Enable Dependabot for GitHub Actions #8778
Open
+6
−0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Our workflows use old GitHub Actions. For example, we use `actions/checkout@v3` but `actions/checkout@v5` is the latest version: https://github.com/google/flatbuffers/blob/599847236c35fa3802ea4e46e20e93a55d3a4a94/.github/workflows/build.yml#L33 https://github.com/actions/checkout/releases How about enabling Dependabot? If we enable Dependabot, Dependabot opens PRs that update old GitHub Actions. Dependabot document: https://docs.github.com/en/code-security/dependabot Dependabot configuration document: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference
Collaborator
|
@bjornharrtell I noticed you were interacting with dependabot recently, is this something you could comment on? |
Collaborator
|
@jtdavis777 not sure what you mean with interacting, it wasn't concious. :) That said, I don't see why not... except that flatbuffers as a project seem to lack maintainers/time, so it might increase burden. |
Collaborator
|
ah I had just seen that you had approved #8779 and I think merged a different PR into that branch. I'm unsure who (of the active participants :D ) has experience and authority with the CI |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our workflows use old GitHub Actions. For example, we use
actions/checkout@v3butactions/checkout@v5is the latest version:flatbuffers/.github/workflows/build.yml
Line 33 in 5998472
https://github.com/actions/checkout/releases
How about enabling Dependabot? If we enable Dependabot, Dependabot opens PRs that update old GitHub Actions.
Dependabot document:
https://docs.github.com/en/code-security/dependabot
Dependabot configuration document:
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/dependabot-options-reference