Skip to content

chore(deps): Bump Telefonica/opensource-scaffold from 1 to 2 #40

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): Bump Telefonica/opensource-scaffold from 1 to 2 #40

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Apr 14, 2025
edited
Loading

Bumps Telefonica/opensource-scaffold from 1 to 2.

Release notes

Sourced from Telefonica/opensource-scaffold's releases.

Public repository

Changed

  • chore: Publish the npm package to the NPM public registry. Rename it to @telefonica/opensource-scaffold.
  • docs: Add badges to the README file
  • docs: Remove references to internal procedures from the README file. Now it is intended to be used by external users also.

Upgrade check-license-compliance version

Changed

  • chore: Upgrade check-license-compliance to v3 (Stable release)

Add ignore input

Added

  • feat: Add ignore input to the github action, enabling to ignore some files when checking the scaffold resources.

Changed

  • chore: Upgrade check-license-compliance to v3.0.0-beta.3 (Support more granularity for including or excluding modules)

Change copyright headers

Fixed

  • chore: Change copyright headers. Remove "and contributors" from files where it is not applicable for the moment

Changed

  • chore: Upgrade check-license-compliance to v3.0.0-beta.2 (change copyright headers)

Support multiple languages when verifying dependencies licenses

Added

  • feat: Upgrade check-license-compliance to v3. Now it supports checking licenses from NPM, Maven, Python and Go dependencies. Update the action configuration accordingly
  • feat: Generate different check-license-compliance configurations based on the license type
  • feat: Add check-license-compliance options commented out to configuration file, so it is easier to understand what can be configured

Changed

  • chore: Bump check-spdx-headers action to version v1

Fixed

  • fix: Fix typo in "0BSD" license

Avoid console error in check

Changed

  • test: Ensure 100% action tests coverage

... (truncated)

Changelog

Sourced from Telefonica/opensource-scaffold's changelog.

Commits
  • 6039923 chore: Add publishing fields to package.json
  • e1f0bc6 Merge branch 'main' into release
  • 3f6b9d4 fix: Remove sync-to-confluence workflow file in init workflow (#58)
  • 211ab23 Merge pull request #57 from Telefonica/release
  • cf3fb84 docs: Fix license badge
  • fc07e78 chore: Change package description
  • e30806f Merge branch 'main' into release
  • 9404248 chore: Public repository (#56)
  • 9961d41 Merge pull request #47 from Telefonica/release
  • 0343435 Merge branch 'main' into release
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore(deps): Bump Telefonica/opensource-scaffold from 1 to 2
62c8c17 
Bumps [Telefonica/opensource-scaffold](https://github.com/telefonica/opensource-scaffold) from 1 to 2.
- [Release notes](https://github.com/telefonica/opensource-scaffold/releases)
- [Changelog](https://github.com/Telefonica/opensource-scaffold/blob/main/CHANGELOG.md)
- [Commits](Telefonica/opensource-scaffold@v1...v2)

---
updated-dependencies:
- dependency-name: Telefonica/opensource-scaffold
  dependency-version: '2'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 14, 2025
@github-actions GitHub Actions
Copy link


Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

I have read the CLA Document and I hereby sign the CLA

You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.

@github-actions GitHub Actions
Copy link

Check SPDX headers

✅ 24 files have valid headers.

@github-actions GitHub Actions
Copy link

Check License Compliance

✅ There are 1129 dependencies with allowed licenses.

⚠️ There are 5 dependencies with dangerous licenses:

  • NPM:@cspell/dict-en-common-misspellings@2.0.10: CC-BY-SA-4.0
    • Transitive dependency of NPM:cspell@8.15.5. Defined in package.json
  • NPM:exit@0.1.2: unknown
    • Transitive dependency of NPM:jest@29.7.0. Defined in package.json
  • NPM:jsuri@1.3.1: unknown
    • Transitive dependency of NPM:confluence.js@1.7.4, NPM:@telefonica/markdown-confluence-sync@2.0.0. Defined in package.json
  • NPM:khroma@2.1.0: unknown
    • Transitive dependency of NPM:@telefonica/markdown-confluence-sync@2.0.0. Defined in package.json
  • NPM:format@0.2.2: unknown
    • Transitive dependency of NPM:@telefonica/markdown-confluence-sync@2.0.0. Defined in package.json

✅ Result: Valid licenses

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants