Bump the all-dependencies group across 1 directory with 9 updates#265
Bump the all-dependencies group across 1 directory with 9 updates#265dependabot[bot] wants to merge 1 commit into
Conversation
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Want reviews to match your repository better? Bugbot Learning can learn team-specific rules from PR activity. A team admin can enable Learning in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 67b2d97. Configure here.
| steps: | ||
| - name: Checkout fork PR HEAD | ||
| uses: actions/checkout@v6 | ||
| uses: actions/checkout@v7 |
There was a problem hiding this comment.
Fork autofix checkout breaks v7
Medium Severity
actions/checkout@v7 refuses fork pull request heads on pull_request_target and workflow_run. The Dependabot fork jobs still check out pull_request.head.repo and head.ref under pull_request_target, so those steps fail instead of formatting fork PRs.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 67b2d97. Configure here.
Bumps the all-dependencies group with 9 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6` | `7` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `4.0.0` | `4.1.0` | | [docker/login-action](https://github.com/docker/login-action) | `4.1.0` | `4.2.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `6.0.0` | `6.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `7.1.0` | `7.2.0` | | [actions/setup-dotnet](https://github.com/actions/setup-dotnet) | `5.2.0` | `5.4.0` | | [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `7.1.0` | `7.2.0` | | [actions/cache](https://github.com/actions/cache) | `5` | `6` | Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v6...v7) Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v4.0.0...v4.1.0) Updates `docker/setup-buildx-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v4.0.0...v4.1.0) Updates `docker/login-action` from 4.1.0 to 4.2.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v4.1.0...v4.2.0) Updates `docker/metadata-action` from 6.0.0 to 6.1.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v6.0.0...v6.1.0) Updates `docker/build-push-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v7.1.0...v7.2.0) Updates `actions/setup-dotnet` from 5.2.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-dotnet/releases) - [Commits](actions/setup-dotnet@v5.2.0...v5.4.0) Updates `stefanzweifel/git-auto-commit-action` from 7.1.0 to 7.2.0 - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](stefanzweifel/git-auto-commit-action@v7.1.0...v7.2.0) Updates `actions/cache` from 5 to 6 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](actions/cache@v5...v6) --- updated-dependencies: - dependency-name: actions/cache dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-dependencies - dependency-name: actions/setup-dotnet dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies - dependency-name: stefanzweifel/git-auto-commit-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
67b2d97 to
4a5bdd2
Compare


Bumps the all-dependencies group with 9 updates in the / directory:
674.0.04.1.04.0.04.1.04.1.04.2.06.0.06.1.07.1.07.2.05.2.05.4.07.1.07.2.056Updates
actions/checkoutfrom 6 to 7Release notes
Sourced from actions/checkout's releases.
Changelog
Sourced from actions/checkout's changelog.
... (truncated)
Commits
9c091bbupdate error wording (#2467)1044a6dgetting ready for checkout v7 release (#2464)f028218Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)d914b26upgrade module to esm and update dependencies (#2463)537c7efBump@actions/coreand@actions/tool-cacheand Remove uuid (#2459)130a169Bump js-yaml from 4.1.0 to 4.2.0 (#2461)7d09575Bump flatted from 3.3.1 to 3.4.2 (#2460)0f9f3aaBump actions/publish-immutable-action (#2458)f9e715ablock checking out fork pr for pull_request_target and workflow_run (#2454)Updates
docker/setup-qemu-actionfrom 4.0.0 to 4.1.0Release notes
Sourced from docker/setup-qemu-action's releases.
Commits
0611638Merge pull request #21 from crazy-max/uninstce59c81chore: update generated content2ddad44uninstall current emulators8c37cd6Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-to...d1a0ff3chore: update generated content0a8f3dcbuild(deps): bump@docker/actions-toolkitfrom 0.79.0 to 0.91.09430f61Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6978bd77chore: update generated content3479febbuild(deps): bump tmp from 0.2.5 to 0.2.6b113c26Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...Updates
docker/setup-buildx-actionfrom 4.0.0 to 4.1.0Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
d7f5e7fMerge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...92bc5c9chore: update generated contentda11e35build(deps): bump@docker/actions-toolkitfrom 0.79.0 to 0.90.0f021e16Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1b5af94fchore: update generated content16ad977build(deps): bump undici from 6.23.0 to 6.25.0d7a12d7Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.028ff27dbuild(deps): bump glob from 10.3.12 to 13.0.6daf436bMerge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...9725348chore: update generated contentUpdates
docker/login-actionfrom 4.1.0 to 4.2.0Release notes
Sourced from docker/login-action's releases.
Commits
650006cMerge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...99df1a3chore: update generated content3ab375fbuild(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...39d8580Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...4eefcd3chore: update generated content56d092cbuild(deps): bump@docker/actions-toolkitfrom 0.86.0 to 0.90.0e2e31caMerge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.10bced94chore: update generated content3e75a0fbuild(deps): bump@actions/corefrom 3.0.0 to 3.0.1365bebdMerge pull request #984 from docker/dependabot/github_actions/aws-actions/con...Updates
docker/metadata-actionfrom 6.0.0 to 6.1.0Release notes
Sourced from docker/metadata-action's releases.
Commits
80c7e94Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...8e0ddabchore: update generated contenta8db14bchore(deps): Bump@docker/actions-toolkitfrom 0.79.0 to 0.90.063a7371Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0c6916a6chore: update generated contentaca9205chore(deps): Bump csv-parse from 6.1.0 to 6.2.19dcfe60Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.943dea76chore: update generated content7a56f5achore(deps): Bump handlebars from 4.7.8 to 4.7.9e49e0aaMerge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...Updates
docker/build-push-actionfrom 7.1.0 to 7.2.0Release notes
Sourced from docker/build-push-action's releases.
Commits
f9f3042Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...812d5fdchore: update generated contentb6f6693chore(deps): Bump@docker/actions-toolkitfrom 0.87.0 to 0.90.0c1c626eMerge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.151bb284chore: update generated content5f7884dchore(deps): Bump@actions/corefrom 3.0.0 to 3.0.1e01deffMerge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...3804d49chore: update generated content71e8947chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.04925ad2Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10Updates
actions/setup-dotnetfrom 5.2.0 to 5.4.0Release notes
Sourced from actions/setup-dotnet's releases.
... (truncated)
Commits
26b0ec1Expand the CSC problem matcher to light up more errors on GitHub. (#717)da5e548docs(action): explicitly mark all optional inputs with required: false (#737)9bd3b44Improve readability of global.json creation command (#694)4406a63Bump@actions/cacheto 5.1.0, log cache write denied (#746)dc3262dpin actions to commit SHAs in workflows (#744)95a3f8bValidate global.json SDK version before rollForward optimization (#742)9a946fdAdd rollForward note in README, improve proxy health check in e2e tests and b...98af08bSupport global.json's rollForward latest* variants (#538)8404272Update install scripts to v2026.05.19 (#736)f1970f5Don't download releases-index.json to resolve major version (#560)Updates
stefanzweifel/git-auto-commit-actionfrom 7.1.0 to 7.2.0Release notes
Sourced from stefanzweifel/git-auto-commit-action's releases.
Changelog
Sourced from stefanzweifel/git-auto-commit-action's changelog.
Commits
4a55954Update README.md9f6c933Add hooks to run shell snippets around git operations (#411)c365a74Emit warning for pull_request_target trigger usage (#410)d28176cBump actions/checkout from 6 to 7 (#409)25df622Add EXAMPLES.md32e9844docs(action): fix input and output descriptions in action.yml (#406)a3ed46fdocs: fix typos, grammar, and formatting across markdown files (#408)b4d688cdocs: fix broken and redirecting URLs in README.md (#407)f53a62cREADME: clearify meaning of the repository field (#404)4fc4bbfBump release-drafter/release-drafter from 6 to 7 (#403)Updates
actions/cachefrom 5 to 6Release notes
Sourced from actions/cache's releases.
... (truncated)
Changelog
Sourced from actions/cache's changelog.
... (truncated)
Commits
55cc834Merge pull request #1768 from jasongin/readonly-cached8cd72fBump@actions/cacheto v6.1.0 - handle cache write error due to RO token2c8a9bdMerge pull request #1760 from actions/samirat/esm_migration_and_package_updatee9b91fdPrettier fixese4884b8Rebuild dist10baf01Fixed licensese39b386Fix test mock return orderb692820PR feedback