build(deps): bump dagger.io/dagger from 0.14.0 to 0.15.1 in /action #482
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
dependabot
bot
added
dependencies
dependabot
bot
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
8afa334 to
79d1504
Compare
MDr164
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
79d1504 to
59ddf84
Compare
|
Looks like the only failing check here is the CVE check on an indirect dep so far. |
|
If the |
|
I just bumped that particular indirect one as well, locally it was building just fine with it |
|
Looks like it's getting stuck somewhere, likely #476 I suppose? |
|
Same thing happens locally. Let me check if the timeout of 5s resolves it and I'll update both PRs. |
|
#476 does not resolve it, it just makes it fail faster. |
|
Must be some kind of breaking change in dagger |
|
Yep, adding the timeout un-stucks the test. I'll try to find out what was changed for dagger to behave different here now. |
|
|
|
So, basically, I think that it would be better to drop the whole SSH feature and replace it with #269. Especially if fixing the SSH will take long time, it might be better investment. Do you know how severe is the security 12 issue? The previous one security issue 11 had minimal impact since it was affecting only testing. |
Bumps [dagger.io/dagger](https://github.com/dagger/dagger-go-sdk) from 0.14.0 to 0.15.1. - [Changelog](https://github.com/dagger/dagger-go-sdk/blob/main/CHANGELOG.md) - [Commits](dagger/dagger-go-sdk@v0.14.0...v0.15.1) --- updated-dependencies: - dependency-name: dagger.io/dagger dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
AtomicFS
force-pushed
the
dependabot/go_modules/action/dagger.io/dagger-0.15.1
branch
from
f85430e to
f25dd9e
Compare
Bumps dagger.io/dagger from 0.14.0 to 0.15.1.
Changelog
Sourced from dagger.io/dagger's changelog.
Commits
4303d99chore: prep for v0.15.1 (#9183)92069b3upgrade golang.org/x/crypto dep to avoid CVE (#9172)6eeb37bchore: update release date for v0.15.0 (#9166)d665c65chore: prep for v0.15.0 (#9158)38c89e6shell: reimplement module loading and execution according to new model (#9097)be9da24fix(engine): use default args for starting container as service (#8865)682852fFilesync performance improvements (#8818)efadaf7chore: bump next version to v0.15.0 (#9073)ff2070abump seconv to v1.25.0 to match otel v1.27.0 (#9067)c209a4dPreserve ExecError Stdout/Stderr, just don't show it (#9033)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)