chore(deps): update github actions

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	v6.0.1 → v6.0.2
actions/download-artifact	action	major	v7.0.0 → v8.0.1
actions/upload-artifact	action	major	v6.0.0 → v7.0.0
anthropics/claude-code-action	action	patch	v1.0.29 → v1.0.73
astral-sh/setup-uv	action	minor	v7.2.0 → v7.6.0
crazy-max/ghaction-github-labeler	action	major	v5.3.0 → v6.0.0
docker/build-push-action	action	major	v6.18.0 → v7.0.0
docker/login-action	action	major	v3.6.0 → v4.0.0
docker/metadata-action	action	major	v5.10.0 → v6.0.0
docker/setup-buildx-action	action	major	v3.12.0 → v4.0.0
docker/setup-qemu-action	action	major	v3.7.0 → v4.0.0
orhun/git-cliff-action	action	patch	v4.7.0 → v4.7.1
pyvista/setup-headless-display-action	action	minor	v4.2 → v4.3
slackapi/slack-github-action	action	major	v2.1.1 → v3.0.1

---

Release Notes

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in #​471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in #​472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

Compare Source

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in #​460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in #​461

Full Changelog: actions/download-artifact@v7...v8.0.0

actions/upload-artifact (actions/upload-artifact)

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

anthropics/claude-code-action (anthropics/claude-code-action)

v1.0.73

Compare Source

v1.0.72

Compare Source

What's Changed

• Harden tag mode tool permissions against prompt injection by @​km-anthropic in #​1002

Full Changelog: anthropics/claude-code-action@v1...v1.0.72

v1.0.71

Compare Source

What's Changed

• docs: warn that allowed_bots can expose the action to external triggers by @​an-dustin in #​1039
• feat(inline-comment): add confirmed param + probe-pattern safety net by @​km-anthropic in #​1048

New Contributors

• @​an-dustin made their first contribution in #​1039

Full Changelog: anthropics/claude-code-action@v1...v1.0.71

v1.0.70

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.70

v1.0.69

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.69

v1.0.68

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.68

v1.0.67

Compare Source

What's Changed

• Improve gh.sh wrapper: stricter validation and better error messages by @​OctavianGuzu in #​996

Full Changelog: anthropics/claude-code-action@v1...v1.0.67

v1.0.66

Compare Source

What's Changed

• Only expose permission_denials count in sanitized output by @​ddworken in #​993

Full Changelog: anthropics/claude-code-action@v1...v1.0.66

v1.0.65

Compare Source

What's Changed

• Change the default display_report option to false to restrict exposed data by @​ddworken in #​992

Full Changelog: anthropics/claude-code-action@v1...v1.0.65

v1.0.64

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.64

v1.0.63

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.63

v1.0.62

Compare Source

What's Changed

• Add gh.sh wrapper for gh CLI commands in issue triage workflows by @​OctavianGuzu in #​975

Full Changelog: anthropics/claude-code-action@v1...v1.0.62

v1.0.61

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.61

v1.0.60

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.60

v1.0.59

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.59

v1.0.58

Compare Source

What's Changed

• Add non-write users check workflow by @​OctavianGuzu in #​973

Full Changelog: anthropics/claude-code-action@v1...v1.0.58

v1.0.57

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.57

v1.0.56

Compare Source

What's Changed

• Use wrapper script for label operations in issue triage by @​OctavianGuzu in #​968

Full Changelog: anthropics/claude-code-action@v1...v1.0.56

v1.0.55

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.55

v1.0.54

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.54

v1.0.53

Compare Source

What's Changed

• fix: grant write permissions and use @​main in claude workflow by @​ashwin-ant in #​950
• feat: add display_report option to disable step summary by @​ashwin-ant in #​952

Full Changelog: anthropics/claude-code-action@v1...v1.0.53

v1.0.52

Compare Source

What's Changed

• Fix stale claudeCodeVersion and update bump script to keep run.ts in sync by @​ashwin-ant in #​943
• fix: revert to colon-based wildcard syntax for git permissions by @​ashwin-ant in #​949

Full Changelog: anthropics/claude-code-action@v1...v1.0.52

v1.0.51

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.51

v1.0.50

Compare Source

What's Changed

• revert: undo PR checkout fork support and unique branch naming by @​ashwin-ant in #​937

Full Changelog: anthropics/claude-code-action@v1...v1.0.50

v1.0.49

Compare Source

What's Changed

• fix: replace deprecated :* with modern * wildcard in git permissions by @​Dave-London in #​929
• fix: skip CI MCP server installation when actions:read permission is missing by @​OctavianGuzu in #​933
• Fix/PR checkout branch name conflicts by @​kirisame-wang in #​931

New Contributors

• @​OctavianGuzu made their first contribution in #​933
• @​kirisame-wang made their first contribution in #​931

Full Changelog: anthropics/claude-code-action@v1...v1.0.49

v1.0.48

Compare Source

What's Changed

• Fix PR checkout to support fork PRs by @​Tsuesun in #​851

New Contributors

• @​Tsuesun made their first contribution in #​851

Full Changelog: anthropics/claude-code-action@v1...v1.0.48

v1.0.47

Compare Source

What's Changed

• Update claude-opus-4-5 to claude-opus-4-6 in workflow by @​ashwin-ant in #​909
• fix: skip dev dependencies in CI install step by @​Dave-London in #​919

New Contributors

• @​Dave-London made their first contribution in #​919

Full Changelog: anthropics/claude-code-action@v1...v1.0.47

v1.0.46

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.46

v1.0.45

Compare Source

What's Changed

• fix: use original body from webhook payload for TOCTOU hardening by @​ddworken in #​904
• refactor: simplify mode system by removing Mode interface and registry by @​ashwin-ant in #​899

Full Changelog: anthropics/claude-code-action@v1...v1.0.45

v1.0.44

Compare Source

What's Changed

• refactor: unify action into single composite step with run.ts entrypoint by @​ashwin-ant in #​898

Full Changelog: anthropics/claude-code-action@v1...v1.0.44

v1.0.43

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.43

v1.0.42

Compare Source

What's Changed

• fix: pass OpenTelemetry environment variables to Claude Code subprocess by @​csy1204 in #​886
• fix: pass GitHub token to setup-bun to avoid rate limits by @​peloyeje in #​861

New Contributors

• @​csy1204 made their first contribution in #​886
• @​peloyeje made their first contribution in #​861

Full Changelog: anthropics/claude-code-action@v1...v1.0.42

v1.0.41

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.41

v1.0.40

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.40

v1.0.39

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.39

v1.0.38

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.38

v1.0.37

Compare Source

What's Changed

• feat: add actor-based comment filtering to GitHub data fetching by @​ranyhb in #​812
• Revert "Revert "feat: send additional_permissions in token exchange request"" by @​ashwin-ant in #​866
• Revert "chore: bump Claude Code to 2.1.21 and Agent SDK to 0.2.21" by @​ashwin-ant in #​869

New Contributors

• @​ranyhb made their first contribution in #​812

Full Changelog: anthropics/claude-code-action@v1...v1.0.37

v1.0.36

Compare Source

What's Changed

• Revert "feat: send additional_permissions in token exchange request" by @​ashwin-ant in #​864

Full Changelog: anthropics/claude-code-action@v1...v1.0.36

v1.0.35

Compare Source

What's Changed

• feat: send additional_permissions in token exchange request by @​ashwin-ant in #​859
• chore: upgrade checkout-action to v6 by @​arthur-mountain in #​862

New Contributors

• @​arthur-mountain made their first contribution in #​862

Full Changelog: anthropics/claude-code-action@v1...v1.0.35

v1.0.34

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.34

v1.0.33

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.33

v1.0.32

Compare Source

Full Changelog: anthropics/claude-code-action@v1...v1.0.32

v1.0.31

Compare Source

What's Changed

• fix: ensure SSH signing key has trailing newline by @​ashwin-ant in #​834
• Consolidate CI workflows into a single entry point by @​ashwin-ant in #​836
• chore: bump Bun to 1.3.6 and setup-bun action to v2.1.2 by @​ashwin-ant in #​848
• refactor: remove CLI path, use Agent SDK exclusively by @​ashwin-ant in #​849

Full Changelog: anthropics/claude-code-action@v1...v1.0.31

v1.0.30

Compare Source

What's Changed

• fix: parse ALL --allowed-tools flags, not just the first one by @​AlexanderBartash in #​801
• docs: clarify that Claude does not auto-create PRs by default by @​ashwin-ant in #​824
• fix: add checkHumanActor to agent mode by @​ashwin-ant in #​826
• chore: comment out release-base-action job in release workflow by @​ashwin-ant in #​833

New Contributors

• @​AlexanderBartash made their first contribution in #​801

Full Changelog: anthropics/claude-code-action@v1...v1.0.30

astral-sh/setup-uv (astral-sh/setup-uv)

v7.6.0: 🌈 Fetch uv from Astral's mirror by default

Compare Source

Changes

We now default to download uv from releases.astral.sh.
This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

• Fetch uv from Astral's mirror by default @​zsol (#​809)

🧰 Maintenance

• Switch to ESM for source and test, use CommonJS for dist @​eifinger (#​806)
• chore: update known checksums for 0.10.10 @​github-actions[bot] (#​804)

⬆️ Dependency updates

• chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 @​dependabot[bot] (#​808)
• Bump deps @​eifinger (#​805)

v7.5.0: 🌈 Use `astral-sh/versions` as version provider

Compare Source

No more rate-limits

This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.

Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.

The manifest-file input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest.
However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.

This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:

https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson

By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.

---

[!TIP]
The next section is only interesting for users of the manifest-file input

The manifest-file input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.

The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:

{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}

[!WARNING]
The old format still works but is deprecated. A warning will be logged when you use it.

Changes

• docs: replace copilot instructions with AGENTS.md @​eifinger (#​794)

🚀 Enhancements

• Use astral-sh/versions as primary version provider @​eifinger (#​802)

📚 Documentation

• docs: add cross-client dependabot rollup skill @​eifinger (#​793)

v7.4.0: 🌈 Add riscv64 architecture support to platform detection

Compare Source

Changes

Thank you @​luhenry for adding support for riscv64 arch

🚀 Enhancements

• Add riscv64 architecture support to platform detection @​luhenry (#​791)

🧰 Maintenance

• Delete .github/workflows/dependabot-build.yml @​eifinger (#​789)
• Harden Dependabot build workflow @​eifinger (#​788)
• Fix: check PR author instead of event sender for Dependabot detection @​eifinger-bot (#​787)
• chore: update known checksums for 0.10.9 @​github-actions[bot] (#​783)
• Add workflow to auto-build dist on Dependabot PRs @​eifinger-bot (#​782)
• chore: update known checksums for 0.10.8 @​github-actions[bot] (#​779)
• chore: update known checksums for 0.10.7 @​github-actions[bot] (#​775)

⬆️ Dependency updates

• chore(deps): bump versions @​eifinger (#​792)
• Bump actions/setup-node from 6.2.0 to 6.3.0 @​dependabot[bot] (#​790)
• Bump eifinger/actionlint-action from 1.10.0 to 1.10.1 @​dependabot[bot] (#​778)

v7.3.1: 🌈 fall back to VERSION_CODENAME when VERSION_ID is not available

Compare Source

Changes

This release adds support for running in containers like debian:testing or debian:unstable

🐛 Bug fixes

• fix: fall back to VERSION_CODENAME when VERSION_ID is not available @​eifinger-bot (#​774)

🧰 Maintenance

• chore: update known checksums for 0.10.6 @​github-actions[bot] (#​771)
• chore: update known checksums for 0.10.5 @​github-actions[bot] (#​770)
• chore: update known checksums for 0.10.4 @​github-actions[bot] (#​768)
• chore: update known checksums for 0.10.3 @​github-actions[bot] (#​767)
• chore: update known checksums for 0.10.2 @​github-actions[bot] (#​765)
• chore: update known checksums for 0.10.1 @​github-actions[bot] (#​764)

⬆️ Dependency updates

• Bump github/codeql-action from 4.31.9 to 4.32.2 @​dependabot[bot] (#​766)
• Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 @​dependabot[bot] (#​763)

v7.3.0: 🌈 New features and bug fixes for activate-environment

Compare Source

Changes

This release contains a few bug fixes and a new feature for the activate-environment functionality.

🐛 Bug fixes

• fix: warn instead of error when no python to cache @​eifinger (#​762)
• fix: use --clear to create venv @​eifinger (#​761)

🚀 Enhancements

• feat: add venv-path input for activate-environment @​eifinger (#​746)

🧰 Maintenance

• chore: update known checksums for 0.10.0 @​github-actions[bot] (#​759)
• refactor: tilde-expansion tests as unittests and no self-hosted tests @​eifinger (#​760)
• chore: update known checksums for 0.9.30 @​github-actions[bot] (#​756)
• chore: update known checksums for 0.9.29 @​github-actions[bot] (#​748)

📚 Documentation

• Fix punctuation @​pm-dev563 (#​747)

⬆️ Dependency updates

• Bump typesafegithub/github-actions-typing from 2.2.1 to 2.2.2 @​dependabot[bot] (#​753)
• Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 @​dependabot[bot] (#​751)
• Bump actions/checkout from 6.0.1 to 6.0.2 @​dependabot[bot] (#​740)
• Bump release-drafter/release-drafter from 6.1.0 to 6.2.0 @​dependabot[bot] (#​743)
• Bump eifinger/actionlint-action from 1.9.3 to 1.10.0 @​dependabot[bot] (#​731)
• Bump actions/setup-node from 6.1.0 to 6.2.0 @​dependabot[bot] (#​738)

v7.2.1: 🌈 update known checksums up to 0.9.28

Compare Source

Changes

🧰 Maintenance

• chore: update known checksums for 0.9.28 @​github-actions[bot] (#​744)
• chore: update known checksums for 0.9.27 @​github-actions[bot] (#​742)
• chore: update known checksums for 0.9.26 @​github-actions[bot] (#​734)
• chore: update known checksums for 0.9.25 @​github-actions[bot] (#​733)
• chore: update known checksums for 0.9.24 @​github-actions[bot] (#​730)

📚 Documentation

• Clarify impact of using actions/setup-python @​eifinger (#​732)

⬆️ Dependency updates

• Bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 @​dependabot[bot] (#​741)

crazy-max/ghaction-github-labeler (crazy-max/ghaction-github-labeler)

v6.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​249
• Switch to ESM and update config/test wiring by @​crazy-max in #​246
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​247
• Bump @​actions/github from 6.0.0 to 9.0.0 in #​248
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​236
• Bump js-yaml from 4.1.0 to 4.1.1 in #​240
• Bump lodash from 4.17.21 to 4.17.23 in #​242
• Bump matcher from 3.0.0 to 6.0.0 in #​239
• Bump minimatch from 3.1.2 to 3.1.5 in #​245

Full Changelog: crazy-max/ghaction-github-labeler@v5.3.0...v6.0.0

docker/build-push-action (docker/build-push-action)

v7.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​1470
• Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @​crazy-max in #​1473
• Remove legacy export-build tool support for build summary by @​crazy-max in #​1474
• Switch to ESM and update config/test wiring by @​crazy-max in #​1466
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​1454
• Bump @​docker/actions-toolkit from 0.62.1 to 0.79.0 in #​1453 #​1472 #​1479
• Bump minimatch from 3.1.2 to 3.1.5 in #​1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Compare Source

• Preserve port in GIT_AUTH_TOKEN host by @​crazy-max in #​1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Compare Source

• Derive GIT_AUTH_TOKEN host from GitHub server URL by @​crazy-max in #​1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Compare Source

• Scope default git auth token to github.com by @​crazy-max in #​1451
• Bump brace-expansion from 1.1.11 to 1.1.12 in #​1396
• Bump form-data from 2.5.1 to 2.5.5 in #​1391
• Bump js-yaml from 3.14.1 to 3.14.2 in #​1429
• Bump lodash from 4.17.21 to 4.17.23 in #​1446
• Bump tmp from 0.2.3 to 0.2.4 in #​1398
• Bump undici from 5.28.4 to 5.29.0 in #​1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

docker/login-action (docker/login-action)

v4.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​929
• Switch to ESM and update config/test wiring by @​crazy-max in #​927
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​919
• Bump @​aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in #​909 #​920
• Bump @​aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in #​909 #​920
• Bump @​docker/actions-toolkit from 0.63.0 to 0.77.0 in #​910 #​928
• Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in #​921
• Bump js-yaml from 4.1.0 to 4.1.1 in #​901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

v3.7.0

Compare Source

• Add scope input to set scopes for the authentication token by @​crazy-max in #​912
• Add support for AWS European Sovereign Cloud ECR by @​dphi in #​914
• Ensure passwords are redacted with registry-auth input by @​crazy-max in #​911
• build(deps): bump lodash from 4.17.21 to 4.17.23 in #​915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

docker/metadata-action (docker/metadata-action)

v6.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​605
• List inputs now preserve # inside values while still supporting full-line # comments by @​crazy-max in #​607
• Switch to ESM and update config/test wiring by @​crazy-max in #​602
• Bump lodash from 4.17.21 to 4.17.23 in #​588
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​599
• Bump @​actions/github from 6.0.1 to 9.0.0 in #​597
• Bump @​docker/actions-toolkit from 0.68.0 to 0.79.0 in #​604
• Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in #​600
• Bump semver from 7.7.3 to 7.7.4 in #​603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

docker/setup-buildx-action (docker/setup-buildx-action)

v4.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​483
• Remove deprecated inputs/outputs by @​crazy-max in #​464
• Switch to ESM and update config/test wiring by @​crazy-max in #​481
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​475
• Bump @​docker/actions-toolkit from 0.63.0 to 0.79.0 in #​482 #​485
• Bump js-yaml from 4.1.0 to 4.1.1 in #​452
• Bump lodash from 4.17.21 to 4.17.23 in #​472
• Bump minimatch from 3.1.2 to 3.1.5 in #​480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

docker/setup-qemu-acti

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud