Skip to content

⬆️ QD-12983: Bump the dependencies group across 1 directory with 10 updates#960

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependencies-1479b9b5f1
Closed

⬆️ QD-12983: Bump the dependencies group across 1 directory with 10 updates#960
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dependencies-1479b9b5f1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the dependencies group with 10 updates in the / directory:

Package From To
docker/setup-qemu-action 3 4
docker/setup-buildx-action 3 4
docker/login-action 3 4
docker/bake-action 6 7
actions/download-artifact 7 8
actions/upload-artifact 6 7
goreleaser/goreleaser-action 6 7
docker/build-push-action 6 7
dorny/paths-filter 3 4
actions/setup-node 4 6

Updates docker/setup-qemu-action from 3 to 4

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

v3.7.0

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

v3.6.0

Full Changelog: docker/setup-qemu-action@v3.5.0...v3.6.0

v3.5.0

Full Changelog: docker/setup-qemu-action@v3.4.0...v3.5.0

v3.4.0

Full Changelog: docker/setup-qemu-action@v3.3.0...v3.4.0

v3.3.0

Full Changelog: docker/setup-qemu-action@v3.2.0...v3.3.0

v3.2.0

Full Changelog: docker/setup-qemu-action@v3.1.0...v3.2.0

v3.1.0

... (truncated)

Commits
  • 0611638 Merge pull request #21 from crazy-max/uninst
  • ce59c81 chore: update generated content
  • 2ddad44 uninstall current emulators
  • 8c37cd6 Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • d1a0ff3 chore: update generated content
  • 0a8f3dc build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.91.0
  • 9430f61 Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6
  • 978bd77 chore: update generated content
  • 3479feb build(deps): bump tmp from 0.2.5 to 0.2.6
  • b113c26 Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3 to 4

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits
  • d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 92bc5c9 chore: update generated content
  • da11e35 build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
  • b5af94f chore: update generated content
  • 16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
  • d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
  • 28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
  • daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • 9725348 chore: update generated content
  • Additional commits viewable in compare view

Updates docker/login-action from 3 to 4

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

Full Changelog: docker/login-action@v3.4.0...v3.5.0

v3.4.0

Full Changelog: docker/login-action@v3.3.0...v3.4.0

... (truncated)

Commits
  • 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 99df1a3 chore: update generated content
  • 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
  • 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 4eefcd3 chore: update generated content
  • 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
  • e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 0bced94 chore: update generated content
  • 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
  • 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
  • Additional commits viewable in compare view

Updates docker/bake-action from 6 to 7

Release notes

Sourced from docker/bake-action's releases.

v7.0.0

Full Changelog: docker/bake-action@v6.10.0...v7.0.0

v6.10.0

Full Changelog: docker/bake-action@v6.9.0...v6.10.0

v6.9.0

[!IMPORTANT] docker/bake-action/subaction/list-targets is deprecated and will be removed in a future release. Please use docker/bake-action/subaction/matrix instead.

Full Changelog: docker/bake-action@v6.8.0...v6.9.0

v6.8.0

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/bake-action@v6.7.0...v6.8.0

v6.7.0

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

... (truncated)

Commits
  • 6614cfa Merge pull request #425 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 0a925a2 chore: update generated content
  • b9ca742 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
  • 48e6359 Merge pull request #429 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • d1523f4 chore: update generated content
  • a73f293 chore(deps): Bump fast-xml-parser from 5.5.9 to 5.8.0
  • bc584ac Merge pull request #430 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 23050a1 chore: update generated content
  • 7ae1cf6 chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
  • e7934f8 Merge pull request #432 from docker/dependabot/npm_and_yarn/postcss-8.5.10
  • Additional commits viewable in compare view

Updates actions/download-artifact from 7 to 8

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits
  • 3e5f45b Add regression tests for CJK characters (#471)
  • e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
  • 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
  • f258da9 Add change docs
  • ccc058e Fix linting issues
  • bd7976b Add a setting to specify what to do on hash mismatch and default it to error
  • ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
  • 15999bf Add note about package bumps
  • 974686e Bump the version to v8 and add release notes
  • fbe48b1 Update test names to make it clearer what they do
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 6 to 7

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

New Contributors

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • bbbca2d Support direct file uploads (#764)
  • 589182c Upgrade the module to ESM and bump dependencies (#762)
  • 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
  • 02a8460 Add proxy integration test
  • See full diff in compare view

Updates goreleaser/goreleaser-action from 6 to 7

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

v6.4.0

What's Changed

New Contributors

Full Changelog: goreleaser/goreleaser-action@v6.3.0...v6.4.0

v6.3.0

Full Changelog: goreleaser/goreleaser-action@v6.2.1...v6.3.0

v6.2.1

What's Changed

This version of the actions adds support for GoReleaser Pro v2.7.0 versioning (which dropped the -pro suffix). Older versions should work fine.

[!WARNING] This version is required for GoReleaser Pro v2.7.0+. Read more here.

Full Changelog: goreleaser/goreleaser-action@v6.2.0...v6.2.1

... (truncated)

Commits
  • 5daf1e9 fix: nightly resolution to select newest published release (#562)
  • 5cc7ebb ci: update actions
  • 702f5f9 ci(deps): bump the actions group with 3 updates (#560)
  • 1a80836 ci(nightly): pass GITHUB_TOKEN to nightly integration job
  • a71152e refactor: drop legacy 'nightly' tag fallback
  • 4c6ab56 feat: resolve nightly to latest vX.Y.Z-<sha>-nightly release (#558)
  • 4f96abf feat: add version-file input (#556)
  • 15fa2a9 test: cover install across release eras (#555)
  • e24998b ci: drop pre-cosign-v3 goreleaser versions from tests (#554)
  • be2e8a3 docs: document cosign verification in README (#553)
  • Additional commits viewable in compare view

Updates docker/build-push-action from 6 to 7

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

v6.18.0

[!NOTE] Build summary is now supported with Docker Build Cloud.

Full Changelog: docker/build-push-action@v6.17.0...v6.18.0

v6.17.0

[!NOTE] Build record is now exported using the buildx history export command instead of the legacy export-build tool.

Full Changelog: docker/build-push-action@v6.16.0...v6.17.0

v6.16.0

... (truncated)

Commits
  • f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
  • 812d5fd chore: update generated content
  • b6f6693 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
  • c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
  • 51bb284 chore: update generated content
  • 5f7884d chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
  • e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
  • 3804d49 chore: update generated content
  • 71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
  • ...

    Description has been truncated

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels May 16, 2026
@dependabot dependabot Bot requested a review from a team as a code owner May 16, 2026 20:13
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dependencies-1479b9b5f1 branch 2 times, most recently from e72a6d2 to da89528 Compare May 30, 2026 20:13
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dependencies-1479b9b5f1 branch from da89528 to f619b98 Compare June 4, 2026 15:45
@dependabot
⬆️ QD-12983: Bump the dependencies group across 1 directory with 10 u…
a5c4ef0 
…pdates

Bumps the dependencies group with 10 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3` | `4` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3` | `4` |
| [docker/login-action](https://github.com/docker/login-action) | `3` | `4` |
| [docker/bake-action](https://github.com/docker/bake-action) | `6` | `7` |
| [actions/download-artifact](https://github.com/actions/download-artifact) | `7` | `8` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6` | `7` |
| [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) | `6` | `7` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |
| [dorny/paths-filter](https://github.com/dorny/paths-filter) | `3` | `4` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` |



Updates `docker/setup-qemu-action` from 3 to 4
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v3...v4)

Updates `docker/setup-buildx-action` from 3 to 4
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v3...v4)

Updates `docker/login-action` from 3 to 4
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@v3...v4)

Updates `docker/bake-action` from 6 to 7
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](docker/bake-action@v6...v7)

Updates `actions/download-artifact` from 7 to 8
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v7...v8)

Updates `actions/upload-artifact` from 6 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@v6...v7)

Updates `goreleaser/goreleaser-action` from 6 to 7
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](goreleaser/goreleaser-action@v6...v7)

Updates `docker/build-push-action` from 6 to 7
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v6...v7)

Updates `dorny/paths-filter` from 3 to 4
- [Release notes](https://github.com/dorny/paths-filter/releases)
- [Changelog](https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md)
- [Commits](dorny/paths-filter@v3...v4)

Updates `actions/setup-node` from 4 to 6
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@v4...v6)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: docker/bake-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: docker/setup-buildx-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: docker/setup-qemu-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: dorny/paths-filter
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: goreleaser/goreleaser-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/dependencies-1479b9b5f1 branch from f619b98 to a5c4ef0 Compare June 13, 2026 20:13
@github-actions

github-actions Bot commented Jun 13, 2026

Copy link
Copy Markdown

Qodana for Go

114 new problems were found

Inspection name Severity Problems
Check dependency licenses 🔴 Failure 5
Vulnerable declared dependency 🔴 Failure 1
Check GO source code coverage 🔶 Warning 51
Unhandled error 🔶 Warning 13
Potential resource leak 🔶 Warning 6
Check dependency licenses 🔶 Warning 4
Deprecated element 🔶 Warning 4
Imported package name as a name identifier 🔶 Warning 1
Reserved word used as name 🔶 Warning 1
Vulnerable declared dependency 🔶 Warning 1
Unsorted imports ◽️ Notice 13
Name starts with a package name ◽️ Notice 8
Empty slice declared using a literal ◽️ Notice 3
Comment of exported element starts with the incorrect name ◽️ Notice 1
Redundant type conversion ◽️ Notice 1
Vulnerable declared dependency ◽️ Notice 1 
@@ Code coverage @@
+ 65% total lines covered
10664 lines analyzed, 6959 lines covered
# Calculated according to the filters of your coverage tool

☁️ View the detailed Qodana report

Contact Qodana team

Contact us at qodana-support@jetbrains.com

@dependabot @github

dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 20, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/dependencies-1479b9b5f1 branch June 20, 2026 20:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants