Skip to content

chore(deps): update non-major github actions#138

Merged
abubnalitic-nbl merged 1 commit into
mainfrom
renovate/non-major-github-actions
May 26, 2026
Merged

chore(deps): update non-major github actions#138
abubnalitic-nbl merged 1 commit into
mainfrom
renovate/non-major-github-actions

Conversation

@nbl-renovate

@nbl-renovate nbl-renovate Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
docker/build-push-action action minor v7.1.0v7.2.0
docker/login-action action minor v4.1.0v4.2.0
docker/setup-buildx-action action minor v4.0.0v4.1.0
github/codeql-action action minor v4.35.3v4.36.0
sigstore/cosign-installer action minor v3.9.2v3.10.1

Release Notes

docker/build-push-action (docker/build-push-action)

v7.2.0

Compare Source

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

docker/login-action (docker/login-action)

v4.2.0

Compare Source

Full Changelog: docker/login-action@v4.1.0...v4.2.0

docker/setup-buildx-action (docker/setup-buildx-action)

v4.1.0

Compare Source

  • Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0 in #​489
  • Bump brace-expansion from 1.1.12 to 5.0.6 in #​547 #​508
  • Bump fast-xml-builder from 1.0.0 to 1.2.0 in #​540
  • Bump fast-xml-parser from 5.4.2 to 5.8.0 in #​496
  • Bump flatted from 3.3.3 to 3.4.2 in #​499
  • Bump glob from 10.3.12 to 13.0.6 in #​495
  • Bump handlebars from 4.7.8 to 4.7.9 in #​504
  • Bump lodash from 4.17.23 to 4.18.1 in #​523
  • Bump picomatch from 4.0.3 to 4.0.4 in #​503
  • Bump postcss from 8.5.6 to 8.5.10 in #​537
  • Bump tar from 6.2.1 to 7.5.15 in #​545
  • Bump undici from 6.23.0 to 6.25.0 in #​492
  • Bump vite from 7.3.1 to 7.3.2 in #​520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

github/codeql-action (github/codeql-action)

v4.36.0

Compare Source

  • Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #​3894
  • Add support for SHA-256 Git object IDs. #​3893
  • Update default CodeQL bundle version to 2.25.5. #​3926

v4.35.5

Compare Source

  • We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #​3899
  • For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #​3791
  • If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #​3892
  • Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #​3880

v4.35.4

Compare Source

sigstore/cosign-installer (sigstore/cosign-installer)

v3.10.1

Compare Source

What's Changed?

Note: cosign-installer v3.x cannot be used to install Cosign v3.x. You must upgrade to cosign-installer v4 in order to use Cosign v3.

Note: This is planned to be the final release of Cosign v2, though we will cut new releases for any critical security or bug fixes. We recommend transitioning to Cosign v3.

  • Bump default Cosign to v2.6.1 (#​203)

v3.10.0

Compare Source

What's Changed

  • Bump default Cosign to v2.6.0 in #​200

Full Changelog: sigstore/cosign-installer@v3.9.2...v3.10.0


Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • "before 4am on Monday,Tuesday,Wednesday,Thursday,Friday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@nbl-renovate nbl-renovate Bot added the dependencies Pull requests that update a dependency file label May 11, 2026
@github-actions

github-actions Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

Vulnerability Scan: Passed

Image: netbox-mcp-server:scan

Source Library CVE Severity Installed Fixed Title
netbox-mcp-server:scan (alpine 3.23.4) xz-libs CVE-2026-34743 🟡 MEDIUM 5.8.2-r0 5.8.3-r0 xz: XZ Utils: Denial of Service via buffer overflow in index decoding
Python Authlib CVE-2026-44681 🟡 MEDIUM 1.6.11 1.7.1, 1.6.12 Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect
Python Pygments CVE-2026-4539 ⚪ LOW 2.19.2 2.20.0 pygments: Pygments: Denial of Service via inefficient regular expression process
Python idna CVE-2026-45409 🟡 MEDIUM 3.11 3.15 Internationalized Domain Names in Applications (IDNA): Specially crafted inputs
Python pip CVE-2026-3219 🟡 MEDIUM 26.0.1 26.1 pip: pip: Incorrect file installation due to improper archive handling
Python pip CVE-2026-6357 🟡 MEDIUM 26.0.1 26.1 pip: pip: Arbitrary code execution or information disclosure via malicious wheel

Commit: 5bf0589

@nbl-renovate nbl-renovate Bot force-pushed the renovate/non-major-github-actions branch 2 times, most recently from 2d03d53 to 520e8be Compare May 25, 2026 00:47
@nbl-renovate nbl-renovate Bot force-pushed the renovate/non-major-github-actions branch from 520e8be to 831e478 Compare May 25, 2026 13:20
@nbl-renovate nbl-renovate Bot force-pushed the renovate/non-major-github-actions branch from 831e478 to d1568a2 Compare May 25, 2026 16:12
@abubnalitic-nbl abubnalitic-nbl merged commit 8f80b9d into main May 26, 2026
14 checks passed
@abubnalitic-nbl abubnalitic-nbl deleted the renovate/non-major-github-actions branch May 26, 2026 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant