kou opened a new issue, #48326: URL: https://github.com/apache/arrow/issues/48326
### Describe the enhancement requested I don't know why Dependabot sometimes failed to update hash of GitHub Actions. For example: https://github.com/apache/arrow/pull/48301 The ASF's GitHub Actions policy https://infra.apache.org/github-actions-policy.html requires pinning external actions but there is no such restriction for `actions/*`: > External actions > > You MAY use all actions internal to the `apache/*`, `github/*` and `actions/*` namespaces without restrictions. > > You MUST pin all external actions to the specific git hash (SHA1) of the action that has been reviewed for use by the project. For instance, you MUST pin `foobar/baz-action@8843d7f92416211de9ebb963ff4ce28125932878`. How about removing hash from all `actions/*` GitHub Actions? ### Component(s) Continuous Integration -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
