Skip to content

chore(deps): Update GitHub Actions#276

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-actions
Open

chore(deps): Update GitHub Actions#276
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/github-actions

Conversation

@renovate

@renovate renovate Bot commented May 24, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/attest-build-provenance (changelog) action digest a2bbfa20f67c3f
actions/checkout (changelog) action digest de0fac2df4cb1c
actions/setup-python action minor v6.2.0v6.3.0
astral-sh/setup-uv action minor v8.1.0v8.3.0
basher83/.github (changelog) action digest 739e257dafa100
docker/build-push-action action minor v7.1.0v7.3.0
docker/login-action action minor v4.1.0v4.4.0
docker/login-action (changelog) action digest 4907a6daf1e73f
docker/metadata-action action minor v6.0.0v6.2.0
docker/setup-buildx-action action minor v4.0.0v4.2.0
github/codeql-action (changelog) action digest 9e0d7b854f647b

Release Notes

actions/setup-python (actions/setup-python)

v6.3.0

Compare Source

What's Changed
Enhancement
Dependency update
Documentation
New Contributors

Full Changelog: actions/setup-python@v6...v6.3.0

astral-sh/setup-uv (astral-sh/setup-uv)

v8.3.0

Compare Source

v8.2.0: 🌈 New inputs quiet and download-from-astral-mirror

Compare Source

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details.
In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes
🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates
docker/build-push-action (docker/build-push-action)

v7.3.0

Compare Source

v7.2.0

Compare Source

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

docker/login-action (docker/login-action)

v4.4.0

Compare Source

v4.3.0

Compare Source

Full Changelog: docker/login-action@v4.2.0...v4.3.0

v4.2.0

Compare Source

Full Changelog: docker/login-action@v4.1.0...v4.2.0

docker/metadata-action (docker/metadata-action)

v6.2.0

Compare Source

v6.1.0

Compare Source

  • Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0 in #​613
  • Bump brace-expansion from 1.1.12 to 5.0.6 in #​658 #​630
  • Bump csv-parse from 6.1.0 to 6.2.1 in #​617
  • Bump fast-xml-parser from 5.4.2 to 5.8.0 in #​620
  • Bump flatted from 3.3.3 to 3.4.2 in #​623
  • Bump glob from 10.3.15 to 10.5.0 in #​621
  • Bump handlebars from 4.7.8 to 4.7.9 in #​629
  • Bump lodash from 4.17.23 to 4.18.1 in #​639
  • Bump moment-timezone from 0.6.0 to 0.6.1 in #​619
  • Bump picomatch from 4.0.3 to 4.0.4 in #​626
  • Bump postcss from 8.5.6 to 8.5.10 in #​649
  • Bump tar from 6.2.1 to 7.5.15 in #​657
  • Bump undici from 6.23.0 to 6.25.0 in #​614
  • Bump vite from 7.3.1 to 7.3.2 in #​637

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

docker/setup-buildx-action (docker/setup-buildx-action)

v4.2.0

Compare Source

Full Changelog: docker/setup-buildx-action@v4.1.0...v4.2.0

v4.1.0

Compare Source

  • Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0 in #​489
  • Bump brace-expansion from 1.1.12 to 5.0.6 in #​547 #​508
  • Bump fast-xml-builder from 1.0.0 to 1.2.0 in #​540
  • Bump fast-xml-parser from 5.4.2 to 5.8.0 in #​496
  • Bump flatted from 3.3.3 to 3.4.2 in #​499
  • Bump glob from 10.3.12 to 13.0.6 in #​495
  • Bump handlebars from 4.7.8 to 4.7.9 in #​504
  • Bump lodash from 4.17.23 to 4.18.1 in #​523
  • Bump picomatch from 4.0.3 to 4.0.4 in #​503
  • Bump postcss from 8.5.6 to 8.5.10 in #​537
  • Bump tar from 6.2.1 to 7.5.15 in #​545
  • Bump undici from 6.23.0 to 6.25.0 in #​492
  • Bump vite from 7.3.1 to 7.3.2 in #​520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0


Configuration

📅 Schedule: (in timezone America/New_York)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added dependencies Dependency updates or dependency issues github-actions labels May 24, 2026
@github-actions github-actions Bot added type:chore Maintenance, refactor, or tooling area:zammad-api area:security Security and policy work area:ci-cd Continuous integration and deployment pipelines area:infra Infrastructure, networking, and automation bot:renovate Automated dependency updates by Renovate labels May 24, 2026
@codacy-production

codacy-production Bot commented May 24, 2026

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Coverage ∅ diff coverage · +0.00% coverage variation

Metric Results
Coverage variation +0.00% coverage variation (-1.00%)
Diff coverage diff coverage

View coverage diff in Codacy

Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (0438633) 1442 1275 88.42%
Head commit (97dcb19) 1442 (+0) 1275 (+0) 88.42% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#276) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@renovate renovate Bot force-pushed the renovate/github-actions branch from ca42812 to 5990ff2 Compare May 24, 2026 17:13
@renovate renovate Bot force-pushed the renovate/github-actions branch from 5990ff2 to 16828c0 Compare May 28, 2026 17:59
@renovate renovate Bot force-pushed the renovate/github-actions branch 3 times, most recently from 2c8cef4 to f981b15 Compare May 31, 2026 08:53
@github-actions github-actions Bot removed the docker label Jun 1, 2026
@renovate renovate Bot force-pushed the renovate/github-actions branch 2 times, most recently from 7e96af8 to 6438050 Compare June 6, 2026 02:14
@renovate renovate Bot force-pushed the renovate/github-actions branch from 6438050 to 9eee8ce Compare June 11, 2026 06:03
@renovate renovate Bot force-pushed the renovate/github-actions branch 2 times, most recently from f0c11d6 to d08e448 Compare June 14, 2026 17:07
@renovate renovate Bot force-pushed the renovate/github-actions branch from d08e448 to 688d911 Compare June 15, 2026 01:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:ci-cd Continuous integration and deployment pipelines area:docs Knowledge management and documentation area:infra Infrastructure, networking, and automation area:python Python development and tooling area:security Security and policy work bot:renovate Automated dependency updates by Renovate dependencies Dependency updates or dependency issues type:chore Maintenance, refactor, or tooling

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant