[actions] Bump docker/metadata-action from 6.0.0 to 6.1.0 by dependabot[bot] · Pull Request #168 · BretFisher/docker-build-workflow

dependabot · 2026-05-29T02:16:29Z

Bumps docker/metadata-action from 6.0.0 to 6.1.0.

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Bump @docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/metadata-action#613

Bump brace-expansion from 1.1.12 to 5.0.6 in docker/metadata-action#658 docker/metadata-action#630

Bump csv-parse from 6.1.0 to 6.2.1 in docker/metadata-action#617

Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/metadata-action#620

Bump flatted from 3.3.3 to 3.4.2 in docker/metadata-action#623

Bump glob from 10.3.15 to 10.5.0 in docker/metadata-action#621

Bump handlebars from 4.7.8 to 4.7.9 in docker/metadata-action#629

Bump lodash from 4.17.23 to 4.18.1 in docker/metadata-action#639

Bump moment-timezone from 0.6.0 to 0.6.1 in docker/metadata-action#619

Bump picomatch from 4.0.3 to 4.0.4 in docker/metadata-action#626

Bump postcss from 8.5.6 to 8.5.10 in docker/metadata-action#649

Bump tar from 6.2.1 to 7.5.15 in docker/metadata-action#657

Bump undici from 6.23.0 to 6.25.0 in docker/metadata-action#614

Bump vite from 7.3.1 to 7.3.2 in docker/metadata-action#637

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

Commits

80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
8e0ddab chore: update generated content
a8db14b chore(deps): Bump @docker/actions-toolkit from 0.79.0 to 0.90.0
63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
c6916a6 chore: update generated content
aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
43dea76 chore: update generated content
7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@030e881...80c7e94) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-29T02:17:01Z

Docker image tag(s) pushed:

ghcr.io/bretfisher/docker-build-workflow:gha-26613974203
ghcr.io/bretfisher/docker-build-workflow:pr-168

Labels added to images:

org.opencontainers.image.created=2026-05-29T02:17:17.524Z
org.opencontainers.image.description=A Reusable Workflow of the Docker GitHub Actions
org.opencontainers.image.licenses=Unlicense
org.opencontainers.image.revision=734b1a8425a40ed05fcbe974ede7bb8262807df0
org.opencontainers.image.source=https://github.com/BretFisher/docker-build-workflow
org.opencontainers.image.title=docker-build-workflow
org.opencontainers.image.url=https://github.com/BretFisher/docker-build-workflow
org.opencontainers.image.version=gha-26613974203

github-actions · 2026-05-29T02:18:10Z

Super-linter summary

Language	Validation result
BIOME_FORMAT	Pass ✅
BIOME_LINT	Pass ✅
CHECKOV	Pass ✅
GITHUB_ACTIONS	Pass ✅
GITHUB_ACTIONS_ZIZMOR	Fail ❌
GITLEAKS	Pass ✅
GIT_MERGE_CONFLICT_MARKERS	Pass ✅
SPELL_CODESPELL	Pass ✅
YAML	Pass ✅
YAML_PRETTIER	Pass ✅

Super-linter detected linting errors

For more information, see the GitHub Actions workflow run

Powered by Super-linter

GITHUB_ACTIONS_ZIZMOR

�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build-native.yaml:154:25
    �[1m�[94m|�[0m
�[1m�[94m117�[0m �[1m�[94m|�[0m   build-image:
    �[1m�[94m|�[0m   �[1m�[94m-----------�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m154�[0m �[1m�[94m|�[0m           username: ${{ secrets.dockerhub-username }}
    �[1m�[94m|�[0m                         �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build-native.yaml:155:25
    �[1m�[94m|�[0m
�[1m�[94m117�[0m �[1m�[94m|�[0m   build-image:
    �[1m�[94m|�[0m   �[1m�[94m-----------�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m155�[0m �[1m�[94m|�[0m           password: ${{ secrets.dockerhub-token }}
    �[1m�[94m|�[0m                         �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build-native.yaml:253:25
    �[1m�[94m|�[0m
�[1m�[94m215�[0m �[1m�[94m|�[0m   merge-manifest:
    �[1m�[94m|�[0m   �[1m�[94m--------------�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m253�[0m �[1m�[94m|�[0m           username: ${{ secrets.dockerhub-username }}
    �[1m�[94m|�[0m                         �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build-native.yaml:254:25
    �[1m�[94m|�[0m
�[1m�[94m215�[0m �[1m�[94m|�[0m   merge-manifest:
    �[1m�[94m|�[0m   �[1m�[94m--------------�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m254�[0m �[1m�[94m|�[0m           password: ${{ secrets.dockerhub-token }}
    �[1m�[94m|�[0m                         �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[1m�[96mhelp[superfluous-actions]�[0m�[1m: action functionality is already included by the runner�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build-native.yaml:310:15
    �[1m�[94m|�[0m
�[1m�[94m309�[0m �[1m�[94m|�[0m       - name: Create or update comment for image tags
    �[1m�[94m|�[0m         �[1m�[94m---------------------------------------------�[0m �[1m�[94mthis step�[0m
�[1m�[94m310�[0m �[1m�[94m|�[0m         uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 #v5.0.0
    �[1m�[94m|�[0m               �[1m�[96m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[96muse `gh pr comment` or `gh issue comment` in a script step�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#superfluous-actions�[39m

�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build.yaml:149:25
    �[1m�[94m|�[0m
�[1m�[94m120�[0m �[1m�[94m|�[0m   build-image:
    �[1m�[94m|�[0m   �[1m�[94m-----------�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m149�[0m �[1m�[94m|�[0m           username: ${{ secrets.dockerhub-username }}
    �[1m�[94m|�[0m                         �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[1m�[33mwarning[secrets-outside-env]�[0m�[1m: secrets referenced without a dedicated environment�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build.yaml:150:25
    �[1m�[94m|�[0m
�[1m�[94m120�[0m �[1m�[94m|�[0m   build-image:
    �[1m�[94m|�[0m   �[1m�[94m-----------�[0m �[1m�[94mthis job�[0m
�[1m�[94m...�[0m
�[1m�[94m150�[0m �[1m�[94m|�[0m           password: ${{ secrets.dockerhub-token }}
    �[1m�[94m|�[0m                         �[1m�[33m^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[33msecret is accessed outside of a dedicated environment�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#secrets-outside-env�[39m

�[1m�[96mhelp[superfluous-actions]�[0m�[1m: action functionality is already included by the runner�[0m
   �[1m�[94m--> �[0m/github/workspace/.github/workflows/reusable-docker-build.yaml:210:15
    �[1m�[94m|�[0m
�[1m�[94m209�[0m �[1m�[94m|�[0m       - name: Create or update comment for image tags
    �[1m�[94m|�[0m         �[1m�[94m---------------------------------------------�[0m �[1m�[94mthis step�[0m
�[1m�[94m210�[0m �[1m�[94m|�[0m         uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 #v5.0.0
    �[1m�[94m|�[0m               �[1m�[96m^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^�[0m �[1m�[96muse `gh pr comment` or `gh issue comment` in a script step�[0m
    �[1m�[94m|�[0m
    �[1m�[94m= �[0m�[1mnote�[0m: audit confidence → High
    �[1m�[94m= �[0m�[1mhelp�[0m: audit documentation → �[32mhttps://docs.zizmor.sh/audits/#superfluous-actions�[39m

�[32m12�[39m findings (�[1m�[93m2�[39m ignored, �[93m2�[39m suppressed�[0m): �[35m0�[39m informational, �[36m2�[39m low, �[33m6�[39m medium, �[31m0�[39m high🌈 zizmor v1.23.1
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/reusable-docker-build-native.yaml
�[32m INFO�[0m �[1maudit�[0m�[2m:�[0m �[2mzizmor�[0m�[2m:�[0m 🌈 completed /github/workspace/.github/workflows/reusable-docker-build.yaml

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 29, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[actions] Bump docker/metadata-action from 6.0.0 to 6.1.0#168

[actions] Bump docker/metadata-action from 6.0.0 to 6.1.0#168
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/docker/metadata-action-6.1.0

dependabot Bot commented on behalf of github May 29, 2026

Uh oh!

github-actions Bot commented May 29, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 29, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Uh oh!

Conversation

dependabot Bot commented on behalf of github May 29, 2026

v6.1.0

Uh oh!

github-actions Bot commented May 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions Bot commented May 29, 2026

Super-linter summary

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

github-actions Bot commented May 29, 2026 •

edited

Loading