto-sync Gemfile.saas.lock on Dependabot PRs Dependabot can't update custom-named Gemfiles, so Gemfile.saas.lock drifts whenever it bumps shared gems in Gemfile.lock. Add `bin/bundle-drift forward` to push oss lockfile changes into the saas lockfile (the reverse of `correct`), and a GitHub Actions workflow that runs it automatically on Dependabot bundler branches. * Update brakeman ignore fingerprint for 8.0.1 Brakeman 8.0.1 changed how it computes warning fingerprints, so the existing ignore entry for the safe_constantize warning in Notifier became obsolete. Update to the new fingerprint. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jeremy Daer <jeremy@37signals.com>
This commit is contained in:
@@ -0,0 +1,35 @@
|
||||
name: Sync Gemfile.saas.lock
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- "dependabot/bundler/**"
|
||||
paths:
|
||||
- Gemfile.lock
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
sync:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
|
||||
- uses: ruby/setup-ruby@v1
|
||||
with:
|
||||
ruby-version: .ruby-version
|
||||
|
||||
- name: Forward Gemfile.lock changes to Gemfile.saas.lock
|
||||
run: bin/bundle-drift forward
|
||||
|
||||
- name: Commit updated lockfile
|
||||
run: |
|
||||
git add Gemfile.saas.lock
|
||||
if ! git diff --cached --quiet; then
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
git commit -m "Sync Gemfile.saas.lock"
|
||||
git push
|
||||
fi
|
||||
Reference in New Issue
Block a user