Bump the github-actions group with 4 updates #1524

dependabot · 2025-01-10T20:46:38Z

Bumps the github-actions group with 4 updates: actions/add-to-project, docker/login-action, docker/build-push-action and peter-evans/create-pull-request.

Updates actions/add-to-project from 0.3.0 to 1.0.2

Release notes

Sourced from actions/add-to-project's releases.

v1.0.2

What's Changed

build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @dependabot in actions/add-to-project#583

build(deps-dev): bump @types/node from 16.18.96 to 16.18.101 by @dependabot in actions/add-to-project#588

build(deps-dev): bump ts-jest from 29.1.2 to 29.1.5 by @dependabot in actions/add-to-project#582

build(deps-dev): bump @typescript-eslint/parser from 7.6.0 to 7.14.1 by @dependabot in actions/add-to-project#589

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.6.0 to 7.14.1 by @dependabot in actions/add-to-project#590

build(deps-dev): bump eslint-plugin-jest from 27.9.0 to 28.6.0 by @dependabot in actions/add-to-project#578

Dependabot/npm and yarn/eslint plugin jest 28.6.0 fixes by @talune in actions/add-to-project#591

Full Changelog: actions/add-to-project@v1.0.1...v1.0.2

v1.0.1

Summary

This release includes dependency updates, including security fix to undici.

What's Changed

Dependabot/npm and yarn/undici 5.28.4 fixes by @skw in actions/add-to-project#550

build(deps-dev): bump @typescript-eslint/parser from 7.4.0 to 7.6.0 by @dependabot in actions/add-to-project#546

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.4.0 to 7.6.0 by @dependabot in actions/add-to-project#547

build(deps-dev): bump typescript from 5.4.3 to 5.4.5 by @dependabot in actions/add-to-project#549

build(deps-dev): bump @types/node from 16.18.91 to 16.18.96 by @dependabot in actions/add-to-project#548

build(deps): bump undici from 5.28.3 to 5.28.4 by @dependabot in actions/add-to-project#542

Full Changelog: actions/add-to-project@v1.0.0...v1.0.1

v1.0.0

Summary

This release promotes actions/add-to-projects to a major version 1 and marks the public API stable.

What's Changed

build(deps-dev): bump eslint-plugin-github from 4.10.0 to 4.10.2 by @dependabot in actions/add-to-project#532

build(deps-dev): bump prettier from 3.0.3 to 3.2.5 by @dependabot in actions/add-to-project#531

build(deps-dev): bump @vercel/ncc from 0.38.0 to 0.38.1 by @dependabot in actions/add-to-project#530

build(deps-dev): bump ts-jest from 29.1.1 to 29.1.2 by @dependabot in actions/add-to-project#528

build(deps-dev): bump typescript from 5.4.2 to 5.4.3 by @dependabot in actions/add-to-project#533

build(deps-dev): bump @types/jest from 29.5.7 to 29.5.12 by @dependabot in actions/add-to-project#534

build(deps-dev): bump @typescript-eslint/parser from 6.9.1 to 7.3.1 by @dependabot in actions/add-to-project#529

build(deps-dev): bump @typescript-eslint/eslint-plugin from 7.0.1 to 7.4.0 by @dependabot in actions/add-to-project#536

build(deps-dev): bump @typescript-eslint/parser from 7.3.1 to 7.4.0 by @dependabot in actions/add-to-project#535

Full Changelog: actions/add-to-project@v0.6.1...v1.0.0

v0.6.1

What's Changed

... (truncated)

Commits

244f685 Merge pull request #591 from actions/dependabot/npm_and_yarn/eslint-plugin-je...
2a5ef71 Build and package
8c11461 Update license for json-schema.dep.yml
66f6cff Merge pull request #578 from actions/dependabot/npm_and_yarn/eslint-plugin-je...
ddf5099 Merge pull request #590 from actions/dependabot/npm_and_yarn/typescript-eslin...
da1ae5b build(deps-dev): bump @typescript-eslint/eslint-plugin
ced87c7 Merge pull request #589 from actions/dependabot/npm_and_yarn/typescript-eslin...
c78e6a1 Merge pull request #582 from actions/dependabot/npm_and_yarn/ts-jest-29.1.5
267a19f build(deps-dev): bump @typescript-eslint/parser from 7.6.0 to 7.14.1
e005a86 Merge pull request #588 from actions/dependabot/npm_and_yarn/types/node-16.18...
Additional commits viewable in compare view

Updates docker/login-action from 2 to 3

Release notes

Sourced from docker/login-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/login-action#593

Bump @actions/core from 1.10.0 to 1.10.1 in docker/login-action#598

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.410.0 in docker/login-action#555 docker/login-action#560 docker/login-action#582 docker/login-action#599

Bump semver from 6.3.0 to 6.3.1 in docker/login-action#556

Bump https-proxy-agent to 7.0.2 docker/login-action#561 docker/login-action#588

Full Changelog: docker/login-action@v2.2.0...v3.0.0

v2.2.0

Switch to actions-toolkit implementation by @crazy-max in docker/login-action#409 docker/login-action#470 docker/login-action#476

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.347.1 in docker/login-action#524 docker/login-action#364 docker/login-action#363

Bump minimatch from 3.0.4 to 3.1.2 in docker/login-action#354

Bump json5 from 2.2.0 to 2.2.3 in docker/login-action#378

Bump http-proxy-agent from 5.0.0 to 7.0.0 in docker/login-action#509

Bump https-proxy-agent from 5.0.1 to 7.0.0 in docker/login-action#508

Full Changelog: docker/login-action@v2.1.0...v2.2.0

v2.1.0

Ensure AWS temp credentials are redacted in workflow logs by @crazy-max (#275)

Bump @actions/core from 1.6.0 to 1.10.0 (#252 #292)

Bump @aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)

Bump @aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

Full Changelog: docker/login-action@v2.0.0...v2.1.0

Commits

9780b0c Merge pull request #741 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
2fa130c chore: update generated content
5e87b2a build(deps): bump https-proxy-agent
e039495 Merge pull request #754 from docker/dependabot/npm_and_yarn/docker/actions-to...
9af18aa chore: update generated content
668190a switch to Docker exec
be5150d build(deps): bump @docker/actions-toolkit from 0.24.0 to 0.35.0
e80ebca Merge pull request #730 from docker/dependabot/npm_and_yarn/braces-3.0.3
75ee3ea Merge pull request #733 from docker/dependabot/github_actions/docker/bake-act...
793c19c build(deps): bump docker/bake-action from 4 to 5
Additional commits viewable in compare view

Updates docker/build-push-action from 3 to 6

Release notes

Sourced from docker/build-push-action's releases.

v6.0.0

Export build record and generate build summary by @crazy-max in docker/build-push-action#1120

Bump @docker/actions-toolkit from 0.24.0 to 0.26.0 in docker/build-push-action#1132 docker/build-push-action#1136 docker/build-push-action#1138

Bump braces from 3.0.2 to 3.0.3 in docker/build-push-action#1137

[!NOTE] This major release adds support for generating Build summary and exporting build record for your build. You can disable this feature by setting DOCKER_BUILD_SUMMARY: false environment variable in your workflow.

Full Changelog: docker/build-push-action@v5.4.0...v6.0.0

v5.4.0

Show builder information before building by @crazy-max in docker/build-push-action#1128

Handle attestations correctly with provenance and sbom inputs by @crazy-max in docker/build-push-action#1086

Bump @docker/actions-toolkit from 0.19.0 to 0.24.0 in docker/build-push-action#1088 docker/build-push-action#1105 docker/build-push-action#1121 docker/build-push-action#1127

Bump undici from 5.28.3 to 5.28.4 in docker/build-push-action#1090

Full Changelog: docker/build-push-action@v5.3.0...v5.4.0

v5.3.0

Bump @docker/actions-toolkit from 0.18.0 to 0.19.0 in docker/build-push-action#1080

Full Changelog: docker/build-push-action@v5.2.0...v5.3.0

v5.2.0

Disable quotes detection for outputs input by @crazy-max in docker/build-push-action#1074

Warn about ignored inputs by @favonia in docker/build-push-action#1019

Bump @docker/actions-toolkit from 0.14.0 to 0.18.0 in docker/build-push-action#1070

Bump undici from 5.26.3 to 5.28.3 in docker/build-push-action#1057

Full Changelog: docker/build-push-action@v5.1.0...v5.2.0

v5.1.0

Add annotations input by @crazy-max in docker/build-push-action#992

Add secret-envs input by @elias-lundgren in docker/build-push-action#980

Bump @babel/traverse from 7.17.3 to 7.23.2 in docker/build-push-action#991

Bump @docker/actions-toolkit from 0.13.0-rc.1 to 0.14.0 in docker/build-push-action#990 docker/build-push-action#1006

Full Changelog: docker/build-push-action@v5.0.0...v5.1.0

v5.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/build-push-action#954

Bump @actions/core from 1.10.0 to 1.10.1 in docker/build-push-action#959

Full Changelog: docker/build-push-action@v4.2.1...v5.0.0

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

... (truncated)

Commits

b32b51a Merge pull request #1281 from docker/dependabot/npm_and_yarn/docker/actions-t...
594bf46 Merge pull request #1294 from crazy-max/fix-e2e
fd37bd5 ci(e2e): fix setup docker config
e6478a2 chore: update generated content
78785bd chore(deps): Bump @docker/actions-toolkit from 0.46.0 to 0.49.0
128779f Merge pull request #1283 from crazy-max/named-context-handlebars
7e09459 Merge pull request #1282 from crazy-max/remove-buildkit-5561
32ee877 Revert "init buildkit-5561 workflow"
d1a4129 chore: update generated content
49c623e handlebar defaultContext support for build-contexts input
Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 5 to 7

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.0

✨ Now supports commit signing with bot-generated tokens! See "What's new" below. ✍️🤖

Behaviour changes

Action input git-token has been renamed branch-token, to be more clear about its purpose. The branch-token is the token that the action will use to create and update the branch.

The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried.

The pull-request-operation output now returns none when no operation was executed.

Removed deprecated output environment variable PULL_REQUEST_NUMBER. Please use the pull-request-number action output instead.

What's new

The action can now sign commits as github-actions[bot] when using GITHUB_TOKEN, or your own bot when using GitHub App tokens. See commit signing for details.

Action input draft now accepts a new value always-true. This will set the pull request to draft status when the pull request is updated, as well as on creation.

A new action input maintainer-can-modify indicates whether maintainers can modify the pull request. The default is true, which retains the existing behaviour of the action.

A new output pull-request-commits-verified returns true or false, indicating whether GitHub considers the signature of the branch's commits to be verified.

What's Changed

build(deps-dev): bump @types/node from 18.19.36 to 18.19.39 by @dependabot in peter-evans/create-pull-request#3000

build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by @dependabot in peter-evans/create-pull-request#3008

build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @dependabot in peter-evans/create-pull-request#3018

build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by @dependabot in peter-evans/create-pull-request#3019

build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @dependabot in peter-evans/create-pull-request#3035

build(deps-dev): bump @types/node from 18.19.39 to 18.19.41 by @dependabot in peter-evans/create-pull-request#3037

build(deps): bump undici from 6.19.2 to 6.19.4 by @dependabot in peter-evans/create-pull-request#3036

build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by @dependabot in peter-evans/create-pull-request#3038

build(deps-dev): bump @types/node from 18.19.41 to 18.19.42 by @dependabot in peter-evans/create-pull-request#3070

build(deps): bump undici from 6.19.4 to 6.19.5 by @dependabot in peter-evans/create-pull-request#3086

build(deps-dev): bump @types/node from 18.19.42 to 18.19.43 by @dependabot in peter-evans/create-pull-request#3087

build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by @dependabot in peter-evans/create-pull-request#3088

build(deps): bump undici from 6.19.5 to 6.19.7 by @dependabot in peter-evans/create-pull-request#3145

build(deps-dev): bump @types/node from 18.19.43 to 18.19.44 by @dependabot in peter-evans/create-pull-request#3144

Update distribution by @actions-bot in peter-evans/create-pull-request#3154

build(deps): bump undici from 6.19.7 to 6.19.8 by @dependabot in peter-evans/create-pull-request#3213

build(deps-dev): bump @types/node from 18.19.44 to 18.19.45 by @dependabot in peter-evans/create-pull-request#3214

Update distribution by @actions-bot in peter-evans/create-pull-request#3221

build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1 to 3.6.3 by @dependabot in peter-evans/create-pull-request#3255

build(deps-dev): bump @types/node from 18.19.45 to 18.19.46 by @dependabot in peter-evans/create-pull-request#3254

build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by @dependabot in peter-evans/create-pull-request#3256

v7 - signed commits by @peter-evans in peter-evans/create-pull-request#3057

New Contributors

@rustycl0ck made their first contribution in peter-evans/create-pull-request#3057

Full Changelog: peter-evans/create-pull-request@v6.1.0...v7.0.0

Create Pull Request v6.1.0

✨ Adds pull-request-branch as an action output.

What's Changed

... (truncated)

Commits

67ccf78 fix: preserve unicode in filepaths when commit signing (#3588)
bb88e27 build: update distribution (#3583)
b378ed5 build(deps): bump p-limit from 6.1.0 to 6.2.0 (#3578)
fa9200e build(deps-dev): bump @types/node from 18.19.67 to 18.19.68 (#3570)
16e0059 build(deps-dev): bump prettier from 3.4.1 to 3.4.2 (#3560)
5bffd5a build(deps-dev): bump eslint-import-resolver-typescript (#3559)
a22a0dd build(deps-dev): bump prettier from 3.4.0 to 3.4.1 (#3544)
b27ce37 build(deps-dev): bump @types/node from 18.19.66 to 18.19.67 (#3543)
4e0cc19 build(deps): bump @octokit/plugin-paginate-rest from 11.3.5 to 11.3.6 (#3542)
25b6871 docs: update scopes for push-to-fork
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 4 updates: [actions/add-to-project](https://github.com/actions/add-to-project), [docker/login-action](https://github.com/docker/login-action), [docker/build-push-action](https://github.com/docker/build-push-action) and [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request). Updates `actions/add-to-project` from 0.3.0 to 1.0.2 - [Release notes](https://github.com/actions/add-to-project/releases) - [Commits](actions/add-to-project@v0.3.0...v1.0.2) Updates `docker/login-action` from 2 to 3 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2...v3) Updates `docker/build-push-action` from 3 to 6 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v3...v6) Updates `peter-evans/create-pull-request` from 5 to 7 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@v5...v7) --- updated-dependencies: - dependency-name: actions/add-to-project dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2025-01-10T21:05:57Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 10, 2025

This was referenced Jan 10, 2025

Bump actions/add-to-project from 0.3.0 to 1.0.2 #1518

Closed

Bump docker/build-push-action from 3 to 6 #1520

Closed

FuhuXia approved these changes Jan 10, 2025

View reviewed changes

FuhuXia enabled auto-merge January 10, 2025 20:47

dependabot bot closed this Jan 10, 2025

auto-merge was automatically disabled January 10, 2025 21:05
Pull request was closed

dependabot bot deleted the dependabot/github_actions/github-actions-fba64bc23f branch January 10, 2025 21:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 4 updates #1524

Bump the github-actions group with 4 updates #1524

dependabot bot commented on behalf of github Jan 10, 2025 •

edited

Loading

dependabot bot commented on behalf of github Jan 10, 2025

Bump the github-actions group with 4 updates #1524

Bump the github-actions group with 4 updates #1524

Conversation

dependabot bot commented on behalf of github Jan 10, 2025 • edited Loading

v1.0.2

What's Changed

v1.0.1

Summary

What's Changed

v1.0.0

Summary

What's Changed

v0.6.1

What's Changed

v3.0.0

v2.2.0

v2.1.0

v6.0.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.2.1

Create Pull Request v7.0.0

Behaviour changes

What's new

What's Changed

New Contributors

Create Pull Request v6.1.0

What's Changed

dependabot bot commented on behalf of github Jan 10, 2025

dependabot bot commented on behalf of github Jan 10, 2025 •

edited

Loading