Skip to content

Update dependencies, Github achtions and dependabot strategy #325

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mahula wants to merge 11 commits into from
Closed

Update dependencies, Github achtions and dependabot strategy #325

mahula wants to merge 11 commits into from

Conversation

@mahula
Copy link

@mahula mahula commented May 25, 2025

Proposed changes

Types of changes

What types of changes does your code introduce ?
Put an x in the boxes that apply

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Update (if none of the other choices apply)
  • Update of dependencies, Github achtions,and dependabot strategy

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

@mahula mahula requested a review from 8BitJonny as a code owner May 25, 2025 09:38
@8BitJonny
Copy link
Owner

8BitJonny commented Jun 12, 2025

Thanks @mahula and sorry for the late reply. I'll have a look at it on the weekend but at a first glance I think this can be incorporated right away into the next version

8BitJonny
8BitJonny requested changes Jun 30, 2025
View reviewed changes
Copy link
Owner

@8BitJonny 8BitJonny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't want to check whether all commit hashes of the actions match or not, if the first hash doesn't match.
So thanks for your submission, but I'll do it myself, since I also don't want to change the dependabot config like you proposed

.github/workflows/build.yml
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v3
- uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2 # v4.2.2
Copy link
Owner

@8BitJonny 8BitJonny Jun 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That is not true?
v4.2.2 has the hash 11bd71901bbe5b1630ceea73d27597364c9af683
actions/checkout@11bd719

Copy link
Author

@mahula mahula Jul 21, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No,
what the comment at the line's end represents is the most current release version of the used action, while in the workflow the latest commit has is used.

Why did you close the whole PR, @8BitJonny ?
The commit hashes were just one of several changes to the action.

@8BitJonny 8BitJonny closed this Jun 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@8BitJonny 8BitJonny 8BitJonny requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@mahula @8BitJonny