Update inline comments indicating version #5559
Labels
Comments
|
An example Dependabot PR where this can be seen: WordPress/wordpress-develop#3112. |
|
Agreed! We'd love it to, just no one has gotten around to implementing it. A PR is always welcome if you're interested. Closing as a duplicate of #4691 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This request is specific to GitHub Actions, but it's possible this could be a practice for other package ecosystems.
In WordPress/wordpress-develop, our third-party actions are pinned to a full length commit SHA following the Security Hardening guidelines. Because SHA values are not human readable, an inline comment stating the version number is included at the end of the line (a few examples).
Dependabot is smart enough to update the SHA value, but does not update the version within the comment. I'm not sure if this is a common practice, but it would be great if Dependabot could also update the inline comment.
The text was updated successfully, but these errors were encountered: