Bump actions/checkout from 2.0.0 to 4.1.4 #101585
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [actions/checkout](https://github.com/actions/checkout) from 2.0.0 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v4.1.4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dotnet-policy-service
bot
added
the
community-contribution
|
@jeffhandley do you want to approve/merge the several PR's of this type, as you're closer to this repo and will notice sooner if there's an issue? going forward, I assume updates aren't that often. |
There was a problem hiding this comment.
I augmented this to prevent bumps to minor/patch versions and only update major versions going forward as most actions use a major version tag that floats to the latest minor/patch.
Edit: I had referenced an incorrect example dependabot configuration. I updated my changes based on documentation here: https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#ignore
Now, minor/patch updates will be ignored only for the actions/checkout dependency (for now). And this fixes the configuration check failure.
jeffhandley
deleted the
dependabot/github_actions/actions/checkout-4.1.4
branch
…rsions (dotnet#101585) * Bump actions/checkout from 2.0.0 to 4.1.4 Bumps [actions/checkout](https://github.com/actions/checkout) from 2.0.0 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v4.1.4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Set dependabot to bump github-actions to major versions; use checkout v4 * Ignore patch and minor updates to actions/checkout --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jeff Handley <jeffhandley@users.noreply.github.com>
@danmoseley I reviewed and merged all of the PRs that were queued up from this. |
…rsions (dotnet#101585) * Bump actions/checkout from 2.0.0 to 4.1.4 Bumps [actions/checkout](https://github.com/actions/checkout) from 2.0.0 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v2...v4.1.4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * Set dependabot to bump github-actions to major versions; use checkout v4 * Ignore patch and minor updates to actions/checkout --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jeff Handley <jeffhandley@users.noreply.github.com>
Bumps actions/checkout from 2.0.0 to 4.1.4.
Release notes
Sourced from actions/checkout's releases.
... (truncated)
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
0ad4b8fPrep Release v4.1.4 (#1704)43045aeDisableextensions.worktreeConfigwhen disablingsparse-checkout(#1692)37b0821Bump the minor-actions-dependencies group with 2 updates (#1693)9839dc1Add dependabot config (#1688)9b4c13bBump word-wrap from 1.2.3 to 1.2.5 (#1643)1d96c77Add SSH user parameter (#1685)cd7d8d6Check git version before attempting to disablesparse-checkout(#1656)8410ad0Updateactions/checkoutversion inupdate-main-version.yml(#1650)9bb5618Prep for release of v4.1.2 (#1649)8eb1f6aBump@babel/traversefrom 7.20.5 to 7.24.0 (#1642)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)