Skip to content

action-allowlist-review: bump carabiner-dev/actions from 1.1.7 to 1.2.0 in /.github/actions/for-dependabot-triggered-reviews#856

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/actions/for-dependabot-triggered-reviews/carabiner-dev/actions-1.2.0
Open

action-allowlist-review: bump carabiner-dev/actions from 1.1.7 to 1.2.0 in /.github/actions/for-dependabot-triggered-reviews#856
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/actions/for-dependabot-triggered-reviews/carabiner-dev/actions-1.2.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Bumps carabiner-dev/actions from 1.1.7 to 1.2.0.

Release notes

Sourced from carabiner-dev/actions's releases.

v1.2.0

This release marks a new minor release where all actions now can trace their trust root to a pinned ampel version. In v1.1.7 we migrated all installers. v1.2.0 now updates all actions to use the anchored installers.

No utility version bumps. Only the non-installer actions are now migrated to install/download-and-verify/ - based installers.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 18, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/actions/for-dependabot-triggered-reviews/carabiner-dev/actions-1.2.0 branch from c57ed7a to 5122d1d Compare May 19, 2026 01:43
@potiuk potiuk mentioned this pull request May 19, 2026
Merged
3 tasks
@potiuk
Copy link
Copy Markdown
Member

potiuk commented May 22, 2026

@dependabot rebase

@dependabot
action-allowlist-review: bump carabiner-dev/actions
e1bf0fb 
Bumps [carabiner-dev/actions](https://github.com/carabiner-dev/actions) from 1.1.7 to 1.2.0.
- [Release notes](https://github.com/carabiner-dev/actions/releases)
- [Commits](carabiner-dev/actions@v1.1.7...v1.2.0)

---
updated-dependencies:
- dependency-name: carabiner-dev/actions
  dependency-version: 1.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dot-github/actions/for-dependabot-triggered-reviews/carabiner-dev/actions-1.2.0 branch from 5122d1d to e1bf0fb Compare May 22, 2026 18:57
@ppkarwasz
Copy link
Copy Markdown
Member

ppkarwasz commented May 23, 2026
edited
Loading

We should not merge this one, until carabiner-dev/actions#57 is solved.

Dependabot tries to update carabiner-dev/actions/install/download-and-verify to the latest commit (not release) in the repository, because the commit currently allowed is not tagged. What we want instead is to upgrade it to whatever SHA1 is used by carabiner-dev/actions/install/ampel.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dfoulks1 dfoulks1 Awaiting requested review from dfoulks1 dfoulks1 is a code owner

@potiuk potiuk Awaiting requested review from potiuk potiuk is a code owner

@ppkarwasz ppkarwasz Awaiting requested review from ppkarwasz ppkarwasz is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@potiuk @ppkarwasz