ci: Bump the ci-dependencies group with 7 updates by dependabot[bot] · Pull Request #248 · borchero/switchboard

dependabot · 2026-06-01T19:34:17Z

Bumps the ci-dependencies group with 7 updates:

Package	From	To
docker/setup-buildx-action	`4.0.0`	`4.1.0`
docker/metadata-action	`6.0.0`	`6.1.0`
docker/login-action	`4.1.0`	`4.2.0`
docker/build-push-action	`7.1.0`	`7.2.0`
prefix-dev/setup-pixi	`0.9.5`	`0.9.6`
release-drafter/release-drafter	`7.2.0`	`7.3.1`
codecov/codecov-action	`6.0.0`	`6.0.1`

Updates docker/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/setup-buildx-action#489

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/setup-buildx-action#547 docker/setup-buildx-action#508

Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-buildx-action#540

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-buildx-action#496

Bump flatted from 3.3.3 to 3.4.2 in docker/setup-buildx-action#499

Bump glob from 10.3.12 to 13.0.6 in docker/setup-buildx-action#495

Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-buildx-action#504

Bump lodash from 4.17.23 to 4.18.1 in docker/setup-buildx-action#523

Bump picomatch from 4.0.3 to 4.0.4 in docker/setup-buildx-action#503

Bump postcss from 8.5.6 to 8.5.10 in docker/setup-buildx-action#537

Bump tar from 6.2.1 to 7.5.15 in docker/setup-buildx-action#545

Bump undici from 6.23.0 to 6.25.0 in docker/setup-buildx-action#492

Bump vite from 7.3.1 to 7.3.2 in docker/setup-buildx-action#520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits

d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
92bc5c9 chore: update generated content
da11e35 build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.90.0
f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
b5af94f chore: update generated content
16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
9725348 chore: update generated content
Additional commits viewable in compare view

Updates docker/metadata-action from 6.0.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/metadata-action#613

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/metadata-action#658 docker/metadata-action#630

Bump csv-parse from 6.1.0 to 6.2.1 in docker/metadata-action#617

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/metadata-action#620

Bump flatted from 3.3.3 to 3.4.2 in docker/metadata-action#623

Bump glob from 10.3.15 to 10.5.0 in docker/metadata-action#621

Bump handlebars from 4.7.8 to 4.7.9 in docker/metadata-action#629

Bump lodash from 4.17.23 to 4.18.1 in docker/metadata-action#639

Bump moment-timezone from 0.6.0 to 0.6.1 in docker/metadata-action#619

Bump picomatch from 4.0.3 to 4.0.4 in docker/metadata-action#626

Bump postcss from 8.5.6 to 8.5.10 in docker/metadata-action#649

Bump tar from 6.2.1 to 7.5.15 in docker/metadata-action#657

Bump undici from 6.23.0 to 6.25.0 in docker/metadata-action#614

Bump vite from 7.3.1 to 7.3.2 in docker/metadata-action#637

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits

80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
8e0ddab chore: update generated content
a8db14b chore(deps): Bump @docker/actions-toolkit from 0.79.0 to 0.90.0
63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
c6916a6 chore: update generated content
aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
43dea76 chore: update generated content
7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Bump @actions/core from 3.0.0 to 3.0.1 in docker/login-action#976

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960

Bump @docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970

Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993

Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985

Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963

Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961

Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979

Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991

Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits

650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
99df1a3 chore: update generated content
3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
4eefcd3 chore: update generated content
56d092c build(deps): bump @docker/actions-toolkit from 0.86.0 to 0.90.0
e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
0bced94 chore: update generated content
3e75a0f build(deps): bump @actions/core from 3.0.0 to 3.0.1
365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
Additional commits viewable in compare view

Updates docker/build-push-action from 7.1.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

Bump @actions/core from 3.0.0 to 3.0.1 in docker/build-push-action#1525

Bump @docker/actions-toolkit from 0.87.0 to 0.90.0 in docker/build-push-action#1517

Bump brace-expansion from 2.0.2 to 5.0.6 in docker/build-push-action#1534

Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/build-push-action#1529

Bump fast-xml-parser from 5.5.7 to 5.8.0 in docker/build-push-action#1521

Bump postcss from 8.5.6 to 8.5.10 in docker/build-push-action#1526

Bump tar from 6.2.1 to 7.5.15 in docker/build-push-action#1533

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits

f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
812d5fd chore: update generated content
b6f6693 chore(deps): Bump @docker/actions-toolkit from 0.87.0 to 0.90.0
c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
51bb284 chore: update generated content
5f7884d chore(deps): Bump @actions/core from 3.0.0 to 3.0.1
e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
3804d49 chore: update generated content
71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
Additional commits viewable in compare view

Updates prefix-dev/setup-pixi from 0.9.5 to 0.9.6

Release notes

Sourced from prefix-dev/setup-pixi's releases.

v0.9.6

What's Changed

✨ New features

feat: Add persist-credentials option by @AndreasAlbertQC in prefix-dev/setup-pixi#266

⬆️ Dependency updates

chore(deps): bump the gh-actions group with 4 updates by @dependabot[bot] in prefix-dev/setup-pixi#261

chore(deps): bump the gh-actions group with 5 updates by @dependabot[bot] in prefix-dev/setup-pixi#263

chore(deps): bump the nodejs group with 6 updates by @dependabot[bot] in prefix-dev/setup-pixi#264

🤷🏻 Other changes

add octo-sts by @pavelzw in prefix-dev/setup-pixi#262

New Contributors

@AndreasAlbertQC made their first contribution in prefix-dev/setup-pixi#266

Full Changelog: prefix-dev/setup-pixi@v0.9.5...v0.9.6

Commits

5185adf feat: Add persist-credentials option (#266)
92596c3 chore(deps): bump the nodejs group with 6 updates (#264)
68a459a chore(deps): bump the gh-actions group with 5 updates (#263)
8ce6348 add octo-sts (#262)
b92f010 Reference latest Pixi version in README (#260)
46d4c99 chore(deps): bump the gh-actions group with 4 updates (#261)
See full diff in compare view

Updates release-drafter/release-drafter from 7.2.0 to 7.3.1

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.3.1

What's Changed

Bug Fixes

fix: output name and tag_name in dry-run mode (#1625) @cchanche

Maintenance

chore(deps): update graphql-codegen to 7.0.0 (#1619) @renovate[bot]

chore(deps): update dependency nock to 14.0.15 (#1609) @renovate[bot]

chore(deps): update graphql-codegen (#1615) @renovate[bot]

chore(deps): update dependency typescript to 6.0.3 (#1610) @renovate[bot]

ci(deps): update actions/download-artifact action to v8.0.1 (#1620) @renovate[bot]

chore(deps): update dependency @types/node to 24.12.3 (#1608) @renovate[bot]

chore(deps): update vitest to 4.1.5 (#1612) @renovate[bot]

chore(deps): update dependency @biomejs/biome to 2.4.15 (#1607) @renovate[bot]

chore(deps): update dependency vite to 8.0.11 (#1611) @renovate[bot]

ci(deps): pin dependencies (#1606) @renovate[bot]

Dependency Updates

chore(deps): update node.js to v24.15.0 (#1616) @renovate[bot]

chore(deps): update vite to v8.0.13 and vitest to v4.1.6 (#1624) @cchanche

fix(deps): update dependency semver to 7.8.0 (#1622) @renovate[bot]

chore(deps): update npm tool constraint to 11.14.1 (#1617) @renovate[bot]

fix(deps): update dependency zod to 4.4.3 (#1618) @renovate[bot]

fix(deps): update actions (#1613) @renovate[bot]

chore(deps): update dependency @biomejs/biome to 2.4.15 (#1607) @renovate[bot]

fix(deps): update dependency yaml to 2.8.4 (#1614) @renovate[bot]

Full Changelog: release-drafter/release-drafter@v7.3.0...v7.3.1

v7.3.0

What's Changed

New

feat: recover recently merged PRs missed by associated PRs lag (#1604) @jetersen

feat: switch release discovery to ref comparison and explicit missing-baseline warnings (#1570) @jetersen

Bug Fixes

fix: restore prerelease-identifier on first run when no prior releases exist (#1602) @jrbeilke

fix: prevent using commitish like refs/pull (#1598) @cchanche

... (truncated)

Commits

693d20e chore: release v7.3.1
8339e41 docs: update contributing docs for release process
62d8da4 fix: output name and tag_name in dry-run mode (#1625)
2c6d395 chore(deps): update node.js to v24.15.0 (#1616)
3b62240 chore(deps): update vite to v8.0.13 and vitest to v4.1.6 (#1624)
446e151 fix(deps): adapt to graphql-codegen 7 type changes
4cd06dc chore(deps): update graphql-codegen to 7.0.0
8045768 fix(deps): update dependency semver to 7.8.0
1cf836b ci(release): use local action for publish step
485c120 chore(deps): update npm tool constraint to 11.14.1
Additional commits viewable in compare view

Updates codecov/codecov-action from 6.0.0 to 6.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.1

What's Changed

fix: prevent template injection in run: steps (VULN-1652) by @thomasrockhu-codecov in codecov/codecov-action#1947

chore(release): 6.0.1 by @thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

fix: overwrite pr number on fork by @thomasrockhu-codecov in codecov/codecov-action#1871

build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @app/dependabot in codecov/codecov-action#1868

build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @app/dependabot in codecov/codecov-action#1867

fix: update to use local app/ dir by @thomasrockhu-codecov in codecov/codecov-action#1872

docs: fix typo in README by @datalater in codecov/codecov-action#1866

Document a codecov-cli version reference example by @webknjaz in codecov/codecov-action#1774

build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @app/dependabot in codecov/codecov-action#1861

build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

feat: upgrade wrapper to 0.2.4 by @jviall in codecov/codecov-action#1864

Pin actions/github-script by Git SHA by @martincostello in codecov/codecov-action#1859

fix: check reqs exist by @joseph-sentry in codecov/codecov-action#1835

fix: Typo in README by @spalmurray in codecov/codecov-action#1838

docs: Refine OIDC docs by @spalmurray in codecov/codecov-action#1837

build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @app/dependabot in codecov/codecov-action#1822

fix: OIDC on forks by @joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

e79a696 chore(release): 6.0.1 (#1949)
51e6422 fix: prevent template injection in run: steps (VULN-1652) (#1947)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci-dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` | | [prefix-dev/setup-pixi](https://github.com/prefix-dev/setup-pixi) | `0.9.5` | `0.9.6` | | [release-drafter/release-drafter](https://github.com/release-drafter/release-drafter) | `7.2.0` | `7.3.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6.0.0` | `6.0.1` | Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f) Updates `docker/metadata-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...80c7e94) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...650006c) Updates `docker/build-push-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@bcafcac...f9f3042) Updates `prefix-dev/setup-pixi` from 0.9.5 to 0.9.6 - [Release notes](https://github.com/prefix-dev/setup-pixi/releases) - [Commits](prefix-dev/setup-pixi@1b2de7f...5185adf) Updates `release-drafter/release-drafter` from 7.2.0 to 7.3.1 - [Release notes](https://github.com/release-drafter/release-drafter/releases) - [Commits](release-drafter/release-drafter@5de9358...693d20e) Updates `codecov/codecov-action` from 6.0.0 to 6.0.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@57e3a13...e79a696) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies - dependency-name: prefix-dev/setup-pixi dependency-version: 0.9.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci-dependencies - dependency-name: release-drafter/release-drafter dependency-version: 7.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 1, 2026

dependabot Bot requested a review from borchero as a code owner June 1, 2026 19:34

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 1, 2026

github-actions Bot added the ci label Jun 1, 2026

borchero approved these changes Jun 1, 2026

View reviewed changes

borchero merged commit f7fe2af into main Jun 1, 2026
7 checks passed

borchero deleted the dependabot/github_actions/ci-dependencies-c0a1c52a43 branch June 1, 2026 21:54

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci: Bump the ci-dependencies group with 7 updates#248

ci: Bump the ci-dependencies group with 7 updates#248
borchero merged 1 commit into
mainfrom
dependabot/github_actions/ci-dependencies-c0a1c52a43

dependabot Bot commented on behalf of github Jun 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 1, 2026

v4.1.0

v6.1.0

v4.2.0

v7.2.0

v0.9.6

What's Changed

✨ New features

⬆️ Dependency updates

🤷🏻 Other changes

New Contributors

v7.3.1

What's Changed

Bug Fixes

Maintenance

Dependency Updates

v7.3.0

What's Changed

New

Bug Fixes

v6.0.1

What's Changed

v5.5.2

What's Changed

v5.5.1

What's Changed

v5.5.0

What's Changed

v5.4.3

What's Changed

v5.4.2

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant