chore(deps): bump the minor group across 1 directory with 11 updates

[dependabot]

Bumps the minor group with 11 updates in the / directory:

Package	From	To
PyO3/maturin-action	1.49.4	1.50.0
mislav/bump-homebrew-formula-action	3.4	3.6
codecov/codecov-action	5.4.3	5.5.2
lycheeverse/lychee-action	2.4.1	2.7.0
actions/dependency-review-action	4.7.1	4.8.3
docker/metadata-action	5.7.0	5.10.0
docker/setup-qemu-action	3.6.0	3.7.0
docker/setup-buildx-action	3.11.1	3.12.0
docker/login-action	3.4.0	3.7.0
docker/build-push-action	6.18.0	6.19.2
anchore/sbom-action	0.20.2	0.22.2

Updates PyO3/maturin-action from 1.49.4 to 1.50.0

Release notes

Sourced from PyO3/maturin-action's releases.

v1.50.0

What's Changed

• ci: address lint findings, add zizmor workflow by @​woodruffw in PyO3/maturin-action#373
• ci: pin dbhi/qus/action to a specific commit by @​woodruffw in PyO3/maturin-action#374
• Add write permissions for contents by @​davidhewitt in PyO3/maturin-action#376
• place tool cache versions on path in order from oldest to newest by @​davidhewitt in PyO3/maturin-action#381
• Add alias for riscv on manylinux by @​boosterl in PyO3/maturin-action#399
• Document how to harden release pipelines by @​konstin in PyO3/maturin-action#400
• Update dependencies to latest versions with ESM and Node 24 by @​messense in PyO3/maturin-action#409

New Contributors

• @​woodruffw made their first contribution in PyO3/maturin-action#373
• @​davidhewitt made their first contribution in PyO3/maturin-action#376
• @​boosterl made their first contribution in PyO3/maturin-action#399
• @​konstin made their first contribution in PyO3/maturin-action#400

Full Changelog: PyO3/maturin-action@v1.49.4...v1.50.0

Commits

• b1bd829 Update dependencies to latest versions with ESM and Node 24 (#409)
• e8dfe2d Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#407)
• a7a0737 Bump actions/setup-python from 6.1.0 to 6.2.0 (#406)
• 0177072 Bump actions/setup-node from 6.1.0 to 6.2.0 (#405)
• 0584c36 Bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 (#404)
• 06e22d5 Bump actions/checkout from 6.0.1 to 6.0.2 (#403)
• f8fa3c6 Allow build loongarch64 and riscv64 for musllinux (#408)
• 1511a23 Document how to harden release pipelines (#400)
• 47fbb7a Add alias for riscv on manylinux (#399)
• 9fc14be Update versions-manifest.json (#398)
• Additional commits viewable in compare view

Updates mislav/bump-homebrew-formula-action from 3.4 to 3.6

Release notes

Sourced from mislav/bump-homebrew-formula-action's releases.

bump-homebrew-formula-action 3.6

What's Changed

• remove summary heading element 8949e92fce03f8c7ef3bcaafe5c9f23bc3c35cdc
• build(deps-dev): bump the eslint group with 3 updates by @​dependabot[bot] in mislav/bump-homebrew-formula-action#269
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#274
• build(deps-dev): bump typescript from 5.8.3 to 5.9.2 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#273
• build(deps-dev): bump the eslint group across 1 directory with 3 updates by @​dependabot[bot] in mislav/bump-homebrew-formula-action#275
• build(deps-dev): bump @​types/node from 24.1.0 to 24.3.0 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#272
• build(deps-dev): bump the eslint group with 3 updates by @​dependabot[bot] in mislav/bump-homebrew-formula-action#276

Full Changelog: mislav/bump-homebrew-formula-action@v3.5...v3.6

bump-homebrew-formula-action 3.5

What's Changed

• Print formula bump PR in Job Summary by @​jasonkarns in mislav/bump-homebrew-formula-action#267
• Disable source map register when generating the lib/index.js bundle by @​mislav in mislav/bump-homebrew-formula-action#248
• chore: update default base-branch to main for homebrew core tap by @​chenrui333 in mislav/bump-homebrew-formula-action#265
• Add integration test by @​mislav in mislav/bump-homebrew-formula-action#249
• build(deps): bump @​octokit/core from 7.0.2 to 7.0.3 in the github-actions group by @​dependabot[bot] in mislav/bump-homebrew-formula-action#263
• build(deps-dev): bump @​ava/typescript from 5.0.0 to 6.0.0 in the ava group by @​dependabot[bot] in mislav/bump-homebrew-formula-action#255
• build(deps-dev): bump @​tsconfig/node20 from 20.1.5 to 20.1.6 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#253
• build(deps-dev): bump @​types/node from 20.17.50 to 20.17.57 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#247
• build(deps-dev): bump @​types/node from 20.17.57 to 20.19.0 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#250
• build(deps-dev): bump @​types/node from 20.19.0 to 24.0.1 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#254
• build(deps-dev): bump @​types/node from 24.0.2 to 24.0.3 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#257
• build(deps-dev): bump @​types/node from 24.0.3 to 24.1.0 by @​dependabot[bot] in mislav/bump-homebrew-formula-action#266
• build(deps-dev): bump ava from 6.3.0 to 6.4.0 in the ava group by @​dependabot[bot] in mislav/bump-homebrew-formula-action#251
• build(deps-dev): bump ava from 6.4.0 to 6.4.1 in the ava group by @​dependabot[bot] in mislav/bump-homebrew-formula-action#261
• build(deps-dev): bump the eslint group with 3 updates by @​dependabot[bot] in mislav/bump-homebrew-formula-action#246
• build(deps-dev): bump the eslint group with 3 updates by @​dependabot[bot] in mislav/bump-homebrew-formula-action#252
• build(deps-dev): bump the eslint group with 3 updates by @​dependabot[bot] in mislav/bump-homebrew-formula-action#259
• build(deps-dev): bump typescript-eslint from 8.34.0 to 8.34.1 in the eslint group by @​dependabot[bot] in mislav/bump-homebrew-formula-action#256

Full Changelog: mislav/bump-homebrew-formula-action@v3.4...v3.5

Commits

• 56a283f Merge branch 'main' into v3
• 98374de Merge remote-tracking branch 'origin/main'
• 00e28eb lib
• 675180d Merge branch 'main' into v3
• 8949e92 Remove summary heading element
• c19295c Merge pull request #276 from mislav/dependabot/npm_and_yarn/eslint-a4a0c64de1
• 5641e4e build(deps-dev): bump the eslint group with 3 updates
• 7e65662 Merge pull request #272 from mislav/dependabot/npm_and_yarn/types/node-24.3.0
• 5c66f13 build(deps-dev): bump @​types/node from 24.1.0 to 24.3.0
• 9c70962 Merge pull request #275 from mislav/dependabot/npm_and_yarn/eslint-6126e969a6
• Additional commits viewable in compare view

Updates codecov/codecov-action from 5.4.3 to 5.5.2

Release notes

Sourced from codecov/codecov-action's releases.

v5.5.2

What's Changed

• check gpg only when skip-validation = false by @​maxweng-sentry in codecov/codecov-action#1894
• chore: disable_search alignment by @​freemanzMrojo in codecov/codecov-action#1881
• chore(release): 5.5.2 by @​thomasrockhu-codecov in codecov/codecov-action#1902

New Contributors

• @​maxweng-sentry made their first contribution in codecov/codecov-action#1894
• @​freemanzMrojo made their first contribution in codecov/codecov-action#1881

Full Changelog: codecov/codecov-action@v5.5.1...v5.5.2

v5.5.1

What's Changed

• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in codecov/codecov-action#1833
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​dependabot[bot] in codecov/codecov-action#1861
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​dependabot[bot] in codecov/codecov-action#1867
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​dependabot[bot] in codecov/codecov-action#1868
• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• chore(release): 5.5.1 by @​thomasrockhu-codecov in codecov/codecov-action#1873

New Contributors

• @​datalater made their first contribution in codecov/codecov-action#1866

Full Changelog: codecov/codecov-action@v5.5.0...v5.5.1

v5.5.0

What's Changed

• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​dependabot[bot] in codecov/codecov-action#1829
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• chore(release): 5.5.0 by @​thomasrockhu-codecov in codecov/codecov-action#1865

New Contributors

• @​spalmurray made their first contribution in codecov/codecov-action#1837
• @​martincostello made their first contribution in codecov/codecov-action#1859
• @​jviall made their first contribution in codecov/codecov-action#1864

Full Changelog: codecov/codecov-action@v5.4.3...v5.5.0

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• 671740a chore(release): 5.5.2 (#1902)
• 96b38e9 chore: disable_search alignment (#1881)
• 9b6d1f8 check gpg only when skip-validation = false (#1894)
• 5a10915 chore(release): 5.5.1 (#1873)
• 3e0ce21 fix: overwrite pr number on fork (#1871)
• c4741c8 build(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#1868)
• 17370e8 build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 (#1867)
• 18fdacf fix: update to use local app/ dir (#1872)
• 206148c docs: fix typo in README (#1866)
• 3cb13a1 Document a codecov-cli version reference example (#1774)
• Additional commits viewable in compare view

Updates lycheeverse/lychee-action from 2.4.1 to 2.7.0

Release notes

Sourced from lycheeverse/lychee-action's releases.

Version 2.7.0

Breaking changes

If you're using --base, you must now provide either a URL (with scheme) or an absolute local path. See lychee --help for more information. If you want to resolve root-relative links in local files, also see --root-dir.

What's Changed

• Bump peter-evans/create-issue-from-file from 5 to 6 by @​dependabot[bot] in lycheeverse/lychee-action#307
• Upgrade checkout action from v4 to v5 by @​jacobdalamb in lycheeverse/lychee-action#310
• Update lycheeVersion to v0.21.0 by @​github-actions[bot] in lycheeverse/lychee-action#312 See https://github.com/lycheeverse/lychee/releases/tag/lychee-v0.21.0 for the lychee changelog.

Full Changelog: lycheeverse/lychee-action@v2...v2.7.0

Version 2.6.1

What's Changed

• Update lycheeVersion to v0.20.1 by @​github-actions[bot] in lycheeverse/lychee-action#306, which contains a hotfix for lycheeverse/lychee-action#305.

Full Changelog: lycheeverse/lychee-action@v2...v2.6.1

Version 2.6.0

What's Changed

• Update lychee version to v0.20.0 by @​github-actions[bot] in lycheeverse/lychee-action#304
• Bump actions/checkout from 4 to 5 by @​dependabot[bot] in lycheeverse/lychee-action#303

Full Changelog: lycheeverse/lychee-action@v2...v2.6.0

Version 2.5.0

Summary

Most notably with this release the deprecated --exclude-mail flag was removed and the behavior of the --accept flag was updated. Previously, status codes such as 200 OK were always accepted. Now they are only accepted by default. This means providing the argument --accept 201 now rejects status code 200 OK.

What's Changed

• Update lycheeVersion to v0.19.1 by @​github-actions[bot] in lycheeverse/lychee-action#300
• See the lychee changes here: https://github.com/lycheeverse/lychee/releases/tag/lychee-v0.19.1, https://github.com/lycheeverse/lychee/releases/tag/lychee-v0.19.0

Full Changelog: lycheeverse/lychee-action@v2...v2.5.0

Commits

• a8c4c7c [create-pull-request] automated change (#312)
• 44b353b Upgrade checkout action from v4 to v5 (#310)
• e79a91b Bump peter-evans/create-issue-from-file from 5 to 6 (#307)
• 885c65f [create-pull-request] automated change (#306)
• 01a5c94 Update lycheeVersion to v0.20.0 (#304)
• 1478291 Bump actions/checkout from 4 to 5 (#303)
• 0c3ab05 Remove deprecrated flag --exclude-mail
• 5c4ee84 [create-pull-request] automated change (#300)
• 74c50ae [create-pull-request] automated change (#296)
• See full diff in compare view

Updates actions/dependency-review-action from 4.7.1 to 4.8.3

Release notes

Sourced from actions/dependency-review-action's releases.

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in actions/dependency-review-action#1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in actions/dependency-review-action#995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in actions/dependency-review-action#1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in actions/dependency-review-action#1005
• Upgrade glob to address a vulnerability by @​brrygrdn in actions/dependency-review-action#1024
• Bump js-yaml by @​dependabot[bot] in actions/dependency-review-action#1020
• Addressing vulnerabilities by @​Ahmed3lmallah in actions/dependency-review-action#1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in actions/dependency-review-action#1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in actions/dependency-review-action#1053
• Properly truncate long summaries and catch errors by @​juxtin in actions/dependency-review-action#1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in actions/dependency-review-action#931
• Changes for Release 4.8.3 by @​ahpook in actions/dependency-review-action#1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

v4.8.2

Minor fixes:

• Fix PURL parsing for scoped packages (#1008 from @​danielhardej)
• Fix for large summaries (#1007 from @​gitulisca)
• README includes a working example for allow-dependencies-licenses (#1009 from @​danielhardej)

Dependency Review Action v4.8.1

What's Changed

• (bug) Fix spamming link test in deprecation warning (again) by @​ahpook in actions/dependency-review-action#1000
• Bump version for 4.8.1 release by @​ahpook in actions/dependency-review-action#1001

Full Changelog: actions/dependency-review-action@v4...v4.8.1

v4.8.0

What's Changed

• Make Ruby Code Scannable by @​ljones140 in actions/dependency-review-action#978
• Batch some contributions for release by @​brrygrdn in actions/dependency-review-action#986
  • Make license lists collapsable by @​jasperkamerling
  • feat: add large summary handling with artifact upload by @​MattMencel

New Contributors

• @​ljones140 made their first contribution in actions/dependency-review-action#978
• @​jasperkamerling made their first contribution in actions/dependency-review-action#986
• @​MattMencel made their first contribution in actions/dependency-review-action#986

... (truncated)

Commits

• 05fe457 Merge pull request #1054 from actions/ahpook/release-4.8.3
• 3a8496c Update generated package files for v4.8.3
• 0f22a01 Update CONTRIBUTING for new release process
• 58be343 Updating package versions for 4.8.3
• 9284e0c Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-20...
• 8b76656 Bump spdx-expression-parse in the spdx-licenses group across 1 directory
• 43f5f02 Merge pull request #1052 from actions/juxtin/fix-long-summaries
• f0033fc Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser...
• b379e2e Bump fast-xml-parser from 5.3.5 to 5.3.6
• 2e1cf54 Properly truncate long summaries and catch errors
• Additional commits viewable in compare view

Updates docker/metadata-action from 5.7.0 to 5.10.0

Release notes

Sourced from docker/metadata-action's releases.

v5.10.0

• Bump @​docker/actions-toolkit from 0.66.0 to 0.68.0 in docker/metadata-action#559 docker/metadata-action#569
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/metadata-action#564

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

v5.9.0

• Add tag-names output to return tag names without image base name by @​crazy-max in docker/metadata-action#553
• Bump @​babel/runtime-corejs3 from 7.14.7 to 7.28.2 in docker/metadata-action#539
• Bump @​docker/actions-toolkit from 0.62.1 to 0.66.0 in docker/metadata-action#555
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/metadata-action#540
• Bump csv-parse from 5.6.0 to 6.1.0 in docker/metadata-action#532
• Bump semver from 7.7.2 to 7.7.3 in in docker/metadata-action#554
• Bump tmp from 0.2.3 to 0.2.5 in docker/metadata-action#541

Full Changelog: docker/metadata-action@v5.8.0...v5.9.0

v5.8.0

• New is_not_default_branch global expression by @​crazy-max in docker/metadata-action#535
• Allow to match part of the git tag or value for semver/pep440 types by @​crazy-max in docker/metadata-action#536 docker/metadata-action#537
• Bump @​actions/github from 6.0.0 to 6.0.1 in docker/metadata-action#523
• Bump @​docker/actions-toolkit from 0.56.0 to 0.62.1 in docker/metadata-action#526
• Bump form-data from 2.5.1 to 2.5.5 in docker/metadata-action#533
• Bump moment-timezone from 0.5.47 to 0.6.0 in docker/metadata-action#525
• Bump semver from 7.7.1 to 7.7.2 in docker/metadata-action#524

Full Changelog: docker/metadata-action@v5.7.0...v5.8.0

Commits

• c299e40 Merge pull request #569 from docker/dependabot/npm_and_yarn/docker/actions-to...
• f015d79 chore: update generated content
• 121bcc2 chore(deps): Bump @​docker/actions-toolkit from 0.67.0 to 0.68.0
• f7b6bf4 Merge pull request #564 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
• 0b95c6b Merge pull request #565 from docker/dependabot/github_actions/actions/checkout-6
• 17f70d7 Merge pull request #568 from motoki317/docs/fix-to-24h-schedule-pattern
• afd7e6d docs(README): Fix date format from 12h to 24h in schedule pattern
• 602aff8 chore(deps): Bump actions/checkout from 5 to 6
• aecb1a4 chore(deps): Bump js-yaml from 3.14.1 to 3.14.2
• 8d8c7c1 Merge pull request #559 from docker/dependabot/npm_and_yarn/docker/actions-to...
• Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.6.0 to 3.7.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.7.0

• Bump @​docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220
• Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218
• Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221
• Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

Commits

• c7c5346 Merge pull request #230 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 3a517a1 chore: update generated content
• a5b45ed build(deps): bump @​docker/actions-toolkit from 0.62.1 to 0.67.0
• 3a64278 Merge pull request #220 from docker/dependabot/npm_and_yarn/brace-expansion-1...
• 94906ba chore: update generated content
• 4027abf build(deps): bump brace-expansion from 1.1.11 to 1.1.12
• bee0aaa Merge pull request #221 from docker/dependabot/npm_and_yarn/tmp-0.2.4
• 0d7e257 chore: update generated content
• b869601 build(deps): bump tmp from 0.2.3 to 0.2.4
• 3a043ed Merge pull request #219 from docker/dependabot/npm_and_yarn/undici-5.29.0
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.11.1 to 3.12.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

• Deprecate install input by @​crazy-max in docker/setup-buildx-action#455
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436
• Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432
• Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits

• 8d2750c Merge pull request #455 from crazy-max/install-deprecated
• e81846b deprecate install input
• 65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
• 000d75d build(deps): bump actions/checkout from 5 to 6
• 1583c0f Merge pull request #443 from nicolasleger/patch-1
• ed158e7 doc: bump actions/checkout from 4 to 5
• 4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
• 4dfc3d6 build(deps): bump actions/checkout from 4 to 5
• af1b253 Merge pull request #440 from crazy-max/k3s-build
• 3c6ab92 ci: k3s test with latest buildx
• Additional commits viewable in compare view

Updates docker/login-action from 3.4.0 to 3.7.0

Release notes

Sourced from docker/login-action's releases.

v3.7.0

• Add scope input to set scopes for the authentication token by @​crazy-max in docker/login-action#912
• Add support for AWS European Sovereign Cloud ECR by @​dphi in docker/login-action#914
• Ensure passwords are redacted with registry-auth input by @​crazy-max in docker/login-action#911
• build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

v3.6.0

• Add registry-auth input for raw authentication to registries by @​crazy-max in docker/login-action#887
• Bump @​aws-sdk/client-ecr to 3.890.0 in docker/login-action#882 docker/login-action#890
• Bump @​aws-sdk/client-ecr-public to 3.890.0 in docker/login-action#882 docker/login-action#890
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/login-action#883
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/login-action#880
• Bump undici from 5.28.4 to 5.29.0 in docker/login-action#879
• Bump tmp from 0.2.3 to 0.2.4 in docker/login-action#881

Full Changelog: docker/login-action@v3.5.0...v3.6.0

v3.5.0

• Support dual-stack endpoints for AWS ECR by @​Spacefish

[ognis1205]

CI is all green. Skimmed the release notes and nothing concerning.
LGTM

[orhun]

This broke the release workflow: https://github.com/orhun/git-cliff/actions/runs/24953294501/job/73067180121

The new maturin used by this is doing stricter sdist packaging/validation aligned with Cargo package contents.

[orhun]

Regression is caused by: PyO3/maturin#3014