Will Dependabot's updates to the generated file (`~.lock.yml`) work?

[lfgcampos]

I found out that dependabot can update the generated ~.lock.yml files, bumping dependencies (usually github action versions).

Will that work or should this be flagged within the dependabot team to ignore those files?

[pelikhan]

It will be erased by the next compile. Best to run

 gh aw update

[pelikhan]

Working on maintenance actions to help with this.

[lfgcampos]

Working on maintenance actions to help with this.

Thank you!

Happy to provide a PR too, if that is possible in any way

[pelikhan]

You can provide an issue with a strategy to handle it. The challenge is that the github actions token cannot edit those files...

[pelikhan]

What did you have in mind for maintenance actions?