Bump the github-actions group across 1 directory with 3 updates by dependabot[bot] · Pull Request #2856 · basecamp/fizzy

dependabot · 2026-04-17T20:24:35Z

Bumps the github-actions group with 3 updates in the / directory: ruby/setup-ruby, docker/login-action and docker/build-push-action.

Updates ruby/setup-ruby from 1.295.0 to 1.300.0

Release notes

Sourced from ruby/setup-ruby's releases.

v1.300.0

What's Changed

Refactor matrix script by @ntkme in ruby/setup-ruby#897

Add jruby-10.0.5.0 by @ruby-builder-bot in ruby/setup-ruby#900

Full Changelog: ruby/setup-ruby@v1.299.0...v1.300.0

v1.299.0

What's Changed

Update CRuby releases on Windows by @ruby-builder-bot in ruby/setup-ruby#896

Full Changelog: ruby/setup-ruby@v1.298.0...v1.299.0

v1.298.0

What's Changed

Add ruby-3.2.11 by @ruby-builder-bot in ruby/setup-ruby#895

Full Changelog: ruby/setup-ruby@v1.297.0...v1.298.0

v1.297.0

What's Changed

Update CRuby releases on Windows by @ruby-builder-bot in ruby/setup-ruby#894

Full Changelog: ruby/setup-ruby@v1.296.0...v1.297.0

v1.296.0

What's Changed

Add ruby-3.3.11 by @ruby-builder-bot in ruby/setup-ruby#893

Full Changelog: ruby/setup-ruby@v1.295.0...v1.296.0

Commits

e65c17d Add jruby-10.0.5.0
ba696ad Refactor matrix script
2327de0 TruffleRuby 34+ does not support macOS Intel
3ff19f5 Update CRuby releases on Windows
4dc28cf Add ruby-3.2.11
c515ec1 Update CRuby releases on Windows
eab2afb Add ruby-3.3.11
97b3338 Mention all maintainers in check-new-windows-versions for consistency
See full diff in compare view

Updates docker/login-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates docker/build-push-action from 7.0.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

Git context query format support by @crazy-max in docker/build-push-action#1505

Bump @docker/actions-toolkit from 0.79.0 to 0.87.0 by @crazy-max in docker/build-push-action#1505

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500

Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489

Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491

Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490

Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497

Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510

Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496

Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486

Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

Commits

bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
46580d2 chore: update generated content
3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
2d8f2a1 chore: update generated content
919ac7b fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 3 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [docker/login-action](https://github.com/docker/login-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `ruby/setup-ruby` from 1.295.0 to 1.300.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@319994f...e65c17d) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) Updates `docker/build-push-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@d08e5c3...bcafcac) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.300.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

* Return apostrophes to our preferred style * Fix failing OSS tests * Pretty-print dev server URL and login in `bin/dev` (basecamp#2808) * Make dev server URL and login info look nicer * DRY * Adjust comments * Adjust comments * Scope clear_search_records to the account being destroyed (basecamp#2847) Account::Searchable#clear_search_records called Search::Record.for(id).destroy_all which deleted every row in the shard's table, wiping search records belonging to every other account that happened to hash to the same shard. ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9782824728 * Add SearchReindexJob to repopulate the search index (basecamp#2850) Rebuilds search records for every published Card and every Comment on a published Card. Intended for manual invocation after a search-index loss event — not a recurring job. Uses ActiveJob::Continuable so the work survives worker restarts and resumes from the last-processed id. The job is idempotent. Removes script/maintenance/reindex_stale_search_records.rb, which was written against a different hypothesis (a date-cutoff backfill) and is superseded by this unconditional repair job. * Bump selenium-webdriver from 4.41.0 to 4.43.0 in the development-dependencies group (basecamp#2855) * Bump selenium-webdriver in the development-dependencies group Bumps the development-dependencies group with 1 update: [selenium-webdriver](https://github.com/SeleniumHQ/selenium). Updates `selenium-webdriver` from 4.41.0 to 4.43.0 - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](SeleniumHQ/selenium@selenium-4.41.0...selenium-4.43.0) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-version: 4.43.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * Sync Gemfile.saas.lock --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Bump the github-actions group across 1 directory with 3 updates (basecamp#2856) Bumps the github-actions group with 3 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [docker/login-action](https://github.com/docker/login-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `ruby/setup-ruby` from 1.295.0 to 1.300.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@319994f...e65c17d) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) Updates `docker/build-push-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@d08e5c3...bcafcac) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.300.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Stanko K.R. <stanko@stanko.io> Co-authored-by: Alexander Zaytsev <nqst@users.noreply.github.com> Co-authored-by: Mike Dalessio <mike@37signals.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

* Return apostrophes to our preferred style * Fix failing OSS tests * Pretty-print dev server URL and login in `bin/dev` (basecamp#2808) * Make dev server URL and login info look nicer * DRY * Adjust comments * Adjust comments * Scope clear_search_records to the account being destroyed (basecamp#2847) Account::Searchable#clear_search_records called Search::Record.for(id).destroy_all which deleted every row in the shard's table, wiping search records belonging to every other account that happened to hash to the same shard. ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9782824728 * Add SearchReindexJob to repopulate the search index (basecamp#2850) Rebuilds search records for every published Card and every Comment on a published Card. Intended for manual invocation after a search-index loss event — not a recurring job. Uses ActiveJob::Continuable so the work survives worker restarts and resumes from the last-processed id. The job is idempotent. Removes script/maintenance/reindex_stale_search_records.rb, which was written against a different hypothesis (a date-cutoff backfill) and is superseded by this unconditional repair job. * Bump selenium-webdriver from 4.41.0 to 4.43.0 in the development-dependencies group (basecamp#2855) * Bump selenium-webdriver in the development-dependencies group Bumps the development-dependencies group with 1 update: [selenium-webdriver](https://github.com/SeleniumHQ/selenium). Updates `selenium-webdriver` from 4.41.0 to 4.43.0 - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](SeleniumHQ/selenium@selenium-4.41.0...selenium-4.43.0) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-version: 4.43.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * Sync Gemfile.saas.lock --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Bump the github-actions group across 1 directory with 3 updates (basecamp#2856) Bumps the github-actions group with 3 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [docker/login-action](https://github.com/docker/login-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `ruby/setup-ruby` from 1.295.0 to 1.300.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@319994f...e65c17d) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) Updates `docker/build-push-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@d08e5c3...bcafcac) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.300.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Stanko K.R. <stanko@stanko.io> Co-authored-by: Alexander Zaytsev <nqst@users.noreply.github.com> Co-authored-by: Mike Dalessio <mike@37signals.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Yorko <54248591+joshyorko@users.noreply.github.com>

* Return apostrophes to our preferred style * Fix failing OSS tests * Pretty-print dev server URL and login in `bin/dev` (basecamp#2808) * Make dev server URL and login info look nicer * DRY * Adjust comments * Adjust comments * Scope clear_search_records to the account being destroyed (basecamp#2847) Account::Searchable#clear_search_records called Search::Record.for(id).destroy_all which deleted every row in the shard's table, wiping search records belonging to every other account that happened to hash to the same shard. ref: https://3.basecamp.com/2914079/buckets/27/card_tables/cards/9782824728 * Add SearchReindexJob to repopulate the search index (basecamp#2850) Rebuilds search records for every published Card and every Comment on a published Card. Intended for manual invocation after a search-index loss event — not a recurring job. Uses ActiveJob::Continuable so the work survives worker restarts and resumes from the last-processed id. The job is idempotent. Removes script/maintenance/reindex_stale_search_records.rb, which was written against a different hypothesis (a date-cutoff backfill) and is superseded by this unconditional repair job. * Bump selenium-webdriver from 4.41.0 to 4.43.0 in the development-dependencies group (basecamp#2855) * Bump selenium-webdriver in the development-dependencies group Bumps the development-dependencies group with 1 update: [selenium-webdriver](https://github.com/SeleniumHQ/selenium). Updates `selenium-webdriver` from 4.41.0 to 4.43.0 - [Release notes](https://github.com/SeleniumHQ/selenium/releases) - [Changelog](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES) - [Commits](SeleniumHQ/selenium@selenium-4.41.0...selenium-4.43.0) --- updated-dependencies: - dependency-name: selenium-webdriver dependency-version: 4.43.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: development-dependencies ... Signed-off-by: dependabot[bot] <support@github.com> * Sync Gemfile.saas.lock --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> * Bump the github-actions group across 1 directory with 3 updates (basecamp#2856) Bumps the github-actions group with 3 updates in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby), [docker/login-action](https://github.com/docker/login-action) and [docker/build-push-action](https://github.com/docker/build-push-action). Updates `ruby/setup-ruby` from 1.295.0 to 1.300.0 - [Release notes](https://github.com/ruby/setup-ruby/releases) - [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb) - [Commits](ruby/setup-ruby@319994f...e65c17d) Updates `docker/login-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@b45d80f...4907a6d) Updates `docker/build-push-action` from 7.0.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@d08e5c3...bcafcac) --- updated-dependencies: - dependency-name: ruby/setup-ruby dependency-version: 1.300.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * dep: update queenbee and audits1984 to avoid deprecation warnings (basecamp#2875) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Stanko K.R. <stanko@stanko.io> Co-authored-by: Alexander Zaytsev <nqst@users.noreply.github.com> Co-authored-by: Mike Dalessio <mike@37signals.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: Josh Yorko <54248591+joshyorko@users.noreply.github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 17, 2026

Copilot AI review requested due to automatic review settings April 17, 2026 20:24

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 17, 2026

dependabot Bot review requested due to automatic review settings April 17, 2026 20:24

jeremy merged commit f9daf09 into main Apr 19, 2026
10 checks passed

jeremy deleted the dependabot/github_actions/github-actions-a65342a023 branch April 19, 2026 00:04

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group across 1 directory with 3 updates#2856

Bump the github-actions group across 1 directory with 3 updates#2856
jeremy merged 1 commit intomainfrom
dependabot/github_actions/github-actions-a65342a023

dependabot Bot commented on behalf of github Apr 17, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Apr 17, 2026

v1.300.0

What's Changed

v1.299.0

What's Changed

v1.298.0

What's Changed

v1.297.0

What's Changed

v1.296.0

What's Changed

v4.1.0

v7.1.0

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant