chore(deps): bump the gh-actions-packages group across 1 directory with 4 updates

dependabot[bot] · web-flow · commit 2b795cb98d3d · 2026-04-17T14:42:55.000Z
Bumps the gh-actions-packages group with 4 updates in the / directory: [docker/login-action](https://github.com/docker/login-action), [github/codeql-action](https://github.com/github/codeql-action), [DataDog/dd-octo-sts-action](https://github.com/datadog/dd-octo-sts-action) and [DataDog/commit-headless](https://github.com/datadog/commit-headless). Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) Updates `github/codeql-action` from 4.33.0 to 4.35.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b1bff81...95e58e9) Updates `DataDog/dd-octo-sts-action` from 1.0.3 to 1.0.4 - [Release notes](https://github.com/datadog/dd-octo-sts-action/releases) - [Commits](DataDog/dd-octo-sts-action@acaa02e...96a2546) Updates `DataDog/commit-headless` from 2.0.3 to 3.2.0 - [Changelog](https://github.com/DataDog/commit-headless/blob/main/CHANGELOG.md) - [Commits](DataDog/commit-headless@05d7b7e...ad36686) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gh-actions-packages - dependency-name: DataDog/dd-octo-sts-action dependency-version: 1.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gh-actions-packages - dependency-name: DataDog/commit-headless dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gh-actions-packages ... Signed-off-by: dependabot[bot] <support@github.com>
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -27,7 +27,7 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # 4.0.0
       - name: Login to ghcr.io
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # 4.0.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # 4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -59,6 +59,6 @@ jobs:
           TRIVY_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-db,public.ecr.aws/aquasecurity/trivy-db
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/create-test-mirror-pr.yml b/.github/workflows/create-test-mirror-pr.yml
@@ -15,7 +15,7 @@ jobs:
       contents: read
       pull-requests: write
     steps:
-      - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+      - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
         id: octo-sts
         with:
           scope: DataDog/images
@@ -78,7 +78,7 @@ jobs:
 
       - name: Push changes
         if: ${{ steps.create-commit.outputs.has_changes == 'true' }}
-        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
+        uses: DataDog/commit-headless@ad3668640012ec69186398f43d61923f6878bbbe # action/v3.2.0
         with:
           target: DataDog/images
           token: "${{ steps.octo-sts.outputs.token }}"
diff --git a/.github/workflows/delete-test-mirror-pr.yml b/.github/workflows/delete-test-mirror-pr.yml
@@ -14,7 +14,7 @@ jobs:
       id-token: write # Required for OIDC token federation
       contents: read
     steps:
-      - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+      - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
         id: octo-sts
         with:
           scope: DataDog/images
@@ -64,7 +64,7 @@ jobs:
         working-directory: images
 
       - name: Push changes
-        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
+        uses: DataDog/commit-headless@ad3668640012ec69186398f43d61923f6878bbbe # action/v3.2.0
         with:
           target: DataDog/images
           token: "${{ steps.octo-sts.outputs.token }}"
diff --git a/.github/workflows/docker-tag.yml b/.github/workflows/docker-tag.yml
@@ -16,7 +16,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # 6.0.2
       - name: Login to ghcr.io
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # 4.0.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # 4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
diff --git a/.github/workflows/update-mirror-digests.yml b/.github/workflows/update-mirror-digests.yml
@@ -14,7 +14,7 @@ jobs:
       id-token: write # Required for OIDC token federation
       contents: read
     steps:
-      - uses: DataDog/dd-octo-sts-action@acaa02eee7e3bb0839e4272dacb37b8f3b58ba80 # v1.0.3
+      - uses: DataDog/dd-octo-sts-action@96a25462dbcb10ebf0bfd6e2ccc917d2ab235b9a # v1.0.4
         id: octo-sts
         with:
           scope: DataDog/images
@@ -95,7 +95,7 @@ jobs:
 
       - name: Push changes
         if: ${{ steps.create-commit.outputs.has_changes == 'true' }}
-        uses: DataDog/commit-headless@05d7b7ee023e2c7d01c47832d420c2503cd416f3 # action/v2.0.3
+        uses: DataDog/commit-headless@ad3668640012ec69186398f43d61923f6878bbbe # action/v3.2.0
         with:
           target: DataDog/images
           token: "${{ steps.octo-sts.outputs.token }}"
diff --git a/.github/workflows/vuln-check.yml b/.github/workflows/vuln-check.yml
@@ -42,7 +42,7 @@ jobs:
           TRIVY_JAVA_DB_REPOSITORY: ghcr.io/aquasecurity/trivy-java-db,public.ecr.aws/aquasecurity/trivy-java-db
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'
