Closed dependabot[bot] closed 2 months ago
While this looks ok to update, I really don't know what is the exact impact.
As written in https://github.com/elastic/observability-robots/issues/1970 both the upload and download have breaking changes, but I don't know if it's a problem here.
@dependabot ignore actions/download-artifact major version
OK, I won't notify you about version 4.x.x of actions/download-artifact again, unless you unignore it.
download-artifact@v4 cannot be used as long as the upload-artifact@v3 is used in https://github.com/elastic/apm-pipeline-library/blob/0add8dd84257b1f07422ef9d622f4c5c3b4d1d98/.github/actions/buildkite/action.yml#L110-L111
We plan to bump to v4 in the future, but we have not planned when yet.
Looks like these dependencies are updatable in another way, so this is no longer needed.
Bumps the github-actions group with 2 updates: gradle/actions and actions/download-artifact.
Updates
gradle/actions
from 3.3.1 to 3.3.2Release notes
Sourced from gradle/actions's releases.
Commits
db19848
[bot] Update dist directory941b289
Avoid running Gradle 3.5.1 on MacOS where Java 8 is not availablebce7dac
Improve build scan badge readability with long tasks (#200)11eaed9
Avoid Java 8 since it is not available on MacOS runnerscd62d9c
Improve job summary readability with long tasksa54fb6a
Add tests on current job-summary behavioref36f81
Fix typo in build shell script18998bc
[bot] Update dist directorya772c14
Avoid updating real dependency graph in tests7763d71
Set the report dir for download-and-submitUpdates
actions/download-artifact
from 3 to 4Release notes
Sourced from actions/download-artifact's releases.
Commits
65a9edc
Merge pull request #325 from bethanyj28/mainfdd1595
licensedc13dba1
update@actions/artifact
dependency0daa75e
Merge pull request #324 from actions/eggyhead/use-artifact-v2.1.69c19ed7
Merge branch 'main' into eggyhead/use-artifact-v2.1.63d3ea87
updating license89af5db
updating artifact package v2.1.6b4aefff
Merge pull request #323 from actions/eggyhead/update-artifact-v2158caf195
package lock updated7a2ec4
updating package versionDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show