build(deps): Bump the minor-and-patch group across 1 directory with 10 updates#109
build(deps): Bump the minor-and-patch group across 1 directory with 10 updates#109dependabot[bot] wants to merge 1 commit into
Conversation
Coverage Report
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
diff-vader-bot
left a comment
There was a problem hiding this comment.
🟢 Risk: LOW — no substantive findings
✅ Diff Vader · Approved
Council reviewed 4 files · 11 reviewers · 0 findings · $1.33
- ✅
blast‑radius - ✅
correctness - ✅
github‑actions - ❓
iac— skipped: filter: not applicable to changed files - ❓
migration‑safety— skipped: filter: not applicable to changed files - ✅
performance - ✅
revertibility - ✅
security‑tenant‑isolation - ❓
supply‑chain— skipped: filter: not applicable to changed files - ✅
supportability - ✅
test‑adequacy
Why: All approval gates passed.
💡 /diff-vader-review <name> adds a one-shot reviewer. Beyond this PR's council, you can request: backup-correctness, loop-design-system.
|
|
||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4 | ||
| uses: docker/setup-buildx-action@bb05f3f5519dd87d3ba754cc423b652a5edd6d2c # v4 |
There was a problem hiding this comment.
pr-reviewer-github-actions — HIGH severity · confidence 85% (advisory)
docker/setup-buildx-action@bb05f3f is 36.9h old (threshold 168h) — SHA was committed 2026-07-02T09:21:40Z. This is a dependabot-generated bump from a trusted publisher (docker), so this is advisory only: consider waiting until the SHA is at least 7 days old before merging. Also affects: .github/workflows/release.yml (setup-buildx-action), docker/setup-qemu-action@96fe6ef (60.3h old), docker/login-action@af1e73f (9.2h old), docker/metadata-action@dc80280 (37.4h old), docker/bake-action@d3418bd (55.5h old).
React with 👍 / 👎 / 😕 to help us calibrate — why.
|
|
||
| - name: Comment coverage | ||
| uses: MishaKav/pytest-coverage-comment@dd5b80bde6d16941f336518e92929e89069d8451 #v1.7.2 | ||
| uses: MishaKav/pytest-coverage-comment@e48ae95fa406cefacc7fbdd79949122795569961 #v1.8.0 |
There was a problem hiding this comment.
pr-reviewer-github-actions — MEDIUM severity · confidence 85% (advisory)
MishaKav/pytest-coverage-comment: publisher 'MishaKav' is not on the trusted allowlist. This action runs with access to workflow secrets and the PR context. The SHA (e48ae95) is also only 154.6h old (threshold 168h), just under the 7-day vetting window. Verify the publisher is trustworthy before merging.
React with 👍 / 👎 / 😕 to help us calibrate — why.
…0 updates Bumps the minor-and-patch group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [github/codeql-action/init](https://github.com/github/codeql-action) | `4.35.3` | `4.37.0` | | [github/codeql-action/autobuild](https://github.com/github/codeql-action) | `4.35.3` | `4.37.0` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.35.3` | `4.37.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.2.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.2.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.4.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.2.0` | | [docker/bake-action](https://github.com/docker/bake-action) | `7.1.0` | `7.3.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` | | [MishaKav/pytest-coverage-comment](https://github.com/mishakav/pytest-coverage-comment) | `1.7.2` | `1.10.0` | Updates `github/codeql-action/init` from 4.35.3 to 4.37.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e46ed2c...99df26d) Updates `github/codeql-action/autobuild` from 4.35.3 to 4.37.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e46ed2c...99df26d) Updates `github/codeql-action/analyze` from 4.35.3 to 4.37.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@e46ed2c...99df26d) Updates `docker/setup-buildx-action` from 4.0.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...bb05f3f) Updates `docker/setup-qemu-action` from 4.0.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@ce36039...96fe6ef) Updates `docker/login-action` from 4.1.0 to 4.4.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@4907a6d...af1e73f) Updates `docker/metadata-action` from 6.0.0 to 6.2.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...dc80280) Updates `docker/bake-action` from 7.1.0 to 7.3.0 - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](docker/bake-action@a66e1c8...d3418bd) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a309ff8...ece7cb0) Updates `MishaKav/pytest-coverage-comment` from 1.7.2 to 1.10.0 - [Release notes](https://github.com/mishakav/pytest-coverage-comment/releases) - [Changelog](https://github.com/MishaKav/pytest-coverage-comment/blob/main/CHANGELOG.md) - [Commits](MishaKav/pytest-coverage-comment@dd5b80b...fd9adbd) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/bake-action dependency-version: 7.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/login-action dependency-version: 4.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/metadata-action dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/setup-buildx-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: docker/setup-qemu-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github/codeql-action/analyze dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github/codeql-action/autobuild dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: github/codeql-action/init dependency-version: 4.36.3 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: MishaKav/pytest-coverage-comment dependency-version: 1.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
849305c to
40bb4da
Compare
Bumps the minor-and-patch group with 10 updates in the / directory:
4.35.34.37.04.35.34.37.04.35.34.37.04.0.04.2.04.0.04.2.04.1.04.4.06.0.06.2.07.1.07.3.06.2.06.3.01.7.21.10.0Updates
github/codeql-action/initfrom 4.35.3 to 4.37.0Release notes
Sourced from github/codeql-action/init's releases.
Changelog
Sourced from github/codeql-action/init's changelog.
... (truncated)
Commits
99df26dMerge pull request #3996 from github/update-v4.37.0-c7c896d7131c2707Add changenote for #397372df218Update changelog for v4.37.0c7c896dMerge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.03f34ff0Add changelog note43bec09Update default bundle to codeql-bundle-v2.26.0f58f0d1Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands7dc37cbMerge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...8e22350ThreadActionStatetoinitConfig69c9e8cMark somestatus-reportimports astype-only to avoid circular dependenciesUpdates
github/codeql-action/autobuildfrom 4.35.3 to 4.37.0Release notes
Sourced from github/codeql-action/autobuild's releases.
Changelog
Sourced from github/codeql-action/autobuild's changelog.
... (truncated)
Commits
99df26dMerge pull request #3996 from github/update-v4.37.0-c7c896d7131c2707Add changenote for #397372df218Update changelog for v4.37.0c7c896dMerge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.03f34ff0Add changelog note43bec09Update default bundle to codeql-bundle-v2.26.0f58f0d1Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands7dc37cbMerge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...8e22350ThreadActionStatetoinitConfig69c9e8cMark somestatus-reportimports astype-only to avoid circular dependenciesUpdates
github/codeql-action/analyzefrom 4.35.3 to 4.37.0Release notes
Sourced from github/codeql-action/analyze's releases.
Changelog
Sourced from github/codeql-action/analyze's changelog.
... (truncated)
Commits
99df26dMerge pull request #3996 from github/update-v4.37.0-c7c896d7131c2707Add changenote for #397372df218Update changelog for v4.37.0c7c896dMerge pull request #3995 from github/update-bundle/codeql-bundle-v2.26.03f34ff0Add changelog note43bec09Update default bundle to codeql-bundle-v2.26.0f58f0d1Merge pull request #3973 from github/mbg/repo-props/config-file-shorthands7dc37cbMerge remote-tracking branch 'origin/main' into mbg/repo-props/config-file-sh...8e22350ThreadActionStatetoinitConfig69c9e8cMark somestatus-reportimports astype-only to avoid circular dependenciesUpdates
docker/setup-buildx-actionfrom 4.0.0 to 4.2.0Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
bb05f3fMerge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...321c814[dependabot skip] chore: update generated contentb9a36efbuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.0ebeab24Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.05c7b8ae[dependabot skip] chore: update generated content037e618build(deps): bump undici from 6.25.0 to 6.27.066080e5Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1409aef0Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.049c6e42build(deps): bump sigstore from 4.1.0 to 4.1.12211273[dependabot skip] chore: update generated contentUpdates
docker/setup-qemu-actionfrom 4.0.0 to 4.2.0Release notes
Sourced from docker/setup-qemu-action's releases.
Commits
96fe6efMerge pull request #315 from docker/dependabot/npm_and_yarn/docker/actions-to...31f08d3[dependabot skip] chore: update generated content4e7017abuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.00eca235Merge pull request #314 from crazy-max/fix-yarn-preapprove-actions-toolkitea66a41chore: allow actions-toolkit to bypass yarn age gate451542bMerge pull request #308 from docker/dependabot/npm_and_yarn/undici-6.27.0532ae00[dependabot skip] chore: update generated contentb6f5af6build(deps): bump undici from 6.26.0 to 6.27.0cf96b86Merge pull request #304 from docker/dependabot/npm_and_yarn/tmp-0.2.7f0ba643[dependabot skip] chore: update generated contentUpdates
docker/login-actionfrom 4.1.0 to 4.4.0Release notes
Sourced from docker/login-action's releases.
Commits
af1e73fMerge pull request #1034 from docker/dependabot/npm_and_yarn/aws-sdk-dependen...da722bd[dependabot skip] chore: update generated content2916ad6build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...ca0a662Merge pull request #1035 from crazy-max/fix-registry-auth-empty-maskc455755chore: update generated content4835190skip empty registry-auth secret mask992421cMerge pull request #1033 from docker/dependabot/github_actions/docker/bake-ac...b249b43Merge pull request #1032 from docker/dependabot/github_actions/docker/bake-ac...1b67977build(deps): bump docker/bake-action from 7.2.0 to 7.3.09d49d6abuild(deps): bump docker/bake-action/subaction/matrixUpdates
docker/metadata-actionfrom 6.0.0 to 6.2.0Release notes
Sourced from docker/metadata-action's releases.