itzg · dependabot · Mar 9, 2026 · Mar 11, 2026 · Mar 9, 2026 · Mar 9, 2026
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -16,6 +16,9 @@ updates:
     schedule:
       interval: weekly
     groups:
+      docker:
+        patterns:
+          - "docker/*"
       patches:
         patterns:
           - "*"

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -102,7 +102,7 @@ jobs:
 
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@v5.10.0
+        uses: docker/metadata-action@v6.0.0
         with:
           # NOTE for forks: if your Docker Hub organization doesn't match your Github repo's,
           # then the use of ${{ github.repository_owner }} will need to be replaced.
@@ -132,13 +132,13 @@ jobs:
             org.opencontainers.image.authors=Geoff Bourne <itzgeoff@gmail.com>
 
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3.12.0
+        uses: docker/setup-buildx-action@v4.0.0
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3.7.0
+        uses: docker/setup-qemu-action@v4.0.0
 
       - name: Build for test
-        uses: docker/build-push-action@v6.19.2
+        uses: docker/build-push-action@v7.0.0
         with:
           platforms: linux/amd64
           tags: ${{ env.IMAGE_TO_TEST }}
@@ -163,22 +163,22 @@ jobs:
           tests/test.sh
 
       - name: Login to DockerHub
-        uses: docker/login-action@v3.7.0
+        uses: docker/login-action@v4.0.0
         if: env.HAS_IMAGE_REPO_ACCESS
         with:
           username: ${{ secrets.DOCKER_USER }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
       - name: Login to GHCR
-        uses: docker/login-action@v3.7.0
+        uses: docker/login-action@v4.0.0
         if: env.HAS_IMAGE_REPO_ACCESS
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ github.token }}
 
       - name: Build and push
-        uses: docker/build-push-action@v6.19.2
+        uses: docker/build-push-action@v7.0.0
         if: github.actor == github.repository_owner
         with:
           platforms: ${{ matrix.platforms }}

diff --git a/.github/workflows/verify-pr.yml b/.github/workflows/verify-pr.yml
@@ -59,10 +59,10 @@ jobs:
           fetch-depth: 0
 
       - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v3.12.0
+        uses: docker/setup-buildx-action@v4.0.0
 
       - name: Confirm multi-arch build
-        uses: docker/build-push-action@v6.19.2
+        uses: docker/build-push-action@v7.0.0
         with:
           platforms: ${{ matrix.platforms }}
           # ensure latest base image is used
@@ -73,7 +73,7 @@ jobs:
           cache-from: type=gha,scope=${{ matrix.variant }}
 
       - name: Build for test
-        uses: docker/build-push-action@v6.19.2
+        uses: docker/build-push-action@v7.0.0
         with:
           # Only build single platform since loading multi-arch image into daemon fails with
           # "docker exporter does not currently support exporting manifest lists"