Skip to content

Bump docker/metadata-action from 5.10.0 to 6.1.0 in /.github/actions/build-ci-image#233

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/actions/build-ci-image/docker/metadata-action-6.1.0
Open

Bump docker/metadata-action from 5.10.0 to 6.1.0 in /.github/actions/build-ci-image#233
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/actions/build-ci-image/docker/metadata-action-6.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 9, 2026

Copy link
Copy Markdown
Contributor

Bumps docker/metadata-action from 5.10.0 to 6.1.0.

Release notes

Sourced from docker/metadata-action's releases.

v6.1.0

Full Changelog: docker/metadata-action@v6.0.0...v6.1.0

v6.0.0

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

Commits
  • 80c7e94 Merge pull request #613 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 8e0ddab chore: update generated content
  • a8db14b chore(deps): Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • 63a7371 Merge pull request #617 from docker/dependabot/npm_and_yarn/csv-parse-6.2.0
  • c6916a6 chore: update generated content
  • aca9205 chore(deps): Bump csv-parse from 6.1.0 to 6.2.1
  • 9dcfe60 Merge pull request #629 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
  • 43dea76 chore: update generated content
  • 7a56f5a chore(deps): Bump handlebars from 4.7.8 to 4.7.9
  • e49e0aa Merge pull request #658 from docker/dependabot/npm_and_yarn/brace-expansion-5...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump docker/metadata-action in /.github/actions/build-ci-image
b47bd3f 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.10.0 to 6.1.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@c299e40...80c7e94)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 6.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 9, 2026
@sonarqubecloud

sonarqubecloud Bot commented Jun 9, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@augmentcode

augmentcode Bot commented Jun 9, 2026

Copy link
Copy Markdown
🤖 Augment PR Summary

Summary: Updates the pinned docker/metadata-action used by the build-ci-image composite action from v5.10.0 to v6.1.0.

Why: Keeps Docker image metadata generation up-to-date with upstream changes (including dependency/runtime updates) while retaining SHA pinning for reproducibility.

🤖 Was this summary useful? React with 👍 or 👎

augmentcode[bot]
augmentcode Bot reviewed Jun 9, 2026
View reviewed changes

@augmentcode augmentcode Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review completed. 1 suggestion posted.

Fix All in Augment

Comment augment review to trigger a new review at any time.

Comment thread .github/actions/build-ci-image/action.yml
- name: Docker meta
id: meta
uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
uses: docker/metadata-action@80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9 # v6.1.0

@augmentcode augmentcode Bot Jun 9, 2026
edited
Loading

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

docker/metadata-action v6 runs on Node 24 by default and requires Actions Runner >= v2.327.1; if this repo is used with self-hosted runners (or older GHES), this bump can break CI unless runners are updated accordingly.

Severity: medium

Fix This in Augment

🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@augmentcode augmentcode[bot] augmentcode[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants