halamix2
commented
1 year ago - Update Github actions to their latest versions
- setup Dependabot to automatically create PRs with GH actions version bumps
Closed halamix2 closed 1 year ago
halamix2
commented
1 year ago 
google-cla[bot]
commented
1 year ago Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).
View this failed invocation of the CLA check for more information.
For the most up to date status, view the checks section at the bottom of the pull request.
sethvargo
commented
1 year ago Update Github actions to their latest versions
Are there features or bugfixes that we need in these new versions? It just seems like we're pulling in the latest version for no reason. There are API changes for some of these (like setup-go does caching by default) that I think require more analysis.
setup Dependabot to automatically create PRs with GH actions version bumps
I'm not in favor of pulling in new deps just because they exist. I could be convinced to adopt a configuration that suggests updates for dependencies that have security fixes, but randomly pulling in the latest dependencies from the Internet is bad.