#3476 PR merged: Bump redhat-plumbers-in-action/differential-shellcheck from 5.5.3 to 5.5.4

Labels: dependencies, github_actions

dependabot opened issue at 2025-06-01 11:38:

Bumps redhat-plumbers-in-action/differential-shellcheck from 5.5.3 to 5.5.4.

Release notes

Sourced from redhat-plumbers-in-action/differential-shellcheck's releases.

v5.5.4

What's Changed

Documentation

Other changes

Dependency Updates

Full Changelog: https://github.com/redhat-plumbers-in-action/differential-shellcheck/compare/v5.5.3...v5.5.4

Commits
  • 929381c v5.5.4
  • 2a4053f fix: Make defects log valid for full scan
  • 9a809ee build(deps): bump test/bats from 3172a45 to fed179f
  • d8f4384 build(deps): bump github/codeql-action from 3.28.13 to 3.28.16
  • 642d659 build(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2
  • 12aa05e build(deps): bump docker/build-push-action from 6.15.0 to 6.16.0
  • 85f7746 build(deps): bump fedora from 41 to 42
  • 0213d0b build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2
  • f064442 build(deps): bump docker/login-action from 3.3.0 to 3.4.0
  • e4b3af5 build(deps): bump github/codeql-action from 3.28.9 to 3.28.13
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

gdha commented at 2025-06-16 13:02:

We encountered an error:

Error: The artifact name is not valid: ReaR Packages dependabot/github_actions/redhat-plumbers-in-action/differential-shellcheck-5.5.4 93654385b32ed35b58149e469fff504fd5027b49. 
Contains the following character:  Forward slash /

Co-pilot suggest to update the block in the workflow file build-packages.yml

- name: Upload Artifacts
  if: always()
  uses: actions/upload-artifact@v4
  with:
      name: ${{ format('ReaR Packages {0} {1}', (github.head_ref || env.RELEASE_FILENAME || github.ref_name).replace('/', '_'), github.sha) }}
      path: dist-all/*
      retention-days: 7

lzaoral commented at 2025-06-17 11:32:

@gdha, you should never manually rebase dependabot PRs. Please, use the @dependabot rebase command instead.

gdha commented at 2025-06-17 12:05:

@gdha, you should never manually rebase dependabot PRs. Please, use the @dependabot rebase command instead.

Good to know - thanks @lzaoral

jsmeix commented at 2025-06-17 13:21:

@lzaoral
out of curiosity:
Why should one never manually rebase dependabot PRs?

The reason why I ask is that it worries me
when there are different types of PRs
where special insider knowledge is needed
to recognize them and to handle them properly.

lzaoral commented at 2025-07-08 12:38:

@jsmeix Sorry for not replying sooner, I must have somehow missed the notification.

Why should one never manually rebase dependabot PRs?

If you push extra commits to a branch created by dependabot, you will effectively disable it, unless you tag it directly using the @dependabot command as noted in the PR description and docs: https://docs.github.com/en/code-security/dependabot/working-with-dependabot/managing-pull-requests-for-dependency-updates#allowing-dependabot-to-rebase-and-force-push-over-extra-commits

Of course, if you are aware of this behaviour and you still wish to push to dependabot's branches, that's fine.

jsmeix commented at 2025-07-08 13:08:

@lzaoral
thank you for your reply, in particular with
the link to the matching Dependabot documentation!

Unfortunately it seems I am too slow-witted to understand it
because I fail to see WHY "Dependabot will stop rebasing
a pull request once extra commits have been pushed to it".
It must be obvious for everyone who works with it
so no reason needs to be told (or it is told at another place)
and for me it means it is better when I stay away from it ;-)

dependabot commented at 2025-08-01 11:08:

A newer version of redhat-plumbers-in-action/differential-shellcheck exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[Export of Github issue for rear/rear.]