Skip to content

Bump docker/build-push-action from 7.1.0 to 7.2.0#114

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/docker/build-push-action-7.2.0
Open

Bump docker/build-push-action from 7.1.0 to 7.2.0#114
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/docker/build-push-action-7.2.0

Bump docker/build-push-action from 7.1.0 to 7.2.0

e0214b8
Select commit
Loading
Failed to load commit list.
Superagent Security / Security scan required action May 26, 2026 in 21s

PR requires security review

1 security concern(s) detected.

Details

  1. P1: Docker publish workflow uses a mutable action tag (.github/workflows/publish.yaml:119)
    Pin docker/build-push-action to the full 40-character commit SHA for the intended v7.2.0 release and keep the version as a comment, e.g. uses: docker/build-push-action@<full-commit-sha> # v7.2.0. Apply SHA pinning consistently to actions used in release/publish workflows.
View more details on Superagent Security