Bump docker/build-push-action from 3 to 4 #158

dependabot · 2023-01-31T18:03:00Z

Bumps docker/build-push-action from 3 to 4.

Release notes

Sourced from docker/build-push-action's releases.

v4.0.0

Warning

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Revert disable provenance by default if not set by @crazy-max in docker/build-push-action#784

Full Changelog: docker/build-push-action@v3.3.1...v4.0.0

v3.3.1

Disable provenance by default if not set by @crazy-max (#781)

Full Changelog: docker/build-push-action@v3.3.0...v3.3.1

v3.3.0

Warning

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Add attests, provenance and sbom inputs by @crazy-max (#746 #759)

Log GitHub Actions runtime token access controls by @crazy-max (#707)

Examples moved to docs website by @crazy-max (#718)

Bump minimatch from 3.0.4 to 3.1.2 (#732)

Bump csv-parse from 5.3.0 to 5.3.3 (#729)

Bump json5 from 2.2.0 to 2.2.3 (#749)

Full Changelog: docker/build-push-action@v3.2.0...v3.3.0

v3.2.0

Remove workaround for setOutput by @crazy-max (#704)

Docs: fix Git context link and add more details about subdir support by @crazy-max (#685)

Docs: named context by @baibaratsky and @crazy-max (#665)

Bump @actions/core from 1.9.0 to 1.10.0 (#667 #695)

Bump @actions/github from 5.0.3 to 5.1.1 (#696)

Full Changelog: docker/build-push-action@v3.1.1...v3.2.0

v3.1.1

Fix GitHub token not passed with Git context if subdir defined by @crazy-max (#663)

Replace deprecated fs.rmdir with fs.rm by @bendrucker (#657)

Full Changelog: docker/build-push-action@v3.1.0...v3.1.1

v3.1.0

no-cache-filters input by @crazy-max (#653)

Bump @actions/github from 5.0.1 to 5.0.3 (#619)

Bump @actions/core from 1.6.0 to 1.9.0 (#620 #637)

Bump csv-parse from 5.0.4 to 5.3.0 (#623 #650)

Full Changelog: docker/build-push-action@v3.0.0...v3.1.0

Commits

3b5e802 Merge pull request #784 from crazy-max/enable-provenance
02d3266 update generated content
f403daf revert disable provenance by default if not set
See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

> **Note** > Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v3...v4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v3...v4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 (#128) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.4.1 to 2.5.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v2.4.1...v2.5.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump evryfs/base-ubuntu from jammy-20220531 to jammy-20220801 (#129) Bumps evryfs/base-ubuntu from jammy-20220531 to jammy-20220801. --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 (#133) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.0 to 2.5.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v2.5.0...v2.5.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Upgrde java * Bump evryfs/base-ubuntu from jammy-20220801 to jammy-20220815 (#135) Bumps evryfs/base-ubuntu from jammy-20220801 to jammy-20220815. --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 (#138) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.5.1 to 2.6.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v2.5.1...v2.6.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 (#139) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.6.0 to 2.7.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v2.6.0...v2.7.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Move to java 19 * use a more readable url * Bump evryfs/base-ubuntu from jammy-20220815 to jammy-20221003 (#142) Bumps evryfs/base-ubuntu from jammy-20220815 to jammy-20221003. --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 (#144) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v2.7.0...v2.8.0) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 (#145) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 2.8.0 to 2.8.1. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@v2.8.0...v2.8.1) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump evryfs/base-ubuntu from jammy-20221003 to jammy-20221020 (#148) Bumps evryfs/base-ubuntu from jammy-20221003 to jammy-20221020. --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Upgrade java * Bump evryfs/base-ubuntu from jammy-20221020 to jammy-20221101 (#151) Bumps evryfs/base-ubuntu from jammy-20221020 to jammy-20221101. --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump evryfs/base-ubuntu from jammy-20221101 to jammy-20221130 (#154) Bumps evryfs/base-ubuntu from jammy-20221101 to jammy-20221130. --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump docker/build-push-action from 3 to 4 (#158) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3 to 4. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v3...v4) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump evryfs/base-ubuntu from jammy-20221130 to jammy-20230308 (#165) Bumps [evryfs/base-ubuntu](https://github.com/evryfs/base-ubuntu) from jammy-20221130 to jammy-20230308. - [Release notes](https://github.com/evryfs/base-ubuntu/releases) - [Commits](evryfs/base-ubuntu@jammy-20221130...jammy-20230308) --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump evryfs/base-ubuntu from jammy-20230308 to jammy-20231128 (#175) Bumps [evryfs/base-ubuntu](https://github.com/evryfs/base-ubuntu) from jammy-20230308 to jammy-20231128. - [Commits](https://github.com/evryfs/base-ubuntu/commits) --- updated-dependencies: - dependency-name: evryfs/base-ubuntu dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Configure dependency bot for java21 branch (#173) Co-authored-by: Mohana Rao S V <mohana.rao.s.v@tietoevry.com> * Pointing to latest version of jdk11 * Removed unwanted jdk prefix --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: David J. M. Karlsen <david@davidkarlsen.com> Co-authored-by: MohanaRao SV <mohanaraosv@gmail.com>

dependabot bot requested a review from a team as a code owner January 31, 2023 18:03

dependabot bot requested review from luxi2001 and removed request for a team January 31, 2023 18:03

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update Github_actions code labels Jan 31, 2023

mkekeberg merged commit 5d8aa00 into master Apr 20, 2023

mkekeberg deleted the dependabot/github_actions/docker/build-push-action-4 branch April 20, 2023 07:18

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump docker/build-push-action from 3 to 4 #158

Bump docker/build-push-action from 3 to 4 #158

dependabot bot commented on behalf of github Jan 31, 2023 •

edited

Loading

Bump docker/build-push-action from 3 to 4 #158

Bump docker/build-push-action from 3 to 4 #158

Conversation

dependabot bot commented on behalf of github Jan 31, 2023 • edited Loading

v4.0.0

v3.3.1

v3.3.0

v3.2.0

v3.1.1

v3.1.0

dependabot bot commented on behalf of github Jan 31, 2023 •

edited

Loading