github
Running job with dependabot/[email protected] gets warning message
Code of Conduct
- [X] I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions
What part(s) of the article would you like to see updated?
Parts are dependabot/[email protected].
It's better to modify sample code not to return any warning messages as possible as it can.
GitHub released to duplicate using set-output without env vars.
https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/
dependabot/[email protected] is old version, witch does not yet fix to apply this security fix.
So, I get warning message: The 'set-output' command is deprecated and will be disabled soon. when I run a job with this dependabot/[email protected].
dependabot/fetch-metadata already fixed this warning at v1.3.5 and released it. issue: https://github.com/dependabot/fetch-metadata/issues/277 release: https://github.com/dependabot/fetch-metadata/releases/tag/v1.3.5
I expect to sample code not to get any warning messages as possible as it can. I suggest to update doc like this
steps:
- name: Dependabot metadata
id: metadata
- uses: dependabot/[email protected]
+ uses: dependabot/fetch-metadata@v1
Additional information
No response
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
@neko314 Thanks so much for opening an issue! I'll triage this for the team to take a look :eyes:
Thank you for this contribution! 💛
I have approved a PR to fix this, so I will close this issue out. ✨
