-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update actions/checkout action to v4.1.4 #573
Conversation
[puLL-Merge] - actions/checkout@v4.1.1..v4.1.3 Here is my review of the PR: DescriptionThis PR makes several changes and additions to the actions/checkout repository:
The motivation seems to be to fix some bugs, add some new functionality, and improve the testing setup. ChangesChanges
Security Hotspots
Overall this looks like a solid PR that fixes some issues and adds useful functionality. Just need to keep an eye on the security aspects of the SSH user input and test image publishing. Nice work! |
de569be
to
2419a52
Compare
[puLL-Merge] - actions/checkout@v4.1.1..v4.1.4 DescriptionThis PR makes several changes to the
ChangesChanges
Security Hotspots
In summary, the changes look reasonable from a security perspective. The main suggestions would be to review Dependabot PRs carefully and consider running the test container as a non-root user if practical. Nice work on the detailed tests, documentation and changelog! |
This PR contains the following updates:
v4.1.1
->v4.1.4
Release Notes
actions/checkout (actions/checkout)
v4.1.4
Compare Source
extensions.worktreeConfig
when disablingsparse-checkout
by @jww3 in https://github.com/actions/checkout/pull/1692v4.1.3
Compare Source
What's Changed
actions/checkout
version inupdate-main-version.yml
by @jww3 in https://github.com/actions/checkout/pull/1650sparse-checkout
by @jww3 in https://github.com/actions/checkout/pull/1656Full Changelog: actions/checkout@v4.1.2...v4.1.3
v4.1.2
Compare Source
sparse-checkout
option is not present @dscho in https://github.com/actions/checkout/pull/1598Configuration
📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.