Many GitHub Action workflows rely on external actions, either from the GitHub Marketplace or from other repos. Once these actions are added to a job, tested and deployed, there's no easy way to ensure everything it running the latest version.
Running the latest version of external actions is important for security, reliability and cost management reasons.
When using an external action, the action likely has Docker images and other dependencies of it's own. When one of the dependencies of the external action is updated because of a reported security vulnerability, hopefully the developer of the action publishes a new version that uses the update. But if you are building reproducible workflows, your workflow won't automatically receive the update. The
outdated check that Proaction regularly runs on all workflows will detect when a new version of the action is available, and notify you or create a Pull Request into your repository with the update applied.
Updates Not Creating Notifications
There are a few reasons that this check might be failing or returning "no updates" when there are updates available. The most common reason is when the action uses an Docker image that Proaction cannot access, such as private images or images that are hosted in registries that are not publicly exposed.