Bump the github-actions group with 4 updates by dependabot[bot] · Pull Request #11 · inab/bench_event_api

dependabot · 2026-05-11T18:30:29Z

Bumps the github-actions group with 4 updates: docker/login-action, docker/metadata-action, docker/build-push-action and actions/attest-build-provenance.

Updates docker/login-action from 3.6.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Add scope input to set scopes for the authentication token by @crazy-max in docker/login-action#912

Add support for AWS European Sovereign Cloud ECR by @dphi in docker/login-action#914

Ensure passwords are redacted with registry-auth input by @crazy-max in docker/login-action#911

build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates docker/metadata-action from 5.9.0 to 6.0.0

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/metadata-action#605

List inputs now preserve # inside values while still supporting full-line # comments by @crazy-max in docker/metadata-action#607

Switch to ESM and update config/test wiring by @crazy-max in docker/metadata-action#602

Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588

Bump @actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599

Bump @actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597

Bump @docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600

Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

v5.10.0

Bump @docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569

Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

Commits

030e881 Merge pull request #607 from crazy-max/allow-comments
4b529ac chore: update generated content
b0082b3 preserve comments in list input values with commentNoInfix
7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
281c9b0 chore: update generated content
5f43b3b test: stabilize github mock setup since ESM
9d53276 github class moved since actions-toolkit v0.77.0
eaa3d39 chore(deps): Bump @docker/actions-toolkit from 0.68.0 to 0.77.0
6b695f7 Merge pull request #605 from crazy-max/node24
a1afadc node 24 as default runtime
Additional commits viewable in compare view

Updates docker/build-push-action from 6.18.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

Git context query format support by @crazy-max in docker/build-push-action#1505

Bump @docker/actions-toolkit from 0.79.0 to 0.87.0 by @crazy-max in docker/build-push-action#1505

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500

Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489

Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491

Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490

Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497

Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510

Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496

Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486

Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits

bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
46580d2 chore: update generated content
3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
2d8f2a1 chore: update generated content
919ac7b fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Updates actions/attest-build-provenance from 3 to 4

Release notes

Sourced from actions/attest-build-provenance's releases.

v4.0.0

[!NOTE] As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

Prepare v4 release by @bdehamer in actions/attest-build-provenance#835

Full Changelog: actions/attest-build-provenance@v3.2.0...v4.0.0

v3.2.0

What's Changed

Bump @actions/core from 1.11.1 to 2.0.1 by @dependabot[bot] in actions/attest-build-provenance#776

Add more documentation on Artifact Metadata Storage Records by @malancas in actions/attest-build-provenance#797

Update actions/attest to latest version v3.2.0 by @malancas in actions/attest-build-provenance#812

Full Changelog: actions/attest-build-provenance@v3.1.0...v3.2.0

v3.1.0

What's Changed

Prepare v3 release by @bdehamer in actions/attest-build-provenance#697

Bump js-yaml from 3.14.1 to 3.14.2 by @dependabot[bot] in actions/attest-build-provenance#749

Bump tar from 7.5.1 to 7.5.2 by @dependabot[bot] in actions/attest-build-provenance#753

Bump glob from 10.4.5 to 10.5.0 by @dependabot[bot] in actions/attest-build-provenance#754

Bump @types/node from 24.10.1 to 25.0.2 by @dependabot[bot] in actions/attest-build-provenance#774

Bump @actions/attest from 1.6.0 to 2.0.0 by @dependabot[bot] in actions/attest-build-provenance#736

Bump @actions/attest from 2.0.0 to 2.1.0 by @dependabot[bot] in actions/attest-build-provenance#775

Add support for creating artifact metadata storage records by @malancas in actions/attest-build-provenance#779

New Contributors

@malancas made their first contribution in actions/attest-build-provenance#779

Full Changelog: actions/attest-build-provenance@v3...v3.1.0

Commits

a2bbfa2 bump actions/attest from 4.0.0 to 4.1.0 (#838)
0856891 update RELEASE.md docs (#836)
e4d4f7c prepare v4 release (#835)
02a49bd Bump github/codeql-action in the actions-minor group (#824)
7c757df Bump the npm-development group with 2 updates (#825)
c44148e Bump github/codeql-action in the actions-minor group (#818)
3234352 Bump @types/node from 25.0.10 to 25.2.0 in the npm-development group (#819)
18db129 Bump tar from 7.5.6 to 7.5.7 (#816)
90fadfa Bump @actions/core from 2.0.1 to 2.0.2 in the npm-production group (#799)
57db8ba Bump the npm-development group across 1 directory with 3 updates (#808)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 4 updates: [docker/login-action](https://github.com/docker/login-action), [docker/metadata-action](https://github.com/docker/metadata-action), [docker/build-push-action](https://github.com/docker/build-push-action) and [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance). Updates `docker/login-action` from 3.6.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3.6.0...v4.1.0) Updates `docker/metadata-action` from 5.9.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5.9.0...v6.0.0) Updates `docker/build-push-action` from 6.18.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.18.0...v7.1.0) Updates `actions/attest-build-provenance` from 3 to 4 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/attest-build-provenance dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 11, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 4 updates#11

Bump the github-actions group with 4 updates#11
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/github-actions-26b53c846d

dependabot Bot commented on behalf of github May 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 11, 2026

v4.1.0

v4.0.0

v3.7.0

v6.0.0

v5.10.0

v7.1.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0

v4.0.0

What's Changed

v3.2.0

What's Changed

v3.1.0

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants