Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update act (#23512) #23518

Merged
merged 1 commit into from
Mar 16, 2023
Merged

Update act (#23512) #23518

merged 1 commit into from
Mar 16, 2023

Conversation

wolfogre
Copy link
Member

Backport #23512.

Update replace:

- replace github.com/nektos/act => gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744
+ replace github.com/nektos/act => gitea.com/gitea/act v0.243.1

Update require:

-	github.com/nektos/act v0.0.0
+	github.com/nektos/act v0.2.43

Actually, v0.2.43 doesn't work, it will be replaced by gitea/act, so it's OK to put any version here. But gitea/act is based on nektos/act, so keeping the right upstream version will make security dependabot help.

BTW, the security
report is false positive, we don't use the artifact server in act, see #22738.

@wolfogre
Update act (#23512)
fd57b14 
Update replace:
```diff
- replace github.com/nektos/act => gitea.com/gitea/act v0.234.2-0.20230131074955-e46ede1b1744
+ replace github.com/nektos/act => gitea.com/gitea/act v0.243.1
```

Update require:
```diff
-	github.com/nektos/act v0.0.0
+	github.com/nektos/act v0.2.43
```

Actually, `v0.2.43` doesn't work, it will be replaced by `gitea/act`, so
it's OK to put any version here. But `gitea/act` is based on
`nektos/act`, so keeping the right upstream version will make security
dependabot help.

BTW, the [security
report](https://github.com/go-gitea/gitea/security/dependabot/20) is
false positive, we don't use the artifact server in act, see #22738.
@wolfogre wolfogre added topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! dependencies skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. labels Mar 16, 2023
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Mar 16, 2023
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 16, 2023
@delvh delvh added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Mar 16, 2023
@delvh delvh added this to the 1.19.0 milestone Mar 16, 2023
@jolheiser jolheiser merged commit b7c2f48 into go-gitea:release/v1.19 Mar 16, 2023
@jolheiser jolheiser removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Mar 16, 2023
@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@delvh delvh delvh approved these changes

@lunny lunny lunny approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.19.0
Development

Successfully merging this pull request may close these issues.
5 participants
@wolfogre @lunny @delvh @GiteaBot @jolheiser