From aba6fafe0f23e20df0d365457655ceebaee532f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:01:51 +0000 Subject: [PATCH 1/6] build(deps): bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/push-test.yml | 2 +- .github/workflows/verify.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index f85a9d6..979dd6d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -31,7 +31,7 @@ jobs: - name: Setup buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Docker login uses: docker/login-action@v3.7.0 diff --git a/.github/workflows/push-test.yml b/.github/workflows/push-test.yml index ec3977b..8fe15c0 100644 --- a/.github/workflows/push-test.yml +++ b/.github/workflows/push-test.yml @@ -17,7 +17,7 @@ jobs: - name: Setup buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 - name: Docker login uses: docker/login-action@v3.7.0 diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index 3f5025a..f1d5b74 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -36,7 +36,7 @@ jobs: uses: hadolint/hadolint-action@v3.3.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@v4 with: driver-opts: network=host From 9142a02eea8fee25d674d165b6298345de912b05 Mon Sep 17 00:00:00 2001 From: Geoff Bourne Date: Tue, 10 Mar 2026 19:06:48 -0500 Subject: [PATCH 2/6] Group docker actions --- .github/dependabot.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6fddca0..bcefffb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,7 +1,16 @@ version: 2 updates: - # Maintain dependencies for GitHub Actions - package-ecosystem: "github-actions" directory: "/" schedule: interval: "weekly" + groups: + docker: + patterns: + - "docker/*" + patches: + patterns: + - "*" + update-types: + - patch + - minor From 2d5e94cf4fc740f429c8e1dbd49e93e036af00cb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:01:55 +0000 Subject: [PATCH 3/6] build(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.19.2 to 7.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.19.2...v7.0.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/push-test.yml | 2 +- .github/workflows/verify.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 979dd6d..9cedc75 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -64,7 +64,7 @@ jobs: type=ref,event=branch,enable=${{ github.ref_name != github.event.repository.default_branch }} - name: Build and push - uses: docker/build-push-action@v6.19.2 + uses: docker/build-push-action@v7.0.0 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7 diff --git a/.github/workflows/push-test.yml b/.github/workflows/push-test.yml index 8fe15c0..f68154a 100644 --- a/.github/workflows/push-test.yml +++ b/.github/workflows/push-test.yml @@ -32,7 +32,7 @@ jobs: images: itzg/mc-backup - name: Build and push - uses: docker/build-push-action@v6.19.2 + uses: docker/build-push-action@v7.0.0 with: context: . platforms: linux/amd64,linux/arm64,linux/arm/v7 diff --git a/.github/workflows/verify.yml b/.github/workflows/verify.yml index f1d5b74..809c8f2 100644 --- a/.github/workflows/verify.yml +++ b/.github/workflows/verify.yml @@ -41,7 +41,7 @@ jobs: driver-opts: network=host - name: Build and push to local registry - uses: docker/build-push-action@v6.19.2 + uses: docker/build-push-action@v7.0.0 with: push: true tags: localhost:5000/itzg/mc-backup:latest From 0af9e48859be8d30e8b203743607e3546fba9c3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:01:59 +0000 Subject: [PATCH 4/6] build(deps): bump docker/setup-qemu-action from 3.7.0 to 4.0.0 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3.7.0...v4.0.0) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 2 +- .github/workflows/push-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9cedc75..3382488 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -27,7 +27,7 @@ jobs: uses: hadolint/hadolint-action@v3.3.0 - name: Setup qemu - uses: docker/setup-qemu-action@v3.7.0 + uses: docker/setup-qemu-action@v4.0.0 - name: Setup buildx id: buildx diff --git a/.github/workflows/push-test.yml b/.github/workflows/push-test.yml index f68154a..876a28d 100644 --- a/.github/workflows/push-test.yml +++ b/.github/workflows/push-test.yml @@ -13,7 +13,7 @@ jobs: uses: actions/checkout@v6 - name: Setup qemu - uses: docker/setup-qemu-action@v3.7.0 + uses: docker/setup-qemu-action@v4.0.0 - name: Setup buildx id: buildx From 14b82f1e37c8cdddba8508c12ca82f6944e365dc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 11:02:03 +0000 Subject: [PATCH 5/6] build(deps): bump docker/login-action from 3.7.0 to 4.0.0 Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3.7.0...v4.0.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 4 ++-- .github/workflows/push-test.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3382488..1459c20 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -34,13 +34,13 @@ jobs: uses: docker/setup-buildx-action@v4 - name: Docker login - uses: docker/login-action@v3.7.0 + uses: docker/login-action@v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Login to GHCR - uses: docker/login-action@v3.7.0 + uses: docker/login-action@v4.0.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/push-test.yml b/.github/workflows/push-test.yml index 876a28d..1fbeb17 100644 --- a/.github/workflows/push-test.yml +++ b/.github/workflows/push-test.yml @@ -20,7 +20,7 @@ jobs: uses: docker/setup-buildx-action@v4 - name: Docker login - uses: docker/login-action@v3.7.0 + uses: docker/login-action@v4.0.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} From 76fff599c06f14f739edf45b143b5cbc736f9249 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Mar 2026 07:31:18 -0500 Subject: [PATCH 6/6] build(deps): bump docker/metadata-action from 5 to 6 (#281) (cherry picked from commit 29cb441931645a1d606829eaf218c2e34a444486) --- .github/workflows/build.yml | 2 +- .github/workflows/push-test.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1459c20..a95aeb1 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,7 +48,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: # NOTE for forks: if your Docker Hub organization doesn't match your Github repo's, # then the use of ${{ github.repository_owner }} will need to be replaced. diff --git a/.github/workflows/push-test.yml b/.github/workflows/push-test.yml index 1fbeb17..612abc5 100644 --- a/.github/workflows/push-test.yml +++ b/.github/workflows/push-test.yml @@ -27,7 +27,7 @@ jobs: - name: Docker meta id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@v6 with: images: itzg/mc-backup