From c4e8cf0367af892b9c2c666517575716775bc382 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jul 2026 22:44:01 +0000 Subject: [PATCH] Bump the github-actions group with 4 updates Bumps the github-actions group with 4 updates: [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action), [docker/login-action](https://github.com/docker/login-action), [docker/bake-action](https://github.com/docker/bake-action) and [crazy-max/ghaction-container-scan](https://github.com/crazy-max/ghaction-container-scan). Updates `docker/setup-buildx-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5...bb05f3f5519dd87d3ba754cc423b652a5edd6d2c) Updates `docker/login-action` from 4.2.0 to 4.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/650006c6eb7dba73a995cc03b0b2d7f5ca915bee...af1e73f918a031802d376d3c8bbc3fe56130a9b0) Updates `docker/bake-action` from 7.2.0 to 7.3.0 - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](https://github.com/docker/bake-action/compare/6614cfa25eff9a0b2b2697efb0b6159e7680d584...d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b) Updates `crazy-max/ghaction-container-scan` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/crazy-max/ghaction-container-scan/releases) - [Commits](https://github.com/crazy-max/ghaction-container-scan/compare/a0a3900b79d158c85ccf034e5368fae620a9233a...ffcba8deb5cb3531954cbedbbcd0179d79edf510) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/bake-action dependency-version: 7.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: crazy-max/ghaction-container-scan dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 12 ++++++------ .github/workflows/security.yml | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1779575..2c60032 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -137,7 +137,7 @@ jobs: - name: Set up Docker Buildx if: ${{ steps.check_image.outputs.php_versions != ''}} - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 - name: Create variants matrix if: ${{ steps.check_image.outputs.php_versions != ''}} @@ -186,11 +186,11 @@ jobs: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 - name: Login to GHCR if: github.event_name != 'pull_request' - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -226,7 +226,7 @@ jobs: - name: Build images and push id: bake - uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0 + uses: docker/bake-action@d3418bd7d0e9324001bca92fa8ba175ea7e6dc9b # v7.3.0 with: targets: ${{ steps.bake_args.outputs.targets }} provenance: true @@ -294,10 +294,10 @@ jobs: run: ls -R /tmp/digest - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0 + uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4.2.0 - name: Login to GHCR - uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0 + uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0 with: registry: ghcr.io username: ${{ github.repository_owner }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 0456792..abcf6d1 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -42,7 +42,7 @@ jobs: - ghcr.io/toshy/php:8.5-fpm-trixie-otel-grpc-ffmpeg steps: - name: Scan for vulnerabilities - uses: crazy-max/ghaction-container-scan@a0a3900b79d158c85ccf034e5368fae620a9233a # v4.0.0 + uses: crazy-max/ghaction-container-scan@ffcba8deb5cb3531954cbedbbcd0179d79edf510 # v4.1.0 with: image: ${{ matrix.image }} severity_threshold: CRITICAL