build(deps): bump dawidd6/action-download-artifact from 688efa90a08f3552e7c1420c8313e215164e8b14 to 0ad3579bfb84ad8f64e7144efd7b21925c40c9eb #88
Conversation
Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 688efa90a08f3552e7c1420c8313e215164e8b14 to 0ad3579bfb84ad8f64e7144efd7b21925c40c9eb. - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](dawidd6/action-download-artifact@688efa9...0ad3579) --- updated-dependencies: - dependency-name: dawidd6/action-download-artifact dependency-version: 0ad3579bfb84ad8f64e7144efd7b21925c40c9eb dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
github-actions
bot
added
the
ci-cd
|
@kannes are you sure that you want to stay on commits for GH Actions? Personally, I find it really hard to find out what changed and if the new commit is stable or not. But I can leave with it (I guess). |
|
TBH I find it scary how many updates those external workflows seem to require and how they introduce huge amounts of external, unvetted code that runs with our privileges. How over-engineered and interwoven with other dependencies is this stuff... Iirc this particular action had some nasty security issue in the past which snuck into many repos due to the blind auto-updating. Could not find much on it right now though, so I might confuse it with some other tools. Don't let my rambling take you down please... The results of the workflows are great and super useful! I'd say do whatever you consider reasonable and what makes you more productive. 🤜 |
|
Bumps dawidd6/action-download-artifact from 688efa90a08f3552e7c1420c8313e215164e8b14 to 0ad3579bfb84ad8f64e7144efd7b21925c40c9eb.
Commits
0ad3579Update action-download-artifact referencea18d93aRefactor npm-updates workflow to use reusable workflowf9ebae3Update action-download-artifact version to v120bd50d5node_modules: update (#347)c530ff8Update commit and ref to use pull request SHAa275236Update dependencies in package.json74a19a2Downgrade@actions/coredependency versiond3cbd7eChange npm command from ci to install18697baUpdate@actions/artifactversion in package.jsone369143build(deps): bump peter-evans/create-pull-request from 7 to 8 (#344)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)