You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@daffodil.apache.org by GitBox <gi...@apache.org> on 2022/02/14 14:50:10 UTC

[GitHub] [daffodil] tuxji commented on a change in pull request #750: Bump actions/github-script from 5.1.0 to 6

tuxji commented on a change in pull request #750:
URL: https://github.com/apache/daffodil/pull/750#discussion_r805919363



##########
File path: .github/workflows/main.yml
##########
@@ -182,7 +182,7 @@ jobs:
     runs-on: ubuntu-20.04
     steps:
       - name: Check Single Commit
-        uses: actions/github-script@v5.1.0
+        uses: actions/github-script@v6

Review comment:
       We must tag the most specific version number in order to review dependabot bumps from a minor or patch releases to the next release.  `v6.0.0` is the most specific version, but `v6` is too general.  Our builds would silently bump from the first v6 version to the next v6 minor or patch version without any dependabot PR review until v7 came out.  Arguably this is a dependabot bug for choosing `v6` when it had a choice of two tags, but please change the tag to `v6.0.0` before you merge.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@daffodil.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org