You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by GitBox <gi...@apache.org> on 2022/07/21 16:46:33 UTC
[GitHub] [logging-log4j2] marcwrobel opened a new pull request, #971: Update actions version comments
marcwrobel opened a new pull request, #971:
URL: https://github.com/apache/logging-log4j2/pull/971
Commented versions were not in sync with the used versions. See :
- https://github.com/actions/setup-java/commit/860f60056505705214d223b91ed7a30f173f6142
- https://github.com/actions/checkout/commit/2541b1294d2704b0964813337f33b291d3f8596b
- https://github.com/actions/upload-artifact/commit/3cea5372237819ed00197afe530f5a7ea3e805c8
- https://github.com/github/codeql-action/commit/935969c6f771d9f0a35efa2ae9cf7c10d9886ca3
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4j2] vy merged pull request #971: Update actions version comments
Posted by GitBox <gi...@apache.org>.
vy merged PR #971:
URL: https://github.com/apache/logging-log4j2/pull/971
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4j2] marcwrobel commented on pull request #971: Update actions version comments
Posted by GitBox <gi...@apache.org>.
marcwrobel commented on PR #971:
URL: https://github.com/apache/logging-log4j2/pull/971#issuecomment-1194551900
@vy, unfortunately I don't. I have to amend `dependabot` PR each time there is a version upgrade.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4j2] vy commented on pull request #971: Update actions version comments
Posted by GitBox <gi...@apache.org>.
vy commented on PR #971:
URL: https://github.com/apache/logging-log4j2/pull/971#issuecomment-1194531332
@marcwrobel, thanks so much for the explanation and fixes, much appreciated! :pray:
It is pretty fragile to manually manage these comments ourselves, yet having commit hashes is a security best-practice. Do you know of a way to make `dependabot` take care of this for us?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [logging-log4j2] marcwrobel commented on pull request #971: Update actions version comments
Posted by GitBox <gi...@apache.org>.
marcwrobel commented on PR #971:
URL: https://github.com/apache/logging-log4j2/pull/971#issuecomment-1312720562
@vy, FYI https://github.blog/changelog/2022-10-31-dependabot-now-updates-comments-in-github-actions-workflows-referencing-action-versions/.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@logging.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org