Update GitHub Actions and enable Dependabot#2686
Update GitHub Actions and enable Dependabot#2686riccardobl merged 3 commits intojMonkeyEngine:masterfrom
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the Dependabot configuration to include tracking for GitHub Actions. The new configuration specifies a weekly update schedule, a limit of five open pull requests, a 'ci' commit message prefix, and relevant labels for these dependency updates. I have no feedback to provide as no issues were identified and no review comments were present.
There was a problem hiding this comment.
Thanks!
I took the liberty of making a few changes to this PR:
- downgraded some GitHub Actions that were released very recently to slightly older versions
- added a 30 days cooldown to Dependabot
The goal is to avoid tracking the very latest releases immediately, giving some time for potential supply-chain attacks to surface before we upgrade.
|
Thanks @riccardobl, those changes sound good to me too. I don't think I can merge, let me know when you can do that. |
2 participants
Updating current github actions and enabling dependabot for github actions from now on.