From 19d24075daf9b559fa8ccce1e1fbe41d324850fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 9 Feb 2026 13:35:13 +0000
Subject: [PATCH] ci: bump the github-actions group with 4 updates (#22010)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps the github-actions group with 4 updates:
[actions/cache](https://github.com/actions/cache),
[docker/login-action](https://github.com/docker/login-action),
[actions/attest](https://github.com/actions/attest) and
[nix-community/cache-nix-action](https://github.com/nix-community/cache-nix-action).
Updates `actions/cache` from 5.0.2 to 5.0.3
Release notes
Sourced from actions/cache's
releases.
v5.0.3
What's Changed
Full Changelog: https://github.com/actions/cache/compare/v5...v5.0.3
Changelog
Sourced from actions/cache's
changelog.
Releases
How to prepare a release
[!NOTE]
Relevant for maintainers with write access only.
- Switch to a new branch from
main.
- Run
npm test to ensure all tests are passing.
- Update the version in
https://github.com/actions/cache/blob/main/package.json.
- Run
npm run build to update the compiled files.
- Update this
https://github.com/actions/cache/blob/main/RELEASES.md
with the new version and changes in the ## Changelog
section.
- Run
licensed cache to update the license report.
- Run
licensed status and resolve any warnings by
updating the https://github.com/actions/cache/blob/main/.licensed.yml
file with the exceptions.
- Commit your changes and push your branch upstream.
- Open a pull request against
main and get it reviewed
and merged.
- Draft a new release https://github.com/actions/cache/releases
use the same version number used in
package.json
- Create a new tag with the version number.
- Auto generate release notes and update them to match the changes you
made in
RELEASES.md.
- Toggle the set as the latest release option.
- Publish the release.
- Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
- There should be a workflow run queued with the same version
number.
- Approve the run to publish the new version and update the major tags
for this action.
Changelog
5.0.3
5.0.2
- Bump
@actions/cache to v5.0.3 #1692
5.0.1
- Update
@azure/storage-blob to ^12.29.1 via
@actions/cache@5.0.1 #1685
5.0.0
[!IMPORTANT]
actions/cache@v5 runs on the Node.js 24 runtime and
requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.
4.3.0
... (truncated)
Commits
cdf6c1f
Merge pull request #1695
from actions/Link-/prepare-5.0.3a1bee22
Add review for the @actions/http-client license4695763
Add licensed outputdc73bb9
Upgrade dependencies and address security warnings345d5c2
Add 5.0.3 builds- See full diff in compare
view
Updates `docker/login-action` from 3.6.0 to 3.7.0
Release notes
Sourced from docker/login-action's
releases.
v3.7.0
Full Changelog: https://github.com/docker/login-action/compare/v3.6.0...v3.7.0
Commits
c94ce9f
Merge pull request #915
from docker/dependabot/npm_and_yarn/lodash-4.17.238339c95
Merge pull request #912
from docker/scopec83e932
build(deps): bump lodash from 4.17.21 to 4.17.23b268aa5
chore: update generated contenta603229
documentation for scope input7567f92
Add scope input to set scopes for the authentication token0567fa5
Merge pull request #914
from dphi/add-support-for-amazonaws.euf6ef577
feat: add support for AWS European Sovereign Cloud ECR registries916386b
Merge pull request #911
from crazy-max/ensure-redact5b3f94a
chore: update generated content- Additional commits viewable in compare
view
Updates `actions/attest` from 3.1.0 to 3.2.0
Release notes
Sourced from actions/attest's
releases.
v3.2.0
What's Changed
Full Changelog: https://github.com/actions/attest/compare/v3.1.0...v3.2.0
Commits
e59cbc1
Update version to 3.2.0 (#334)20eb46c
Validate repository org-ownership before storage record creation (#328)7433fa7
Update undici development dependency to the latest version
(#332)c03bf41
Bump the npm-development group with 3 updates (#320)- See full diff in compare
view
Updates `nix-community/cache-nix-action` from 7.0.1 to 7.0.2
Release notes
Sourced from nix-community/cache-nix-action's
releases.
v7.0.2
What's Changed
Fixed
Changed (deps)
Full Changelog: https://github.com/nix-community/cache-nix-action/compare/v7...v7.0.2
Commits
7df957e
chore: build the action47869c4
fix(action): use a more precise checkeca69c4
Merge pull request #295
from nix-community/nix-versions-under-v233-not-supportedb6fd2e3
feat(ci): add test with Nix version <2.33ddd9cbc
fix(ci): bump action version922e906
chore: build the action4038f94
refactor(action): rename constants for command resultsdfde4d3
fix(action): choose command based on the Nix version4b2dd9e
Merge pull request #294
from nix-community/dependabot/npm_and_yarn/eslint-con...273d1a7
chore(deps-dev): bump eslint-config-love from 147.0.0 to 149.0.0- Additional commits viewable in compare
view
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore ` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore ` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore ` will
remove the ignore condition of the specified dependency and ignore
conditions
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/ci.yaml | 10 +++++-----
.github/workflows/deploy.yaml | 2 +-
.github/workflows/docker-base.yaml | 2 +-
.github/workflows/dogfood.yaml | 4 ++--
.github/workflows/pr-deploy.yaml | 2 +-
.github/workflows/release.yaml | 8 ++++----
6 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 92af9b40de..19232565fe 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -181,7 +181,7 @@ jobs:
echo "LINT_CACHE_DIR=$dir" >> "$GITHUB_ENV"
- name: golangci-lint cache
- uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2
+ uses: actions/cache@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3
with:
path: |
${{ env.LINT_CACHE_DIR }}
@@ -1186,7 +1186,7 @@ jobs:
persist-credentials: false
- name: GHCR Login
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+ uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -1393,7 +1393,7 @@ jobs:
id: attest_main
if: github.ref == 'refs/heads/main'
continue-on-error: true
- uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0
+ uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
with:
subject-name: "ghcr.io/coder/coder-preview:main"
predicate-type: "https://slsa.dev/provenance/v1"
@@ -1430,7 +1430,7 @@ jobs:
id: attest_latest
if: github.ref == 'refs/heads/main'
continue-on-error: true
- uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0
+ uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
with:
subject-name: "ghcr.io/coder/coder-preview:latest"
predicate-type: "https://slsa.dev/provenance/v1"
@@ -1467,7 +1467,7 @@ jobs:
id: attest_version
if: github.ref == 'refs/heads/main'
continue-on-error: true
- uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0
+ uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
with:
subject-name: "ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}"
predicate-type: "https://slsa.dev/provenance/v1"
diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml
index 3ed5949349..b85cf13331 100644
--- a/.github/workflows/deploy.yaml
+++ b/.github/workflows/deploy.yaml
@@ -76,7 +76,7 @@ jobs:
persist-credentials: false
- name: GHCR Login
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+ uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ghcr.io
username: ${{ github.actor }}
diff --git a/.github/workflows/docker-base.yaml b/.github/workflows/docker-base.yaml
index 80071f86b3..bd6160b30b 100644
--- a/.github/workflows/docker-base.yaml
+++ b/.github/workflows/docker-base.yaml
@@ -48,7 +48,7 @@ jobs:
persist-credentials: false
- name: Docker login
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+ uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ghcr.io
username: ${{ github.actor }}
diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml
index 9801008028..819018bb2d 100644
--- a/.github/workflows/dogfood.yaml
+++ b/.github/workflows/dogfood.yaml
@@ -42,7 +42,7 @@ jobs:
# on version 2.29 and above.
nix_version: "2.28.5"
- - uses: nix-community/cache-nix-action@106bba72ed8e29c8357661199511ef07790175e9 # v7.0.1
+ - uses: nix-community/cache-nix-action@7df957e333c1e5da7721f60227dbba6d06080569 # v7.0.2
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
@@ -82,7 +82,7 @@ jobs:
- name: Login to DockerHub
if: github.ref == 'refs/heads/main'
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+ uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index d09d5491f4..60a82e4587 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -248,7 +248,7 @@ jobs:
uses: ./.github/actions/setup-sqlc
- name: GHCR Login
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+ uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ghcr.io
username: ${{ github.actor }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 90d9935599..3e8d6f8b89 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -233,7 +233,7 @@ jobs:
cat "$CODER_RELEASE_NOTES_FILE"
- name: Docker Login
- uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
+ uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0
with:
registry: ghcr.io
username: ${{ github.actor }}
@@ -448,7 +448,7 @@ jobs:
id: attest_base
if: ${{ !inputs.dry_run && steps.image-base-tag.outputs.tag != '' }}
continue-on-error: true
- uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0
+ uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
with:
subject-name: ${{ steps.image-base-tag.outputs.tag }}
predicate-type: "https://slsa.dev/provenance/v1"
@@ -564,7 +564,7 @@ jobs:
id: attest_main
if: ${{ !inputs.dry_run }}
continue-on-error: true
- uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0
+ uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
with:
subject-name: ${{ steps.build_docker.outputs.multiarch_image }}
predicate-type: "https://slsa.dev/provenance/v1"
@@ -608,7 +608,7 @@ jobs:
id: attest_latest
if: ${{ !inputs.dry_run && steps.build_docker.outputs.created_latest_tag == 'true' }}
continue-on-error: true
- uses: actions/attest@7667f588f2f73a90cea6c7ac70e78266c4f76616 # v3.1.0
+ uses: actions/attest@e59cbc1ad1ac2d59339667419eb8cdde6eb61e3d # v3.2.0
with:
subject-name: ${{ steps.latest_tag.outputs.tag }}
predicate-type: "https://slsa.dev/provenance/v1"