Skip to content

Bump the minor group with 3 updates#19

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/minor-cb9a4999e8
Closed

Bump the minor group with 3 updates#19
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/github_actions/develop/minor-cb9a4999e8

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 26, 2026

Copy link
Copy Markdown

Bumps the minor group with 3 updates: docker/setup-buildx-action, actions/setup-dotnet and dorny/test-reporter.

Updates docker/setup-buildx-action from 3.11.1 to 3.12.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits
  • 8d2750c Merge pull request #455 from crazy-max/install-deprecated
  • e81846b deprecate install input
  • 65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
  • 000d75d build(deps): bump actions/checkout from 5 to 6
  • 1583c0f Merge pull request #443 from nicolasleger/patch-1
  • ed158e7 doc: bump actions/checkout from 4 to 5
  • 4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
  • 4dfc3d6 build(deps): bump actions/checkout from 4 to 5
  • af1b253 Merge pull request #440 from crazy-max/k3s-build
  • 3c6ab92 ci: k3s test with latest buildx
  • Additional commits viewable in compare view

Updates actions/setup-dotnet from 5.0.1 to 5.1.0

Release notes

Sourced from actions/setup-dotnet's releases.

v5.1.0

What's Changed

Documentation

Dependency updates

New Contributors

Full Changelog: actions/setup-dotnet@v5...v5.1.0

Commits
  • baa11fb Bump test dependencies to resolve System.Net.Http vulnerability, update workf...
  • 24ec4f2 Upgrade to latest actions packages (#687)
  • 4c100cb Fix icons (#604)
  • 25328d8 Bump actions/checkout from 5 to 6 (#684)
  • 937b8dd Update README with note on setting DOTNET_INSTALL_DIR for Linux permission is...
  • See full diff in compare view

Updates dorny/test-reporter from 2.3.0 to 2.5.0

Release notes

Sourced from dorny/test-reporter's releases.

v2.5.0

What's Changed

Features

Project maintanance

Full Changelog: dorny/test-reporter@v2.4.0...v2.5.0

v2.4.0

What's Changed

New Contributors

Full Changelog: dorny/test-reporter@v2.3.0...v2.4.0

Changelog

Sourced from dorny/test-reporter's changelog.

Changelog

2.5.0

2.4.0

2.3.0

2.2.0

2.1.1

2.1.0

2.0.0

1.9.1

... (truncated)

Commits
  • b082adf test-reporter release v2.5.0
  • bcafc9f Merge pull request #707 from dorny/feature/700-nette-tester-junit-reporter
  • b0cbac6 Rebuild the dist/index.js file
  • c92a289 Remove unnecessary output files
  • 6697ec4 Merge pull request #695 from dorny/dependabot/github_actions/actions/upload-a...
  • 6387029 Create tester-junit reporter for Nette Tester tool
  • 6896772 Merge pull request #706 from dorny/release/v2.4.0
  • e17be7e test-reporter release v2.4.0
  • 6efb86e Merge pull request #704 from dorny/bugfix/703-refactor-deprecated-substr-func...
  • 055bc8c Rebuild the dist/index.js file
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 26, 2026
@github-actions

github-actions Bot commented Jan 26, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ✅ 0 package(s) with unknown licenses.
  • ⚠️ 1 packages with OpenSSF Scorecard issues.
See the Details below.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/setup-dotnet baa11fbfe1d6520db94683bd5c7a3818018e4309 🟢 5.8
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 9security policy file detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Vulnerabilities🟢 91 existing vulnerabilities detected
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8
actions/dorny/test-reporter b082adf0eced0765477756c2a610396589b8c637 ⚠️ 4
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 1Found 1/9 approved changesets -- score normalized to 1
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Security-Policy⚠️ 0security policy file not detected
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies⚠️ 2dependency not pinned by hash detected -- score normalized to 2
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 024 existing vulnerabilities detected

Scanned Files

  • .github/workflows/dotnet.yml

Bumps the minor group with 3 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [actions/setup-dotnet](https://github.com/actions/setup-dotnet) and [dorny/test-reporter](https://github.com/dorny/test-reporter).


Updates `docker/setup-buildx-action` from 3.11.1 to 3.12.0
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@e468171...8d2750c)

Updates `actions/setup-dotnet` from 5.0.1 to 5.1.0
- [Release notes](https://github.com/actions/setup-dotnet/releases)
- [Commits](actions/setup-dotnet@2016bd2...baa11fb)

Updates `dorny/test-reporter` from 2.3.0 to 2.5.0
- [Release notes](https://github.com/dorny/test-reporter/releases)
- [Changelog](https://github.com/dorny/test-reporter/blob/main/CHANGELOG.md)
- [Commits](dorny/test-reporter@fe45e95...b082adf)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: actions/setup-dotnet
  dependency-version: 5.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: dorny/test-reporter
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/develop/minor-cb9a4999e8 branch from 50c2f08 to 57714d3 Compare January 26, 2026 14:34
@dependabot @github

dependabot Bot commented on behalf of github Jan 26, 2026

Copy link
Copy Markdown
Author

The group that created this PR has been removed from your configuration.

@dependabot dependabot Bot closed this Jan 26, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/develop/minor-cb9a4999e8 branch January 26, 2026 14:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants