* Bump ws from 7.4.4 to 7.5.1
Bumps [ws](https://github.com/websockets/ws) from 7.4.4 to 7.5.1.
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](https://github.com/websockets/ws/compare/7.4.4...7.5.1)
---
updated-dependencies:
- dependency-name: ws
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump lodash from 4.17.19 to 4.17.21
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.19...4.17.21)
---
updated-dependencies:
- dependency-name: lodash
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Initial commit for appengine deploy action
* Update comments to be more descriptive
* Get deploy files from the correct directory
Previous path was `_deploy/`. New path is `../_deploy`.
* Create Github Action to comment on PR while develop is frozen (#5006)
* Create develop_freeze_comment.yml
* Update comments
* Fix typo and update uses
* Add test message
* Revert "Create Github Action to comment on PR while develop is frozen (#5006)" (#5013)
This reverts commit 8c635b5fbc.
* Revert "Get deploy files from the correct directory"
* Bump hosted-git-info from 2.8.4 to 2.8.9 (#4980)
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info) from 2.8.4 to 2.8.9.
- [Release notes](https://github.com/npm/hosted-git-info/releases)
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md)
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.8.4...v2.8.9)
---
updated-dependencies:
- dependency-name: hosted-git-info
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Pull Request template for goog.module PRs
Provide a standard pull request template more suited to PRs doing
goog.module conversions.
There's no way to pick a non-default template when creating a PR
manually, but this one can be used by adding
"&?template=goog_module.md" to the
https://github.com/cpcallen/bugs/compare/ URL.
* Update goog_module.md with suggested fixes
* Fix typos.
* Reinstate "Proposed Changes" section.
* Mark text that should be edit with ALL CAPS.
* Bump normalize-url from 4.5.0 to 4.5.1
Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1.
- [Release notes](https://github.com/sindresorhus/normalize-url/releases)
- [Commits](https://github.com/sindresorhus/normalize-url/commits)
---
updated-dependencies:
- dependency-name: normalize-url
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump trim-newlines from 3.0.0 to 3.0.1
Bumps [trim-newlines](https://github.com/sindresorhus/trim-newlines) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/sindresorhus/trim-newlines/releases)
- [Commits](https://github.com/sindresorhus/trim-newlines/commits)
---
updated-dependencies:
- dependency-name: trim-newlines
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump path-parse from 1.0.6 to 1.0.7
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7.
- [Release notes](https://github.com/jbgutierrez/path-parse/releases)
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)
---
updated-dependencies:
- dependency-name: path-parse
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
* Bump postcss from 7.0.35 to 7.0.36 (#4928)
Bumps [postcss](https://github.com/postcss/postcss) from 7.0.35 to 7.0.36.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/7.0.35...7.0.36)
---
updated-dependencies:
- dependency-name: postcss
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Rollup of all Q3 message changes (#5565)
Courtesy of Translatewiki
* Add Croatian to Code demo (#5583) (#5611)
Contributed courtesy of Lidija Kralj.
* chore: create release.yml (#5588)
* Create release.yml
* chore: update release.yml
* chore: update dependabot messages and labels (#5653)
The same as #5618, but against master because dependabot ignores changes on develop.
* chore: Create separate report_clang_format workflow in master branch (#5670)
The initial version of this workflow just uses `console.log` to report
the context of the `context` object. It is hoped that there will
be enough information in this context to identify the PR to comment on,
without the `check_clang_format` workflow having to upload a
'build artefact' of some kind - see example of what I hoe to avoid
starting at `ReceivePR.yml` here:
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
A follow-up PR will (if possible) add the code to create comments
when `check_clang_format` fails.
Part of #5659.
* chore: Remove spurious extra `on` clause in report_clang_format.yml (#5671)
Removes an unwanted `on` clause that was overlooked in #5670 by author and reviewer.
* chore: More spelunking in GitHub Action data (#5673)
Looking for information about PR that triggered original
check_clang_format run.
* chore: revert github action (#5675)
* fix: Don't try to set text fields to null on cancel (#5692)
Mobile users get a window.prompt as an input, if they press the cancel button the return value is null. Don't attempt to set the value of the field to null.
Caused errors in the custom note field which inherits from FieldTextInput. Detected in Blockly Games Music.
This PR is for the master branch and includes a recompile. The develop branch has changed enough that a cherrypick from develop to master won't work. The bug in question represents a significant number of the errors being reported from Blockly Games.
* Update dependabot.yml (#5705)
* chore: run clang-format
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Monica Kozbial <6621618+moniika@users.noreply.github.com>
Co-authored-by: Christopher Allen <cpcallen+git@google.com>
Co-authored-by: Neil Fraser <fraser@google.com>
Co-authored-by: alschmiedt <aschmiedt@google.com>
... by not ever posting such comments from this workflow.
There will be a separate PR for the other workflow that does post
comments, because it needs to be in the master branch.
Part of #5659.
* refactor: Inline assign_reviewers script to avoid checkout
Per https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
it is not safe to do a checkout of the submitter-supplied code
AND THEN RUN IT (via require). This is pretty bad.
We want to give this script more permissions by running it
`on: [pull_request_target]` (instead of `pull_request`); this would
give it permission to modify the PR (e.g. add comments, change
assignment). While it would be OK to do a checkout with default
parameters (which in `pull_request_target` would check out *our*
branch rather than the submitted one) it simplest just to inline
this small script and thereby obviate the need to do a checkout at all.
* chore: Give assign_reviewers action required permissions
Changing it from `on: [pull_request]` to `on: [pull_request_review]`
will give the action write access to our repository, allowing it to
change the assignment of the PR.
This is now safe as the script does not ever check out any
submitter-supplied code.
* docs: Comment tweaks for assign_reviewers.yml
dependabot[bot]
Naveen
alschmiedt
Rachel Fenichel
Christopher Allen
kozbial
Monica Kozbial
Maribeth Bottorff
Aaron Dodson