Add semver to dependencies #5582
Labels
good first issue
Good for beginners
help wanted
Features that maintainers are willing to accept but do not have cycles to implement
Comments
yurishkuro
added
help wanted
yurishkuro
added a commit
that referenced
this issue
Jun 15, 2024
## Which problem is this PR solving? Resolves #5582 ## Description of the changes - added semvers to dependencies ## How was this change tested? - ## Checklist - [ ] I have read https://github.com/jaegertracing/jaeger/blob/master/CONTRIBUTING_GUIDELINES.md - [ ] I have signed all commits - [ ] I have added unit tests for the new functionality - [ ] I have run lint and test steps successfully - for `jaeger`: `make lint test` - for `jaeger-ui`: `yarn lint` and `yarn test` --------- Signed-off-by: danish siddiqui <[email protected]> Signed-off-by: Yuri Shkuro <[email protected]> Co-authored-by: Yuri Shkuro <[email protected]> Co-authored-by: Yuri Shkuro <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In the github workflows we try to use exact hashes for reproducible builds, but also indicate a semver in the comments which is understood by dependency bots. However, when we have only the hash, the bots can attempt to upgrade to the latest commit (example: #5573), which we don't want, we only want to upgrade to released versions.
We need to find workflows that either specify hash without the semver, or only version without a hash, and update them to
action/name@hash # vX.Y.Z. Their respective repos can be used to find the matching hash / semver.The text was updated successfully, but these errors were encountered: