Skip to content

chore(deps): bump the minor-and-patch group with 6 updates#13934

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/minor-and-patch-75df80afc3
Open

chore(deps): bump the minor-and-patch group with 6 updates#13934
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/minor-and-patch-75df80afc3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps the minor-and-patch group with 6 updates:

Package From To
actions/setup-go 6.4.0 6.5.0
docker/login-action 4.2.0 4.4.0
docker/metadata-action 6.1.0 6.2.0
docker/build-push-action 7.2.0 7.3.0
actionhippie/calens 1.14.0 1.14.1
dorny/paths-filter 4.0.1 4.0.2

Updates actions/setup-go from 6.4.0 to 6.5.0

Release notes

Sourced from actions/setup-go's releases.

v6.5.0

What's Changed

Dependency update

New Contributors

Full Changelog: actions/setup-go@v6...v6.5.0

Commits

Updates docker/login-action from 4.2.0 to 4.4.0

Release notes

Sourced from docker/login-action's releases.

v4.4.0

Full Changelog: docker/login-action@v4.3.0...v4.4.0

v4.3.0

Full Changelog: docker/login-action@v4.2.0...v4.3.0

Commits
  • af1e73f Merge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...
  • da722bd [dependabot skip] chore: update generated content
  • 2916ad6 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • ca0a662 Merge pull request #1035 from crazy-max/fix-registry-auth-empty-mask
  • c455755 chore: update generated content
  • 4835190 skip empty registry-auth secret mask
  • 992421c Merge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...
  • b249b43 Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...
  • 1b67977 build(deps): bump docker/bake-action from 7.2.0 to 7.3.0
  • 9d49d6a build(deps): bump docker/bake-action/subaction/matrix
  • Additional commits viewable in compare view

Updates docker/metadata-action from 6.1.0 to 6.2.0

Release notes

Sourced from docker/metadata-action's releases.

v6.2.0

Full Changelog: docker/metadata-action@v6.1.0...v6.2.0

Commits
  • dc80280 Merge pull request #696 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 2b9fe83 [dependabot skip] chore: update generated content
  • 8128ce3 chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 1d1c895 Merge pull request #695 from docker/dependabot/npm_and_yarn/semver-7.8.5
  • 7f0c2dd Merge pull request #694 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 025f8c5 [dependabot skip] chore: update generated content
  • e98d63c chore(deps): Bump semver from 7.8.1 to 7.8.5
  • 37d9379 chore(deps): Bump sigstore from 4.1.0 to 4.1.1
  • a1b8072 Merge pull request #690 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
  • e0e3381 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Updates docker/build-push-action from 7.2.0 to 7.3.0

Release notes

Sourced from docker/build-push-action's releases.

v7.3.0

Full Changelog: docker/build-push-action@v7.2.0...v7.3.0

Commits
  • 53b7df9 Merge pull request #1572 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 154298c [dependabot skip] chore: update generated content
  • cb1238b chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 24f845d Merge pull request #1566 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
  • 9c69730 [dependabot skip] chore: update generated content
  • bc3a3a5 Merge pull request #1574 from docker/dependabot/github_actions/aws-actions/co...
  • a82c504 chore(deps): Bump js-yaml from 4.1.1 to 4.3.0
  • 0285a75 Merge pull request #1573 from docker/dependabot/github_actions/actions/cache-...
  • c6ad2a3 Merge pull request #1575 from docker/dependabot/github_actions/actions/checko...
  • d37484f Merge pull request #1564 from docker/dependabot/npm_and_yarn/undici-6.27.0
  • Additional commits viewable in compare view

Updates actionhippie/calens from 1.14.0 to 1.14.1

Release notes

Sourced from actionhippie/calens's releases.

v1.14.1

1.14.1 (2026-06-22)

Dependencies

Miscellaneous

  • flake: updated lockfile [skip ci] (8889621)
Changelog

Sourced from actionhippie/calens's changelog.

Changelog

1.14.1 (2026-06-22)

Dependencies

Miscellaneous

  • flake: updated lockfile [skip ci] (8889621)

1.14.0 (2026-06-15)

Dependencies

  • minor: update alpine docker tag to v3.24 (#89) (d206715)
  • patch: update docker digests (462dde5)
  • patch: update docker digests (19e3336)
  • patch: update docker digests (#92) (22b21b2)

Miscellaneous

  • flake: updated lockfile [skip ci] (f2f222c)

1.13.5 (2026-06-08)

Dependencies

  • patch: update docker digests (40077f1)

Miscellaneous

  • flake: updated lockfile [skip ci] (4c49113)
  • flake: updated lockfile [skip ci] (2b682d1)
  • flake: updated lockfile [skip ci] (76b438f)
  • flake: updated lockfile [skip ci] (1be88b8)

1.13.4 (2026-05-11)

Dependencies

  • patch: update golang:1.26-alpine docker digest to 91eda97 (#87) (4d39cd7)

Miscellaneous

  • flake: updated lockfile [skip ci] (980b19c)

... (truncated)

Commits

Updates dorny/paths-filter from 4.0.1 to 4.0.2

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.2

What's Changed

New Contributors

Full Changelog: dorny/paths-filter@v4.0.1...v4.0.2

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.2

v4.0.1

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.11.1

v2.11.0

v2.10.2

v2.10.1

v2.10.0

v2.9.3

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the minor-and-patch group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.4.0` | `6.5.0` |
| [docker/login-action](https://github.com/docker/login-action) | `4.2.0` | `4.4.0` |
| [docker/metadata-action](https://github.com/docker/metadata-action) | `6.1.0` | `6.2.0` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `7.2.0` | `7.3.0` |
| [actionhippie/calens](https://github.com/actionhippie/calens) | `1.14.0` | `1.14.1` |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `4.0.1` | `4.0.2` |


Updates `actions/setup-go` from 6.4.0 to 6.5.0
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@4a36011...924ae3a)

Updates `docker/login-action` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@650006c...af1e73f)

Updates `docker/metadata-action` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@80c7e94...dc80280)

Updates `docker/build-push-action` from 7.2.0 to 7.3.0
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@f9f3042...53b7df9)

Updates `actionhippie/calens` from 1.14.0 to 1.14.1
- [Release notes](https://github.com/actionhippie/calens/releases)
- [Changelog](https://github.com/actionhippie/calens/blob/master/CHANGELOG.md)
- [Commits](actionhippie/calens@e917050...6c54a62)

Updates `dorny/paths-filter` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@fbd0ab8...7b450ff)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: 6.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: docker/metadata-action
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: docker/build-push-action
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: actionhippie/calens
  dependency-version: 1.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: dorny/paths-filter
  dependency-version: 4.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 5, 2026
@update-docs

update-docs Bot commented Jul 5, 2026

Copy link
Copy Markdown

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

@kw-security

kw-security commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@sonarqubecloud

sonarqubecloud Bot commented Jul 5, 2026

Copy link
Copy Markdown

@dj4oC dj4oC left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumps 6 SHA-pinned GitHub Actions to their latest patch/minor releases: actions/setup-go, docker/login-action, docker/metadata-action, docker/build-push-action, actionhippie/calens, dorny/paths-filter.

Findings

  • Security: All actions remain pinned by full commit SHA, not floating tags — no supply-chain exposure introduced. No npm manifest changes (Snyk reports "no manifest changes"); CLA passed.
  • Stability: No application code touched; all are patch/minor bumps of already-adopted actions with no breaking-change signals to their inputs/outputs.
  • Performance: N/A — CI-only change, no runtime bundle impact.
  • Coverage: N/A — no user-visible behavior change.

Nothing blocking.

Verdict

Approved.

🤖 Automated review by Claude Code (security · stability · performance · coverage)


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants