action-allowlist-review: bump erlef/setup-beam from 1.24.0 to 1.24.1 in /.github/actions/for-dependabot-triggered-reviews#981
Conversation
43b541e to
558aa7b
Compare
|
@dependabot rebase |
Bumps [erlef/setup-beam](https://github.com/erlef/setup-beam) from 1.24.0 to 1.24.1. - [Release notes](https://github.com/erlef/setup-beam/releases) - [Commits](erlef/setup-beam@fc68ffb...54075bc) --- updated-dependencies: - dependency-name: erlef/setup-beam dependency-version: 1.24.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
558aa7b to
d497488
Compare
|
This bumps That pattern is already tracked upstream at erlef/setup-beam#456 ("Verify downloaded toolchain archives against sha256 checksums"), which is open and actively being discussed by the setup-beam maintainers (last activity 2026-06-28). Per that issue, when v1.24.0 was added (#751 / INFRA-27826) we agreed to allow the action conditional on raising exactly that upstream issue — which is done. Since this is a patch bump of the already-approved action with no change to the download/verification posture, merging on the same conditional basis looks consistent to me. @ppkarwasz @dfoulks1 — you both looked at #751; OK to approve this bump, or would you rather hold |
Bumps erlef/setup-beam from 1.24.0 to 1.24.1.
Release notes
Sourced from erlef/setup-beam's releases.
Commits
54075bcAutomation: update setup-beam version output to ea45c80ea45c80Remove lodash Dependency (#457)b4b8d85Automation: update setup-beam version output to 20df79420df794Bump globals from 17.4.0 to 17.7.0 (#452)9d5c5caAutomation: update setup-beam version output to ad42943ad42943Bump prettier from 3.8.1 to 3.9.1 (#454)135c095Automation: update setup-beam version output to a04cfbba04cfbbBump eslint from 10.1.0 to 10.6.0 (#453)cd1472fAutomation: update setup-beam version output to c80fdc9c80fdc9Bump actions/checkout from 6.0.2 to 7.0.0 (#467)