build(deps): bump docker/login-action from 3.6.0 to 3.7.0#2819
build(deps): bump docker/login-action from 3.6.0 to 3.7.0#2819dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@5e57cd1...c94ce9f) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
ldoktor
left a comment
There was a problem hiding this comment.
lgtm, we might consider limiting the scope newly added in docker/login-action#912
We might need to dig further, but it looks from the examples that it's buildx related, so I'm not sure how applicable it is to us, but it's worth a look, thanks! |
|
When I click the License Compliance checker, it says the check passed but the status is "1 issues found" here... have you seen that before? |
Yeah - there was a false positive (an issue showing up as a direct dependency when it was indirect), which I added to the ignore list. I've forgotten how to re-trigger the action though |
Bumps docker/login-action from 3.6.0 to 3.7.0.
Release notes
Sourced from docker/login-action's releases.
Commits
c94ce9fMerge pull request #915 from docker/dependabot/npm_and_yarn/lodash-4.17.238339c95Merge pull request #912 from docker/scopec83e932build(deps): bump lodash from 4.17.21 to 4.17.23b268aa5chore: update generated contenta603229documentation for scope input7567f92Add scope input to set scopes for the authentication token0567fa5Merge pull request #914 from dphi/add-support-for-amazonaws.euf6ef577feat: add support for AWS European Sovereign Cloud ECR registries916386bMerge pull request #911 from crazy-max/ensure-redact5b3f94achore: update generated contentDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)