chore: bump docker/setup-buildx-action from 3 to 4#78
chore: bump docker/setup-buildx-action from 3 to 4#78dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
|
|
||
| - name: Set up Docker Buildx with custom config | ||
| uses: docker/setup-buildx-action@v3 | ||
| uses: docker/setup-buildx-action@v4 |
There was a problem hiding this comment.
Removed install input silently ignored in v4
Medium Severity
The install input was deprecated in v3.12.0 and removed in v4.0.0 of docker/setup-buildx-action. The workflow still passes install: true in the custom-buildx-config and kitchen-sink jobs, but v4 no longer recognizes this input. GitHub Actions silently ignores unknown inputs, so buildx will no longer be set up as an alias for docker build — a silent behavioral regression with no error to flag the problem.
Additional Locations (1)
|
|
||
| - name: Set up Docker Buildx with custom config | ||
| uses: docker/setup-buildx-action@v3 | ||
| uses: docker/setup-buildx-action@v4 |
There was a problem hiding this comment.
Removed config-inline input silently ignored in v4
Medium Severity
The config-inline input was renamed to buildkitd-config-inline in v3 (PR #303) and the old name was removed in v4.0.0. The workflow still uses the old config-inline name in the custom-buildx-config and kitchen-sink jobs, so the inline BuildKit daemon configuration (registry mirrors, worker parallelism settings) will be silently ignored — a behavioral regression with no visible error.
Additional Locations (1)
Bumps docker/setup-buildx-action from 3 to 4.
Release notes
Sourced from docker/setup-buildx-action's releases.
... (truncated)
Commits
4d04d5dMerge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...cd74e05chore: update generated contenteee38ecbuild(deps): bump@docker/actions-toolkitfrom 0.77.0 to 0.79.07a83f65Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...a5aa967Merge pull request #464 from crazy-max/rm-deprecatede73d53fbuild(deps): bump docker/setup-qemu-action from 3 to 428a438eMerge pull request #483 from crazy-max/node24034e9d3chore: update generated contentb4664d8remove deprecated inputs/outputsa8257denode 24 as default runtimeDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)