Bump the "all-dependencies" group with 2 updates across multiple ecosystems

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the all-dependencies group with 9 updates:

Package	From	To
dorny/paths-filter	3.0.0	4.0.1
github/codeql-action	4.35.4	4.36.0
supabase/setup-cli	2.0.0	2.1.1
aws-actions/configure-aws-credentials	713aaabfecea015b1ad8d37dc2b819ee41c00eb0	e8614cfbf058de4c6c685b317488ecdec92a4305
codecov/codecov-action	6.0.0	6.0.1
aquasecurity/trivy-action	0.35.0	0.36.0
docker/setup-buildx-action	4.0.0	4.1.0
docker/login-action	4.1.0	4.2.0
docker/build-push-action	7.1.0	7.2.0

Updates dorny/paths-filter from 3.0.0 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.1

What's Changed

• Support merge queue by @​masaru-iritani in dorny/paths-filter#255

New Contributors

• @​masaru-iritani made their first contribution in dorny/paths-filter#255

Full Changelog: dorny/paths-filter@v4.0.0...v4.0.1

v4.0.0

What's Changed

• feat: update action runtime to node24 by @​saschabratton in dorny/paths-filter#294

New Contributors

• @​saschabratton made their first contribution in dorny/paths-filter#294

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

• Add missing predicate-quantifier by @​wardpeet in dorny/paths-filter#279

New Contributors

• @​wardpeet made their first contribution in dorny/paths-filter#279

Full Changelog: dorny/paths-filter@v3...v3.0.3

v3.0.2

What's Changed

• feat: add config parameter for predicate quantifier by @​petermetz in dorny/paths-filter#224

New Contributors

• @​petermetz made their first contribution in dorny/paths-filter#224

Full Changelog: dorny/paths-filter@v3...v3.0.2

v3.0.1

What's Changed

• Compare base and ref when token is empty by @​frouioui in dorny/paths-filter#133

New Contributors

• @​frouioui made their first contribution in dorny/paths-filter#133

Full Changelog: dorny/paths-filter@v3...v3.0.1

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

• Update action runtime to node24

v3.0.3

• Add missing predicate-quantifier

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

• fbd0ab8 feat: add merge_group event support
• efb1da7 feat: add dist/ freshness check to PR workflow
• d8f7b06 Merge pull request #302 from dorny/issue-299
• addbc14 Update README for v4
• 9d7afb8 Update CHANGELOG for v4.0.0
• 782470c Merge branch 'releases/v3'
• d1c1ffe Update CHANGELOG for v3.0.3
• ce10459 Merge pull request #294 from saschabratton/master
• 5f40380 feat: update action runtime to node24
• 668c092 Merge pull request #279 from wardpeet/patch-1
• Additional commits viewable in compare view

Updates github/codeql-action from 4.35.4 to 4.36.0

Release notes

Sourced from github/codeql-action's releases.

v4.36.0

• Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
• Add support for SHA-256 Git object IDs. #3893
• Update default CodeQL bundle version to 2.25.5. #3926

v4.35.5

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

[UNRELEASED]

No user facing changes.

4.36.0 - 22 May 2026

• Breaking change: Bump the minimum required CodeQL bundle version to 2.19.4. #3894
• Add support for SHA-256 Git object IDs. #3893
• Update default CodeQL bundle version to 2.25.5. #3926

4.35.5 - 15 May 2026

• We have improved how the JavaScript bundles for the CodeQL Action are generated to avoid duplication across bundles and reduce the size of the repository by around 70%. This should have no effect on the runtime behaviour of the CodeQL Action. #3899
• For performance and accuracy reasons, improved incremental analysis will now only be enabled on a pull request when diff-informed analysis is also enabled for that run. If diff-informed analysis is unavailable (for example, because the PR diff ranges could not be computed), the action will fall back to a full analysis. #3791
• If multiple inputs are provided for the GitHub-internal analysis-kinds input, only code-scanning will be enabled. The analysis-kinds input is experimental, for GitHub-internal use only, and may change without notice at any time. #3892
• Added an experimental change which, when running a Code Scanning analysis for a PR with improved incremental analysis enabled, prefers CodeQL CLI versions that have a cached overlay-base database for the configured languages. This speeds up analysis for a repository when there is not yet a cached overlay-base database for the latest CLI version. We expect to roll this change out to everyone in May. #3880

4.35.4 - 07 May 2026

• Update default CodeQL bundle version to 2.25.4. #3881

4.35.3 - 01 May 2026

• Upcoming breaking change: Add a deprecation warning for customers using CodeQL version 2.19.3 and earlier. These versions of CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15, and will be unsupported by the next minor release of the CodeQL Action. #3837
• Configurations for private registries that use Cloudsmith or GCP OIDC are now accepted. #3850
• Best-effort connection tests for private registries now use GET requests instead of HEAD for better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853
• Fixed a bug where two diagnostics produced within the same millisecond could overwrite each other on disk, causing one of them to be lost. #3852
• Update default CodeQL bundle version to 2.25.3. #3865

4.35.2 - 15 Apr 2026

• The undocumented TRAP cache cleanup feature that could be enabled using the CODEQL_ACTION_CLEANUP_TRAP_CACHES environment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing the trap-caching: false input to the init Action. #3795
• The Git version 2.36.0 requirement for improved incremental analysis now only applies to repositories that contain submodules. #3789
• Python analysis on GHES no longer extracts the standard library, relying instead on models of the standard library. This should result in significantly faster extraction and analysis times, while the effect on alerts should be minimal. #3794
• Fixed a bug in the validation of OIDC configurations for private registries that was added in CodeQL Action 4.33.0 / 3.33.0. #3807
• Update default CodeQL bundle version to 2.25.2. #3823

4.35.1 - 27 Mar 2026

• Fix incorrect minimum required Git version for improved incremental analysis: it should have been 2.36.0, not 2.11.0. #3781

4.35.0 - 27 Mar 2026

• Reduced the minimum Git version required for improved incremental analysis from 2.38.0 to 2.11.0. #3767
• Update default CodeQL bundle version to 2.25.1. #3773

... (truncated)

Commits

• 7211b7c Merge pull request #3927 from github/update-v4.36.0-ebc2d9e2b
• 7740f2f Update changelog for v4.36.0
• ebc2d9e Merge pull request #3926 from github/update-bundle/codeql-bundle-v2.25.5
• d1f74b7 Add changelog note
• 2dc40ce Update default bundle to codeql-bundle-v2.25.5
• 8449852 Merge pull request #3910 from github/henrymercer/repo-size-diff-check
• 72ac23c Update excluded required check list
• c5297a2 Merge pull request #3919 from github/henrymercer/workflow-concurrency
• 8ffeae7 CI: Automatically cancel non-generated workflows
• f3f52bf Revert getErrorMessage import
• Additional commits viewable in compare view

Updates supabase/setup-cli from 2.0.0 to 2.1.1

Release notes

Sourced from supabase/setup-cli's releases.

v2.1.1

Fix Alpine/Linux musl containers that do not already include the C++ runtime libraries required by Bun and the Supabase CLI shim.

• Install missing libstdc++ and libgcc before running oven-sh/setup-bun in Alpine/musl containers.
• Keep non-Linux and non-musl runners as no-ops.
• Fail with a clear setup message when a musl container cannot install the required packages.

Validation: https://github.com/jgoux/setup-cli-testing/actions/runs/26172791463

v2.1.0

Fix setup-cli on Linux musl/Alpine containers.

• Authenticate the latest Supabase CLI release lookup with the optional github-token input.
• Use Bun musl builds on Linux musl containers.
• Download Supabase CLI .apk assets for Linux musl and CLI versions v2.99.0+.

v2.0.1

Fix latest Supabase CLI archive resolution for v2.99.0+.

Commits

• 3c2f5e2 fix: install Alpine runtime dependencies (#433)
• 365cb46 chore(deps-dev): bump the bun-minor-patch group across 1 directory with 4 upd...
• e0099b2 chore(deps): bump the actions-minor-patch group across 1 directory with 2 upd...
• 52a4467 fix: setup-cli on Linux musl containers (#431)
• 3095b00 fix: authenticate latest release lookup (#430)
• a4d563a fix: handle Supabase CLI v2.99 archives (#425)
• 0abc813 chore(deps): bump the bun-minor-patch group with 5 updates (#421)
• f55616e fix: cache licensed action (#422)
• 2df3f5f chore(deps): bump the actions-minor-patch group across 1 directory with 3 upd...
• See full diff in compare view

Updates aws-actions/configure-aws-credentials from 713aaabfecea015b1ad8d37dc2b819ee41c00eb0 to e8614cfbf058de4c6c685b317488ecdec92a4305

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.1.1 (2026-05-05)

Miscellaneous Chores

• various dependency updates

6.1.0 (2026-04-06)

Features

• add skip cleanup option (#1716) (11b1c58), closes #1545
• Support usage of AWS Profiles (#1696) (a7f0c82)

6.0.0 (2026-02-04)

⚠ BREAKING CHANGES

• Update action to use node24 (#1632) (a7a2c11)

Features

• add support to define transitive tag keys (#1316) (232435c) (930ebd9)

Bug Fixes

• properly output aws-account-id and authenticated-arn when using role-chaining (#1633) (7ceaf96)

5.1.1 (2025-11-24)

Miscellaneous Chores

• release 5.1.1 (56d6a58)

5.1.0 (2025-10-06)

Features

• Add global timeout support (#1487) (1584b8b)
• add no-proxy support (#1482) (dde9b22)
• Improve debug logging in retry logic (#1485) (97ef425)

... (truncated)

Commits

• e8614cf chore: Update dist
• 4684f47 chore(deps): bump @​aws-sdk/client-sts from 3.1045.0 to 3.1049.0 (#1782)
• 48b8685 chore: Update dist
• fe6ad3a chore(deps-dev): bump @​smithy/property-provider from 4.3.1 to 4.3.3 (#1783)
• 2520c5e chore: Update dist
• bc1093d chore(deps-dev): bump @​aws-sdk/credential-provider-env (#1784)
• ffde832 chore(deps-dev): bump @​types/node from 25.7.0 to 25.9.0 (#1785)
• 707acd9 chore: Update dist
• a7c33ae chore(deps): bump @​smithy/node-http-handler from 4.7.1 to 4.7.3 (#1781)
• See full diff in compare view

Updates codecov/codecov-action from 6.0.0 to 6.0.1

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.1

What's Changed

• fix: prevent template injection in run: steps (VULN-1652) by @​thomasrockhu-codecov in codecov/codecov-action#1947
• chore(release): 6.0.1 by @​thomasrockhu-codecov in codecov/codecov-action#1949

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• e79a696 chore(release): 6.0.1 (#1949)
• 51e6422 fix: prevent template injection in run: steps (VULN-1652) (#1947)
• See full diff in compare view

Updates aquasecurity/trivy-action from 0.35.0 to 0.36.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.36.0

What's Changed

• chore(ci): update bump-trivy workflow by @​DmitriyLewen in aquasecurity/trivy-action#546
• ci: use action.yaml as single source of truth for Trivy version by @​nikpivkin in aquasecurity/trivy-action#552
• ci: replace peter-evans/create-pull-request with gh CLI by @​nikpivkin in aquasecurity/trivy-action#550
• test: use pinned digests for trivy-db, trivy-java-db and trivy-checks by @​nikpivkin in aquasecurity/trivy-action#555
• ci: add dependabot config by @​nikpivkin in aquasecurity/trivy-action#556
• chore: add zizmor config by @​nikpivkin in aquasecurity/trivy-action#557
• chore(deps): bump the actions group with 5 updates by @​dependabot[bot] in aquasecurity/trivy-action#558
• fix: use portable shebang in entrypoint.sh by @​Hayao0819 in aquasecurity/trivy-action#545
• Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name by @​patrik-csak in aquasecurity/trivy-action#547
• Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 by @​Aditya09-cse in aquasecurity/trivy-action#548
• chore: use GitHub Actions as git commit author in bump-trivy workflow by @​nikpivkin in aquasecurity/trivy-action#561
• chore(deps): Update trivy to v0.70.0 by @​Argon-DevOps-Mgt in aquasecurity/trivy-action#559
• chore: update action version to v0.36.0 in examples by @​nikpivkin in aquasecurity/trivy-action#563

New Contributors

• @​dependabot[bot] made their first contribution in aquasecurity/trivy-action#558
• @​Hayao0819 made their first contribution in aquasecurity/trivy-action#545
• @​patrik-csak made their first contribution in aquasecurity/trivy-action#547
• @​Aditya09-cse made their first contribution in aquasecurity/trivy-action#548
• @​Argon-DevOps-Mgt made their first contribution in aquasecurity/trivy-action#559

Full Changelog: aquasecurity/trivy-action@v0.35.0...v0.36.0

Commits

• ed142fd chore: update action version to v0.36.0 in examples (#563)
• dea62cf chore(deps): Update trivy to v0.70.0 (#559)
• 128d9a8 chore: use GitHub Actions as git commit author in bump-trivy workflow (#561)
• 876cf04 Upgrade Trivy action version from 0.33.1 to 0.35.0 fixes #549 (#548)
• dada784 Fix typo in GOOGLE_APPLICATION_CREDENTIALS env var name (#547)
• 4a2deec fix: use portable shebang in entrypoint.sh (#545)
• 1994662 chore(deps): bump the actions group with 5 updates (#558)
• 6b36659 chore: add zizmor config (#557)
• 316aa5a ci: add dependabot config (#556)
• 264c9c5 test: use pinned digests for trivy-db, trivy-java-db and trivy-checks (#555)
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 4.0.0 to 4.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.1.0

• Bump @​docker/actions-toolkit from 0.79.0 to 0.90.0 in docker/setup-buildx-action#489
• Bump brace-expansion from 1.1.12 to 5.0.6 in docker/setup-buildx-action#547 docker/setup-buildx-action#508
• Bump fast-xml-builder from 1.0.0 to 1.2.0 in docker/setup-buildx-action#540
• Bump fast-xml-parser from 5.4.2 to 5.8.0 in docker/setup-buildx-action#496
• Bump flatted from 3.3.3 to 3.4.2 in docker/setup-buildx-action#499
• Bump glob from 10.3.12 to 13.0.6 in docker/setup-buildx-action#495
• Bump handlebars from 4.7.8 to 4.7.9 in docker/setup-buildx-action#504
• Bump lodash from 4.17.23 to 4.18.1 in docker/setup-buildx-action#523
• Bump picomatch from 4.0.3 to 4.0.4 in docker/setup-buildx-action#503
• Bump postcss from 8.5.6 to 8.5.10 in docker/setup-buildx-action#537
• Bump tar from 6.2.1 to 7.5.15 in docker/setup-buildx-action#545
• Bump undici from 6.23.0 to 6.25.0 in docker/setup-buildx-action#492
• Bump vite from 7.3.1 to 7.3.2 in docker/setup-buildx-action#520

Full Changelog: docker/setup-buildx-action@v4.0.0...v4.1.0

Commits

• d7f5e7f Merge pull request #489 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 92bc5c9 chore: update generated content
• da11e35 build(deps): bump @​docker/actions-toolkit from 0.79.0 to 0.90.0
• f021e16 Merge pull request #492 from docker/dependabot/npm_and_yarn/undici-6.24.1
• b5af94f chore: update generated content
• 16ad977 build(deps): bump undici from 6.23.0 to 6.25.0
• d7a12d7 Merge pull request #495 from docker/dependabot/npm_and_yarn/glob-10.5.0
• 28ff27d build(deps): bump glob from 10.3.12 to 13.0.6
• daf436b Merge pull request #496 from docker/dependabot/npm_and_yarn/fast-xml-parser-5...
• 9725348 chore: update generated content
• Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/login-action#976
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960
• Bump @​docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970
• Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985
• Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963
• Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961
• Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979
• Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991
• Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits

• 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 99df1a3 chore: update generated content
• 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
• 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 4eefcd3 chore: update generated content
• 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
• e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 0bced94 chore: update generated content
• 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
• 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
• Additional commits viewable in compare view

Updates docker/build-push-action from 7.1.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/build-push-action#1525
• Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0 in docker/build-push-action#1517
• Bump brace-expansion from 2.0.2 to 5.0.6 in docker/build-push-action#1534
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/build-push-action#1529
• Bump fast-xml-parser from 5.5.7 to 5.8.0 in docker/build-push-action#1521
• Bump postcss from 8.5.6 to 8.5.10 in docker/build-push-action#1526
• Bump tar from 6.2.1 to 7.5.15 in docker/build-push-action#1533

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits

• f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 812d5fd chore: update generated content
• b6f6693 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
• c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 51bb284 chore: update generated content
• 5f7884d chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
• e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
• 3804d49 chore: update generated content
• 71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
• 4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
• Additional commits viewable in compare view

Bumps the all-dependencies group with 2 updates: @supabase/supabase-js and @tanstack/react-query.

Updates @supabase/supabase-js from 2.106.1 to 2.106.2

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.106.2

2.106.2 (2026-05-25)

🩹 Fixes

• auth: restore signup user response (#2391)
• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL
• Vaibhav @​7ttp

v2.106.2-canary.1

2.106.2-canary.1 (2026-05-22)

This was a version bump only, there were no code changes.

v2.106.2-canary.0

2.106.2-canary.0 (2026-05-22)

🩹 Fixes

• auth: restore signup user response (#2391)
• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL
• Vaibhav @​7ttp

v2.106.2-beta.2

2.106.2-beta.2 (2026-05-22)

This was a version bump only, there were no code changes.

v2.106.2-beta.0

2.106.2-beta.0 (2026-05-21)

This was a version bump only, there were no code changes.

Commits

• a5f09cf chore(repo): adopt pnpm catalog and clean up devDeps (#2389)
• c72cc56 fix(misc): add react-native export condition for Hermes-safe resolution (#2393)
• a7bdb23 docs(supabase): expand tracePropagation tsdoc with examples (#2388)
• f4c149c chore(release): version 2.106.1 changelogs (#2384)
• See full diff in compare view

Updates @tanstack/react-query from 5.100.13 to 5.100.14

Release notes

Sourced from @​tanstack/react-query's releases.

@​tanstack/react-query-devtools@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14
  • @​tanstack/query-devtools@​5.100.14

@​tanstack/react-query-next-experimental@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-query@​5.100.14

@​tanstack/react-query-persist-client@​5.100.14

Patch Changes

• Updated dependencies [ed20b6d]:
  • @​tanstack/react-q...

    Description has been truncated

[sentry]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!