chore(deps): bump dagger/dagger-for-github from 8.0.0 to 8.2.0 #87
Conversation
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
Kusari Analysis Results:Caution Flagged Issues Detected While dependency analysis shows no issues with pinned versions or exposed secrets, code analysis identified 7 high-severity workflow security violations across 3 GitHub workflow files. The unpinned action references for dagger/[email protected] violate organizational security policy requiring actions to be pinned to specific commit hashes. This policy prevents supply chain attacks where semantic version tags could be moved or compromised. Despite being a Dependabot update, these security policy violations must be resolved by pinning actions to commit hashes before the PR can be safely merged. Note View full detailed analysis result for more information on the output and the checks that were run.
Found this helpful? Give it a 👍 or 👎 reaction! |
![kusari-inspector[bot]](https://avatars.githubusercontent.com/in/1220830?s=60&v=4){kind=small}
| run: go mod download | ||
|
|
||
| - uses: dagger/dagger-for-github@8.0.0 | ||
| - uses: dagger/dagger-for-github@v8.2.0 |
There was a problem hiding this comment.
Issue: Replace version tag with commit hash for dagger/dagger-for-github action
Recommended Code Changes:
Pin dagger/[email protected] to its corresponding commit hash instead of using the version tag
| run: go mod download | ||
|
|
||
| - uses: dagger/dagger-for-github@8.0.0 | ||
| - uses: dagger/dagger-for-github@v8.2.0 |
There was a problem hiding this comment.
Issue: Replace version tag with commit hash for dagger/dagger-for-github action
Recommended Code Changes:
Pin dagger/[email protected] to its corresponding commit hash instead of using the version tag
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: dagger/dagger-for-github@8.0.0 | ||
| - uses: dagger/dagger-for-github@v8.2.0 |
There was a problem hiding this comment.
Issue: Replace version tag with commit hash for dagger/dagger-for-github action
Recommended Code Changes:
Pin dagger/[email protected] to its corresponding commit hash instead of using the version tag
| ${{ runner.os }}-buildx- | ||
| - uses: dagger/dagger-for-github@8.0.0 | ||
| - uses: dagger/dagger-for-github@v8.2.0 |
There was a problem hiding this comment.
Issue: Replace version tag with commit hash for dagger/dagger-for-github action
Recommended Code Changes:
Pin dagger/[email protected] to its corresponding commit hash instead of using the version tag
| - uses: actions/checkout@v4 | ||
|
|
||
| - uses: dagger/dagger-for-github@8.0.0 | ||
| - uses: dagger/dagger-for-github@v8.2.0 |
There was a problem hiding this comment.
Issue: Replace version tag with commit hash for dagger/dagger-for-github action
Recommended Code Changes:
Pin dagger/[email protected] to its corresponding commit hash instead of using the version tag
|
|
||
| - name: Run acceptance tests with Dagger | ||
| uses: dagger/dagger-for-github@8.0.0 | ||
| uses: dagger/dagger-for-github@v8.2.0 |
There was a problem hiding this comment.
Issue: Replace version tag with commit hash for dagger/dagger-for-github action
Recommended Code Changes:
Pin dagger/[email protected] to its corresponding commit hash instead of using the version tag
| - name: Run Dagger lint | ||
| uses: dagger/dagger-for-github@8.0.0 | ||
| uses: dagger/dagger-for-github@v8.2.0 |
There was a problem hiding this comment.
Issue: Replace version tag with commit hash for dagger/dagger-for-github action
Recommended Code Changes:
Pin dagger/[email protected] to its corresponding commit hash instead of using the version tag
dependabot
bot
force-pushed
the
dependabot/github_actions/dagger/dagger-for-github-8.2.0
branch
from
fa9f82d to
ca17857
Compare
|
Kusari PR Analysis rerun based on - ca17857 performed at: 2025-10-06T18:18:00Z - link to updated analysis |
dependabot
bot
force-pushed
the
dependabot/github_actions/dagger/dagger-for-github-8.2.0
branch
from
ca17857 to
66fa42d
Compare
|
Kusari PR Analysis rerun based on - 66fa42d performed at: 2025-10-21T17:07:24Z - link to updated analysis |
dependabot
bot
force-pushed
the
dependabot/github_actions/dagger/dagger-for-github-8.2.0
branch
from
66fa42d to
8e8c5c0
Compare
Bumps [dagger/dagger-for-github](https://github.com/dagger/dagger-for-github) from 8.0.0 to 8.2.0. - [Release notes](https://github.com/dagger/dagger-for-github/releases) - [Commits](dagger/dagger-for-github@8.0.0...v8.2.0) --- updated-dependencies: - dependency-name: dagger/dagger-for-github dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/github_actions/dagger/dagger-for-github-8.2.0
branch
from
8e8c5c0 to
9ddbc37
Compare
|
Kusari PR Analysis rerun based on - 9ddbc37 performed at: 2025-10-28T19:26:27Z - link to updated analysis |
Bumps dagger/dagger-for-github from 8.0.0 to 8.2.0.
Release notes
Sourced from dagger/dagger-for-github's releases.
Commits
d913e70avoid downloading dagger if requested version is already installed (#187)055bb3bchore: update READMEf3062e6chore: update RELEASINGc8eadbdremove unnecessary engine-stop (#188)4e0ad19Proper support for shell input (#189)710906ffeat: add traceURL output71c85a5docs: add RELEASING instructions (#178)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)Summary by cubic
Upgrade dagger/dagger-for-github from 8.0.0 to v8.2.0 across CI workflows to speed up runs and improve stability. The new version avoids redundant downloads, properly handles shell input, removes an unnecessary engine stop, and exposes a traceURL output for easier debugging.