Skip to content

Bump swift-actions/setup-swift from 2.4.0 to 3#159

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/swift-actions/setup-swift-3
Open

Bump swift-actions/setup-swift from 2.4.0 to 3#159
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/swift-actions/setup-swift-3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Copy link
Copy Markdown
Contributor

Bumps swift-actions/setup-swift from 2.4.0 to 3.

Release notes

Sourced from swift-actions/setup-swift's releases.

3.0.0 Beta 1

Beta 1 of using Swiftly to setup Swift

  • Now uses Swiftly to set up Swift
  • Added flag skip-verify-signature to disable GPG verification checks

Features

  • Setup Swift more Swiftly 🚀 (setup-swift 3.0) (#710) @​fwal
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 12, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/swift-actions/setup-swift-3 branch from 5865b2e to 610155f Compare May 18, 2026 13:12

@dj4oC dj4oC left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump: swift-actions/setup-swift 2.4.0 → 3 (GitHub Actions ecosystem, covered by .github/dependabot.yml, excluded from the minor-and-patch group since it's a major bump).

Findings

Stability (1 finding, not auto-merged)

  • This is a major version bump, not a patch/minor bump — does not qualify for the Dependabot fast-lane. Upstream v3 is explicitly labeled "Beta 1" and describes a rewrite ("now uses Swiftly to set up Swift") plus a new skip-verify-signature flag that can disable GPG verification checks — a security-relevant behavior change in the action itself if that flag is ever enabled. CI passed on this branch (the pull-transifex.yml build step ran against the bumped version successfully), so the new action works for this repo's current usage, but a human should confirm the Swiftly-based toolchain resolution doesn't affect build reproducibility and that skip-verify-signature is never set.
  • Security: no findings beyond the above (no CVE, but adopting a beta release of a supply-chain action for CI toolchain setup warrants a deliberate decision, not an automatic one).
  • Performance: no findings.
  • Coverage: N/A — CI-only dependency bump, no Swift/UIKit code touched.

Note

Build verification skipped (Xcode not available in cloud review environment). Code analysis only.

Verdict

Commenting — holding for human review due to major/beta version bump with upstream-documented behavioral changes. This mirrors the equivalent PR in ios-app (#1554), which is also held for the same reason.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

dj4oC commented Jul 8, 2026

Copy link
Copy Markdown
  • Security: no findings
  • Stability: 1 finding — see review
  • Performance: no findings
  • Test coverage: N/A (CI-only dependency bump, no app code)
  • TODOs found: none
  • Dependency touched: yes — confirmed in .github/dependabot.yml (github-actions ecosystem)
  • CI status: all green (ran against the bumped version already)
  • Stale review: no

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

@DeepDiver1975 DeepDiver1975 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump; CI green. Approving.

@DeepDiver1975 DeepDiver1975 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependabot bump; CI green. Approving.

@DeepDiver1975

Copy link
Copy Markdown
Member

@dependabot rebase

Bumps [swift-actions/setup-swift](https://github.com/swift-actions/setup-swift) from 2.4.0 to 3.
- [Release notes](https://github.com/swift-actions/setup-swift/releases)
- [Commits](swift-actions/setup-swift@7ca6abe...364295d)

---
updated-dependencies:
- dependency-name: swift-actions/setup-swift
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/swift-actions/setup-swift-3 branch from 610155f to 7075d56 Compare July 14, 2026 19:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants