Skip to content

chore(deps): bump winston from 3.15.0 to 3.17.0 #5941

chore(deps): bump winston from 3.15.0 to 3.17.0

chore(deps): bump winston from 3.15.0 to 3.17.0 #5941

# Automatically merge Dependabot PRs when version comparison is within the range
# that is configured in .github/auto-merge.yml
name: Auto-Merge Dependabot PRs
on:
# WARNING: This needs to be run in the PR base, DO NOT build untrusted code in this action
# details under https://github.blog/changelog/2021-02-19-github-actions-workflows-triggered-by-dependabot-prs-will-run-with-read-only-permissions/
pull_request_target:
# permissions:
# pull-requests: write
# contents: write
jobs:
auto-merge:
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v2
with:
github-token: ${{ secrets.BOT_TOKEN }}
alert-lookup: true
- name: Check if PR should be auto-merged
uses: actions/github-script@v7
id: should-automerge
env:
updatedDependenciesJson: ${{ steps.dependabot-metadata.outputs.updated-dependencies-json }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }} # This doesn't need special permissions
result-encoding: string
script: |
const bot = require(`${process.env.GITHUB_WORKSPACE}/.github/bot-scripts/index.cjs`);
return bot.shouldAutomerge({github, context});
- name: Approve PR
if: ${{ steps.should-automerge.outputs.result == 'true' }}
uses: actions/github-script@v7
with:
github-token: ${{ secrets.BOT_TOKEN }}
script: |
const options = {
owner: context.repo.owner,
repo: context.repo.repo,
};
await github.rest.pulls.createReview({
...options,
pull_number: context.issue.number,
event: "APPROVE"
});
- name: Auto-merge PR
if: ${{ steps.should-automerge.outputs.result == 'true' }}
env:
PR_URL: ${{github.event.pull_request.html_url}}
GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
run: |
gh pr merge --auto --squash "$PR_URL"