Skip to content

chore: bump erlef/setup-beam from 1.24.0 to 1.24.1#63

Merged
kou merged 1 commit into
mainfrom
dependabot/github_actions/erlef/setup-beam-1.24.1
Jul 8, 2026
Merged

chore: bump erlef/setup-beam from 1.24.0 to 1.24.1#63
kou merged 1 commit into
mainfrom
dependabot/github_actions/erlef/setup-beam-1.24.1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps erlef/setup-beam from 1.24.0 to 1.24.1.

Release notes

Sourced from erlef/setup-beam's releases.

v1.24.1

What's Changed

Full Changelog: erlef/setup-beam@v1...v1.24.1

Commits
  • 54075bc Automation: update setup-beam version output to ea45c80
  • ea45c80 Remove lodash Dependency (#457)
  • b4b8d85 Automation: update setup-beam version output to 20df794
  • 20df794 Bump globals from 17.4.0 to 17.7.0 (#452)
  • 9d5c5ca Automation: update setup-beam version output to ad42943
  • ad42943 Bump prettier from 3.8.1 to 3.9.1 (#454)
  • 135c095 Automation: update setup-beam version output to a04cfbb
  • a04cfbb Bump eslint from 10.1.0 to 10.6.0 (#453)
  • cd1472f Automation: update setup-beam version output to c80fdc9
  • c80fdc9 Bump actions/checkout from 6.0.2 to 7.0.0 (#467)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 29, 2026
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/erlef/setup-beam-1.24.1 branch from 6a41ed6 to 0303cf1 Compare June 29, 2026 06:52
@kou

kou commented Jun 29, 2026

Copy link
Copy Markdown
Member

Blocked. We need to request an approval for the version.

@Benjamin-Philip

Copy link
Copy Markdown
Collaborator

@kou, is there any way to configure dependabot updates to respect the ASF allowlist? This PR silently breaks the Erlang and Documentation CIs.

@Benjamin-Philip

Copy link
Copy Markdown
Collaborator

Blocked. We need to request an approval for the version.

Regarding an approval, see also erlef/setup-beam#456 and apache/infrastructure-actions#751.

@kou

kou commented Jun 29, 2026

Copy link
Copy Markdown
Member

Blocked. We need to request an approval for the version.

Regarding an approval, see also erlef/setup-beam#456 and apache/infrastructure-actions#751.

It seems that they are for 1.24.0 not 1.24.1.

@Benjamin-Philip

Copy link
Copy Markdown
Collaborator

Blocked. We need to request an approval for the version.

Regarding an approval, see also erlef/setup-beam#456 and apache/infrastructure-actions#751.

It seems that they are for 1.24.0 not 1.24.1.

The point I was trying to make was that it may take a while before a new version is approved until the ASF's verification concerns are addressed, so we may be stuck on v1.24.0 for a long time.

@kou

kou commented Jun 29, 2026

Copy link
Copy Markdown
Member

Have you opened a PR for 1.24.1 to https://github.com/apache/infrastructure-actions ?
1.24.1 will not be approved until we request it.

@Benjamin-Philip

Copy link
Copy Markdown
Collaborator

Have you opened a PR for 1.24.1 to https://github.com/apache/infrastructure-actions ? 1.24.1 will not be approved until we request it.

From what I understand, the decision in apache/infrastructure-actions#751 was that v1.24.0 would be allowed to enable use of setup-beam in Apache projects, but that further versions wouldn't be approved until erlef/setup-beam#456 was closed.

@kou

kou commented Jun 29, 2026

Copy link
Copy Markdown
Member

Ah, I understand.

What can we do to solve erlef/setup-beam#456 ?

@Benjamin-Philip

Copy link
Copy Markdown
Collaborator

Nothing much. I suspect that solving that issue will require upstream changes in how languages like Elixir or Erlang/OTP itself publish and sign releases.

We'll probably have to wait it out before we can upgrade.

kou pushed a commit that referenced this pull request Jul 1, 2026
## What issue does this PR close?

Closes #70.

Dependabot updates do not respect the ASF allowlist. Thus, some
dependabot PRs
can silently break workflows as seen in #63.

## What's changed

A workflow to perform to ASF allowlist checks on changes to `.github`
has been
added. Any breakages introduced by dependabot updates (or any other
changes)
will be highlighted.

Copied verbatim from
https://github.com/apache/arrow-adbc/blob/main/.github/workflows/asf-allowlist-check.yml.
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/erlef/setup-beam-1.24.1 branch 3 times, most recently from 244c047 to a69f786 Compare July 8, 2026 07:27
Bumps [erlef/setup-beam](https://github.com/erlef/setup-beam) from 1.24.0 to 1.24.1.
- [Release notes](https://github.com/erlef/setup-beam/releases)
- [Commits](erlef/setup-beam@fc68ffb...54075bc)

---
updated-dependencies:
- dependency-name: erlef/setup-beam
  dependency-version: 1.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/erlef/setup-beam-1.24.1 branch from a69f786 to 3b95e42 Compare July 8, 2026 13:36
@kou

kou commented Jul 8, 2026

Copy link
Copy Markdown
Member

1.24.1 is allowed: apache/infrastructure-actions#981

@kou kou left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@kou
kou merged commit 27143a8 into main Jul 8, 2026
16 checks passed
@dependabot
dependabot Bot deleted the dependabot/github_actions/erlef/setup-beam-1.24.1 branch July 8, 2026 13:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants