Our deployment process failed a couple times due to fastly/cli#1072. Looking into, we realized that we're not setting cli_version to a specific version, which means we're floating the CLI version without realizing it. But if we switch to setting the cli_version, we lose support for dependabot to open PRs for new CLI version releases.
Please consider switching to incorporate the CLI version in the versioning of this action so that we can be safeguarded against supply chain attacks without dropping dependabot support.
Our deployment process failed a couple times due to fastly/cli#1072. Looking into, we realized that we're not setting
cli_version
to a specific version, which means we're floating the CLI version without realizing it. But if we switch to setting thecli_version
, we lose support for dependabot to open PRs for new CLI version releases.Please consider switching to incorporate the CLI version in the versioning of this action so that we can be safeguarded against supply chain attacks without dropping dependabot support.