build(deps): bump dagger.io/dagger from 0.14.0 to 0.15.1 in /action #482
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
dependabot
bot
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
8afa334 to
79d1504
Compare
MDr164
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
79d1504 to
59ddf84
Compare
|
Looks like the only failing check here is the CVE check on an indirect dep so far. |
|
If the |
|
I just bumped that particular indirect one as well, locally it was building just fine with it |
|
Looks like it's getting stuck somewhere, likely #476 I suppose? |
|
Same thing happens locally. Let me check if the timeout of 5s resolves it and I'll update both PRs. |
|
#476 does not resolve it, it just makes it fail faster. |
|
Must be some kind of breaking change in dagger |
|
Yep, adding the timeout un-stucks the test. I'll try to find out what was changed for dagger to behave different here now. |
|
|
|
So, basically, I think that it would be better to drop the whole SSH feature and replace it with #269. Especially if fixing the SSH will take long time, it might be better investment. Do you know how severe is the security 12 issue? The previous one security issue 11 had minimal impact since it was affecting only testing. |
AtomicFS
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
f85430e to
f25dd9e
Compare
|
@dependabot rebase |
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
|
@dependabot recreate |
dependabot
bot
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
f25dd9e to
e1df44f
Compare
|
Not sure if it is wort it to invest any time into this because of:
|
Bumps [dagger.io/dagger](https://github.com/dagger/dagger-go-sdk) from 0.14.0 to 0.15.1. - [Changelog](https://github.com/dagger/dagger-go-sdk/blob/main/CHANGELOG.md) - [Commits](dagger/dagger-go-sdk@v0.14.0...v0.15.1) --- updated-dependencies: - dependency-name: dagger.io/dagger dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
MDr164
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
e1df44f to
e83dc4a
Compare
Probably not, can you tell dependabot to ignore a dep or do we just wanna keep the PR around until it's changed? |
|
We could just close the PR and dependabot will get the message ;) |
Pull request was closed
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
bot
deleted the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
|
@dependabot ignore |
|
Sorry, the command you entered is not valid for this pull request. Please check the syntax and try again. Valid commands: |
|
@dependabot ignore this dependency |
|
OK, I won't notify you about dagger.io/dagger again, unless you re-open this PR. |
|
oh wait :D we should not ignore this :D sorry, faster typing than thinking :D |
|
@dependabot unignore |
|
Sorry, the command you entered is not valid. Valid commands: |
|
@dependabot unignore dagger.io/dagger dependency |
|
OK, I will stop ignoring the dagger.io/dagger dependency. |
|
Looks like this PR is closed. If you re-open it I'll rebase it as long as no-one else has edited it (you can use |
|
I will ask dependabot to recreate this once we merge something for #269 |
Bumps dagger.io/dagger from 0.14.0 to 0.15.1.
Changelog
Sourced from dagger.io/dagger's changelog.
Commits
4303d99chore: prep for v0.15.1 (#9183)92069b3upgrade golang.org/x/crypto dep to avoid CVE (#9172)6eeb37bchore: update release date for v0.15.0 (#9166)d665c65chore: prep for v0.15.0 (#9158)38c89e6shell: reimplement module loading and execution according to new model (#9097)be9da24fix(engine): use default args for starting container as service (#8865)682852fFilesync performance improvements (#8818)efadaf7chore: bump next version to v0.15.0 (#9073)ff2070abump seconv to v1.25.0 to match otel v1.27.0 (#9067)c209a4dPreserve ExecError Stdout/Stderr, just don't show it (#9033)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)