larouxn left a comment (openstreetmap/openstreetmap-website#6332)
> So basically the end result is more work for us to merge PRs for minor
> version changes?
For sure it will result in _more_ PRs but I don't think it would be a ton. Can
certainly tune the Dependabot config if it turns out to be a large burden. For
reference regarding update frequency per action:
- `actions/checkout` just had its first two releases (v4.3.0 and v5.0.0) since
Oct 2024 (+9 months) last week
([releases](https://github.com/actions/checkout/releases))
- `ruby/setup-ruby` has had quite a few updates in the last couple months
though mostly we can expect bumps every 2 months re: new Ruby versions being
released ([Ruby release schedule
noted](https://www.ruby-lang.org/en/news/2025/07/15/ruby-3-4-5-released/),
[releases](https://github.com/ruby/setup-ruby/releases/))
- `actions/setup-node` hasn't had an update since April and before April not
since March, then January, then last October
([releases](https://github.com/actions/setup-node/releases))
- `actions/upload-artifact` has only had 3 updates this year
([releases](https://github.com/actions/upload-artifact/releases))
- `coverallsapp/github-action` hasn't had any updates since January and before
that last October
([releases](https://github.com/coverallsapp/github-action/releases))
Overall I think most won't result it much in terms of bumps other than
`ruby/setup-ruby` which _could_ prove a bit burdensome. We could remove the SHA
lock for that since it's typically one of the safer actions to silent bump
anyway since it usually just adds support for new Rubies.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/6332#issuecomment-3197501995
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/pull/6332/c3197501...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev
