Skip to content

chore(deps): update non-major infrastructure updates#11

Merged
JSONbored merged 1 commit into
mainfrom
renovate/non-major-infrastructure-updates
Mar 30, 2026
Merged

chore(deps): update non-major infrastructure updates#11
JSONbored merged 1 commit into
mainfrom
renovate/non-major-infrastructure-updates

Conversation

@renovate

@renovate renovate Bot commented Mar 30, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action patch v6.0.1v6.0.2
actions/dependency-review-action action minor v4.8.2v4.9.0
docker/build-push-action action minor v6.18.0v6.19.2
docker/login-action action minor v3.6.0v3.7.0

Release Notes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

actions/dependency-review-action (actions/dependency-review-action)

v4.9.0: Dependency Review Action 4.9.0

Compare Source

This feature release contains a couple of notable changes:

  • There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
  • Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
  • There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

New Contributors

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

v4.8.3: 4.8.3

Compare Source

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

docker/build-push-action (docker/build-push-action)

v6.19.2

Compare Source

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Compare Source

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Compare Source

  • Scope default git auth token to github.com by @​crazy-max in #​1451
  • Bump brace-expansion from 1.1.11 to 1.1.12 in #​1396
  • Bump form-data from 2.5.1 to 2.5.5 in #​1391
  • Bump js-yaml from 3.14.1 to 3.14.2 in #​1429
  • Bump lodash from 4.17.21 to 4.17.23 in #​1446
  • Bump tmp from 0.2.3 to 0.2.4 in #​1398
  • Bump undici from 5.28.4 to 5.29.0 in #​1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

docker/login-action (docker/login-action)

v3.7.0

Compare Source

Full Changelog: docker/login-action@v3.6.0...v3.7.0


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@JSONbored JSONbored merged commit f38f3f9 into main Mar 30, 2026
9 checks passed
@JSONbored JSONbored deleted the renovate/non-major-infrastructure-updates branch March 30, 2026 09:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant