#3051 PR merged: Bump actions/checkout from 3 to 4¶
Labels: fixed / solved / done, dependencies
dependabot opened issue at 2023-10-01 11:02:¶
Bumps actions/checkout from 3 to 4.
Release notes
Sourced from actions/checkout's releases.
v4.0.0
What's Changed
- Update default runtime to node20 by
@takostin actions/checkout#1436- Support fetching without the --progress option by
@simonbairdin actions/checkout#1067- Release 4.0.0 by
@takostin actions/checkout#1447New Contributors
@takostmade their first contribution in actions/checkout#1436@simonbairdmade their first contribution in actions/checkout#1067Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0
v3.6.0
What's Changed
- Mark test scripts with Bash'isms to be run via Bash by
@dschoin actions/checkout#1377- Add option to fetch tags even if fetch-depth > 0 by
@RobertWieczoreckin actions/checkout#579- Release 3.6.0 by
@luketomlinsonin actions/checkout#1437New Contributors
@RobertWieczoreckmade their first contribution in actions/checkout#579@luketomlinsonmade their first contribution in actions/checkout#1437Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0
v3.5.3
What's Changed
- Fix: Checkout Issue in self hosted runner due to faulty submodule check-ins by
@megamanicsin actions/checkout#1196- Fix typos found by codespell by
@DimitriPapadopoulosin actions/checkout#1287- Add support for sparse checkouts by
@dschoand@dfdezin actions/checkout#1369- Release v3.5.3 by
@TingluoHuangin actions/checkout#1376New Contributors
@megamanicsmade their first contribution in actions/checkout#1196@DimitriPapadopoulosmade their first contribution in actions/checkout#1287@dfdezmade their first contribution in actions/checkout#1369Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3
v3.5.2
What's Changed
- Fix: Use correct API url / endpoint in GHES by
@fhammerlin actions/checkout#1289 based on #1286 by@1newsrFull Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2
v3.5.1
What's Changed
- Improve checkout performance on Windows runners by upgrading
@actions/githubdependency by@BrettDongin actions/checkout#1246New Contributors
@BrettDongmade their first contribution in actions/checkout#1246
... (truncated)
Commits
8ade135Prepare 4.1.0 release (#1496)c533a0aAdd support for partial checkout filters (#1396)72f2cecUpdate README.md for V4 (#1452)3df4ab1Release 4.0.0 (#1447)8b5e8b7Support fetching without the --progress option (#1067)97a652bUpdate default runtime to node20 (#1436)- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show
jsmeix commented at 2023-10-27 12:34:¶
@rear/contributors
I have no idea what that pull request actually is about.
If someone of you understands what the changes here mean,
could you please (as time permits) approve or reject it?
Thank you in advance!
What is see at
https://github.com/rear/rear/pull/3051/files
is meaningless for me.
I see some version string is changed to a higher version
and something that looks like a git commit hash is changed.
But I do neither see what it means to change "it"
to a higher version and/or to another git commit hash
nor do I see what that "it" is that actually gets changed
i.e. what that "actions/checkout" actually is
and what its difference is between "v3" and "v4"
and/or its difference between those git commits.
I mean things at
https://github.com/actions/checkout
seem to be foreign stuff where I know nothing about
and also e.g.
https://github.com/cory-miller
is not someone who I know.
This does not look like official GitHub software
and/or an official GitHub employee.
schlomo commented at 2023-10-27 14:05:¶
@jsmeix Dependabot is a service run by GitHub that can automatically submit PRs for dependency upgrades. Please see https://github.blog/2020-06-01-keep-all-your-packages-up-to-date-with-dependabot/ for more details.
In https://github.com/rear/rear/blob/master/.github/dependabot.yml we configured such Dependabot updates for the GitHub actions recipes and their dependencies.
This PR here is the result of that configuration.
The checkout action does what it says, it checks out the source code
from the git repository in the pipeline.
It is good practice to keep dependencies up-to-date, akin to running
zypper up once a month.
schlomo commented at 2023-10-27 14:07:¶
Ah, you noticed correctly the use of a version tag or a git SHA to refer to the dependency, this is version pinning and also recommended best practice. Dependabot can handle both, most people pin the major version and trust the minor/patch updates blindly. Setting the SHA allows for more human control over the dependency change, but I'd recommend that only for situations where a human would actually want to look at it.
jsmeix commented at 2023-10-27 14:27:¶
@schlomo
thank you so much for taking care of this pull request!
[Export of Github issue for rear/rear.]