Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Github Actions dependencies #2649

Merged
merged 1 commit into from
Sep 4, 2024
Merged

Update Github Actions dependencies #2649

merged 1 commit into from
Sep 4, 2024
+5 −5

Conversation

fhanau
Copy link
Contributor

@fhanau fhanau commented Sep 4, 2024

  • This finally fixes warnings about the deprecated node16 being used for CLAssistant.
  • Use short-form for dependencies in BUILD.dawn

@fhanau
Update Github Actions dependencies

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode
Loading
Loading status checks…
dc04113 
- This finally fixes warnings about the deprecated node16 being used for CLAssistant.
- Use short-form for dependencies in BUILD.dawn
@fhanau fhanau requested review from a team as code owners September 4, 2024 02:58
anonrig
anonrig approved these changes Sep 4, 2024
View reviewed changes
Copy link
Member

@anonrig anonrig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we also enable dependabot?

@fhanau
Copy link
Contributor Author

fhanau commented Sep 4, 2024

Should we also enable dependabot?

IMHO dependabot can just be spamming PRs sometimes... We don't use GitHub Actions dependencies that much and managing dependencies is quite sane for them in the general case (e.g. we use actions/checkout@v4 which maps to the latest available 4.x release, so we get non-major updates automatically). These dependencies have been mostly low-maintenance and the current approach of updating them as needed/based on deprecation warnings works well enough.

@fhanau fhanau merged commit d65d3e6 into main Sep 4, 2024
13 checks passed
@fhanau fhanau deleted the felix/090324-build-cleanup branch September 4, 2024 15:23
@anonrig
Copy link
Member

anonrig commented Sep 4, 2024

IMHO dependabot can just be spamming PRs sometimes...

Agreed. In terms of security, if we are not updating them regularly, it might be better to use commit hashes instead of semver versions for github action dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anonrig anonrig

@dom96 dom96

@ObsidianMinor ObsidianMinor

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@fhanau @anonrig