build(deps): bump the minor-and-patch group across 1 directory with 5 updates#12500
build(deps): bump the minor-and-patch group across 1 directory with 5 updates#12500dependabot[bot] wants to merge 1 commit into
Conversation
|
Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes. |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
dj4oC
left a comment
There was a problem hiding this comment.
Dependabot "minor-and-patch" group (4 GitHub Actions pins, SHA-pinned): aquasecurity/trivy-action v0.35.0→v0.36.0, docker/setup-compose-action v2.2.0→v2.3.0, docker/setup-buildx-action v4.1.0→v4.2.0, docker/login-action v4.2.0→v4.4.0, docker/build-push-action v7.2.0→v7.3.0. Workflow YAML only — no application source touched.
- Security: no findings — all official/verified actions, SHA-pinned, no CVE
- Stability: no findings
- Performance: no findings
- Test coverage: n/a — workflow-config-only change
- TODOs found: none
- Dependency touched: yes — covered by
dependabot.yml'sgithub-actionsgroup config - CI status: Snyk checks green; the acceptance-test matrix has not run on this commit (these workflow files aren't exercised by the default non-
[full-ci]gate) — not confirmed green end-to-end, unlike #12502 which triggered the full suite - Stale review: no
Verdict
Commenting — low risk (CI/build tooling only, not runtime code), but withholding the fast-lane auto-merge since the full acceptance suite hasn't actually run on this commit. Recommend a maintainer add [full-ci] before merge, or merge manually if the risk is accepted as-is.
🤖 Automated review by Claude Code (security · stability · performance · coverage)
Generated by Claude Code
53852b7 to
ec298f9
Compare
… updates Bumps the minor-and-patch group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` | | [docker/setup-compose-action](https://github.com/docker/setup-compose-action) | `2.2.0` | `2.3.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.1.0` | `4.2.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` | Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@0.35.0...ed142fd) Updates `docker/setup-compose-action` from 2.2.0 to 2.3.0 - [Release notes](https://github.com/docker/setup-compose-action/releases) - [Commits](docker/setup-compose-action@16feee7...4eb059f) Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@d7f5e7f...bb05f3f) Updates `docker/login-action` from 4.2.0 to 4.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@650006c...af1e73f) Updates `docker/build-push-action` from 7.2.0 to 7.3.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@f9f3042...53b7df9) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/build-push-action dependency-version: 7.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/login-action dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/setup-buildx-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/setup-compose-action dependency-version: 2.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
ec298f9 to
0fa04e1
Compare
DeepDiver1975
left a comment
There was a problem hiding this comment.
Dependabot bump; CI green. Approving.
|
|
Bumps the minor-and-patch group with 5 updates in the / directory:
0.35.00.36.02.2.02.3.04.1.04.2.04.2.04.4.07.2.07.3.0Updates
aquasecurity/trivy-actionfrom 0.35.0 to 0.36.0Release notes
Sourced from aquasecurity/trivy-action's releases.
Commits
ed142fdchore: update action version to v0.36.0 in examples (#563)dea62cfchore(deps): Update trivy to v0.70.0 (#559)128d9a8chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)876cf04Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)dada784Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)4a2deecfix: use portable shebang in entrypoint.sh (#545)1994662chore(deps): bump the actions group with 5 updates (#558)6b36659chore: add zizmor config (#557)316aa5aci: add dependabot config (#556)264c9c5test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)Updates
docker/setup-compose-actionfrom 2.2.0 to 2.3.0Release notes
Sourced from docker/setup-compose-action's releases.
Commits
4eb059fMerge pull request #119 from docker/dependabot/npm_and_yarn/docker/actions-to...310654b[dependabot skip] chore: update generated content2f4a309chore(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.07d865ffMerge pull request #111 from docker/dependabot/npm_and_yarn/undici-6.27.0a11ad46[dependabot skip] chore: update generated contentea03e82chore(deps): bump undici from 6.26.0 to 6.27.0d37dd72Merge pull request #118 from docker/dependabot/npm_and_yarn/js-yaml-4.3.0146a460[dependabot skip] chore: update generated contentd3b0309Merge pull request #108 from docker/dependabot/npm_and_yarn/tmp-0.2.7e04d0bachore(deps): bump js-yaml from 4.1.1 to 4.3.0Updates
docker/setup-buildx-actionfrom 4.1.0 to 4.2.0Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
bb05f3fMerge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...321c814[dependabot skip] chore: update generated contentb9a36efbuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.0ebeab24Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.05c7b8ae[dependabot skip] chore: update generated content037e618build(deps): bump undici from 6.25.0 to 6.27.066080e5Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1409aef0Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.049c6e42build(deps): bump sigstore from 4.1.0 to 4.1.12211273[dependabot skip] chore: update generated contentUpdates
docker/login-actionfrom 4.2.0 to 4.4.0Release notes
Sourced from docker/login-action's releases.
Commits
af1e73fMerge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...da722bd[dependabot skip] chore: update generated content2916ad6build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...ca0a662Merge pull request #1035 from crazy-max/fix-registry-auth-empty-maskc455755chore: update generated content4835190skip empty registry-auth secret mask992421cMerge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...b249b43Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...1b67977build(deps): bump docker/bake-action from 7.2.0 to 7.3.09d49d6abuild(deps): bump docker/bake-action/subaction/matrixUpdates
docker/build-push-actionfrom 7.2.0 to 7.3.0Release notes
Sourced from docker/build-push-action's releases.
Commits
53b7df9Merge pull request #1572 from docker/dependabot/npm_and_yarn/docker/actions-t...154298c[dependabot skip] chore: update generated contentcb1238bchore(deps): Bump@docker/actions-toolkitfrom 0.91.0 to 0.92.024f845dMerge pull request #1566 from docker/dependabot/npm_and_yarn/js-yaml-4.2.09c69730[dependabot skip] chore: update generated contentbc3a3a5Merge pull request #1574 from docker/dependabot/github_actions/aws-actions/co...a82c504chore(deps): Bump js-yaml from 4.1.1 to 4.3.00285a75Merge pull request #1573 from docker/dependabot/github_actions/actions/cache-...c6ad2a3Merge pull request #1575 from docker/dependabot/github_actions/actions/checko...d37484fMerge pull request #1564 from docker/dependabot/npm_and_yarn/undici-6.27.0