ci(deps): bump the actions-minor-patch group across 1 directory with 11 updates by dependabot[bot] · Pull Request #79 · JoJo275/simple-python-boilerplate

dependabot · 2026-06-02T14:50:21Z

Bumps the actions-minor-patch group with 11 updates in the / directory:

Package	From	To
actions/checkout	`6.0.2`	`6.0.3`
docker/metadata-action	`6.0.0`	`6.1.0`
docker/setup-buildx-action	`4.0.0`	`4.1.0`
docker/login-action	`4.1.0`	`4.2.0`
docker/build-push-action	`7.1.0`	`7.2.0`
aquasecurity/trivy-action	`0.35.0`	`0.36.0`
github/codeql-action	`4.35.1`	`4.36.1`
devcontainers/ci	`0.3.1900000417`	`0.3.1900000450`
actions/labeler	`6.0.1`	`6.1.0`
actions/create-github-app-token	`3.1.1`	`3.2.0`
actions/stale	`10.2.0`	`10.3.0`

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

Update changelog by @ericsciple in actions/checkout#2357

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

Update changelog for v6.0.3 by @yaananth in actions/checkout#2446

New Contributors

@yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

Fix checkout init for SHA-256 repositories by @yaananth in actions/checkout#2439

fix: expand merge commit SHA regex and add SHA-256 test cases by @yaananth in actions/checkout#2414

v6.0.2

Fix tag handling: preserve annotations and explicit fetch-tags by @ericsciple in actions/checkout#2356

v6.0.1

Add worktree support for persist-credentials includeIf by @ericsciple in actions/checkout#2327

v6.0.0

Persist creds to a separate file by @ericsciple in actions/checkout#2286

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

v5.0.1

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

v5.0.0

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

v4.3.1

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

v4.3.0

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

Adjust positioning of user email note and permissions heading by @joshmgross in actions/checkout#2044

Update README.md by @nebuk89 in actions/checkout#2194

Update CODEOWNERS for actions by @TingluoHuang in actions/checkout#2224

Update package dependencies by @salmanmkc in actions/checkout#2236

v4.2.2

url-helper.ts now leverages well-known environment variables by @jww3 in actions/checkout#1941

Expand unit test coverage for isGhes by @jww3 in actions/checkout#1946

v4.2.1

Check out other refs/* by commit if provided, fall back to ref by @orhantoy in actions/checkout#1924

v4.2.0

Add Ref and Commit outputs by @lucacome in actions/checkout#1180

Dependency updates by @dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

Bump the minor-npm-dependencies group across 1 directory with 4 updates by @dependabot in actions/checkout#1739

Bump actions/checkout from 3 to 4 by @dependabot in actions/checkout#1697

Check out other refs/* by commit by @orhantoy in actions/checkout#1774

... (truncated)

Commits

df4cb1c Update changelog for v6.0.3 (#2446)
1cce339 Fix checkout init for SHA-256 repositories (#2439)
900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
0c366fd Update changelog (#2357)
See full diff in compare view

Updates docker/metadata-action from 6.0.0 to 6.1.0

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/metadata-action#613

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/metadata-action#658 docker/metadata-action#630

Bump csv-parse from 6.1.0 to 6.2.1 in docker/metadata-action#617

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/metadata-action#620

Bump flatted from 3.3.3 to 3.4.2 in docker/metadata-action#623

Bump glob from 10.3.15 to 10.5.0 in docker/metadata-action#621

Bump handlebars from 4.7.8 to 4.7.9 in docker/metadata-action#629

Bump lodash from 4.17.23 to 4.18.1 in docker/metadata-action#639

Bump moment-timezone from 0.6.0 to 0.6.1 in docker/metadata-action#619

Bump picomatch from 4.0.3 to 4.0.4 in docker/metadata-action#626

Bump postcss from 8.5.6 to 8.5.10 in docker/metadata-action#649

Bump tar from 6.2.1 to 7.5.15 in docker/metadata-action#657

Bump undici from 6.23.0 to 6.25.0 in docker/metadata-action#614

Bump vite from 7.3.1 to 7.3.2 in docker/metadata-action#637

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits

80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
8e0ddab chore: update generated content
a8db14b chore(deps): Bump @docker/actions-toolkit from 0.79.0 to 0.90.0
63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
c6916a6 chore: update generated content
aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
43dea76 chore: update generated content
7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/setup-buildx-action#489

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/setup-buildx-action#547 docker/setup-buildx-action#508

Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-buildx-action#540

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-buildx-action#496

Bump flatted from 3.3.3 to 3.4.2 in docker/setup-buildx-action#499

Bump glob from 10.3.12 to 13.0.6 in docker/setup-buildx-action#495

Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-buildx-action#504

Bump lodash from 4.17.23 to 4.18.1 in docker/setup-buildx-action#523

Bump picomatch from 4.0.3 to 4.0.4 in docker/setup-buildx-action#503

Bump postcss from 8.5.6 to 8.5.10 in docker/setup-buildx-action#537

Bump tar from 6.2.1 to 7.5.15 in docker/setup-buildx-action#545

Bump undici from 6.23.0 to 6.25.0 in docker/setup-buildx-action#492

Bump vite from 7.3.1 to 7.3.2 in docker/setup-buildx-action#520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits

d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
92bc5c9 chore: update generated content
da11e35 build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.90.0
f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
b5af94f chore: update generated content
16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
9725348 chore: update generated content
Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

Bump @actions/core from 3.0.0 to 3.0.1 in docker/login-action#976

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960

Bump @docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970

Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993

Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985

Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963

Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961

Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979

Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991

Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits

650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
99df1a3 chore: update generated content
3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
4eefcd3 chore: update generated content
56d092c build(deps): bump @docker/actions-toolkit from 0.86.0 to 0.90.0
e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
0bced94 chore: update generated content
3e75a0f build(deps): bump @actions/core from 3.0.0 to 3.0.1
365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
Additional commits viewable in compare view

Updates docker/build-push-action from 7.1.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

Bump @actions/core from 3.0.0 to 3.0.1 in docker/build-push-action#1525

Bump @docker/actions-toolkit from 0.87.0 to 0.90.0 in docker/build-push-action#1517

Bump brace-expansion from 2.0.2 to 5.0.6 in docker/build-push-action#1534

Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/build-push-action#1529

Bump fast-xml-parser from 5.5.7 to 5.8.0 in docker/build-push-action#1521

Bump postcss from 8.5.6 to 8.5.10 in docker/build-push-action#1526

Bump tar from 6.2.1 to 7.5.15 in docker/build-push-action#1533

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits

f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
812d5fd chore: update generated content
b6f6693 chore(deps): Bump @docker/actions-toolkit from 0.87.0 to 0.90.0
c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
51bb284 chore: update generated content
5f7884d chore(deps): Bump @actions/core from 3.0.0 to 3.0.1
e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
3804d49 chore: update generated content
71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
Additional commits viewable in compare view

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

chore(ci): update bump-trivy workflow by @DmitriyLewen in aquasecurity/trivy-action#546

ci: use action.yaml as single source of truth for Trivy version by @nikpivkin in aquasecurity/trivy-action#552

ci: replace peter-evans/create-pull-request with gh CLI by @nikpivkin in aquasecurity/trivy-action#550

test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @nikpivkin in aquasecurity/trivy-action#555

ci: add dependabot config by @nikpivkin in aquasecurity/trivy-action#556

chore: add zizmor config by @nikpivkin in aquasecurity/trivy-action#557

chore(deps): bump the actions group with 5 updates by @dependabot[bot] in aquasecurity/trivy-action#558

fix: use portable shebang in entrypoint.sh by @Hayao0819 in aquasecurity/trivy-action#545

Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @patrik-csak in aquasecurity/trivy-action#547

Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @Aditya09-cse in aquasecurity/trivy-action#548

chore: use GitHub Actions as git commit author in bump-trivy workflow by @nikpivkin in aquasecurity/trivy-action#561

chore(deps): Update trivy to v0.70.0 by @Argon-DevOps-Mgt in aquasecurity/trivy-action#559

chore: update action version to v0.36.0 in examples by @nikpivkin in aquasecurity/trivy-action#563

New Contributors

@dependabot[bot] made their first contribution in aquasecurity/trivy-action#558

@Hayao0819 made their first contribution in aquasecurity/trivy-action#545

@patrik-csak made their first contribution in aquasecurity/trivy-action#547

@Aditya09-cse made their first contribution in aquasecurity/trivy-action#548

@Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits

ed142fd chore: update action version to v0.36.0 in examples (#563)
dea62cf chore(deps): Update trivy to v0.70.0 (#559)
128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
4a2deec fix: use portable shebang in entrypoint.sh (#545)
1994662 chore(deps): bump the actions group with 5 updates (#558)
6b36659 chore: add zizmor config (#557)
316aa5a ci: add dependabot config (#556)
264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
Additional commits viewable in compare view

Updates github/codeql-action from 4.35.1 to 4.36.1

Release notes

Sourced from github/codeql-action's releases.

v4.36.1

No user facing changes.

v4.36.0

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894

Add support for SHA-256 Git object IDs. #3893

Update default CodeQL bundle version to 2.25.5. #3926

v4.35.5

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899

For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791

If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892

Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

v4.35.4

Update default CodeQL bundle version to 2.25.4. #3881

v4.35.3

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

v4.35.2

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.36.1 - 02 Jun 2026

No user facing changes.

4.36.0 - 22 May 2026

Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894

Add support for SHA-256 Git object IDs. #3893

Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899

For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791

If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892

Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837

Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850

Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853

Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852

Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795

The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789

Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794

Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807

Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

... (truncated)

Commits

87557b9 Merge pull request #3940 from github/update-v4.36.1-2a1689ed4
9431011 Update changelog for v4.36.1
2a1689e Merge pull request #3939 from github/henrymercer/skip-overlay-revert-when-exp...
5245323 Disable missing diff-ranges fallback when overlay enabled manually
d1eb120 Merge pull request #3933 from github/update-supported-enterprise-server-versions
115001b Merge pull request #3934 from github/dependabot/npm_and_yarn/npm-minor-86fb5c...
cef2e7a Merge pull request #3925 from github/dependabot/github_actions/dot-github/wor...
5e6adf7 Merge pull request #3936 from github/dependabot/npm_and_yarn/tmp-0.2.7
ad170e6 Merge branch 'main' into dependabot/github_actions/dot-github/workflows/actio...
6a37b3a Rebuild
Additional commits viewable in compare view

Updates devcontainers/ci from 0.3.1900000417 to 0.3.1900000450

Release notes

Sourced from devcontainers/ci's releases.

Release v0.3.1900000450

What's Changed

Remove compiled JS content by @stuartleeks in devcontainers/ci#210

Retain run-main.js/run-post.js by @stuartleeks in devcontainers/ci#213

Update tag to use generated version number by @stuartleeks in devcontainers/ci#214

Workflow tidying by @stuartleeks in devcontainers/ci#216

Add missing 'v' prefix on release/tag by @stuartleeks in devcontainers/ci#217

Update docs to point to v0.3 release by @stuartleeks in devcontainers/ci#218

Pass env vars to devcontainer up by @stuartleeks in devcontainers/ci#211

Re-enable running subset of tests in forks by @stuartleeks in devcontainers/ci#220

re-enable test platform_with_runCmd by @stuartleeks in devcontainers/ci#203

Add noCache option by @trxcllnt in devcontainers/ci#199

Add additionalMounts for GitHub Action Output Mount by @andar1an in devcontainers/ci#219

Update checks action to remove NodeJS version warning by @stuartleeks in devcontainers/ci#228

Revert to latest version of tfx-cli by @stuartleeks in devcontainers/ci#227

Update to run 'devcontainer exec' without JSON parsing output by @stuartleeks in devcontainers/ci#226

Use version 0 to allow for breaking CLI changes in the future. by @chrmarti in devcontainers/ci#229

gh: refactor community files by @SauravMaheshkar in devcontainers/ci#222

Fix a typo in azdo-task/README.md by @jiedxu in devcontainers/ci#245

Update golang for CG by @chrmarti in devcontainers/ci#260

Update Debian, go tools, Node, NPM package by @chrmarti in devcontainers/ci#263

Bump @babel/traverse from 7.18.2 to 7.23.2 in /.github/scripts by @dependabot[bot] in devcontainers/ci#261

Bump json5 from 2.2.1 to 2.2.3 in /.github/scripts by @dependabot[bot] in devcontainers/ci#264

Bump semver from 6.3.0 to 6.3.1 in /.github/scripts by @dependabot[bot] in devcontainers/ci#266

Fix scripts by @chrmarti in devcontainers/ci#265

Update azure-pipelines-task-lib to avoid security issue in dependency by @chrmarti in devcontainers/ci#267

Add configFile option by @chrmarti in devcontainers/ci#269

Ignore spaces by @chrmarti in devcontainers/ci#280

Add workflow permissions by @chrmarti in devcontainers/ci#282

Update QEMU and Buildx steps to resolve Node 16 deprecation warning by @korverdev in devcontainers/ci#283

Find Windows executable by @chrmarti in devcontainers/ci#288

add inheritEnv action parameter by @OmarTawfik in devcontainers/ci#295

Fix permissions by @chrmarti in devcontainers/ci#297

Fix permissions by @chrmarti in devcontainers/ci#298

Docs: github-action.md: fix wording by @lolmaus in devcontainers/ci#296

Add cacheTo argument to ci action by @sebst in devcontainers/ci#300

Fix CI by @chrmarti in devcontainers/ci#308

Fix CI by @chrmarti in devcontainers/ci#327

Bump actions/setup-node from 3 to 4 by @dependabot[bot] in devcontainers/ci#309

Bump ghcr.io/devcontainers/features/github-cli from 1.0.11 to 1.0.13 by @dependabot[bot] in devcontainers/ci#310

Bump LouisBrunner/checks-action from 1.1.1 to 2.0.0 by @dependabot[bot] in devcontainers/ci#311

Bump github/codeql-action from 2 to 3 by @dependabot[bot] in devcontainers/ci#312

Bump docker/login-action from 2 to 3 by @dependabot[bot] in devcontainers/ci#313

Bump actions/github-script from 6 to 7 by @dependabot[bot] in devcontainers/ci#314

Update dependencies by @chrmarti in devcontainers/ci#328

Fix AzDO task by @chrmarti in devcontainers/ci#329

fix: don't group the actual running of the commands by @ffMathy in devcontainers/ci#272

Add note on JIT by @chrmarti in devcontainers/ci#330

Fix formatting by @chrmarti in devcontainers/ci#331

Update dependencies by @chrmarti in devcontainers/ci#332

... (truncated)

Commits

513af61 release
00115d9 Merge pull request #435 from tgenov/main
f2c9645 fix: shorten DevcontainersMerge friendlyName to satisfy tfx-cli 40-char limit
9c435c5 docs: regenerate azdo-task/README.md from docs/azure-devops-task.md
920c406 fix: publish merge/ action in release pipeline so devcontainers/ci/merge@v* r...
c7ee768 chore: remove dead createMultiPlatformImage wrappers from main GH action and ...
4831487 test: cover missing-platform-image case in createMultiPlatformImage
539d453 docs: explain matrix fan-out in GitHub Actions native multi-platform example
0edb5b3 fix: align DevcontainersMerge task.json version with package.json (0.0.0)
ec57048 Comment out AzDO
Additional commits viewable in compare view

Updates actions/labeler from 6.0.1 to 6.1.0

Release notes

Sourced from actions/labeler's releases.

v6.1.0

Enhancements

Add changed-files-labels-limit and max-files-changed configuration options to cap the number of labels added by @bluca in actions/labeler#923

Bug Fixes

Improve Labeler Action documentation and permission error handling by @chiranjib-swain in actions/labeler#897

Preserve manually added labels during workflow runs and refine label synchronization logic by @chiranjib-swain in actions/labeler#917

Dependency Updates

Upgrade brace-expansion from 1.1.11 to 1.1.12 and document breaking changes in v6 by

…11 updates Bumps the actions-minor-patch group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `6.0.3` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` | | [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.35.0` | `0.36.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.35.1` | `4.36.1` | | [devcontainers/ci](https://github.com/devcontainers/ci) | `0.3.1900000417` | `0.3.1900000450` | | [actions/labeler](https://github.com/actions/labeler) | `6.0.1` | `6.1.0` | | [actions/create-github-app-token](https://github.com/actions/create-github-app-token) | `3.1.1` | `3.2.0` | | [actions/stale](https://github.com/actions/stale) | `10.2.0` | `10.3.0` | Updates `actions/checkout` from 6.0.2 to 6.0.3 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@de0fac2...df4cb1c) Updates `docker/metadata-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...80c7e94) Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...d7f5e7f) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...650006c) Updates `docker/build-push-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@bcafcac...f9f3042) Updates `aquasecurity/trivy-action` from 0.35.0 to 0.36.0 - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](aquasecurity/trivy-action@57a97c7...ed142fd) Updates `github/codeql-action` from 4.35.1 to 4.36.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@c10b806...87557b9) Updates `devcontainers/ci` from 0.3.1900000417 to 0.3.1900000450 - [Release notes](https://github.com/devcontainers/ci/releases) - [Commits](devcontainers/ci@8bf61b2...513af61) Updates `actions/labeler` from 6.0.1 to 6.1.0 - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@634933e...f27b608) Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0 - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md) - [Commits](actions/create-github-app-token@1b10c78...bcd2ba4) Updates `actions/stale` from 10.2.0 to 10.3.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@b5d41d4...eb5cf3a) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: aquasecurity/trivy-action dependency-version: 0.36.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: devcontainers/ci dependency-version: 0.3.1900000450 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-minor-patch - dependency-name: actions/labeler dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: actions/create-github-app-token dependency-version: 3.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch - dependency-name: actions/stale dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-minor-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions

Auto-approved: Dependabot version-update:semver-minor update.

dependabot Bot added the dependencies Pull requests that update a dependency file label Jun 2, 2026

dependabot Bot requested a review from JoJo275 as a code owner June 2, 2026 14:50

dependabot Bot added github-actions Pull requests that update GitHub Actions code dependencies Pull requests that update a dependency file labels Jun 2, 2026

github-actions Bot approved these changes Jun 2, 2026

View reviewed changes

github-actions Bot added area: ci CI pipelines and automation type: refactor Internal cleanup; no user-facing change type: test Test additions/fixes only type: security Security-related work (non-sensitive discussion) area: container Containerfile, Docker Compose, container builds labels Jun 2, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

ci(deps): bump the actions-minor-patch group across 1 directory with 11 updates#79

ci(deps): bump the actions-minor-patch group across 1 directory with 11 updates#79
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-minor-patch-1af10d235f

dependabot Bot commented on behalf of github Jun 2, 2026

Uh oh!

github-actions Bot left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github Jun 2, 2026

v6.0.3

What's Changed

New Contributors

Changelog

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

v4.2.0

v4.1.7

v6.1.0

v4.1.0

v4.2.0

v7.2.0

v0.36.0

What's Changed

New Contributors

v4.36.1

v4.36.0

v4.35.5

v4.35.4

v4.35.3

v4.35.2

CodeQL Action Changelog

[UNRELEASED]

4.36.1 - 02 Jun 2026

4.36.0 - 22 May 2026

4.35.5 - 15 May 2026

4.35.4 - 07 May 2026

4.35.3 - 01 May 2026

4.35.2 - 15 Apr 2026

4.35.1 - 27 Mar 2026

4.35.0 - 27 Mar 2026

Release v0.3.1900000450

What's Changed

v6.1.0

Enhancements

Bug Fixes

Dependency Updates

Uh oh!

github-actions Bot left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants