v0.12.0

Changes visible for end-users:

• drop Node 14 and Node 16 workflow support

  As stated in the previous release, from this major version upward, the Node 14 and Node 16 workflow support has been dropped, due to upgrade of @actions/github package.

Note

For Node <18 support, you can change the action version tag in your workflow to v0.11.0 , to use the latest action prior this release:

- name: Yarn Lock Changes
  uses: Simek/[email protected]

v0.11.3

Changes visible for end-users:

• fix error while parsing lock files with optional name key in entries (thanks to @nathanforce for the issue report and initial fix)

---

Note

In the next major action release the support for Node 14 and 16 will be dropped because of the latest @actions/github release which drops the support for those engines due to Octokit packages update.

If you are running the action using different runner than the default one, it might be a good time to make sure that your workflow uses at least Node 18. Otherwise, the future Node version switch should be seamless for you.

v0.11.2

Changes visible for end-users:

• add groupByType boolean config option to group row in the comment table by the change type, the following order will be used:

  • Added
  • Updated
  • Downgraded
  • Removed

  The dependencies within the groups will still be ordered alphabetically.

v0.11.1

Changes visible for end-users:

• [Berry] fix error while parsing locally linked packages with no dependencies (thanks to @ValentinH for the issue report)

v0.11.0

Changes visible for end-users:

• action now includes support for parsing and diffing Yarn Berry (v2 & v3) locks

  Note If you notice any problems or experience failures while using action with newer locks, please let me know and fill an issue.

v0.10.0

Changes visible for end-users:

None, see notes below.

⚠️ Additional notes

This version includes the switch to new and internal Yarn lock parser, which introduction aims for better extensibility and general action performance. At least for now, the new parser outputs the same data structure as the official Yarn package, so there should not be any visible changes for the end-users.

v0.9.0

Changes visible for end-users:

• action default runner has been changed from Node 12 to Node 16

v0.8.1

Changes visible for end-users:

• in certain cases, action could report dependency incorrectly as "Downgraded" because parse and compare mechanism is sensitive to the order of entries, the problem behind this issue has been fixed in this release, if you are seeing regression in downgrade detection in your CI after this update please open the issue and attach the lock files (if possible)

v0.8.0

Changes visible for end-users:

• add basic debug logs to help users investigate the issues in their workflows, you can read more in the new section of Readme
• improve fail messages seen in the action output
• action now creates comparison using the correct target branch instead of default repository branch, however the default branch is still the fallback, if for some reason, the target branch no longer exist

⚠️ Additional notes

If the action fails in your repository for the Dependabot PRs please check the "Common Issues" section in the Readme, which includes the guide how to update the workflow file and why you need to do this to fix the issue.

v0.7.0

Changes visible for end-users:

• if path input is set to the custom value, the bot comment will now include the note about lock file location, this should help to differentiate the comments when multiple locks have been changeg within the same Pull Request
• (💥) Boolean inputs are now validated by build-in @actions/core package helper method getBooleanInput, which only supports the reduced set of YAML Boolean values, so this might be considered as breaking change for the small portion of users who were using yes/no, on/off or y/n input values (however, the error message will be quite descriptive, so it should be easy to migrate the workflow setup)