chore(deps): bump the ci-dependencies group across 1 directory with 9 updates by dependabot[bot] · Pull Request #35 · jondmarien/jondmarien.github.io

dependabot · 2026-04-20T06:46:48Z

Bumps the ci-dependencies group with 9 updates in the / directory:

Package	From	To
actions/upload-pages-artifact	`4`	`5`
actions/deploy-pages	`4`	`5`
rlespinasse/github-slug-action	`5.4.0`	`5.6.0`
docker/setup-qemu-action	`3`	`4`
docker/setup-buildx-action	`3`	`4`
sigstore/cosign-installer	`4.0.0`	`4.1.1`
docker/login-action	`3`	`4`
docker/metadata-action	`5`	`6`
docker/build-push-action	`6`	`7`

Updates actions/upload-pages-artifact from 4 to 5

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

Update upload-artifact action to version 7 @Tom-van-Woudenberg (#139)

feat: add include-hidden-files input @jonchurch (#137)

See details of all code changes since previous release.

Commits

fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
fe9d4b7 Merge branch 'main' into patch-1
0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
57f0e84 Update action.yml
4a90348 v7 --> hash
56f665a Update upload-artifact action to version 7
f7615f5 Add include-hidden-files input
See full diff in compare view

Updates actions/deploy-pages from 4 to 5

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

Update Node.js version to 24.x @salmanmkc (#404)

Add workflow file for publishing releases to immutable action package @Jcambass (#374)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @dependabot (#360)

Make the rebuild dist workflow work nicer with Dependabot @yoannchaudet (#361)

Bump the non-breaking-changes group across 1 directory with 3 updates @dependabot (#358)

Delete repeated sentence @garethsb (#359)

Update README.md @tsusdere (#348)

Bump the non-breaking-changes group with 4 updates @dependabot (#341)

Remove error message for file permissions @TooManyBees (#340)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.5

Changelog

On API error, the error message will surface the API request ID @TooManyBees (#324)

Bump the non-breaking-changes group with 2 updates @dependabot (#318)

Bump the non-breaking-changes group with 1 update @dependabot (#316)

Bump the non-breaking-changes group with 3 updates @dependabot (#314)

Bump release-drafter/release-drafter from 5.25.0 to 6.0.0 @dependabot (#311)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.4

Changelog

Update api-client.js @lmammino (#295)

fix typo: compatibilty -> compatibility @SimonSiefke (#298)

Bump @actions/artifact from 2.0.1 to 2.1.1 @dependabot (#310)

Update Dependabot config to group non-breaking changes @JamesMGreene (#307)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v4.0.3

Changelog

... (truncated)

Commits

cd2ce8f Merge pull request #404 from salmanmkc/node24
bbe2a95 Update Node.js version to 24.x
854d7aa Merge pull request #374 from actions/Jcambass-patch-1
306bb81 Add workflow file for publishing releases to immutable action package
b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
7273294 Bump braces in the npm_and_yarn group across 1 directory
963791f Merge pull request #361 from actions/dependabot-friendly
51bb29d Make the rebuild dist workflow safer for Dependabot
89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
Additional commits viewable in compare view

Updates rlespinasse/github-slug-action from 5.4.0 to 5.6.0

Release notes

Sourced from rlespinasse/github-slug-action's releases.

v5.6.0

5.6.0 (2026-04-13)

Features

bump actions/github-script from 8 to 9 (#178) (e6f2616)

v5.5.0

5.5.0 (2026-02-04)

Features

Pin sub-actions to full commit SHAs (#175) (9e7def6)

Commits

e6f2616 feat: bump actions/github-script from 8 to 9 (#178)
ef035f6 docs: Reorganize documentation with new reference and explanation sections (#...
9e7def6 feat: Pin sub-actions to full commit SHAs (#175)
e8d2331 Pin sub-actions to full commit SHAs (#175)
See full diff in compare view

Updates docker/setup-qemu-action from 3 to 4

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

v3.7.0

Bump @docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218

Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221

Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

v3.6.0

Display binfmt version by @crazy-max in docker/setup-qemu-action#202

Full Changelog: docker/setup-qemu-action@v3.5.0...v3.6.0

v3.5.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-qemu-action#205

Full Changelog: docker/setup-qemu-action@v3.4.0...v3.5.0

v3.4.0

Bump @docker/actions-toolkit from 0.49.0 to 0.54.0 in docker/setup-qemu-action#193 docker/setup-qemu-action#197

Full Changelog: docker/setup-qemu-action@v3.3.0...v3.4.0

v3.3.0

Add cache-image input to enable/disable caching of binfmt image by @crazy-max in docker/setup-qemu-action#130

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-qemu-action#172

Bump @docker/actions-toolkit from 0.35.0 to 0.49.0 in docker/setup-qemu-action#187

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-qemu-action#182

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/setup-qemu-action#162

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

v3.2.0

Bump @docker/actions-toolkit from 0.31.0 to 0.35.0 in docker/setup-qemu-action#154 docker/setup-qemu-action#155

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

v3.1.0

... (truncated)

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Deprecate install input by @crazy-max in docker/setup-buildx-action#455

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436

Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432

Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Fix keep-state not being respected by @crazy-max in docker/setup-buildx-action#429

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Keep BuildKit state support by @crazy-max in docker/setup-buildx-action#427

Remove aliases created when installing by default by @hashhar in docker/setup-buildx-action#139

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/setup-buildx-action#422 docker/setup-buildx-action#425

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Bump @docker/actions-toolkit from 0.54.0 to 0.56.0 in docker/setup-buildx-action#408

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Bump @docker/actions-toolkit from 0.48.0 to 0.54.0 in docker/setup-buildx-action#402 docker/setup-buildx-action#404

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Make cloud prefix optional to download buildx if driver is cloud by @crazy-max in docker/setup-buildx-action#390

Bump @actions/core from 1.10.1 to 1.11.1 in docker/setup-buildx-action#370

Bump @docker/actions-toolkit from 0.39.0 to 0.48.0 in docker/setup-buildx-action#389

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/setup-buildx-action#382

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates sigstore/cosign-installer from 4.0.0 to 4.1.1

Release notes

Sourced from sigstore/cosign-installer's releases.

v4.1.1

What's Changed

chore: update default cosign-release to v3.0.5 in sigstore/cosign-installer#223

Full Changelog: sigstore/cosign-installer@v4.1.0...v4.1.1

v4.1.0

What's Changed

We recommend updating as soon as possible as this includes bug fixes for Cosign. We also recommend removing with: cosign-release and strongly discourage using cosign-release unless you have a specific reason to use an older version of Cosign.

Bump cosign to 3.0.5 in sigstore/cosign-installer#220

fix: add retry to curl downloads for transient network failures in sigstore/cosign-installer#210

Full Changelog: sigstore/cosign-installer@v4.0.0...v4.1.0

Commits

cad07c2 chore: update default cosign-release to v3.0.5 (#223)
ba7bc0a fix: add retry to curl downloads for transient network failures (#210)
5a292e1 Bump cosign to 3.0.5 (#220)
351ea76 Bump actions/checkout from 6.0.1 to 6.0.2 (#217)
c17565f test with go 1.26 too (#221)
a6fdd19 Bump actions/setup-go from 6.1.0 to 6.3.0 (#218)
430b6a7 docs: fix registry from gcr.io to ghcr.io (#213)
4d14d7f feat: update to v3.0.3 (#212)
f148005 fix: use env vars for template expansions; show curl errors (#207)
c3f2d79 Bump actions/checkout from 6.0.0 to 6.0.1 (#208)
Additional commits viewable in compare view

Updates docker/login-action from 3 to 4

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Add scope input to set scopes for the authentication token by @crazy-max in docker/login-action#912

Add support for AWS European Sovereign Cloud ECR by @dphi in docker/login-action#914

Ensure passwords are redacted with registry-auth input by @crazy-max in docker/login-action#911

build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Add registry-auth input for raw authentication to registries by @crazy-max in docker/login-action#887

Bump @aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890

Bump @docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880

Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879

Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Support dual-stack endpoints for AWS ECR by @Spacefish @crazy-max in docker/login-action#874 docker/login-action#876

Bump @aws-sdk/client-ecr to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @aws-sdk/client-ecr-public to 3.859.0 in docker/login-action#860 docker/login-action#878

Bump @docker/actions-toolkit from 0.57.0 to 0.62.1 in docker/login-action#870

Bump form-data from 2.5.1 to 2.5.5 in docker/login-action#875

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Bump @actions/core from 1.10.1 to 1.11.1 in docker/login-action#791

Bump @aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856

Bump @aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856

Bump @docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858

Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814

Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823

Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: docker/login-action@v3.3.0...v3.4.0

... (truncated)

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates docker/metadata-action from 5 to 6

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/metadata-action#605

List inputs now preserve # inside values while still supporting full-line # comments by @crazy-max in docker/metadata-action#607

Switch to ESM and update config/test wiring by @crazy-max in docker/metadata-action#602

Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588

Bump @actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599

Bump @actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597

Bump @docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600

Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

v5.10.0

Bump @docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569

Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

Add tag-names output to return tag names without image base name by @crazy-max in docker/metadata-action#553

Bump @babel/runtime-corejs3 from 7.14.7 to 7.28.2 in docker/metadata-action#539

Bump @docker/actions-toolkit from 0.62.1 to 0.66.0 in docker/metadata-action#555

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/metadata-action#540

Bump csv-parse from 5.6.0 to 6.1.0 in docker/metadata-action#532

Bump semver from 7.7.2 to 7.7.3 in in docker/metadata-action#554

Bump tmp from 0.2.3 to 0.2.5 in docker/metadata-action#541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

New is_not_default_branch global expression by @crazy-max in docker/metadata-action#535

Allow to match part of the git tag or value for semver/pep440 types by @crazy-max in docker/metadata-action#536 docker/metadata-action#537

Bump @actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523

Bump @docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526

Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533

Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525

Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

v5.7.0

Global expressions support for labels and annotations by @crazy-max in docker/metadata-action#489

Support disabling outputs as environment variables by @omus in docker/metadata-action#497

Bump @docker/actions-toolkit from 0.44.0 to 0.56.0 in docker/metadata-action#507 docker/metadata-action#509

Bump csv-parse from 5.5.6 to 5.6.0 in docker/metadata-action#482

Bump moment-timezone from 0.5.46 to 0.5.47 in docker/metadata-action#501

Bump semver from 7.6.3 to 7.7.1 in docker/metadata-action#504

Full Changelog: docker/metadata-action@v5.6.1...v5.7.0

... (truncated)

Commits

030e881 Merge pull request #607 from crazy-max/allow-comments
4b529ac chore: update generated content
b0082b3 preserve comments in list input values with commentNoInfix
7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
281c9b0 chore: update generated content
5f43b3b test: stabilize github mock setup since ESM
9d53276 github class moved since actions-toolkit v0.77.0
eaa3d39 chore(deps): Bump @docker/actions-toolkit from 0.68.0 to 0.77.0
6b695f7 Merge pull request #605 from crazy-max/node24
a1afadc node 24 as default runtime
Additional commits viewable in compare view

Updates docker/build-push-action from 6 to 7

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

Bump @docker/actions-toolkit from 0.61.0 to 0.62.1 in docker/build-push-action#1381

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

Bump @docker/actions-toolkit from 0.59.0 to 0.61.0 by @crazy-max in docker/build-push-action#1364

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

Handle no default attestations env var by @crazy-max in docker/build-push-action#1343

... (truncated)

Commits

bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
46580d2 chore: update generated content
3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
2d8f2a1 chore: update generated content
919ac7b fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
`@dependabot ...

Description has been truncated

… updates Bumps the ci-dependencies group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4` | `5` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4` | `5` | | [rlespinasse/github-slug-action](https://github.com/rlespinasse/github-slug-action) | `5.4.0` | `5.6.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` | | [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `4.0.0` | `4.1.1` | | [docker/login-action](https://github.com/docker/login-action) | `3` | `4` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5` | `6` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` | Updates `actions/upload-pages-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@v4...v5) Updates `actions/deploy-pages` from 4 to 5 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@v4...v5) Updates `rlespinasse/github-slug-action` from 5.4.0 to 5.6.0 - [Release notes](https://github.com/rlespinasse/github-slug-action/releases) - [Commits](rlespinasse/github-slug-action@v5.4.0...v5.6.0) Updates `docker/setup-qemu-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) Updates `docker/setup-buildx-action` from 3 to 4 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) Updates `sigstore/cosign-installer` from 4.0.0 to 4.1.1 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v4.0.0...v4.1.1) Updates `docker/login-action` from 3 to 4 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) Updates `docker/metadata-action` from 5 to 6 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5...v6) Updates `docker/build-push-action` from 6 to 7 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6...v7) --- updated-dependencies: - dependency-name: actions/upload-pages-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: actions/deploy-pages dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: rlespinasse/github-slug-action dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: sigstore/cosign-installer dependency-version: 4.1.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: ci-dependencies - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 20, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the ci-dependencies group across 1 directory with 9 updates#35

chore(deps): bump the ci-dependencies group across 1 directory with 9 updates#35
dependabot[bot] wants to merge 1 commit into
v4from
dependabot/github_actions/ci-dependencies-9f154dac9d

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Apr 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v5.0.0

Changelog

v5.0.0

Changelog

v4.0.5

Changelog

v4.0.4

Changelog

v4.0.3

Changelog

v5.6.0

5.6.0 (2026-04-13)

Features

v5.5.0

5.5.0 (2026-02-04)

Features

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v4.0.0

v3.12.0

v3.11.1

v3.11.0

v3.10.0

v3.9.0

v3.8.0

v4.1.1

What's Changed

v4.1.0

What's Changed

v4.0.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v6.0.0

v5.10.0

v5.9.0

v5.8.0

v5.7.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0

v6.18.0

v6.17.0

v6.16.0

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github Apr 20, 2026 •

edited

Loading