Skip to content

chore(deps): Bump docker/setup-buildx-action from 3 to 4#1

Merged
JerrettDavis merged 1 commit into
masterfrom
dependabot/github_actions/docker/setup-buildx-action-4
Jun 15, 2026
Merged

chore(deps): Bump docker/setup-buildx-action from 3 to 4#1
JerrettDavis merged 1 commit into
masterfrom
dependabot/github_actions/docker/setup-buildx-action-4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 13, 2026

Copy link
Copy Markdown
Contributor

Bumps docker/setup-buildx-action from 3 to 4.

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

v3.12.0

Full Changelog: docker/setup-buildx-action@v3.11.1...v3.12.0

v3.11.1

Full Changelog: docker/setup-buildx-action@v3.11.0...v3.11.1

v3.11.0

Full Changelog: docker/setup-buildx-action@v3.10.0...v3.11.0

v3.10.0

Full Changelog: docker/setup-buildx-action@v3.9.0...v3.10.0

v3.9.0

Full Changelog: docker/setup-buildx-action@v3.8.0...v3.9.0

v3.8.0

Full Changelog: docker/setup-buildx-action@v3.7.1...v3.8.0

... (truncated)

Commits
  • d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • 92bc5c9 chore: update generated content
  • da11e35 build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
  • f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
  • b5af94f chore: update generated content
  • 16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
  • d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
  • 28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
  • daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
  • 9725348 chore: update generated content
  • Additional commits viewable in compare view

@dependabot @github

dependabot Bot commented on behalf of github Jun 13, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@v3...v4)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/docker/setup-buildx-action-4 branch from 2fb00cd to 112ea07 Compare June 13, 2026 18:13
@JerrettDavis JerrettDavis merged commit 964cdab into master Jun 15, 2026
13 checks passed
@JerrettDavis JerrettDavis deleted the dependabot/github_actions/docker/setup-buildx-action-4 branch June 15, 2026 23:19
JerrettDavis added a commit that referenced this pull request Jun 23, 2026
)

CodeQL cs/cleartext-storage-of-sensitive-information flagged two log
statements that serialised account-scoped identifiers into structured log
events — a concern for a financial application under PII logging policy.

  • FlowLedgerApiClient.GetJsonAsync: dropped {Url} from the LogError
    template; URLs may carry ?accountId=<Guid> query parameters. The
    operation description alone is sufficient to identify the failed call.

  • FinancialSyncService.SeedRecurringFlowsAsync: dropped {ProviderId}
    from the LogWarning template; provider account IDs are account-scoped
    identifiers that should not appear in log output. The seed name
    provides enough diagnostic context.

Resolves CodeQL alerts #1 and #2 (HIGH / cs/cleartext-storage-of-sensitive-information).

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant