search

conda / infrastructure

A repo to report issues and have discussions about the conda infrastructure
BSD 3-Clause "New" or "Revised" License
12 stars 15 forks source link

Bump actions-ecosystem/action-add-labels from 1.1.0 to 1.1.3 #713

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps actions-ecosystem/action-add-labels from 1.1.0 to 1.1.3.

Commits
  • 18f1af5 Make github_token not requirement (#259)
  • 7548625 Update default branch for release trigger (#254)
  • a8ae047 Update workflow trigger pull_request -> pull_request_target (#183)
  • b2442fe Make github_token input optional (#160)
  • 442934f Bump lodash from 4.17.15 to 4.17.19 (#69)
  • 4efa0cd Bump @​actions/core from 1.2.4 to 1.2.6 (#100)
  • cff25c1 Bump jest-circus from 24.9.0 to 26.0.1 (#40)
  • 7fd0d4e Bump @​zeit/ncc from 0.20.5 to 0.22.3 (#42)
  • bdfefdd Bump @​types/semver from 6.2.1 to 7.2.0 (#41)
  • 96c379d Bump typescript from 3.8.3 to 3.9.3 (#39)
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
jezdez commented 1 year ago

@kenodegard Is https://github.com/actions-ecosystem/action-add-labels/commit/a8ae047fee0ca28235f9764e1c478d2136dc15c1 possibly a problem?

kenodegard commented 1 year ago

Yup looks like that's not something we can customize: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#open-pull-requests-limit

kenodegard commented 1 year ago

Our concern with the mutability of tags is probably not worth the effort. We should spend the time to vet the person/org behind the actions instead.