chore: bump the production-dependencies group with 7 updates #141

dependabot · 2025-10-14T20:53:47Z

Bumps the production-dependencies group with 7 updates:

Package	From	To
actions/checkout	`3`	`5`
actions/setup-python	`4`	`6`
docker/setup-qemu-action	`2`	`3`
docker/setup-buildx-action	`2`	`3`
docker/metadata-action	`4`	`5`
docker/login-action	`2`	`3`
docker/build-push-action	`3`	`6`

Updates actions/checkout from 3 to 5

Release notes

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

Prepare release v4.3.0 by @salmanmkc in actions/checkout#2237

New Contributors

@motss made their first contribution in actions/checkout#1971

@mouismail made their first contribution in actions/checkout#1977

@benwells made their first contribution in actions/checkout#2043

@nebuk89 made their first contribution in actions/checkout#2194

@salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

What's Changed

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

Full Changelog: actions/checkout@v4.2.1...v4.2.2

v4.2.1

What's Changed

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

New Contributors

@Jcambass made their first contribution in actions/checkout#1919

Full Changelog: actions/checkout@v4.2.0...v4.2.1

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

V4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

Pin actions/checkout's own workflows to a known, good, stable version. by @jww3 in actions/checkout#1776

v4.1.6

Check platform to set archive extension appropriately by @cory-miller in actions/checkout#1732

v4.1.5

Update NPM dependencies by @cory-miller in actions/checkout#1703

Bump github/codeql-action from 2 to 3 by @dependabot in actions/checkout#1694

Bump actions/setup-node from 1 to 4 by @dependabot in actions/checkout#1696

Bump actions/upload-artifact from 2 to 4 by @dependabot in actions/checkout#1695

README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @cory-miller in actions/checkout#1707

v4.1.4

Disable extensions.worktreeConfig when disabling sparse-checkout by @jww3 in actions/checkout#1692

Add dependabot config by @cory-miller in actions/checkout#1688

Bump the minor-actions-dependencies group with 2 updates by @dependabot in actions/checkout#1693

Bump word-wrap from 1.2.3 to 1.2.5 by @dependabot in actions/checkout#1643

v4.1.3

... (truncated)

Commits

08c6903 Prepare v5.0.0 release (#2238)
9f26565 Update actions checkout to use node 24 (#2226)
08eba0b Prepare release v4.3.0 (#2237)
631c7dc Update package dependencies (#2236)
8edcb1b Update CODEOWNERS for actions (#2224)
09d2aca Update README.md (#2194)
85e6279 Adjust positioning of user email note and permissions heading (#2044)
009b9ae Documentation update - add recommended permissions to Readme (#2043)
cbb7224 Update README.md (#1977)
3b9b8c8 docs: update README.md (#1971)
Additional commits viewable in compare view

Updates actions/setup-python from 4 to 6

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

New Contributors

@krystof-k made their first contribution in actions/setup-python#787

@cdce8p made their first contribution in actions/setup-python#1110

@aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Workflow updates related to Ubuntu 20.04 by @aparnajyothi-y in actions/setup-python#1065

Fix for Candidate Not Iterable Error by @aparnajyothi-y in actions/setup-python#1082

Upgrade semver and @types/semver by @dependabot in actions/setup-python#1091

Upgrade prettier from 2.8.8 to 3.5.3 by @dependabot in actions/setup-python#1046

Upgrade ts-jest from 29.1.2 to 29.3.2 by @dependabot in actions/setup-python#1081

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Support free threaded Python versions like '3.13t' by @colesbury in actions/setup-python#973

Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @action/cache from 4.0.0 to 4.0.3 by @priya-kinthali in actions/setup-python#1056

Add support for .tool-versions file in setup-python by @mahabaleshwars in actions/setup-python#1043

Bug fixes:

Fix architecture for pypy on Linux ARM64 by @mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

Commits

e797f83 Upgrade to node 24 (#1164)
3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
5b668cf Bump actions/checkout from 4 to 5 (#1181)
f62a0e2 Change missing cache directory error to warning (#1182)
9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
36da51d Add version parsing from Pipfile (#1067)
3c6f142 update documentation (#1156)
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 2 to 3

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/setup-qemu-action#102

Bump @actions/core from 1.10.0 to 1.10.1 in docker/setup-qemu-action#103

Bump semver from 6.3.0 to 6.3.1 in docker/setup-qemu-action#89

Full Changelog: docker/setup-qemu-action@v2.2.0...v3.0.0

v2.2.0

Trim off spaces in platforms input by @Chocobo1 in docker/setup-qemu-action#64

Switch to actions-toolkit implementation by @crazy-max in docker/setup-qemu-action#70 docker/setup-qemu-action#80 docker/setup-qemu-action#83

Full Changelog: docker/setup-qemu-action@v2.1.0...v2.2.0

v2.1.0

Use context for inputs by @crazy-max (#62)

Use built-in getExecOutput by @crazy-max (#61)

Remove workaround for setOutput by @crazy-max (#63)

Bump @actions/core from 1.6.0 to 1.10.0 (#54 #58 #59)

Full Changelog: docker/setup-qemu-action@v2.0.0...v2.1.0

Commits

2910929 Merge pull request #202 from crazy-max/binfmt-version
7ffe24a chore: update generated content
17bc18b display binfmt version
5964de0 Merge pull request #205 from docker/dependabot/npm_and_yarn/docker/actions-to...
862b663 chore: update generated content
138de3b build(deps): bump @docker/actions-toolkit from 0.54.0 to 0.56.0
4574d27 Merge pull request #195 from radarhere/patch-1
7a38281 Merge pull request #197 from docker/dependabot/npm_and_yarn/docker/actions-to...
7a1c63f build(deps): bump @docker/actions-toolkit from 0.53.0 to 0.54.0
2825a12 Fixed typo
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 2 to 3

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/setup-buildx-action#264

Bump @actions/core from 1.10.0 to 1.10.1 in docker/setup-buildx-action#267

Full Changelog: docker/setup-buildx-action@v2.10.0...v3.0.0

v2.10.0

Bump @docker/actions-toolkit from 0.7.1 to 0.10.0 by @crazy-max in docker/setup-buildx-action#258

Bump word-wrap from 1.2.3 to 1.2.5 in docker/setup-buildx-action#253

Full Changelog: docker/setup-buildx-action@v2.9.1...v2.10.0

v2.9.1

Bump @docker/actions-toolkit from 0.7.0 to 0.7.1 in docker/setup-buildx-action#248

Fixes an issue where building Buildx does not match the local platform (docker/actions-toolkit#135)

Full Changelog: docker/setup-buildx-action@v2.9.0...v2.9.1

v2.9.0

Bump @docker/actions-toolkit from 0.6.0 to 0.7.0 in docker/setup-buildx-action#246

Adds support to cache Buildx binary to hosted tool cache and GHA cache backend

Full Changelog: docker/setup-buildx-action@v2.8.0...v2.9.0

v2.8.0

Only set specific flags for drivers supporting them by @nicks in docker/setup-buildx-action#241

Bump @docker/actions-toolkit from 0.5.0 to 0.6.0 in docker/setup-buildx-action#242

Full Changelog: docker/setup-buildx-action@v2.7.0...v2.8.0

v2.7.0

Bump @docker/actions-toolkit from 0.3.0 to 0.5.0 in docker/setup-buildx-action#237 docker/setup-buildx-action#238

Full Changelog: docker/setup-buildx-action@v2.6.0...v2.7.0

v2.6.0

Set node name for k8s driver when appending nodes by @crazy-max in docker/setup-buildx-action#219

Bump @docker/actions-toolkit from 0.1.0-beta.18 to 0.3.0 in docker/setup-buildx-action#220 docker/setup-buildx-action#229 docker/setup-buildx-action#231 docker/setup-buildx-action#236

Full Changelog: docker/setup-buildx-action@v2.5.0...v2.6.0

v2.5.0

cleanup input to remove builder and temp files by @crazy-max in docker/setup-buildx-action#213

do not remove builder using the docker driver by @crazy-max in docker/setup-buildx-action#218

fix current context as builder name for docker driver by @crazy-max in docker/setup-buildx-action#209

Full Changelog: docker/setup-buildx-action@v2.4.1...v2.5.0

v2.4.1

Get releases from actions toolkit by @crazy-max (#200)

... (truncated)

Commits

e468171 Merge pull request #429 from crazy-max/fix-keep-state
a3e7502 chore: update generated content
b145473 fix keep-state not being respected
18ce135 Merge pull request #425 from docker/dependabot/npm_and_yarn/docker/actions-to...
0e198e9 chore: update generated content
05f3f3a build(deps): bump @docker/actions-toolkit from 0.61.0 to 0.62.1
6229134 Merge pull request #427 from crazy-max/keep-state
c6f6a07 chore: update generated content
6c5e29d skip builder creation if one already exists with the same name
548b297 ci: keep-state check
Additional commits viewable in compare view

Updates docker/metadata-action from 4 to 5

Release notes

Sourced from docker/metadata-action's releases.

v5.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/metadata-action#328

Bump @actions/core from 1.10.0 to 1.10.1 in docker/metadata-action#333

Bump csv-parse from 5.4.0 to 5.5.0 in docker/metadata-action#320

Bump semver from 7.5.1 to 7.5.2 in docker/metadata-action#304

Bump handlebars from 4.7.7 to 4.7.8 in docker/metadata-action#315

Full Changelog: docker/metadata-action@v4.6.0...v5.0.0

v4.6.0

Dedup and sort labels by @crazy-max in docker/metadata-action#301

Bump @docker/actions-toolkit from 0.3.0 to 0.5.0 in docker/metadata-action#302

Full Changelog: docker/metadata-action@v4.5.0...v4.6.0

v4.5.0

Bump @docker/actions-toolkit from 0.1.0 to 0.3.0 in docker/metadata-action#296

Bump csv-parse from 5.3.8 to 5.4.0 in docker/metadata-action#294

Full Changelog: docker/metadata-action@v4.4.0...v4.5.0

v4.4.0

Add context input to define the metadata provider by @neilime in docker/metadata-action#248

Switch to actions-toolkit implementation by @crazy-max in docker/metadata-action#266 docker/metadata-action#273 docker/metadata-action#284

Bump csv-parse from 5.3.3 to 5.3.8 in docker/metadata-action#271 docker/metadata-action#286

Bump moment-timezone from 0.5.40 to 0.5.43 in docker/metadata-action#268 docker/metadata-action#278 docker/metadata-action#281

Bump semver from 7.4.0 to 7.5.0 in docker/metadata-action#285

Full Changelog: docker/metadata-action@v4.3.0...v4.4.0

v4.3.0

Provide outputs as env vars by @crazy-max (#257)

Full Changelog: docker/metadata-action@v4.2.0...v4.3.0

v4.2.0

Add tz attribute to handlebar date function by @chroju (#251)

Bump minimatch from 3.0.4 to 3.1.2 (#242)

Bump csv-parse from 5.3.1 to 5.3.3 (#245)

Bump json5 from 2.2.0 to 2.2.3 (#252)

Full Changelog: docker/metadata-action@v4.1.1...v4.2.0

v4.1.1

Revert changes to set associated head sha on pull request event by @crazy-max (#239)

User can still set associated head sha on PR by setting the env var DOCKER_METADATA_PR_HEAD_SHA=true

Bump csv-parse from 5.3.0 to 5.3.1 (#237)

Full Changelog: docker/metadata-action@v4.1.0...v4.1.1

... (truncated)

Commits

c1e5197 Merge pull request #537 from crazy-max/pep440-match
89dd65a chore: update generated content
699ee45 allow to match part of the git tag or value for pep440 type
e0542a6 Merge pull request #536 from crazy-max/semver-match
b7facdf chore: update generated content
81c60df allow to match part of the git tag or value for semver type
de11195 Merge pull request #535 from crazy-max/not_def_branch
2f9c64b Merge pull request #533 from docker/dependabot/npm_and_yarn/form-data-2.5.5
510f746 chore: update generated content
2bc3f4e is_not_default_branch global expression
Additional commits viewable in compare view

Updates docker/login-action from 2 to 3

Release notes

Sourced from docker/login-action's releases.

v3.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/login-action#593

Bump @actions/core from 1.10.0 to 1.10.1 in docker/login-action#598

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.410.0 in docker/login-action#555 docker/login-action#560 docker/login-action#582 docker/login-action#599

Bump semver from 6.3.0 to 6.3.1 in docker/login-action#556

Bump https-proxy-agent to 7.0.2 docker/login-action#561 docker/login-action#588

Full Changelog: docker/login-action@v2.2.0...v3.0.0

v2.2.0

Switch to actions-toolkit implementation by @crazy-max in docker/login-action#409 docker/login-action#470 docker/login-action#476

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.347.1 in docker/login-action#524 docker/login-action#364 docker/login-action#363

Bump minimatch from 3.0.4 to 3.1.2 in docker/login-action#354

Bump json5 from 2.2.0 to 2.2.3 in docker/login-action#378

Bump http-proxy-agent from 5.0.0 to 7.0.0 in docker/login-action#509

Bump https-proxy-agent from 5.0.1 to 7.0.0 in docker/login-action#508

Full Changelog: docker/login-action@v2.1.0...v2.2.0

v2.1.0

Ensure AWS temp credentials are redacted in workflow logs by @crazy-max (#275)

Bump @actions/core from 1.6.0 to 1.10.0 (#252 #292)

Bump @aws-sdk/client-ecr from 3.53.0 to 3.186.0 (#298)

Bump @aws-sdk/client-ecr-public from 3.53.0 to 3.186.0 (#299)

Full Changelog: docker/login-action@v2.0.0...v2.1.0

Commits

5e57cd1 Merge pull request #890 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
97e3143 chore: update generated content
3a0796b build(deps): bump the aws-sdk-dependencies group with 2 updates
5b7b28b Merge pull request #882 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
abc9fb3 chore: update generated content
d468688 build(deps): bump the aws-sdk-dependencies group with 2 updates
a99b2f8 Merge pull request #883 from docker/dependabot/npm_and_yarn/docker/actions-to...
0d7fae8 chore: update generated content
9832253 build(deps): bump @docker/actions-toolkit from 0.62.1 to 0.63.0
09e05bb Merge pull request #881 from docker/dependabot/npm_and_yarn/tmp-0.2.4
Additional commits viewable in compare view

Updates docker/build-push-action from 3 to 6

Release notes

Sourced from docker/build-push-action's releases.

v6.0.0

Export build record and generate build summary by @crazy-max in docker/build-push-action#1120

Bump @docker/actions-toolkit from 0.24.0 to 0.26.0 in docker/build-push-action#1132 docker/build-push-action#1136 docker/build-push-action#1138

Bump braces from 3.0.2 to 3.0.3 in docker/build-push-action#1137

[!NOTE] This major release adds support for generating Build summary and exporting build record for your build. You can disable this feature by setting DOCKER_BUILD_SUMMARY: false environment variable in your workflow.

Full Changelog: docker/build-push-action@v5.4.0...v6.0.0

v5.4.0

Show builder information before building by @crazy-max in docker/build-push-action#1128

Handle attestations correctly with provenance and sbom inputs by @crazy-max in docker/build-push-action#1086

Bump @docker/actions-toolkit from 0.19.0 to 0.24.0 in docker/build-push-action#1088 docker/build-push-action#1105 docker/build-push-action#1121 docker/build-push-action#1127

Bump undici from 5.28.3 to 5.28.4 in docker/build-push-action#1090

Full Changelog: docker/build-push-action@v5.3.0...v5.4.0

v5.3.0

Bump @docker/actions-toolkit from 0.18.0 to 0.19.0 in docker/build-push-action#1080

Full Changelog: docker/build-push-action@v5.2.0...v5.3.0

v5.2.0

Disable quotes detection for outputs input by @crazy-max in docker/build-push-action#1074

Warn about ignored inputs by @favonia in docker/build-push-action#1019

Bump @docker/actions-toolkit from 0.14.0 to 0.18.0 in docker/build-push-action#1070

Bump undici from 5.26.3 to 5.28.3 in docker/build-push-action#1057

Full Changelog: docker/build-push-action@v5.1.0...v5.2.0

v5.1.0

Add annotations input by @crazy-max in docker/build-push-action#992

Add secret-envs input by @elias-lundgren in docker/build-push-action#980

Bump @babel/traverse from 7.17.3 to 7.23.2 in docker/build-push-action#991

Bump @docker/actions-toolkit from 0.13.0-rc.1 to 0.14.0 in docker/build-push-action#990 docker/build-push-action#1006

Full Changelog: docker/build-push-action@v5.0.0...v5.1.0

v5.0.0

Node 20 as default runtime (requires Actions Runner v2.308.0 or later) by @crazy-max in docker/build-push-action#954

Bump @actions/core from 1.10.0 to 1.10.1 in docker/build-push-action#959

Full Changelog: docker/build-push-action@v4.2.1...v5.0.0

v4.2.1

Note

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

... (truncated)

Commits

2634353 Merge pull request #1381 from docker/dependabot/npm_and_yarn/docker/actions-t...
c0432d2 chore: update generated content
0bb1f27 set builder driver and endpoint attributes for dbc summary support
5f9dbf9 chore(deps): Bump @docker/actions-toolkit from 0.61.0 to 0.62.1
0788c44 Merge pull request #1375 from crazy-max/remove-gcr
aa179ca e2e: remove GCR
1dc7386 Merge pull request #1364 from crazy-max/history-export-cmd
9c9803f chore: update generated content
db1f6c4 DOCKER_BUILD_EXPORT_LEGACY env var to opt-in for legacy export
721e8c7 Bump @docker/actions-toolkit from 0.59.0 to 0.61.0
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific d...

Description has been truncated

Bumps the production-dependencies group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `3` | `5` | | [actions/setup-python](https://github.com/actions/setup-python) | `4` | `6` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `2` | `3` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `2` | `3` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `4` | `5` | | [docker/login-action](https://github.com/docker/login-action) | `2` | `3` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `3` | `6` | Updates `actions/checkout` from 3 to 5 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3...v5) Updates `actions/setup-python` from 4 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v4...v6) Updates `docker/setup-qemu-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v2...v3) Updates `docker/setup-buildx-action` from 2 to 3 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v2...v3) Updates `docker/metadata-action` from 4 to 5 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v4...v5) Updates `docker/login-action` from 2 to 3 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v2...v3) Updates `docker/build-push-action` from 3 to 6 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v3...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: docker/setup-qemu-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: docker/setup-buildx-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: docker/metadata-action dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: docker/login-action dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies - dependency-name: docker/build-push-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: production-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 14, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

chore: bump the production-dependencies group with 7 updates #141

chore: bump the production-dependencies group with 7 updates #141

Uh oh!

dependabot bot commented on behalf of github Oct 14, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

chore: bump the production-dependencies group with 7 updates #141

Are you sure you want to change the base?

chore: bump the production-dependencies group with 7 updates #141

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 14, 2025

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.0

What's Changed

New Contributors

v4.2.2

What's Changed

v4.2.1

What's Changed

New Contributors

Changelog

V5.0.0

V4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v6.0.0

What's Changed

Breaking Changes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

v5.6.0

What's Changed

v5.5.0

What's Changed

Enhancements:

Bug fixes:

v3.0.0

v2.2.0

v2.1.0

v3.0.0

v2.10.0

v2.9.1

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.0

v2.4.1

v5.0.0

v4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.1

v3.0.0

v2.2.0

v2.1.0

v6.0.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.2.1

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants