Bump docker/login-action from 3.3.0 to 4.2.0 (#2479 )

Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 4.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3.3.0...v4.2.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bump docker/build-push-action from 6.5.0 to 7.2.0 (#2478 )
2026-06-23 05:17:47 +08:00 · 2026-06-22 10:13:43 -04:00 · 2026-06-22 10:12:50 -04:00 · 2026-06-22 10:12:03 -04:00 · 2026-06-22 10:11:28 -04:00 · 2026-06-17 13:51:53 -04:00
6 changed files with 12 additions and 12 deletions
@@ -25,7 +25,7 @@ jobs:
      - uses: actions/checkout@v6

      - name: Set Node.js 24.x
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
        with:
          node-version: 24.x

@@ -42,7 +42,7 @@ jobs:
      uses: actions/checkout@v6

    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
      with:
        languages: ${{ matrix.language }}
        # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,4 +55,4 @@ jobs:
    - run: rm -rf dist # We want code scanning to analyze lib instead (individual .js files)

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
@@ -16,7 +16,7 @@ jobs:
  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
        with:
          node-version: 24.x
      - uses: actions/checkout@v6
@@ -31,7 +31,7 @@ jobs:
      # Use `docker/login-action` to log in to GHCR.io. 
      # Once published, the packages are scoped to the account defined here.
      - name: Log in to the ghcr.io container registry
-        uses: docker/login-action@v3.3.0
+        uses: docker/login-action@v4.2.0
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
@@ -48,7 +48,7 @@ jobs:

      # Use `docker/build-push-action` to build (and optionally publish) the image. 
      - name: Build Docker Image (with optional Push)
-        uses: docker/build-push-action@v6.5.0
+        uses: docker/build-push-action@v7.2.0
        with:
          context: .
          file: images/test-ubuntu-git.Dockerfile
@@ -42023,9 +42023,9 @@ function assertSafePrCheckout(input) {
    throw new Error(`Refusing to check out fork pull request code from a '${eventName}' workflow. ` +
        `This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
        `cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
-        `context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
-        `the risks at https://gh.io/securely-using-pull_request_target, set ` +
-        `'allow-unsafe-pr-checkout: true' on the actions/checkout step.`);
+        `context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks ` +
+        `at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' ` +
+        `on the actions/checkout step.`);
 }
 function pushIfSha(target, value) {
    if (typeof value === 'string' && value.length > 0) {
@@ -75,9 +75,9 @@ export function assertSafePrCheckout(input: IUnsafePrCheckoutInput): void {
    `Refusing to check out fork pull request code from a '${eventName}' workflow. ` +
      `This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch ` +
      `cache scope, and runner access. Fetching and executing a fork's code in that trusted ` +
-      `context commonly leads to "pwn request" vulnerabilities. To opt in after reviewing ` +
-      `the risks at https://gh.io/securely-using-pull_request_target, set ` +
-      `'allow-unsafe-pr-checkout: true' on the actions/checkout step.`
+      `context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks ` +
+      `at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' ` +
+      `on the actions/checkout step.`
  )
 }
Author	SHA1	Message	Date
dependabot[bot]	b9e0990d21	Bump docker/login-action from 3.3.0 to 4.2.0 (#2479 ) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.3.0 to 4.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3.3.0...v4.2.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-06-22 10:13:43 -04:00
dependabot[bot]	e8cb398be4	Bump docker/build-push-action from 6.5.0 to 7.2.0 (#2478 ) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.5.0 to 7.2.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6.5.0...v7.2.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: 7.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-06-22 10:12:50 -04:00
dependabot[bot]	5de26ee9b1	Bump actions/setup-node from 4 to 6 (#2477 ) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/v4...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-06-22 10:12:03 -04:00
dependabot[bot]	79102f2503	Bump github/codeql-action from 3 to 4 (#2475 ) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v3...v4) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2026-06-22 10:11:28 -04:00
Aiqiao Yan	9c091bb21b	update error wording (#2467 )	2026-06-17 13:51:53 -04:00