Dependabot now updates comments in GitHub Actions workflows referencing action versions

GitHub Actions workflows often specify the version of an action using the commit SHA. Since commit SHAs are immutable, this ensures that Actions always picks the same version. Commit SHAs, however, are not very human friendly, so best practice is to include the semver version in a comment next to the SHA. Dependabot will now update the semver version in comments when updating Actions workflows with a commit SHA version.

Dependabot is open source, and we're thankful to first-time contributor @jproberts for this great addition!

Learn more about Dependabot

JUN.12Retired
GitHub Actions: Minimum version enforcement timeline for self-hosted runners
- Actions
JUN.11Improvement
Bot-created pull requests can run workflows if approved
- Actions
JUN.11Release
New runner images in public preview
- Actions
JUN.11Release
GitHub Agentic Workflows is now in public preview
- Actions
MAY.14Improvement
GitHub Actions: Upcoming image migrations
- Actions
MAY.7Improvement
GitHub Actions concurrency groups now allow larger queues
- Actions
APR.27Improvement
Copilot cloud agent starts 20% faster with Actions custom images
- Actions
APR.27Release
GitHub Copilot code review will start consuming GitHub Actions minutes on June 1, 2026
- Actions
APR.24Improvement
Notice about upcoming new format for GitHub App installation tokens
- Actions

Dependabot now updates comments in GitHub Actions workflows referencing action versions

Related Posts

Subscribe to our developer newsletter