Bump importmap-rails from 2.1.0 to 2.2.2 #13

Open

dependabot[bot] wants to merge 1 commit from dependabot/bundler/importmap-rails-2.2.2 into main

dependabot[bot] commented

2025-07-31 21:14:19 +00:00

(Migrated from github.com)

Bumps importmap-rails from 2.1.0 to 2.2.2.

Release notes

Sourced from importmap-rails's releases.

v2.2.2

What's Changed

Keep options when updating packages in importmap by @rafaelfranca in rails/importmap-rails#310

Make integrity calculation opt-in by @rafaelfranca in rails/importmap-rails#312

Full Changelog: https://github.com/rails/importmap-rails/compare/v2.2.1...v2.2.2

v2.2.1

What's Changed

Improve SRI support by @rafaelfranca in rails/importmap-rails#309

Integrity is now generated by default using the assets pipeline if it is properly configured. pin and update commands don't download the integrity from the npm repository anymore.

Full Changelog: https://github.com/rails/importmap-rails/compare/v2.2.0...v2.2.1

v2.2.0

What's Changed

Add --preload option to pin command by @3v0k4 in rails/importmap-rails#298

Catch failure HTTP responses on calls to the npm registry by @tmeire in rails/importmap-rails#301

Warn about vendored versionless packages by @3v0k4 in rails/importmap-rails#305

Implement SRI support in importmap-rails by @rafaelfranca in rails/importmap-rails#304

New Contributors

@ron-shinall made their first contribution in rails/importmap-rails#296

@3v0k4 made their first contribution in rails/importmap-rails#298

@tmeire made their first contribution in rails/importmap-rails#301

Full Changelog: https://github.com/rails/importmap-rails/compare/v2.1.0...v2.2.0

Commits

dcdb5fe Bump version for 2.2.2
40d0dc5 Fix update command adding extra new lines
b51f709 Merge pull request #312 from rails/rm-opt-in-integrity
41339ab Make integrity calculation opt-in
ae67187 Merge pull request #310 from rails/rm-update-keep-options
5e25781 Keep options when updating packages in importmap
a151881 Fix character group for package target
56f84e7 Fix the scan when the pinned package has a version and has options after it
af71ded Use each_with_object
b5f5271 Extract common regexp to constants and methods
Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note

Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [importmap-rails](https://github.com/rails/importmap-rails) from 2.1.0 to 2.2.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/rails/importmap-rails/releases">importmap-rails's releases</a>.</em></p> <blockquote> <h2>v2.2.2</h2> <h2>What's Changed</h2> <ul> <li>Keep options when updating packages in importmap by <a href="https://github.com/rafaelfranca"><code>@rafaelfranca</code></a> in <a href="https://redirect.github.com/rails/importmap-rails/pull/310">rails/importmap-rails#310</a></li> <li>Make integrity calculation opt-in by <a href="https://github.com/rafaelfranca"><code>@rafaelfranca</code></a> in <a href="https://redirect.github.com/rails/importmap-rails/pull/312">rails/importmap-rails#312</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rails/importmap-rails/compare/v2.2.1...v2.2.2">https://github.com/rails/importmap-rails/compare/v2.2.1...v2.2.2</a></p> <h2>v2.2.1</h2> <h2>What's Changed</h2> <ul> <li>Improve SRI support by <a href="https://github.com/rafaelfranca"><code>@rafaelfranca</code></a> in <a href="https://redirect.github.com/rails/importmap-rails/pull/309">rails/importmap-rails#309</a></li> </ul> <p>Integrity is now generated by default using the assets pipeline if it is properly configured. <code>pin</code> and <code>update</code> commands don't download the integrity from the npm repository anymore.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/rails/importmap-rails/compare/v2.2.0...v2.2.1">https://github.com/rails/importmap-rails/compare/v2.2.0...v2.2.1</a></p> <h2>v2.2.0</h2> <h2>What's Changed</h2> <ul> <li>Add <code>--preload</code> option to pin command by <a href="https://github.com/3v0k4"><code>@3v0k4</code></a> in <a href="https://redirect.github.com/rails/importmap-rails/pull/298">rails/importmap-rails#298</a></li> <li>Catch failure HTTP responses on calls to the npm registry by <a href="https://github.com/tmeire"><code>@tmeire</code></a> in <a href="https://redirect.github.com/rails/importmap-rails/pull/301">rails/importmap-rails#301</a></li> <li>Warn about vendored versionless packages by <a href="https://github.com/3v0k4"><code>@3v0k4</code></a> in <a href="https://redirect.github.com/rails/importmap-rails/pull/305">rails/importmap-rails#305</a></li> <li>Implement SRI support in importmap-rails by <a href="https://github.com/rafaelfranca"><code>@rafaelfranca</code></a> in <a href="https://redirect.github.com/rails/importmap-rails/pull/304">rails/importmap-rails#304</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/ron-shinall"><code>@ron-shinall</code></a> made their first contribution in <a href="https://redirect.github.com/rails/importmap-rails/pull/296">rails/importmap-rails#296</a></li> <li><a href="https://github.com/3v0k4"><code>@3v0k4</code></a> made their first contribution in <a href="https://redirect.github.com/rails/importmap-rails/pull/298">rails/importmap-rails#298</a></li> <li><a href="https://github.com/tmeire"><code>@tmeire</code></a> made their first contribution in <a href="https://redirect.github.com/rails/importmap-rails/pull/301">rails/importmap-rails#301</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/rails/importmap-rails/compare/v2.1.0...v2.2.0">https://github.com/rails/importmap-rails/compare/v2.1.0...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/rails/importmap-rails/commit/dcdb5fe1c1078ebbd567b3811745d69503bf348b"><code>dcdb5fe</code></a> Bump version for 2.2.2</li> <li><a href="https://github.com/rails/importmap-rails/commit/40d0dc57e6c49bdff74096cee513fd263f6c91d2"><code>40d0dc5</code></a> Fix update command adding extra new lines</li> <li><a href="https://github.com/rails/importmap-rails/commit/b51f709119a963d164ec12b50ff746c09051b4a6"><code>b51f709</code></a> Merge pull request <a href="https://redirect.github.com/rails/importmap-rails/issues/312">#312</a> from rails/rm-opt-in-integrity</li> <li><a href="https://github.com/rails/importmap-rails/commit/41339aba5db319390107c1068e9f89e650cc3bdc"><code>41339ab</code></a> Make integrity calculation opt-in</li> <li><a href="https://github.com/rails/importmap-rails/commit/ae67187a4b96221f520db6431596b975489770cd"><code>ae67187</code></a> Merge pull request <a href="https://redirect.github.com/rails/importmap-rails/issues/310">#310</a> from rails/rm-update-keep-options</li> <li><a href="https://github.com/rails/importmap-rails/commit/5e257812376517499c8d1293a0e056a485e5c812"><code>5e25781</code></a> Keep options when updating packages in importmap</li> <li><a href="https://github.com/rails/importmap-rails/commit/a151881e4156ff5188d308973a4f6ae8c931a8bd"><code>a151881</code></a> Fix character group for package target</li> <li><a href="https://github.com/rails/importmap-rails/commit/56f84e7ac7eea81fec1f17207b4c22539d0259bc"><code>56f84e7</code></a> Fix the scan when the pinned package has a version and has options after it</li> <li><a href="https://github.com/rails/importmap-rails/commit/af71dedf1d29f1f8e59a3a32871888b9e5f47a40"><code>af71ded</code></a> Use each_with_object</li> <li><a href="https://github.com/rails/importmap-rails/commit/b5f5271a0efd68cedc4276d100e5220472360428"><code>b5f5271</code></a> Extract common regexp to constants and methods</li> <li>Additional commits viewable in <a href="https://github.com/rails/importmap-rails/compare/v2.1.0...v2.2.2">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=importmap-rails&package-manager=bundler&previous-version=2.1.0&new-version=2.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> > **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

This pull request can be merged automatically.

You are not authorized to merge this pull request.

View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.

git fetch -u origin dependabot/bundler/importmap-rails-2.2.2:dependabot/bundler/importmap-rails-2.2.2

git switch dependabot/bundler/importmap-rails-2.2.2

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main

git merge --no-ff dependabot/bundler/importmap-rails-2.2.2

git switch dependabot/bundler/importmap-rails-2.2.2

git rebase main

git switch main

git merge --ff-only dependabot/bundler/importmap-rails-2.2.2

git switch dependabot/bundler/importmap-rails-2.2.2

git rebase main

git switch main

git merge --no-ff dependabot/bundler/importmap-rails-2.2.2

git switch main

git merge --squash dependabot/bundler/importmap-rails-2.2.2