pllim
commented
7 months ago It automatically bumps versions. I seldom see the pip one in action but it bumps Actions from time to time. Not necessarily just security fixes. Ok to merge?
Closed pllim closed 7 months ago
pllim
commented
7 months ago It automatically bumps versions. I seldom see the pip one in action but it bumps Actions from time to time. Not necessarily just security fixes. Ok to merge?
ejeschke
commented
7 months ago Let's give it a whirl.
There is no need to run CI here and you won't see the benefit until after merge. This would allow Dependabot to submit PRs to upgrade things like GitHub Actions versions as needed.
See https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide