pjfanning commented on PR #1871: URL: https://github.com/apache/pekko/pull/1871#issuecomment-2909880639
> > * it might be best to disable dependabot > > * from approx August, we will have to get approval from ASF Infra team to use specific action versions > > According to https://github.com/apache/infrastructure-actions?tab=readme-ov-file#adding-a-new-version-to-the-allow-list versions will get expired after 3 months, so while we don't want to be ahead, we don't want to be too far behind either. Might make sense to keep dependabot because of that? (though it'll take some extra work however we slice it...) The current actions.yml file does not seem to operate that way. The wildcards are all set to expire soon. The SHAs have expiry of 20250. https://github.com/apache/infrastructure-actions/blob/main/actions.yml#L681-L686 I don't think it is a good idea to assume that all actions will issue new releases at least once every 3 months. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@pekko.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@pekko.apache.org For additional commands, e-mail: notifications-h...@pekko.apache.org
