dylang / changelog Goto Github PK

On registry https://registry.npmjs.org/, the "latest" version (v2.0.0) of dependency time-grunt has the following deprecation notice:

Deprecated because Grunt is practically unmaintained. Move on to something better. This package will continue to work with Grunt v1, but it will not receive any updates.

Marking the latest version of an npm package as deprecated results in the entire package being considered deprecated, so contact the package author you think this is a mistake.

Affected package file(s): package.json

If you don't care about this, you can close this issue and not be warned about time-grunt's deprecation again. If you would like to completely disable all future deprecation warnings then add the following to your config:

"suppressNotifications": ["deprecationWarningIssues"]

Use case + process:

• you create CHANGELOG via changelog all + hand-editing at time/date T1.
  • changelog has saved to top commit hash in .changelog.json or some such 'hidden' file.
• some time later (time T2) you rerun changelog to UPDATE/APPEND the CHANGELOG.
  • changelog loads the hash from .changelog.json and uses that as the start of the commit range to request commit log info about and generate changelog entries for, which are appended at the top of the CHANGELOG.

Result:

With the above process you can update the CHANGELOG without worrying about missing entries and/or having to wade through duplicates, also when you do this several times when a new release is not yet scheduled, i.e. during development for the next release.

It also saves you the hassle (and very much potential for human error) of coming up with a manually specified commit range to load in changelog: this way you will be sure that changelog will have processed all your commits to date, over time, while your CHANGELOG slowly grows and stays up to date, also between releases.

Hi all,

There are 22 outstanding PRs, some of which resolve security vulnerabilities caused by Changelog's outdated dependencies. None of those have been committed. Some of them have been outstanding for years.

I totally understand the time commitment involved in open-source software; I'm not judging. It's just that if nobody is at the helm on Changelog, I'll need to explore alternatives for my app. I can't keep shipping "high" security vulnerabilities.

Test case:
changelog @types/react-native
Results:

/usr/local/lib/node_modules/changelog/node_modules/q/q.js:155
                throw e;
                ^

TypeError [ERR_INVALID_ARG_TYPE]: The "url" argument must be of type string. Received type undefined
    at Url.parse (url.js:106:11)
    at Object.urlParse [as parse] (url.js:100:13)
    at commitMessages (/usr/local/lib/node_modules/changelog/lib/datasrc/github.js:19:23)
    at _fulfilled (/usr/local/lib/node_modules/changelog/node_modules/q/q.js:834:54)
    at self.promiseDispatch.done (/usr/local/lib/node_modules/changelog/node_modules/q/q.js:863:30)
    at Promise.promise.promiseDispatch (/usr/local/lib/node_modules/changelog/node_modules/q/q.js:796:13)
    at /usr/local/lib/node_modules/changelog/node_modules/q/q.js:604:44
    at runSingle (/usr/local/lib/node_modules/changelog/node_modules/q/q.js:137:13)
    at flush (/usr/local/lib/node_modules/changelog/node_modules/q/q.js:125:13)
    at process._tickCallback (internal/process/next_tick.js:150:11)

Expected results: show changelog

Environment:

• macOS 10.12.6
• node 9.3.0
• changelog 1.4.1

please add --after <version> option. in order to show all change log from some version to current version

for example:

$ changelog redux-saga --after 0.10.2
0.10.4 / 2016-05-12
  * 0.10.4
  * Merge branch 'master' of github.com:yelouafi/redux-saga
  * ...
0.10.3 / 2016-05-12
  * 0.10.3
  * upgraded to 0.10
  * remove isDev util
  * ...
$

Hi,

Is it possible to change the commit URL generated by the plugin ?
In fact, into a Stash Repository the commit url is : repos/myrepo/commits/XXXXXX
The plugin generate an url like repos/myrepo/commit/XXXXXX

Thanks.

These fail:

  github
    1) should have something come back for changelog
    2) should have something come back for commit messages

  npm
    3) should have something come back for pageHistory

I am no longer using his repository as part of @renovatebot and I think @dylang himself is also not in active use either. Unless someone else wants to take over, it might be best to deprecate the npm package and archive this repository.

it would be cool to maybe have something like:

$ changelog express 2.4.4

or

$ changelog express latest

something like that or

$ changelog express 3

to show the 3 most recent releases

npm audit report

  Moderate        Prototype Pollution                                           
                                                                                
  Package         lodash                                                        
                                                                                
  Patched in      >=4.17.11                                                     
                                                                                
  Dependency of   changelog [dev]                                               
                                                                                
  Path            changelog > lodash                                            
                                                                                
  More info       https://nodesecurity.io/advisories/782 

Please merge the pull request #77 to resolve the moderate severity vulnerability.

Thank-you

Not updated since 2013.

readme says to migrate to Verb but my previous encounters with Verb have left a very nasty taste, so I'm not going there. Hence issue instead of pullreq: this one's left as an exercise for the reader. 😉

The version on npm is now quite out of date.

Specifically, is it possible to get the latest version from Github without npm when using the API?

Great project. I would love to use this for tracking private repos at our startup.

Just to confirm - currently private repos are not supported? AFAICT they are not as the code seems to perform an authless, no-token fetch.

On registry https://registry.npmjs.org/, the "latest" version (v0.2.0) of dependency has-color has the following deprecation notice:

Renamed to supports-color``

Marking the latest version of an npm package as deprecated results in the entire package being considered deprecated, so contact the package author you think this is a mistake.

Affected package file(s): package.json

If you don't care about this, you can close this issue and not be warned about has-color's deprecation again. If you would like to completely disable all future deprecation warnings then add the following to your config:

"suppressNotifications": ["deprecationWarningIssues"]

Here's the error I got:

 ~  changelog express

TypeError: Invalid Version: 1.0.0beta
    at new SemVer (/usr/local/lib/node_modules/changelog/node_modules/semver/semver.js:273:11)
    at compare (/usr/local/lib/node_modules/changelog/node_modules/semver/semver.js:460:10)
    at Function.gt (/usr/local/lib/node_modules/changelog/node_modules/semver/semver.js:489:10)
    at sortVersions (/usr/local/lib/node_modules/changelog/lib/datasrc/npm.js:11:16)
    at Array.sort (native)
    at Request._callback (/usr/local/lib/node_modules/changelog/lib/datasrc/npm.js:85:14)
    at Request.self.callback (/usr/local/lib/node_modules/changelog/node_modules/request/request.js:237:22)
    at Request.emit (events.js:98:17)
    at Request.<anonymous> (/usr/local/lib/node_modules/changelog/node_modules/request/request.js:1146:14)
    at Request.emit (events.js:117:20)

Great module! Surprised there is no Grunt support.
Would love to just do grunt.loadNpmTasks('changelog'); and use this on my local repository with a set branch or even remote.

Example: https://github.com/theintern/intern/wiki/Using-Intern-with-Grunt

Example:

debug: Creating branch renovate/semantic-release-gitlab-3.x
debug: package.json exists - updating it
debug: yarn.lock exists - updating it
debug: semverString: >2.5.2 <=3.0.0
verbose: getChangelog error: Unknown Github Repo: git+https://gitlab.com/hyper-expanse/semantic-release-gitlab.git. Not Found
verbose: No changelog for semantic-release-gitlab

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Rate-Limited

These updates are currently rate-limited. Click on a checkbox below to force their creation now.

• fix(deps): update dependency has-color to v0.2.0
• chore(deps): update dependency chai to v5
• chore(deps): update dependency mocha to v10
• chore(deps): update dependency np to v10
• chore(deps): update dependency time-grunt to v2
• fix(deps): update dependency chalk to v5
• 🔐 Create all rate-limited PRs at once 🔐

Edited/Blocked

These updates have been manually edited so Renovate will no longer make changes. To discard all commits and start over, click on a checkbox.

• fix(deps): update dependency lodash to v4.17.21
• chore(deps): update dependency grunt-contrib-watch to v1.1.0
• chore(deps): update dependency mocha to v5.2.0
• chore(deps): update dependency np to v2.20.1
• fix(deps): update dependency chalk to v2.4.2

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update dependency grunt to v1.6.1
• fix(deps): update dependency moment to v2.30.1
• fix(deps): update dependency request to v2.88.2
• fix(deps): update dependency semver to v5.7.2
• chore(deps): update dependency grunt-contrib-jshint to v3
• chore(deps): update dependency load-grunt-tasks to v5
• chore(deps): update dependency proxyquire to v2
• fix(deps): update dependency semver to v7
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

At the moment I'm doing npm outdated, then manually checking each item with changelog, which can also be a pain because I don't know how many version steps there are between my current and the newest version of a package. So it's just randomly choosing a number to put after changelog package-name

I think that if you're in a directory with a package.json file, when you run changelog by itself, it should be able to tell you all the version changes for every out of date package.

I can always have a look into implementing something like this myself into a PR when I get the time, but just wondering if it's a viable idea.

Thanks!

Would be nice to have this module able to work with the Bower repo as well as npm.

sometimes the command line output isn't the best way to look at the changelog. I find myself wanting to have a quick glance at the repo (or the changelog file in the repo) often enough that I'd want a quick link to the repo from the command line output.

I have this in package.json:

  "repository": {
    "type": "git",
    "url": "git+https://github.com/abc/xyz.git"
  },

And yet when I run changelog in the project dir, I get:

changelog The module's owner did not specify the repository url in the package.json for proj. You should let the author know.

If I type out the full URL, it works fine:

$ changelog https://github.com/abc/xyz

Allow to call GitHub API as an authenticated user to avoid rate limit.

Example project that uses release notes: https://github.com/domenic/chai-as-promised/releases

Suspicious example:

In the above you can see that each release's "chore" of updating package.json is actually being accredited to the subsequent release, which is not ideal and is perhaps just plain wrong.

I'd like to incorporate this nifty tool into my build process. However, changelog does not support generating a CHANGELOG from the local commits right before they get pushed to for example github.

Do you care for a PR for this feat?

I am getting this error on request to github.
"Request forbidden by administrative rules. Please make sure your request has a User-Agent header (http://developer.github.com/v3/#user-agent-required). Check https://developer.github.com for other possible causes."

var client = new RestClient
{
BaseUrl = "https://api.github.com",
Authenticator = new HttpBasicAuthenticator(_username, _password)
};
_restRequest = new RestRequest(Method.POST)
{
Resource = _resource,
RequestFormat = DataFormat.Json
};
_restRequest.AddBody(new { title = form["feedbackmessage"], body = html, labels = new List { _defaultlabel } });
_restRequest.AddHeader("User-Agent", "http://developer.github.com/v3/#" + _username);
var response = client.Execute(_restRequest);

Somewhat related to issue #1.

It would be awesome if this worked for scoped (private) npm packages.

Currently if I run the program using my scoped package it recognizes it as a github repository:
changelog Unknown Github Repo: @my_username/my_package. Not Found

https://nodesecurity.io/advisories/532

$ changelog @material-ui/core
3.6.2 / 2018-12-09
  * [CHANGELOG] Prepare v3.6.2
  * [core] Upgrade the dev dependencies
    (https://github.com/mui-org/material-ui/issues/13858)
  * [ToggleButton] Change ToggleButtonGroup non-exclusive default
    value to an empty array
    (https://github.com/mui-org/material-ui/issues/13857)
...

$ changelog @material-ui/core 3.6.0
3.6.0 / 2018-11-26
  * [CHANGELOG] Prepare v3.6.0
  * [docs] Notification Cyber Monday
  * [docs] Fix typo in URL
    (https://github.com/mui-org/material-ui/issues/13688)
...

$ changelog @material-ui/core v3.0.0
3.0.0 / 2018-08-27
  * Changelog not found.

But it's right here: https://github.com/mui-org/material-ui/releases/tag/v3.0.0

Surprised the "How it works" section of the README doesn't talk about where it actually looks for changelog information (Github releases? CHANGELOG.md? material-ui has both and they are very thorough and consistent)