kou opened a new pull request, #48327: URL: https://github.com/apache/arrow/pull/48327
### Rationale for this change Dependabot sometimes failed to update hash. For example: https://github.com/apache/arrow/pull/48301 The ASF GitHub Actions policy doesn't requiring pinning `actions/*` actions: https://infra.apache.org/github-actions-policy.html > External actions > > You MAY use all actions internal to the `apache/*`, `github/*` and `actions/*` namespaces without restrictions. > > You MUST pin all external actions to the specific git hash (SHA1) of the action that has been reviewed for use by the project. For instance, you MUST pin `foobar/baz-action@8843d7f92416211de9ebb963ff4ce28125932878`. We can avoid the Dependabot behavior by removing hash from `actions/*` actions. ### What changes are included in this PR? * Remove hash from `actions/*` actions. * Use `@vX` instead of `@vX.Y.Z` to reduce Dependabot updates. ### Are these changes tested? Yes. ### Are there any user-facing changes? No. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
