From 46f6ec6aa5e097e9ee239cb5c61201971918e92e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 08:42:07 +0000 Subject: [PATCH 1/6] build(deps): bump docker/login-action from 3.7.0 to 4.0.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3.7.0...v4.0.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f881190527f..972230d9a48 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -163,14 +163,14 @@ jobs: tests/test.sh - name: Login to DockerHub - uses: docker/login-action@v3.7.0 + uses: docker/login-action@v4.0.0 if: env.HAS_IMAGE_REPO_ACCESS with: username: ${{ secrets.DOCKER_USER }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Login to GHCR - uses: docker/login-action@v3.7.0 + uses: docker/login-action@v4.0.0 if: env.HAS_IMAGE_REPO_ACCESS with: registry: ghcr.io From 1aaa9715b80439cca8820412e536f1e9c25d12e1 Mon Sep 17 00:00:00 2001 From: Geoff Bourne Date: Tue, 10 Mar 2026 19:11:41 -0500 Subject: [PATCH 2/6] Group docker actions --- .github/dependabot.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a2bca8f7a29..159df8f6846 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,6 +16,9 @@ updates: schedule: interval: weekly groups: + docker: + patterns: + - "docker/*" patches: patterns: - "*" From 27cce97b008a7583e28fca6191b2fc85956f9674 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 08:42:10 +0000 Subject: [PATCH 3/6] build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 972230d9a48..718881a71b4 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -135,7 +135,7 @@ jobs: uses: docker/setup-buildx-action@v3.12.0 - name: Set up QEMU - uses: docker/setup-qemu-action@v3.7.0 + uses: docker/setup-qemu-action@v4.0.0 - name: Build for test uses: docker/build-push-action@v6.19.2 From 6d4ecb21778a8f49954d6ec587921a8ec2284d03 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 08:42:14 +0000 Subject: [PATCH 4/6] build(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.0.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](https://github.com/docker/metadata-action/compare/v5.10.0...v6.0.0) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 718881a71b4..3b0a61eb93b 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -102,7 +102,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5.10.0 + uses: docker/metadata-action@v6.0.0 with: # NOTE for forks: if your Docker Hub organization doesn't match your Github repo's, # then the use of ${{ github.repository_owner }} will need to be replaced. From 93305d9a71787e7e727c3f3d23bc868de3a006c0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 08:42:17 +0000 Subject: [PATCH 5/6] build(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3.12.0...v4.0.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/verify-pr.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3b0a61eb93b..5d4a626a598 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -132,7 +132,7 @@ jobs: org.opencontainers.image.authors=Geoff Bourne - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3.12.0 + uses: docker/setup-buildx-action@v4.0.0 - name: Set up QEMU uses: docker/setup-qemu-action@v4.0.0 diff --git a/.github/workflows/verify-pr.yml b/.github/workflows/verify-pr.yml index 65aa16c0bb4..c26b4959838 100644 --- a/.github/workflows/verify-pr.yml +++ b/.github/workflows/verify-pr.yml @@ -59,7 +59,7 @@ jobs: fetch-depth: 0 - name: Setup Docker Buildx - uses: docker/setup-buildx-action@v3.12.0 + uses: docker/setup-buildx-action@v4.0.0 - name: Confirm multi-arch build uses: docker/build-push-action@v6.19.2 From fe1c02205c7ffb32fbf90e5315c45e22a9098979 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 08:42:21 +0000 Subject: [PATCH 6/6] build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.19.2 to 7.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 4 ++-- .github/workflows/verify-pr.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5d4a626a598..104ce06dd40 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -138,7 +138,7 @@ jobs: uses: docker/setup-qemu-action@v4.0.0 - name: Build for test - uses: docker/build-push-action@v6.19.2 + uses: docker/build-push-action@v7.0.0 with: platforms: linux/amd64 tags: ${{ env.IMAGE_TO_TEST }} @@ -178,7 +178,7 @@ jobs: password: ${{ github.token }} - name: Build and push - uses: docker/build-push-action@v6.19.2 + uses: docker/build-push-action@v7.0.0 if: github.actor == github.repository_owner with: platforms: ${{ matrix.platforms }} diff --git a/.github/workflows/verify-pr.yml b/.github/workflows/verify-pr.yml index c26b4959838..966b3db6ed0 100644 --- a/.github/workflows/verify-pr.yml +++ b/.github/workflows/verify-pr.yml @@ -62,7 +62,7 @@ jobs: uses: docker/setup-buildx-action@v4.0.0 - name: Confirm multi-arch build - uses: docker/build-push-action@v6.19.2 + uses: docker/build-push-action@v7.0.0 with: platforms: ${{ matrix.platforms }} # ensure latest base image is used @@ -73,7 +73,7 @@ jobs: cache-from: type=gha,scope=${{ matrix.variant }} - name: Build for test - uses: docker/build-push-action@v6.19.2 + uses: docker/build-push-action@v7.0.0 with: # Only build single platform since loading multi-arch image into daemon fails with # "docker exporter does not currently support exporting manifest lists"