Skip to content

build(deps): bump docker/login-action from 4.0.0 to 4.1.0#18676

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/docker/login-action-4.1.0
Closed

build(deps): bump docker/login-action from 4.0.0 to 4.1.0#18676
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/docker/login-action-4.1.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026

Bumps docker/login-action from 4.0.0 to 4.1.0.

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Full Changelog: docker/login-action@v4.0.0...v4.1.0

Commits
  • 4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
  • 1e233e6 chore: update generated content
  • 6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
  • ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
  • 1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
  • d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
  • a6f092b chore: update generated content
  • 60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
  • 62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 102c0e6 chore: update generated content
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump docker/login-action from 4.0.0 to 4.1.0
035f457 
Bumps [docker/login-action](https://github.com/docker/login-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@b45d80f...4907a6d)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 6, 2026
@github-actions github-actions Bot added Area: CI Size: XS The size of the change in this PR is very small and removed github_actions Pull requests that update GitHub Actions code dependencies Pull requests that update a dependency file labels Apr 6, 2026
@lupyuen
Copy link
Copy Markdown
Member

lupyuen commented Apr 6, 2026

Please don't merge this, login-action v4.1.0 is not yet approved by ASF Infra Team: https://github.com/apache/infrastructure-actions/blob/main/actions.yml

docker/login-action:
  c94ce9fb468520275223c153574b00df6fe4bcc9:
    tag: v3.7.0
    expires_at: 2026-06-14
  b45d80f862d83dbcd57f89517bcf500b2ab88fb2:
    tag: v4.0.0

Also, the build failed to start. Why is Dependabot allowing this change? https://github.com/apache/nuttx/actions/runs/24016760856

The action docker/login-action@4907a6d is not allowed in apache/nuttx because all actions must be from a repository owned by your enterprise, created by GitHub, or match one of the patterns:

@lupyuen lupyuen closed this Apr 6, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 6, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/docker/login-action-4.1.0 branch April 6, 2026 04:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lupyuen lupyuen Awaiting requested review from lupyuen lupyuen is a code owner

@raiden00pl raiden00pl Awaiting requested review from raiden00pl raiden00pl is a code owner

@simbit18 simbit18 Awaiting requested review from simbit18 simbit18 is a code owner

Assignees

No one assigned

Labels

Area: CI Size: XS The size of the change in this PR is very small

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lupyuen