Build: Bump lando/notarize-action from 4f5869b09386e8336802159031e4189e0919ae20 to bd2f055b8685623053d14594e9c5742c912befaf#3263
Conversation
|
Needs review. |
|
@dependabot rebase |
Bumps [lando/notarize-action](https://github.com/lando/notarize-action) from 4f5869b09386e8336802159031e4189e0919ae20 to bd2f055b8685623053d14594e9c5742c912befaf. - [Release notes](https://github.com/lando/notarize-action/releases) - [Changelog](https://github.com/lando/notarize-action/blob/main/CHANGELOG.md) - [Commits](lando/notarize-action@4f5869b...bd2f055) --- updated-dependencies: - dependency-name: lando/notarize-action dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/github_actions/lando/notarize-action-bd2f055b8685623053d14594e9c5742c912befaf
branch
from
f6775a2 to
973b8ac
Compare
What kind of review? I've looked at the code for the action at https://github.com/lando/notarize-action/commits/main/, although I'm not familiar with the project. We can verify that our project builds correctly with this PR, but I guess the operation of notarize-action can't be tested unless we are signing a release? Does signing/notarization currently work in our repo? I would be inclined to merge this, and investigate any problems if they occur later. |
|
I don't think we notarize ourselves. So I don't think we can test this. |
|
In my opinion it's an avoidable dependency. I'm a bit worried about a security related action we don't fully understand. |
ann0see
left a comment
ann0see
left a comment
There was a problem hiding this comment.
Probably we need to go with this.
|
@dependabot close |
dependabot
bot
deleted the
dependabot/github_actions/lando/notarize-action-bd2f055b8685623053d14594e9c5742c912befaf
branch
3 participants
Bumps lando/notarize-action from 4f5869b09386e8336802159031e4189e0919ae20 to bd2f055b8685623053d14594e9c5742c912befaf.
Changelog
Sourced from lando/notarize-action's changelog.
Commits
bd2f055Contrib plus (#28)b1d2a24upraYou can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)