Would be nice to have a cache@latest action

[JeffFessler]

We recently updated some yml files to use cache@v3 due to "node 16" updates.
I tried cache@latest in hopes of having a yml file that would work "indefinitely" but it did not work.

Likewise it would be nice to have a actions/checkout@latest
Where would I report/suggest this?

[ChristopherHX]

You can just do actions/cache@main at your own risk, your workflow might break at any time due to breaking changes.

main is the default branch of the actions/cache repository and is a valid version of an action like any other branch or tag.

[ossanna16]

Hi there @JeffFessler and welcome to our community 😄. Thanks so much for the suggestion!

[henrygab]

A better answer is to have dependabot enabled, so you automatically get PRs generated for updates to your dependencies.

Realizing that dependabot exists more difficult than using it:

1. In github UI at the root of your depot, choose the "Settings" tab.
2. Next, select "Code security and analysis" from the left column of options.
3. Enable the various dependabot options.
4. Edit your configuration as needed. See docs for dependabot configuration details.

Here's an example configuration that updates Github Actions configuration (action versions, etc.):

version: 2
updates:
  - package-ecosystem: github-actions
    directory: "/"
    schedule:
      interval: "weekly"
    assignees:
      - "JeffFessler"

[JeffFessler]

Done! I had no idea - thanks!

[JeffFessler]

Just for anyone else who reads this, I found that I had to follow the instructions in the exact order above.
I tried installing a dependabot.yml in another repo and then trying to activate it under Settings and that order did not work.