#3172 PR merged: Bump redhat-plumbers-in-action/differential-shellcheck from 5.0.2 to 5.1.0¶

Labels: fixed / solved / done, ReaR Project, dependencies

dependabot opened issue at 2024-03-01 11:21:¶

Bumps redhat-plumbers-in-action/differential-shellcheck from 5.0.2 to 5.1.0.

Release notes

Sourced from redhat-plumbers-in-action/differential-shellcheck's releases.

v5.1.0

What's Changed

New

• Improve shell script detection based on emacs file mode header :tiger: (#357) @​jamacku

Documentation

• Update markdown warning, use supported syntax :lipstick: (#341) @​jamacku

Other changes

• README.md: bump actions/upload-artifact from v3 to v4 (#347) @​ldv-alt
• doc: remove extra spaces from example 👾 (#346) @​jamacku

Automation and CI changes

• ci: fix release workflow :bug: (#340) @​jamacku

Dependency Updates

• deps: update csutils to 3.2.0 (#355) @​jamacku

• build(deps): bump test/bats from 3d3f63d to 990d8e2 (#354) @​dependabot
• build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0 (#352) @​dependabot
• build(deps): bump dorny/paths-filter from 2.11.1 to 3.0.0 (#351) @​dependabot
• build(deps): bump github/codeql-action from 3.22.12 to 3.23.2 (#349) @​dependabot
• build(deps): bump actions/upload-artifact from 3.1.3 to 4.0.0 (#342) @​dependabot
• build(deps): bump github/codeql-action from 2.22.8 to 3.22.12 (#343) @​dependabot
• build(deps): bump super-linter/super-linter from 5.7.1 to 5.7.2 (#344) @​dependabot
• build(deps): bump test/bats from e9fd17a to 3d3f63d (#345) @​dependabot

Full Changelog: https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/v5.0.2...v5.1.0

Commits

• b9df2a9 v5.1.0
• c74f4ed feat: add support for emacs file mode line with mode:
• f23778e feat: support -*- shell script -*- script header
• 65342fa deps: update csutils to 3.2.0
• 5580924 build(deps): bump test/bats from 3d3f63d to 990d8e2
• 66806ae build(deps): bump actions/upload-artifact from 4.0.0 to 4.3.0
• c2a8e3e build(deps): bump dorny/paths-filter from 2.11.1 to 3.0.0
• a219af7 build(deps): bump github/codeql-action from 3.22.12 to 3.23.2
• 97d3bdd README.md: bump actions/upload-artifact from v3 to v4 (#347)
• ae3a070 doc: remove extra spaces from example
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

jsmeix commented at 2024-03-15 08:37:¶

@pcahyna
I dared to assign it to you because this pull request
belongs to "something from Red Hat"
so perhaps you could handle it?

jsmeix commented at 2024-03-25 15:13:¶

@pcahyna
thank you for handling it!

At least currently I cannot do that because I worry about
https://github.com/rear/rear/issues/3130

pcahyna commented at 2024-03-25 15:34:¶

well an obsolete action in the workflow file is no safer than an uptodate one.

jsmeix commented at 2024-03-26 06:51:¶

I was (perhaps falsely) thinking that an updated one
might have new security/privacy issues
(caused by new/changed functionality that is unsafe)
so each update would have to be carefully examined
before it is accepted to be used in a GitHub Action?

pcahyna commented at 2024-03-26 14:49:¶

@jsmeix I am afraid that we don't have the knowledge and capacity to review all the code that we are using, so we basically have to trust it (reviewing changes would not be enough - one would need to review the whole code when we start using it for the first time) and it is better to update to latest versions as they may contain fixes for issues that others have found.

jsmeix commented at 2024-03-27 07:58:¶

Because we have to basically blindly trust
it is mandatory to limit those automatisms
by only running what we really need and
by only allowing what is really required.

---

[Export of Github issue for rear/rear.]