Bump actions/setup-python from 5.1.1 to 5.2.0 #6578
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.1 to 5.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5.1.1...v5.2.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
|
The following labels could not be found: |
There was a problem hiding this comment.
We can potentially make these PRs less frequent if we have a "major" pin instead of a specific pin, e.g.
- uses: actions/[email protected]
+ uses: actions/setup-python@v5
|
@mahf708 Yes, I don't think we need to update these every minor/micro update. And with actions being relatively small pieces of software, security/bug fixes are not that frequent, at least after v2 or so. My guess is that minor/micro versions can add small features, which we may not need anyways? |
My understanding if you only pin to the major version is that it will use the latest version with that major version. So you would get those small features. |
My understanding aligns with Xylar's. Essentially, if we have I am also bringing docker build/upload/test github actions to the e3sm monorepo next, so our dependabot will finally have more fun with non-github-action pins to upgrade and fiddle with :) xref #6583 |
…nto next (PR #6578) Bumps actions/setup-python from 5.1.1 to 5.2.0. Bug fixes: Add arch to cache key. This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. [BFB]
rljacob
deleted the
dependabot/github_actions/actions/setup-python-5.2.0
branch
Bumps actions/setup-python from 5.1.1 to 5.2.0.
Bug fixes: Add arch to cache key. This addresses issues with caching by adding the architecture (arch)
to the cache key, ensuring that cache keys are accurate to prevent conflicts.
[BFB]
Release notes
Sourced from actions/setup-python's releases.
Commits
f677139Bump pyinstaller from 3.6 to 5.13.1 in /tests/data (#923)2bd53f9Documentation update for caching poetry dependencies (#908)80b49d3fix: add arch to cache key (#896)036a523Fix: Add.zipextension to Windows package downloads forExpand-ArchiveC...04c1311Fix display of emojis in contributors doc (#899)cb68456Updated@iarna/tomlversion to 3.0.0 (#912)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)