Skip to content

chore(deps): update docker/login-action action to v4.4.0#82

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/docker-login-action-4.x
Open

chore(deps): update docker/login-action action to v4.4.0#82
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/docker-login-action-4.x

Conversation

@renovate

@renovate renovate Bot commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
docker/login-action action minor v4.1.0v4.4.0

Release Notes

docker/login-action (docker/login-action)

v4.4.0

Compare Source

v4.3.0

Compare Source

Full Changelog: docker/login-action@v4.2.0...v4.3.0

v4.2.0

Compare Source

Full Changelog: docker/login-action@v4.1.0...v4.2.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
    • Only on Sunday and Saturday (* * * * 0,6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions

github-actions Bot commented Jul 4, 2026

Copy link
Copy Markdown

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

This PR updates docker/login-action from v4.1.0 to v4.4.0, spanning three minor version releases (v4.2.0, v4.3.0, and v4.4.0).

v4.2.0 Changes (May 22, 2026):

  • Dependency updates including security patches for tar (6.2.1 → 7.5.15), http-proxy-agent and https-proxy-agent (→ 9.0.0)
  • Updated @docker/actions-toolkit (0.86.0 → 0.90.0) and AWS SDK packages (→ 3.1050.0)
  • Build tool updates (vite, postcss, fast-xml-parser, brace-expansion)

v4.3.0 Changes (July 2, 2026):

  • Build improvement: preserve names in esbuild bundle
  • Further AWS SDK updates (→ 3.1076.0)
  • Updated @docker/actions-toolkit (0.90.0 → 0.92.0)
  • Security library updates: @sigstore/core (3.2.1), @sigstore/verify (3.1.1), sigstore (4.1.1)
  • Updated proxy agents (→ 9.1.0), js-yaml (→ 5.2.0), undici (→ 6.27.0), vite (→ 7.3.6)

v4.4.0 Changes (July 3, 2026):

  • Enhancement: skip empty registry-auth secret mask functionality
  • AWS SDK packages updated to 3.1077.0

Breaking Changes: None documented across all three releases.

Security Fixes: Multiple security-focused dependency updates, particularly around compression utilities (tar), networking agents (http-proxy-agent, https-proxy-agent, undici), and sigstore packages. No critical vulnerabilities or CVEs explicitly mentioned.

Security Advisory Check: No published security advisories exist for docker/login-action.

🎯 Impact Scope Investigation

Usage Location:

  • Single usage found in .github/workflows/release-please.yml:58
  • Used for authenticating to GitHub Container Registry (ghcr.io) during Docker image publication
  • Configuration uses only basic inputs: registry, username, and password

Current Usage Pattern:

- uses: docker/login-action@af1e73f918a031802d376d3c8bbc3fe56130a9b0 # v4.4.0
  with:
    registry: ghcr.io
    username: ${{ github.actor }}
    password: ${{ github.token }}

API Compatibility:

  • The action uses only the core inputs (registry, username, password) which have been stable across all v4.x versions
  • No usage of advanced features or newly introduced inputs
  • The action's interface remains backward compatible

No Impact On:

  • CI workflow (.github/workflows/ci.yml) - does not use docker/login-action
  • Other dependencies - this is a self-contained GitHub Action
  • Application runtime - affects only GitHub Actions workflow execution

Commit Hash Verification:

  • New SHA: af1e73f918a031802d376d3c8bbc3fe56130a9b0 corresponds to verified v4.4.0 release tag
  • Old SHA: 4907a6ddec9925e35a0a9e82d7399ccc52663121 corresponds to v4.1.0

💡 Recommended Actions

No code changes required. This update can be merged immediately:

  1. Approve and merge - All releases are backward compatible with no breaking changes
  2. Monitor workflow execution - After merge, verify the release-please workflow continues to function correctly when triggered
  3. Security posture improved - The update includes multiple security-focused dependency patches

Optional Post-Merge Verification:

  • Trigger a release to verify the Docker login and push process works correctly with v4.4.0
  • Review GitHub Actions workflow logs to confirm no deprecation warnings

🔗 Reference Links

Generated by koki-develop/claude-renovate-review

@renovate renovate Bot force-pushed the renovate/docker-login-action-4.x branch from b2a14f8 to c19abfc Compare July 9, 2026 11:17
@renovate renovate Bot changed the title chore(deps): update docker/login-action action to v4.2.0 chore(deps): update docker/login-action action to v4.3.0 Jul 9, 2026
@renovate renovate Bot force-pushed the renovate/docker-login-action-4.x branch from c19abfc to 83bbe59 Compare July 10, 2026 17:59
@renovate renovate Bot changed the title chore(deps): update docker/login-action action to v4.3.0 chore(deps): update docker/login-action action to v4.4.0 Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants