Skip to content

chore(deps): Bump the github-actions-dependencies group with 4 updates#556

Merged
JerrettDavis merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-da805bbac4
Jul 7, 2026
Merged

chore(deps): Bump the github-actions-dependencies group with 4 updates#556
JerrettDavis merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-dependencies-da805bbac4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions-dependencies group with 4 updates: marocchino/sticky-pull-request-comment, github/codeql-action, docker/login-action and docker/metadata-action.

Updates marocchino/sticky-pull-request-comment from 3 to 3.0.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v3.0.4

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.3...v3.0.4

v3.0.3

What's Changed

New Contributors

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.2...v3.0.3

v3.0.2

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.1...v3.0.2

v3.0.1

What's Changed

  • Update deps
  • Change build system from ncc to rollup
  • Use pull_request trigger in github action

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.0...v3.0.1

Commits
  • 0ea0beb 📦️ Build
  • df6c1bd build(deps-dev): Bump @​biomejs/biome from 2.4.10 to 2.4.11 (#1681)
  • 3ad213f build(deps-dev): Bump vitest from 4.1.3 to 4.1.4 (#1682)
  • 58072e5 build(deps): Bump @​actions/github from 9.0.0 to 9.1.0 (#1683)
  • 313a938 build(deps-dev): Bump @​types/node from 25.5.2 to 25.6.0 (#1684)
  • 159c677 build(deps-dev): Bump vitest from 4.1.2 to 4.1.3 (#1680)
  • b37c1a1 build(deps-dev): Bump vite from 8.0.3 to 8.0.5 (#1679)
  • d4d6b09 📦️ Build
  • 3868baa build(deps-dev): Bump typescript from 5.9.3 to 6.0.2 (#1670)
  • 26f73b0 build(deps): Bump brace-expansion (#1678)
  • Additional commits viewable in compare view

Updates github/codeql-action from 4.36.2 to 4.36.3

Release notes

Sourced from github/codeql-action's releases.

v4.36.3

No user facing changes.

Changelog

Sourced from github/codeql-action's changelog.

4.36.3 - 01 Jul 2026

No user facing changes.

Commits
  • 54f647b Merge pull request #3984 from github/update-v4.36.3-1f34ec164
  • e78819e Trigger checks
  • 2c9d3d6 Update changelog for v4.36.3
  • 1f34ec1 Merge pull request #3983 from github/mbg/repo-props/ff-for-config-file-prop
  • d5f0145 Log when repository property has a value but is ignored
  • f27f563 Add test for when the FF is off
  • 0025d0f Use FF
  • f7fa18f Add FF for config file repo property
  • 628fc3f Merge pull request #3979 from github/henrymercer/overlay-db-cleanup-size-tele...
  • 9cfb67b Add clarifying comments
  • Additional commits viewable in compare view

Updates docker/login-action from 4.2.0 to 4.4.0

Release notes

Sourced from docker/login-action's releases.

v4.4.0

Full Changelog: docker/login-action@v4.3.0...v4.4.0

v4.3.0

Full Changelog: docker/login-action@v4.2.0...v4.3.0

Commits
  • af1e73f Merge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...
  • da722bd [dependabot skip] chore: update generated content
  • 2916ad6 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • ca0a662 Merge pull request #1035 from crazy-max/fix-registry-auth-empty-mask
  • c455755 chore: update generated content
  • 4835190 skip empty registry-auth secret mask
  • 992421c Merge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...
  • b249b43 Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...
  • 1b67977 build(deps): bump docker/bake-action from 7.2.0 to 7.3.0
  • 9d49d6a build(deps): bump docker/bake-action/subaction/matrix
  • Additional commits viewable in compare view

Updates docker/metadata-action from 6.1.0 to 6.2.0

Release notes

Sourced from docker/metadata-action's releases.

v6.2.0

Full Changelog: docker/metadata-action@v6.1.0...v6.2.0

Commits
  • dc80280 Merge pull request #696 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 2b9fe83 [dependabot skip] chore: update generated content
  • 8128ce3 chore(deps): Bump @​docker/actions-toolkit from 0.91.0 to 0.92.0
  • 1d1c895 Merge pull request #695 from docker/dependabot/npm_and_yarn/semver-7.8.5
  • 7f0c2dd Merge pull request #694 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
  • 025f8c5 [dependabot skip] chore: update generated content
  • e98d63c chore(deps): Bump semver from 7.8.1 to 7.8.5
  • 37d9379 chore(deps): Bump sigstore from 4.1.0 to 4.1.1
  • a1b8072 Merge pull request #690 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
  • e0e3381 [dependabot skip] chore: update generated content
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions-dependencies group with 4 updates: [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment), [github/codeql-action](https://github.com/github/codeql-action), [docker/login-action](https://github.com/docker/login-action) and [docker/metadata-action](https://github.com/docker/metadata-action).


Updates `marocchino/sticky-pull-request-comment` from 3 to 3.0.4
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@v3...v3.0.4)

Updates `github/codeql-action` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v4.36.2...v4.36.3)

Updates `docker/login-action` from 4.2.0 to 4.4.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v4.2.0...v4.4.0)

Updates `docker/metadata-action` from 6.1.0 to 6.2.0
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@v6.1.0...v6.2.0)

---
updated-dependencies:
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: github/codeql-action
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: docker/login-action
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: docker/metadata-action
  dependency-version: 6.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: ci. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from JerrettDavis as a code owner July 6, 2026 11:10
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
actions/docker/login-action 4.4.0 🟢 8.5
Details
CheckScoreReason
Security-Policy🟢 9security policy file detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained🟢 1030 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
SAST🟢 9SAST tool detected but not run on all commits
actions/docker/metadata-action 6.2.0 🟢 8.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Code-Review🟢 10all changesets reviewed
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Signed-Releases⚠️ -1no releases found
Packaging🟢 10packaging workflow detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
SAST🟢 10SAST tool is run on all commits

Scanned Files

  • .github/workflows/containers.yml

@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Test Results

7 641 tests   7 622 ✅  2m 32s ⏱️
    7 suites     19 💤
    7 files        0 ❌

Results for commit 097066b.

@github-actions github-actions Bot added the size/s label Jul 6, 2026
@github-actions

github-actions Bot commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Code Coverage

Summary
  Generated on: 07/06/2026 - 11:28:54
  Coverage date: 07/06/2026 - 11:26:48 - 07/06/2026 - 11:28:45
  Parser: MultiReport (7x Cobertura)
  Assemblies: 23
  Classes: 1067
  Files: 591
  Line coverage: 74.6%
  Covered lines: 36821
  Uncovered lines: 12493
  Coverable lines: 49314
  Total lines: 97285
  Branch coverage: 61.8% (13926 of 22512)
  Covered branches: 13926
  Total branches: 22512
  Method coverage: 86.3% (6313 of 7308)
  Full method coverage: 74.1% (5420 of 7308)
  Covered methods: 6313
  Fully covered methods: 5420
  Total methods: 7308

@JerrettDavis JerrettDavis merged commit f3bc5fa into main Jul 7, 2026
15 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-dependencies-da805bbac4 branch July 7, 2026 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant