Skip to content

Bump the ci group across 1 directory with 10 updates#456

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ci-37ea647cd0
Open

Bump the ci group across 1 directory with 10 updates#456
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ci-37ea647cd0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the ci group with 10 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
docker/setup-docker-action 5.1.0 5.3.0
docker/login-action 4.1.0 4.4.0
docker/setup-buildx-action 4.0.0 4.2.0
docker/build-push-action 7.1.0 7.3.0
docker/scout-action 1.20.4 1.23.1
score-spec/setup-score 3.2.3 3.2.4
docker/github-builder/.github/workflows/build.yml 1.8.0 1.12.0
docker/setup-qemu-action 4.0.0 4.2.0
github/codeql-action/upload-sarif 4.35.5 4.36.3

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates docker/setup-docker-action from 5.1.0 to 5.3.0

Release notes

Sourced from docker/setup-docker-action's releases.

v5.3.0

Full Changelog: docker/setup-docker-action@v5.2.0...v5.3.0

v5.2.0

Full Changelog: docker/setup-docker-action@v5.1.0...v5.2.0

Commits
  • 6d7cfa6 Merge pull request #290 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 77ac140 [dependabot skip] chore: update generated content
  • b9f0330 build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 8ec1dbe Merge pull request #283 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • d85e7e7 Merge pull request #282 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • d79fe8d [dependabot skip] chore: update generated content
  • fdb834d build(deps): bump undici from 6.25.0 to 6.27.0
  • 8a78e70 Merge pull request #280 from docker/dependabot/npm_and_yarn/tmp-0.2.7
  • 1089dbe Merge pull request #289 from docker/dependabot/github_actions/actions/checkou...
  • a544c85 build(deps): bump actions/checkout from 6.0.3 to 7.0.0
  • Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.4.0

Release notes

Sourced from docker/login-action's releases.

v4.4.0

Full Changelog: docker/login-action@v4.3.0...v4.4.0

v4.3.0

Full Changelog: docker/login-action@v4.2.0...v4.3.0

v4.2.0

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits
  • af1e73f Merge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...
  • da722bd [dependabot skip] chore: update generated content
  • 2916ad6 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • ca0a662 Merge pull request #1035 from crazy-max/fix-registry-auth-empty-mask
  • c455755 chore: update generated content
  • 4835190 skip empty registry-auth secret mask
  • 992421c Merge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...
  • b249b43 Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...
  • 1b67977 build(deps): bump docker/bake-action from 7.2.0 to 7.3.0
  • 9d49d6a build(deps): bump docker/bake-action/subaction/matrix
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.2.0

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits
  • bb05f3f Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 321c814 [dependabot skip] chore: update generated content
  • b9a36ef build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • ebeab24 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 5c7b8ae [dependabot skip] chore: update generated content
  • 037e618 build(deps): bump undici from 6.25.0 to 6.27.0
  • 66080e5 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 409aef0 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 49c6e42 build(deps): bump sigstore from 4.1.0 to 4.1.1
  • 2211273 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 7.1.0 to 7.3.0

Release notes

Sourced from docker/build-push-action's releases.

v7.3.0

Full Changelog: docker/build-push-action@v7.2.0...v7.3.0

v7.2.0

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits
  • 53b7df9 Merge pull request #1572 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 154298c [dependabot skip] chore: update generated content
  • cb1238b chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 24f845d Merge pull request #1566 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 9c69730 [dependabot skip] chore: update generated content
  • bc3a3a5 Merge pull request #1574 from docker/dependabot/github_actions/aws-actions/co...
  • a82c504 chore(deps): Bump js-yaml from 4.1.1 to 4.3.0
  • 0285a75 Merge pull request #1573 from docker/dependabot/github_actions/actions/cache-...
  • c6ad2a3 Merge pull request #1575 from docker/dependabot/github_actions/actions/checko...
  • d37484f Merge pull request #1564 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • Additional commits viewable in compare view

Updates docker/scout-action from 1.20.4 to 1.23.1

Release notes

Sourced from docker/scout-action's releases.

v1.23.1

What's Changed

  • Fixes policy evaluation when using custom Rego policies without details metadata @​whostolebenfrog

v1.23.0

What's Changed

  • Prevents empty VEX documents from breaking scanning @​flyingmachine
  • Rego policy sources can be served via http(s) through --policy-file @​cdupuis
  • Performance improvements on SBOM fetching and policies evaluation @​cdupuis

v1.22.0

What's Changed

  • Proxies Trivy's Java DB download through Docker Desktop's HTTP proxy transport @​AndreSilva1993

v1.21.0

What's Changed

  • Fix local DHI-derived image handling, including inherited VEX and quickview base-image display
  • Improve SBOM package qualifier handling, including DHI distro qualifiers
  • Update dependencies and Go toolchain
Commits
  • 2688993 Merge pull request #109 from docker/release/v1.23.1
  • 7b86e1c [BOT] Update assets for v1.23.1 release
  • ce97ec1 Merge pull request #108 from docker/release/v1.23.0
  • 2da9adb [BOT] Update assets for v1.23.0 release
  • 7520205 Merge pull request #107 from docker/release/v1.22.0
  • 6b2b3b1 [BOT] Update assets for v1.22.0 release
  • 3a14fc8 chore: pin GitHub Actions to commit SHA (#103)
  • cd72f26 Merge pull request #104 from docker/release/v1.21.0
  • b9ceaba [BOT] Update assets for v1.21.0 release
  • See full diff in compare view

Updates score-spec/setup-score from 3.2.3 to 3.2.4

Release notes

Sourced from score-spec/setup-score's releases.

v3.2.4

What's Changed

Full Changelog: score-spec/setup-score@v3.2.3...v3.2.4

Commits
  • 888a7de Merge pull request #106 from score-spec/mathieu-benoit-patch-1
  • 5933d32 Add Harden Runner step to GitHub Actions workflow
  • 9692890 Bump the ci group with 2 updates (#105)
  • eee5f67 Bump undici from 6.24.1 to 6.27.0 (#104)
  • c01ab5d Bump actions/checkout from 6.0.3 to 7.0.0 in the ci group (#103)
  • 3578608 Bump the ci group with 2 updates (#102)
  • a31e192 Bump actions/checkout from 6.0.2 to 6.0.3 in the ci group (#101)
  • 4b72262 Bump eslint from 10.4.0 to 10.4.1 in the ci group (#100)
  • 107ee81 Bump the ci group with 2 updates (#99)
  • 445273f Bump jest from 30.3.0 to 30.4.1 in the ci group (#98)
  • See full diff in compare view

Updates docker/github-builder/.github/workflows/build.yml from 1.8.0 to 1.12.0

Release notes

Sourced from docker/github-builder/.github/workflows/build.yml's releases.

v1.12.0

Full Changelog: docker/github-builder@v1.11.0...v1.12.0

v1.11.0

Full Changelog: docker/github-builder@v1.10.0...v1.11.0

v1.10.0

Full Changelog: docker/github-builder@v1.9.0...v1.10.0

v1.9.0

Full Changelog: docker/github-builder@v1.8.0...v1.9.0

Commits
  • 5f637c8 Merge pull request #231 from crazy-max/fix-tag-git-context-checksum
  • 0d9a08d build/bake: preserve tag refs in git contexts
  • 5f32361 Merge pull request #228 from docker/deps/binfmt-image
  • fb769ec chore(deps): update Binfmt image to qemu-v10.2.3-68
  • eac7322 Merge pull request #229 from docker/dependabot/github_actions/crazy-max-dot-g...
  • c79e119 Merge pull request #230 from crazy-max/aws-ecr-to-docker-hub
  • 26108c5 test: replace AWS ECR with Docker Hub in test workflows
  • 2ffaff4 build(deps): Bump the crazy-max-dot-github group with 2 updates
  • 04e22bc Merge pull request #224 from crazy-max/test-dockerhub-stage-rm
  • 70ac3fc Merge pull request #227 from crazy-max/disable-buildx-metadata-provenance
  • Additional commits viewable in compare view

Updates docker/setup-qemu-action from 4.0.0 to 4.2.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.2.0

Full Changelog: docker/setup-qemu-action@v4.1.0...v4.2.0

v4.1.0

Full Changelog: docker/setup-qemu-action@v4.0.0...v4.1.0

Commits
  • 96fe6ef Merge pull request #315 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 31f08d3 [dependabot skip] chore: update generated content
  • 4e7017a build(deps): bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 0eca235 Merge pull request #314 from crazy-max/fix-yarn-preapprove-actions-toolkit
  • ea66a41 chore: allow actions-toolkit to bypass yarn age gate
  • 451542b Merge pull request #308 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • 532ae00 [dependabot skip] chore: update generated content
  • b6f5af6 build(deps): bump undici from 6.26.0 to 6.27.0
  • cf96b86 Merge pull request #304 from docker/dependabot/npm_and_yarn/tmp-0.2.7
  • f0ba643 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates github/codeql-action/upload-sarif from 4.35.5 to 4.36.3

Release notes

Sourced from github/codeql-action/upload-sarif's releases.

v4.36.3

No user facing changes.

v4.36.2

  • Cache CodeQL CLI version information across Actions steps. #3943
  • Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #3937
  • Update default CodeQL bundle version to 2.25.6. #3948

v4.36.1

No user facing changes.

v4.36.0

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
  • Add support for SHA-256 Git object IDs. #3893
  • Update default CodeQL bundle version to 2.25.5. #3926
Changelog

Sourced from github/codeql-action/upload-sarif's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.36.3 ...

Description has been truncated

Bumps the ci group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [docker/setup-docker-action](https://github.com/docker/setup-docker-action) | `5.1.0` | `5.3.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.4.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.3.0` |
| [docker/scout-action](https://github.com/docker/scout-action) | `1.20.4` | `1.23.1` |
| [score-spec/setup-score](https://github.com/score-spec/setup-score) | `3.2.3` | `3.2.4` |
| [docker/github-builder/.github/workflows/build.yml](https://github.com/docker/github-builder) | `1.8.0` | `1.12.0` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.2.0` |
| [github/codeql-action/upload-sarif](https://github.com/github/codeql-action) | `4.35.5` | `4.36.3` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `docker/setup-docker-action` from 5.1.0 to 5.3.0
- [Release notes](https://github.com/docker/setup-docker-action/releases)
- [Commits](docker/setup-docker-action@b2189fb...6d7cfa6)

Updates `docker/login-action` from 4.1.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@4907a6d...af1e73f)

Updates `docker/setup-buildx-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4d04d5d...bb05f3f)

Updates `docker/build-push-action` from 7.1.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@bcafcac...53b7df9)

Updates `docker/scout-action` from 1.20.4 to 1.23.1
- [Release notes](https://github.com/docker/scout-action/releases)
- [Commits](docker/scout-action@bacf462...2688993)

Updates `score-spec/setup-score` from 3.2.3 to 3.2.4
- [Release notes](https://github.com/score-spec/setup-score/releases)
- [Commits](score-spec/setup-score@1db7966...888a7de)

Updates `docker/github-builder/.github/workflows/build.yml` from 1.8.0 to 1.12.0
- [Release notes](https://github.com/docker/github-builder/releases)
- [Commits](docker/github-builder@c2782c5...5f637c8)

Updates `docker/setup-qemu-action` from 4.0.0 to 4.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@ce36039...96fe6ef)

Updates `github/codeql-action/upload-sarif` from 4.35.5 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@9e0d7b8...54f647b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: ci
- dependency-name: docker/setup-docker-action
  dependency-version: 5.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/scout-action
  dependency-version: 1.23.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: score-spec/setup-score
  dependency-version: 3.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: ci
- dependency-name: docker/github-builder/.github/workflows/build.yml
  dependency-version: 1.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
- dependency-name: github/codeql-action/upload-sarif
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: ci
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 6, 2026
@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor
Outdated

Overview

Image reference backstage:latest backstage:latest
- digest d97a6291b6b8 f34cba83511d
- tag latest latest
- provenance 0d81841 6e1777b
- vulnerabilities critical: 8 high: 40 medium: 53 low: 9 unspecified: 30 critical: 8 high: 40 medium: 53 low: 9 unspecified: 30
- platform linux/amd64 linux/amd64
- size 228 MB 228 MB
- packages 1372 1372
Policies (0 improved, 0 worsened)
Policy Name backstage:latest backstage:latest Change Standing
Default non-root user No Change
No copyleft licenses ⚠️ 31 ⚠️ 31 No Change
No fixable critical or high vulnerabilities ⚠️ 46 ⚠️ 46 No Change
No high-profile vulnerabilities No Change
No outdated base images ⚠️ ⚠️ No Change
No unapproved base images No Change
Supply chain attestations No Change

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Overview

Image reference frontend:latest frontend:latest
- digest 2a9a79f58c82 50c4f582ca9f
- tag latest latest
- provenance 0d81841 6e1777b
- vulnerabilities critical: 1 high: 8 medium: 4 low: 2 critical: 1 high: 8 medium: 4 low: 2
- platform linux/amd64 linux/amd64
- size 32 MB 32 MB (-763 B)
- packages 20 20
Policies (0 improved, 0 worsened)
Policy Name frontend:latest frontend:latest Change Standing
Default non-root user No Change
No copyleft licenses ⚠️ 12 ⚠️ 12 No Change
No fixable critical or high vulnerabilities ⚠️ 9 ⚠️ 9 No Change
No high-profile vulnerabilities No Change
No outdated base images ⚠️ ⚠️ No Change
No unapproved base images No Change
Supply chain attestations No Change

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants