Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Running job with dependabot/fetch-metadata@v1.1.1 gets warning message #23383

Closed
1 task done
neko314 opened this issue Jan 22, 2023 · 4 comments · Fixed by #23566
Closed
1 task done

Running job with dependabot/fetch-metadata@v1.1.1 gets warning message #23383

neko314 opened this issue Jan 22, 2023 · 4 comments · Fixed by #23566
Labels
code security Content related to code security content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot waiting for review Issue/PR is waiting for a writer's review

Comments

@neko314
Copy link

neko314 commented Jan 22, 2023
edited

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions

What part(s) of the article would you like to see updated?

Parts are dependabot/fetch-metadata@v1.1.1.

It's better to modify sample code not to return any warning messages as possible as it can.

GitHub released to duplicate using set-output without env vars.
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

dependabot/fetch-metadata@v1.1.1 is old version, witch does not yet fix to apply this security fix.
So, I get warning message: The 'set-output' command is deprecated and will be disabled soon. when I run a job with this dependabot/fetch-metadata@v1.1.1.

dependabot/fetch-metadata already fixed this warning at v1.3.5 and released it.
issue: dependabot/fetch-metadata#277
release: https://github.com/dependabot/fetch-metadata/releases/tag/v1.3.5

I expect to sample code not to get any warning messages as possible as it can.
I suggest to update doc like this

 steps:
  - name: Dependabot metadata
  id: metadata
-  uses: dependabot/fetch-metadata@v1.1.1
+  uses: dependabot/fetch-metadata@v1

Additional information

No response
@neko314 neko314 added the content This issue or pull request belongs to the Docs Content team label Jan 22, 2023
@welcome
Copy link

welcome bot commented Jan 22, 2023

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Jan 22, 2023
@cmwilson21
Copy link
Contributor

@neko314 Thanks so much for opening an issue! I'll triage this for the team to take a look 👀

@cmwilson21 cmwilson21 added dependabot Content related to Dependabot code security Content related to code security waiting for review Issue/PR is waiting for a writer's review and removed triage Do not begin working on this issue until triaged by the team labels Jan 24, 2023
@Rotzbua Rotzbua mentioned this issue Jan 29, 2023
Merged
2 tasks
@am-stead
Copy link
Contributor

am-stead commented Feb 1, 2023

Thank you for this contribution! 💛
I have approved a PR to fix this, so I will close this issue out. ✨

@am-stead am-stead closed this as completed Feb 1, 2023
@neko314
Copy link
Author

neko314 commented Feb 5, 2023

@cmwilson21 @am-stead
Thank you✨

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
code security Content related to code security content This issue or pull request belongs to the Docs Content team dependabot Content related to Dependabot waiting for review Issue/PR is waiting for a writer's review
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix dependabot examples Rotzbua/github_docs
3 participants
@neko314 @cmwilson21 @am-stead