This PR sets up dependabot to keep the repo's Actions up-to-date whenever a new major version is released for the Actions.
Dependabot is set up to only scan once a month and, should it find anything, all Actions with new versions will be updated in a single PR (see this PR as an example).
I've also gone ahead and updated the Actions to the latest major versions. In the case of coverallsapp/github-action, I changed it from @master to @v2 (the latest major version) to protect Jansson from a potential broken HEAD commit in that Action. I can't do the same for the oss-fuzz Actions because they must be @master to work properly.
akheron
commented
7 months ago
Fixes #671.
This PR sets up dependabot to keep the repo's Actions up-to-date whenever a new major version is released for the Actions.
Dependabot is set up to only scan once a month and, should it find anything, all Actions with new versions will be updated in a single PR (see this PR as an example).
I've also gone ahead and updated the Actions to the latest major versions. In the case of
coverallsapp/github-action, I changed it from@masterto@v2(the latest major version) to protect Jansson from a potential broken HEAD commit in that Action. I can't do the same for theoss-fuzzActions because they must be@masterto work properly.