Bump rtCamp/action-slack-notify from 2.2.1 to 2.3.0 #2911
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
the
dependencies
dependabot
bot
added
the
github_actions
dependabot
bot
requested review from
ademidoff,
BupycHuk,
idoqo and
JiriCtvrtka
and removed request for
a team
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #2911 +/- ##
==========================================
- Coverage 42.27% 42.24% -0.04%
==========================================
Files 396 396
Lines 50123 50123
==========================================
- Hits 21190 21172 -18
- Misses 26931 26950 +19
+ Partials 2002 2001 -1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
@BupycHuk I wouldn't recommend to upgrade it because of this 3p dependency |
|
@ademidoff what's wrong with that one? |
I'm trying to be security conscious, sometimes a bit more than minimally, not to allow actions calling other actions, which we have not seen before, nor tested. An action should be self-sufficient and do the job on its own. Otherwise, if we go that route we may unintentionally run into a supply chain attack which is not impossible with gh actions. |
dependabot
bot
force-pushed
the
dependabot/github_actions/rtCamp/action-slack-notify-2.3.0
branch
from
1d04b29
to
fc13d06
Compare
Bumps [rtCamp/action-slack-notify](https://github.com/rtcamp/action-slack-notify) from 2.2.1 to 2.3.0. - [Release notes](https://github.com/rtcamp/action-slack-notify/releases) - [Commits](rtCamp/action-slack-notify@v2.2.1...v2.3.0) --- updated-dependencies: - dependency-name: rtCamp/action-slack-notify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/github_actions/rtCamp/action-slack-notify-2.3.0
branch
from
fc13d06
to
15f2d5a
Compare
Bumps rtCamp/action-slack-notify from 2.2.1 to 2.3.0.
Release notes
Sourced from rtCamp/action-slack-notify's releases.
Commits
4e5fb42Update action.yml for releaseaa7ffedMerge pull request #167 from ohbarye/patch-15aea5e5Fixinvalid reference format: repository name must be lowercaseerrora7edf7eAdd fix for uncleared spaces around variables and file uploads (#166)df21811Merge pull request #164 from L0RD-ZER0/master0d712e4Update Dockerfilef7a8970DocumentENABLE_ESCAPESenvironment variable flag3d999d9Merge pull request #11 from L0RD-ZER0/#10478bd342Merge pull request #10 from L0RD-ZER0/feature/app-tokens18b891dAdd support for slack application tokensYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)