Bump codecov/codecov-action from 4.0.2 to 4.1.0 #1173
Conversation
(Replace incorrect tag 4.1.0 with v4.1.0) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v4.0.2...v4.1.0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: John Interrante <interran@research.ge.com>
There was a problem hiding this comment.
+1
I guess codecov renamed the tag? Maybe we should start version pinning github actions with commit hashes instead tags if projects could change their tags. It looks like dependabot supports updating hashes and adds human readable comments so you know what versions is being used:
Yes, commit hashes are immutable while tags can be changed willy-nilly. Most projects don't change their tags, but we just saw it happen in codecov's case so I agree a commit hash would have avoided this corrective PR. If we decide to switch to commit hashes, we'll have to create a JIRA issue and convert all the tags to hashes in a separate PR. Meanwhile, here's my +1 approving this PR (officially I shouldn't approve/merge my own PR, but this is actually dependabot's PR needing a correction). |
tuxji
deleted the
dependabot/github_actions/codecov/codecov-action-4.1.0
branch
(Replace incorrect tag 4.1.0 with v4.1.0)
Bumps codecov/codecov-action from 4.0.2 to 4.1.0.
updated-dependencies: