Situation
Dependabot logs https://github.com/nodejs/node/actions/runs/24660702701/job/72105638122 show a failure attempting to update the GitHub Action gr2m/create-or-update-pull-request-action
+---------------------------------------------------------------------------+
| Dependencies failed to update |
+-------------------------------------------+---------------+---------------+
| Dependency | Error Type | Error Details |
+-------------------------------------------+---------------+---------------+
| gr2m/create-or-update-pull-request-action | unknown_error | null |
+-------------------------------------------+---------------+---------------+
Assessment
A similar issue was described and resolved in nodejs/corepack#815
Multiple GitHub Actions workflows, for example:
|
uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5 # Create a PR or update the Action's existing PR |
use commit gr2m/create-or-update-pull-request-action@77596e3 from Nov 24, 2022
The parent of the above commit is gr2m/create-or-update-pull-request-action@df20b2c which is tagged with v1.9.2
Dependabot would appear to be unable to find out which major.minor.patch the commit gr2m/create-or-update-pull-request-action@77596e3 belongs to, since the commit is not equivalent to any tag and presumably is unable to use update logic that depends on this.
Suggestion
Manually update all instances of:
uses: gr2m/create-or-update-pull-request-action@77596e3166f328b24613f7082ab30bf2d93079d5
to a valid SHA gr2m/create-or-update-pull-request-action@b65137c (b65137ca591da0b9f43bad7b24df13050ea45d1b) corresponding to the action's latest version tag gr2m/create-or-update-pull-request-action@v1.10.1, released Nov 14, 2024
This should enable Dependabot to take over future updates.
Other
Note that the latest version gr2m/create-or-update-pull-request-action@v1.10.1 is based on node20 which causes deprecation warnings in GitHub Actions.
I already submitted gr2m/create-or-update-pull-request-action#728 to request an update to node24. It appears the the action repo is however not being actively maintained at this time.
cc: @nodejs/actions
Situation
Dependabot logs https://github.com/nodejs/node/actions/runs/24660702701/job/72105638122 show a failure attempting to update the GitHub Action gr2m/create-or-update-pull-request-action
Assessment
A similar issue was described and resolved in nodejs/corepack#815
Multiple GitHub Actions workflows, for example:
node/.github/workflows/timezone-update.yml
Line 54 in b6b6e96
use commit gr2m/create-or-update-pull-request-action@77596e3 from Nov 24, 2022
The parent of the above commit is gr2m/create-or-update-pull-request-action@df20b2c which is tagged with v1.9.2
Dependabot would appear to be unable to find out which major.minor.patch the commit gr2m/create-or-update-pull-request-action@77596e3 belongs to, since the commit is not equivalent to any tag and presumably is unable to use update logic that depends on this.
Suggestion
Manually update all instances of:
to a valid SHA gr2m/create-or-update-pull-request-action@b65137c (
b65137ca591da0b9f43bad7b24df13050ea45d1b) corresponding to the action's latest version tag gr2m/create-or-update-pull-request-action@v1.10.1, released Nov 14, 2024This should enable Dependabot to take over future updates.
Other
Note that the latest version gr2m/create-or-update-pull-request-action@v1.10.1 is based on
node20which causes deprecation warnings in GitHub Actions.I already submitted gr2m/create-or-update-pull-request-action#728 to request an update to
node24. It appears the the action repo is however not being actively maintained at this time.cc: @nodejs/actions