v4.6.0

4.6.0 (2026-03-20)

• feat: disable vulnerability scanning in workflow (f774ace)
  Comment out vulnerability scan steps in workflow.
  due to https://www.stepsecurity.io/blog/trivy-compromised-a-second-time---malicious-v0-69-4-release
• chore(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 (d890fa8)
  Bumps aquasecurity/trivy-action from 0.33.1 to 0.34.0.

• Release notes
• Commits

• chore(deps): bump aquasecurity/trivy-action from 0.33.1 to 0.34.0 (#141) (416bcf0), closes #141
  Bumps
  aquasecurity/trivy-action
  from 0.33.1 to 0.34.0.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.0

What's Changed

• ci: use setup-bats in bump-trivy workflow by @​nikpivkin in aquasecurity/trivy-action#494
• chore: update README by @​nikpivkin in aquasecurity/trivy-action#493
• ci: install trivy in bump-trivy workflow and update tests by @​nikpivkin in aquasecurity/trivy-action#495
• chore(deps): Update trivy to v0.68.1 by @​aqua-bot in aquasecurity/trivy-action#496
• ci: use checks bundle v2 in sync workflow by @​nikpivkin in aquasecurity/trivy-action#505
• chore(deps): Update trivy to v0.69.1 by @​aqua-bot in aquasecurity/trivy-action#506

Full Changelog: aquasecurity/trivy-action@0.33.1...0.34.0

Commits

• c1824fd chore(deps): Update trivy to v0.69.1 (#506)
• bc61dc5 Merge commit from fork
• 5eb7ef2 ci: use checks bundle v2 in sync workflow (#505)
• 22438a4 Merge pull request #496 from aquasecurity/bump-trivy-1765431074
• 0024b3f chore(deps): Update trivy to v0.68.1
• 83690f7 ci: install trivy in bump-trivy workflow and update tests (#495)
• df65449 chore: update README (#493)
• 0317097 ci: use setup-bats in bump-trivy workflow (#494)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

• chore(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 (90172fa)
  Bumps aquasecurity/trivy-action from 0.34.0 to 0.34.1.

• Release notes
• Commits

• chore(deps): bump aquasecurity/trivy-action from 0.34.0 to 0.34.1 (#143) (05e0a44), closes #143
  Bumps
  aquasecurity/trivy-action
  from 0.34.0 to 0.34.1.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.1

What's Changed

• ci(test): add zizmor security linter for GitHub Actions by @​DmitriyLewen in aquasecurity/trivy-action#502

Full Changelog: aquasecurity/trivy-action@0.34.0...0.34.1

Commits

• e368e32 ci(test): add zizmor security linter for GitHub Actions (#502)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

• chore(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.34.2 (353a74d)
  Bumps aquasecurity/trivy-action from 0.34.1 to 0.34.2.

• Release notes
• Commits

• chore(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.34.2 (#144) (8526146), closes #144
  Bumps
  aquasecurity/trivy-action
  from 0.34.1 to 0.34.2.

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.34.2

What's Changed

• feat: add YAML support for trivyignores by @​nikpivkin in aquasecurity/trivy-action#508
• chore: bump default Trivy version to v0.69.2 by @​nick-the-nuke in aquasecurity/trivy-action#513
• chore: bump Trivy version to v0.69.2 in test workflow and README by @​DmitriyLewen in aquasecurity/trivy-action#515

New Contributors

• @​nick-the-nuke made their first contribution in aquasecurity/trivy-action#513

Full Changelog: aquasecurity/trivy-action@0.34.1...0.34.2

Commits

• 97e0b38 chore: bump Trivy version to v0.69.2 in test workflow and README (#515)
• 4c61e63 chore: bump default Trivy version to v0.69.2 (#513)
• 1bd0625 Merge pull request #508 from nikpivkin/feat/pass-yaml-ignore-file
• bce3086 remove unused init-cache target
• 5a9fbb1 supress progress bar when download db
• 1615450 update trivyignores input description
• df85774 add comment about fd3
• 56c8dae remove unused variable
• 6476b93 feat: support for YAML ignore file
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

• chore(deps): bump aquasecurity/trivy-action from 0.34.2 to 0.35.0 (6d783b0)
  Bumps aquasecurity/trivy-action from 0.34.2 to 0.35.0.

• Release notes
• Commits

• chore(deps): bump docker/build-push-action from 6.18.0 to 6.19.1 (93624b8)
  Bumps docker/build-push-action from 6.18.0 to 6.19.1.

• Release notes
• Commits

• chore(deps): bump docker/build-push-action from 6.18.0 to 6.19.1 (#140) (d58762e), closes #140
  Bumps
  docker/build-push-action
  from 6.18.0 to 6.19.1.

Release notes

Sourced from docker/build-push-action's releases.

v6.19.1

• Derive GIT_AUTH_TOKEN host from GitHub server URL by @​crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

• Scope default git auth token to github.com by @​crazy-max in docker/build-push-action#1451
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396
• Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429
• Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446
• Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398
• Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits

• 601a80b Merge pull request #1456 from crazy-max/auth-token-dyn-host
• 8f7fd7c chore: update generated content
• 710e335 derive GIT_AUTH_TOKEN host from GitHub server URL
• ee4ca42 Merge pull request #1398 from docker/dependabot/npm_and_yarn/tmp-0.2.4
• f1b3bb5 chore: update generated content
• db35f80 chore(deps): Bump tmp from 0.2.3 to 0.2.4
• a129300 Merge pull request #1397 from docker/dependabot/npm_and_yarn/undici-5.29.0
• ba15693 chore: update generated content
• 367ff5e chore(deps): Bump undici from 5.28.4 to 5.29.0
• 0149a90 Merge pull request #1396 from docker/dependabot/npm_and_yarn/brace-expansion-...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

• chore(deps): bump docker/build-push-action from 6.19.1 to 6.19.2 (691d975)
  Bumps docker/build-push-action from 6.19.1 to 6.19.2.

• Release notes
• Commits

• chore(deps): bump docker/build-push-action from 6.19.1 to 6.19.2 (#142) (692bc50), closes #142
  Bumps
  docker/build-push-action
  from 6.19.1 to 6.19.2.

Release notes

Sourced from docker/build-push-action's releases.

v6.19.2

• Preserve port in GIT_AUTH_TOKEN host by @​crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

Commits

• 10e90e3 Merge pull request #1458 from crazy-max/git-auth-port
• 5262538 chore: update generated content
• cd130e4 preserve port in GIT_AUTH_TOKEN host
• 806c751 Merge pull request #1452 from crazy-max/update-yarn
• c4ca848 update yarn to 4.9.2
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

• chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (5a2890d)
  Bumps docker/build-push-action from 6.19.2 to 7.0.0.

• Release notes
• Commits

• chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 (1ab3b1c)
  Bumps docker/login-action from 3.6.0 to 3.7.0.

• Release notes
• Commits

• chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#139) (94dc4f6), closes #139
  Bumps docker/login-action from
  3.6.0 to 3.7.0.

Release notes

Sourced from docker/login-action's releases.

v3.7.0

• Add scope input to set scopes for the authentication token by @​crazy-max in docker/login-action#912
• Add support for AWS European Sovereign Cloud ECR by @​dphi in docker/login-action#914
• Ensure passwords are redacted with registry-auth input by @​crazy-max in docker/login-action#911
• build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

Commits

• c94ce9f Merge pull request #915 from docker/dependabot/npm_and_yarn/lodash-4.17.23
• 8339c95 Merge pull request #912 from docker/scope
• c83e932 build(deps): bump lodash from 4.17.21 to 4.17.23
• b268aa5 chore: update generated content
• a603229 documentation for scope input
• 7567f92 Add scope input to set scopes for the authentication token
• 0567fa5 Merge pull request #914 from dphi/add-support-for-amazonaws.eu
• f6ef577 feat: add support for AWS European Sovereign Cloud ECR registries
• 916386b Merge pull request #911 from crazy-max/ensure-redact
• 5b3f94a chore: update generated content
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

• chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (3a33a18)
  Bumps docker/login-action from 3.7.0 to 4.0.0.

• Release notes
• Commits

• chore(deps): bump docker/metadata-action from 5 to 6 (87337fc)
  Bumps docker/metadata-action from 5 to 6.

• Release notes
• Commits

• chore(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (67a2ba7)
  Bumps docker/setup-buildx-action from 3.11.1 to 3.12.0.

• Release notes
• Commits

• chore(deps): bump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#138) (0a6faa6), closes #138
  Bumps
  docker/setup-buildx-action
  from 3.11.1 to 3.12.0.

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.12.0

• Deprecate install input by @​crazy-max in docker/setup-buildx-action#455
• Bump @​docker/actions-toolkit from 0.62.1 to 0.63.0 in docker/setup-buildx-action#434
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-buildx-action#436
• Bump form-data from 2.5.1 to 2.5.5 in docker/setup-buildx-action#432
• Bump undici from 5.28.4 to 5.29.0 in docker/setup-buildx-action#435

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

Commits

• 8d2750c Merge pull request #455 from crazy-max/install-deprecated
• e81846b deprecate install input
• 65d18f8 Merge pull request #454 from docker/dependabot/github_actions/actions/checkout-6
• 000d75d build(deps): bump actions/checkout from 5 to 6
• 1583c0f Merge pull request #443 from nicolasleger/patch-1
• ed158e7 doc: bump actions/checkout from 4 to 5
• 4cc794f Merge pull request #441 from docker/dependabot/github_actions/actions/checkout-5
• 4dfc3d6 build(deps): bump actions/checkout from 4 to 5
• af1b253 Merge pull request #440 from crazy-max/k3s-build
• 3c6ab92 ci: k3s test with latest buildx
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.

• chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (bbf1d83)
  Bumps docker/setup-buildx-action from 3.12.0 to 4.0.0.

• Release notes
• Commits

• chore(deps): bump webfactory/ssh-agent from 0.9.1 to 0.10.0 (7454cc2)
  Bumps webfactory/ssh-agent from 0.9.1 to 0.10.0.

• Release notes
• Changelog
• Commits