Skip to content

Bump docker/metadata-action from 5.9.0 to 5.10.0 #46

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
docktermj merged 1 commit into from
Dec 1, 2025
Merged

Bump docker/metadata-action from 5.9.0 to 5.10.0 #46

docktermj merged 1 commit into from
Dec 1, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 27, 2025
edited by github-actions bot
Loading

Bumps docker/metadata-action from 5.9.0 to 5.10.0.

Release notes

Sourced from docker/metadata-action's releases.

v5.10.0

Full Changelog: docker/metadata-action@v5.9.0...v5.10.0

Commits
  • c299e40 Merge pull request #569 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • f015d79 chore: update generated content
  • 121bcc2 chore(deps): Bump @​docker/actions-toolkit from 0.67.0 to 0.68.0
  • f7b6bf4 Merge pull request #564 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
  • 0b95c6b Merge pull request #565 from docker/dependabot/github_actions/actions/checkout-6
  • 17f70d7 Merge pull request #568 from motoki317/docs/fix-to-24h-schedule-pattern
  • afd7e6d docs(README): Fix date format from 12h to 24h in schedule pattern
  • 602aff8 chore(deps): Bump actions/checkout from 5 to 6
  • aecb1a4 chore(deps): Bump js-yaml from 3.14.1 to 3.14.2
  • 8d8c7c1 Merge pull request #559 from docker/dependabot/npm_and_yarn/docker/actions-to...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Resolves #569
Resolves #564
Resolves #565
Resolves #568
Resolves #559
Resolves docker/metadata-action#559
Resolves docker/metadata-action#569
Resolves docker/metadata-action#564

@dependabot
Bump docker/metadata-action from 5.9.0 to 5.10.0
c2ebfe6 
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 5.9.0 to 5.10.0.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Commits](docker/metadata-action@v5.9.0...v5.10.0)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-version: 5.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Nov 27, 2025
@dependabot dependabot bot requested a review from a team as a code owner November 27, 2025 15:07
@dependabot dependabot bot added the github_actions Pull requests that update GitHub Actions code label Nov 27, 2025
@github-actions
Copy link

github-actions bot commented Nov 27, 2025

🤖 Claude Code Review

Code Review Analysis

Summary

This PR updates the docker/metadata-action from v5.9.0 to v5.10.0 in two locations within the GitHub Actions workflow file.

Detailed Review

Code Quality

Code follows style guide

  • The changes are minimal and maintain consistency with existing code formatting
  • YAML syntax and indentation remain proper

No commented-out code

  • No commented code present in the diff

Meaningful variable names

  • No variable naming changes; existing names remain appropriate

DRY principle followed

  • Note: The docker/metadata-action version is specified in two places (action.yaml:104 and action.yaml:113). This is acceptable for GitHub Actions workflow files, though ideally version numbers could be centralized. However, this is a limitation of GitHub Actions YAML structure, not a DRY violation.

Identify Defects

  • No bugs, logic errors, or security vulnerabilities introduced
  • The version bump appears to be a routine dependency update
  • Both instances are correctly updated to the same version (v5.10.0), maintaining consistency

Project memory configuration

  • No ./.claude/CLAUDE.md file detected in the repository to consider

Testing

⚠️ Testing considerations

  • action.yaml:104 - Version update should be validated through CI/CD pipeline
  • action.yaml:113 - Version update should be validated through CI/CD pipeline
  • Recommendation: Ensure the GitHub Actions workflow runs successfully with the new version before merging
  • No unit tests are applicable for GitHub Actions version bumps
  • Integration testing will occur naturally when the action runs

Documentation

⚠️ Documentation

  • CHANGELOG.md: Should be updated to reflect the dependency version bump
  • README.md: No update needed unless v5.10.0 introduces breaking changes or new features that affect usage
  • Inline comments: Not applicable for this change

Security

No hardcoded credentials

  • No credentials present in the changes

Input validation

  • Not applicable to this version bump

Proper error handling

  • Error handling remains unchanged

No sensitive data in logs

  • No logging changes

No license files or AQAAAD strings

  • No license files or suspicious encoded strings detected in the diff

Recommendations

  1. Documentation: Update CHANGELOG.md to document this dependency update
  2. Validation: Verify that docker/metadata-action@v5.10.0 has no breaking changes by reviewing its release notes
  3. Testing: Ensure CI/CD pipeline runs successfully with the updated action version before merging

Overall Assessment

APPROVED with minor recommendations

This is a straightforward dependency version bump that maintains consistency across both usages. The change is low-risk, follows best practices for keeping dependencies up-to-date, and introduces no defects or security concerns. The only improvement would be adding a CHANGELOG entry to track this update.

Automated code review analyzing defects and coding standards

@docktermj docktermj merged commit 68f6560 into main Dec 1, 2025
18 checks passed
@docktermj docktermj deleted the dependabot/github_actions/docker/metadata-action-5.10.0 branch December 1, 2025 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@docktermj docktermj docktermj approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@docktermj