Skip to content

deps: bump config from 3.3.12 to 4.1.0#88

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/master/config-4.1.0
Open

deps: bump config from 3.3.12 to 4.1.0#88
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/master/config-4.1.0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 4, 2025
edited
Loading

Bumps config from 3.3.12 to 4.1.0.

Release notes

Sourced from config's releases.

v4.1.0

This is a Draft release! Don't panic.

Breaking Changes

Several bugs were fixed that a user code might theoretically rely on, but most likely not:

  • Config.getSources() no longer contains files read by parseFile outside of the load process
  • when setModuleDefaults('modulename', ...) is called twice, the second call can overwrite values from the first
  • Config.getSources() now agrees with setModuleDefaults, no matter how often it is called

What's Changed

Bugs fixed:

  • #687 - you can now have deferConfig lines in submodules
  • #822 - setModuleDefaults calls are now additive (slightly higher memory usage for defaults as a consequence)
  • #827 - more accurate tracking of sources

v4.0.1

This release finalizes some work to extract 'util' functionality from lib/config.js into lib/util.js.

Breaking Changes

None known

What's Changed

  • Finished extraction of util functions to lib/util.js
  • Documentation of how to utilize this code for testing, or to drive setModuleDefaults()

v4.0.0

This release adds support for .jsonc and .mjs files. Note that MJS support requires Node 24 or recent patch releases of 20 or 22.

Breaking Changes

  • removes the unused stripComments() function
  • removes deprecated support for loading runtime.[ext] files.
  • changes the load order of APP_INSTANCE files to match other file sets

What's Changed

... (truncated)

Commits
  • 2040baf 4.1.0
  • 40e581c Switch to c8 for code coverage.
  • 8143fe5 Merge pull request #821 from jdmarshall/sourcesCleanup
  • 31dde2b Remove files from configSources that are not part of the config sources.
  • 73d7dab Apply deferConfigs that arrive as module defaults.
  • 985c87b Segregate the defaults data from the config data and only apply
  • 5005266 Change getPath to return the default value. Setup for fixes to
  • e3c6db8 Merge pull request #837 from jdmarshall/fixTests
  • ae975df Fix tests from a branch that missed out on a class rename.
  • e84f80e LoadInfo renamed to Load, LoadInfo.load() renamed to Load.scan()
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by jdmarshall, a new releaser for config since your current version.


Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
deps: bump config from 3.3.12 to 4.1.0
4f11d04 
Bumps [config](https://github.com/node-config/node-config) from 3.3.12 to 4.1.0.
- [Release notes](https://github.com/node-config/node-config/releases)
- [Changelog](https://github.com/node-config/node-config/blob/master/History.md)
- [Commits](node-config/node-config@v3.3.12...v4.1.0)

---
updated-dependencies:
- dependency-name: config
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 4, 2025

Labels

The following labels could not be found: infra. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from a team August 4, 2025 10:48
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 4, 2025

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants