cznethub · Maurier · Feb 10, 2025 · Feb 10, 2025 · Feb 10, 2025
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "npm" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/dependabot-reviewer.yml b/.github/workflows/dependabot-reviewer.yml
@@ -0,0 +1,41 @@
+name: Dependabot reviewer
+
+on: pull_request_target
+
+permissions:
+  pull-requests: write
+  contents: write
+
+jobs:
+  review-dependabot-pr:
+    runs-on: ubuntu-latest
+    if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
+    steps:
+      - name: Dependabot metadata
+        id: dependabot-metadata
+        uses: dependabot/[email protected]
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve patch and minor updates
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch' || steps.dependabot-metadata.outputs.update-type == 'version-update:semver-minor'}}
+        run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a patch or minor update**"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Approve major updates of development dependencies
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:development'}}
+        run: gh pr review $PR_URL --approve -b "I'm **approving** this pull request because **it includes a major update of a dependency used only in development**"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
+      - name: Comment on major updates of non-development dependencies
+        if: ${{steps.dependabot-metadata.outputs.update-type == 'version-update:semver-major' && steps.dependabot-metadata.outputs.dependency-type == 'direct:production'}}
+        run: |
+          gh pr comment $PR_URL --body "I'm **not approving** this PR because **it includes a major update of a dependency used in production**"
+          gh pr edit $PR_URL --add-label "requires-manual-qa"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "cznet-discovery",
-  "version": "1.5.2",
+  "version": "1.5.3",
   "private": true,
   "scripts": {
     "serve": "vite --open",
@@ -12,60 +12,60 @@
     "up": "taze major -I"
   },
   "dependencies": {
-    "@cznethub/cznet-vue-core": "^0.2.24",
-    "@unhead/vue": "^1.9.9",
-    "@vueuse/core": "^10.9.0",
+    "@cznethub/cznet-vue-core": "^0.2.29",
+    "@unhead/vue": "^1.11.18",
+    "@vueuse/core": "^12.5.0",
     "@vueuse/head": "^2.0.0",
     "@vuex-orm/core": "^0.36.4",
     "deepmerge": "^4.3.1",
-    "dompurify": "^3.1.2",
+    "dompurify": "^3.2.4",
     "google-maps": "^4.3.3",
     "lodash.isequal": "^4.5.0",
     "pretty-bytes": "^6.1.1",
     "rxjs": "^7.8.1",
-    "vite-plugin-vuetify": "^2.0.3",
-    "vue": "^3.4.26",
+    "vite-plugin-vuetify": "^2.1.0",
+    "vue": "^3.5.13",
     "vue-browser-detect-plugin": "^0.1.18",
-    "vue-cookies": "^1.8.4",
-    "vue-demi": "^0.14.7",
+    "vue-cookies": "^1.8.6",
+    "vue-demi": "^0.14.10",
     "vue-facing-decorator": "^3.0.4",
-    "vue-i18n": "^9.13.1",
-    "vue-router": "^4.3.2",
+    "vue-i18n": "^11.1.1",
+    "vue-router": "^4.5.0",
     "vue-timeago3": "^2.3.2",
-    "vuetify": "^3.6.3",
+    "vuetify": "^3.7.11",
     "vuex": "^4.1.0",
     "vuex-persistedstate": "^4.1.0"
   },
   "devDependencies": {
-    "@antfu/eslint-config": "^2.8.1",
-    "@fortawesome/fontawesome-free": "^6.5.2",
-    "@iconify-json/carbon": "^1.1.32",
+    "@antfu/eslint-config": "^4.1.1",
+    "@fortawesome/fontawesome-free": "^6.7.2",
+    "@iconify-json/carbon": "^1.2.6",
     "@mdi/font": "^7.4.47",
-    "@vitejs/plugin-vue": "^5.0.4",
-    "@vue/test-utils": "^2.4.5",
+    "@vitejs/plugin-vue": "^5.2.1",
+    "@vue/test-utils": "^2.4.6",
     "cross-env": "^7.0.3",
-    "cypress": "^13.8.1",
-    "cypress-vite": "^1.5.0",
-    "eslint": "^8.57.0",
-    "eslint-plugin-cypress": "^2.15.1",
-    "eslint-plugin-format": "^0.1.0",
-    "lint-staged": "^15.2.2",
-    "sass": "^1.76.0",
-    "shiki": "^1.4.0",
-    "taze": "^0.13.8",
-    "typescript": "^5.4.5",
-    "unplugin-auto-import": "^0.17.5",
-    "unplugin-vue-components": "^0.27.0",
-    "unplugin-vue-macros": "^2.9.1",
-    "vite": "^5.2.11",
-    "vite-plugin-pwa": "^0.20.0",
-    "vite-plugin-webfont-dl": "^3.9.4",
-    "vite-ssg": "^0.23.7",
-    "vite-ssg-sitemap": "^0.6.1",
-    "vitest": "^1.6.0",
-    "vue-tsc": "^2.0.16"
+    "cypress": "^14.0.2",
+    "cypress-vite": "^1.6.0",
+    "eslint": "^9.20.0",
+    "eslint-plugin-cypress": "^4.1.0",
+    "eslint-plugin-format": "^1.0.1",
+    "lint-staged": "^15.4.3",
+    "sass": "^1.84.0",
+    "shiki": "^2.3.2",
+    "taze": "^18.4.0",
+    "typescript": "^5.7.3",
+    "unplugin-auto-import": "^19.0.0",
+    "unplugin-vue-components": "^28.0.0",
+    "unplugin-vue-macros": "^2.14.2",
+    "vite": "^6.1.0",
+    "vite-plugin-pwa": "^0.21.1",
+    "vite-plugin-webfont-dl": "^3.10.4",
+    "vite-ssg": "^25.0.0",
+    "vite-ssg-sitemap": "^0.8.1",
+    "vitest": "^3.0.5",
+    "vue-tsc": "^2.2.0"
   },
   "lint-staged": {
     "*": "eslint --fix"
   }
-}
+}