ci: bump the github-actions group with 4 updates

[dependabot[bot]]

Bumps the github-actions group with 4 updates: docker/login-action, tj-actions/changed-files, nix-community/cache-nix-action and aquasecurity/trivy-action.

Updates docker/login-action from 3.3.0 to 3.4.0

Release notes

Sourced from docker/login-action's releases.

v3.4.0

• Bump @​actions/core from 1.10.1 to 1.11.1 in docker/login-action#791
• Bump @​aws-sdk/client-ecr to 3.766.0 in docker/login-action#789 docker/login-action#856
• Bump @​aws-sdk/client-ecr-public to 3.758.0 in docker/login-action#789 docker/login-action#856
• Bump @​docker/actions-toolkit from 0.35.0 to 0.57.0 in docker/login-action#801 docker/login-action#806 docker/login-action#858
• Bump cross-spawn from 7.0.3 to 7.0.6 in docker/login-action#814
• Bump https-proxy-agent from 7.0.5 to 7.0.6 in docker/login-action#823
• Bump path-to-regexp from 6.2.2 to 6.3.0 in docker/login-action#777

Full Changelog: https://github.com/docker/login-action/compare/v3.3.0...v3.4.0

Commits

• 74a5d14 Merge pull request #856 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 2f4f00e chore: update generated content
• 67c1845 build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
• 3d4cc89 Merge pull request #844 from graysonpike/master
• 6cc823a Merge pull request #823 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
• d94e792 chore: update generated content
• 033db0d Merge pull request #812 from docker/dependabot/github_actions/codecov/codecov...
• 09c2ae9 build(deps): bump https-proxy-agent
• ba56f00 ci: update deprecated input for codecov-action
• 75bf9a7 Merge pull request #858 from docker/dependabot/npm_and_yarn/docker/actions-to...
• Additional commits viewable in compare view

Updates tj-actions/changed-files from dcc7a0cba800f454d79fff4b993e8c3555bcc0a8 to 531f5f7d163941f0c1c04e0ff4d8bb243ac4366f

Changelog

Sourced from tj-actions/changed-files's changelog.

Changelog

46.0.1 - (2025-03-16)

🔄 Update

• Updated README.md (#2473)

Co-authored-by: github-actions[bot] (2f7c5bf) - (github-actions[bot])

• Sync-release-version.yml to use signed commits (#2472) (4189ec6) - (Tonye Jack)

46.0.0 - (2025-03-16)

🐛 Bug Fixes

• Update update-readme.yml to sign-commits (#2468) (0f1ffe6) - (Tonye Jack)
• Update permission in update-readme.yml workflow (#2467) (ddef03e) - (Tonye Jack)
• Update github workflow update-readme.yml (#2466) (9c2df0d) - (Tonye Jack)

➖ Remove

• Deleted renovate.json (e37e952) - (Tonye Jack)

🔄 Update

• Sync-release-version.yml (#2471) (4cd184a) - (Tonye Jack)
• Updated README.md (#2469)

Co-authored-by: github-actions[bot] (5cbf220) - (github-actions[bot])

📚 Documentation

• Update docs to highlight security issues (#2465) (6525332) - (Tonye Jack)

45.0.9 - (2025-03-15)

🐛 Bug Fixes

• deps: Update dependency @​octokit/rest to v21.1.1 (#2435) (fb8dcda) - (renovate[bot])
• deps: Update dependency @​octokit/rest to v21.1.0 (#2394) (7b72c97) - (renovate[bot])
• deps: Update dependency yaml to v2.7.0 (#2383) (5f974c2) - (renovate[bot])

⚙️ Miscellaneous Tasks

• deps: Lock file maintenance (#2460) (9200e69) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.10 (#2459) (e650cfd) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10.1.1 (#2458) (82af21f) - (renovate[bot])
• deps: Update dependency eslint-config-prettier to v10.1.0 (#2457) (82fa4a6) - (renovate[bot])
• deps: Update peter-evans/create-pull-request action to v7.0.8 (#2455) (315505a) - (renovate[bot])
• deps: Update dependency @​types/node to v22.13.9 (#2454) (c8e1cdb) - (renovate[bot])

... (truncated)

Commits

• 531f5f7 Updated README.md (#2479)
• dccd194 doc: update README.md (#2478)
• 9237eb7 Updated README.md (#2476)
• d52b942 add hint to revoke leaked token (#2475)
• 45fb12d Upgraded to v46.0.1 (#2474)
• 2f7c5bf Updated README.md (#2473)
• 4189ec6 update: sync-release-version.yml to use signed commits (#2472)
• 4cd184a update: sync-release-version.yml (#2471)
• 5cbf220 Updated README.md (#2469)
• 0f1ffe6 fix: update update-readme.yml to sign-commits (#2468)
• Additional commits viewable in compare view

Updates nix-community/cache-nix-action from 6.1.1 to 6.1.2

Release notes

Sourced from nix-community/cache-nix-action's releases.

v6.1.2

Fixes

• Fix nix store database merging logic (nix-community/cache-nix-action#84)

Commits

• c448f06 Merge pull request #84 from nix-community/82-bug-v610-and-v611-dont-seem-to-w...
• fc908ed chore: build the action
• 57dad84 chore: build the action
• 0d5803d fix(action): print a message after the check
• db360de chore: build the action
• 07c1e7f fix(action): join on the derivation path, not the output path
• 1b9cbef fix(action): parse gc-max-store-size correctly
• See full diff in compare view

Updates aquasecurity/trivy-action from 0.29.0 to 0.30.0

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.30.0

What's Changed

• fix: Update default trivy version in README by @​derrix060 in aquasecurity/trivy-action#444
• fix: typo in description of an input for action.yaml by @​yutatokoi in aquasecurity/trivy-action#452
• Improve README/SBOM by @​AB-xdev in aquasecurity/trivy-action#439
• chore: bump trivy to v0.60.0 by @​nikpivkin in aquasecurity/trivy-action#453

New Contributors

• @​derrix060 made their first contribution in aquasecurity/trivy-action#444
• @​yutatokoi made their first contribution in aquasecurity/trivy-action#452
• @​AB-xdev made their first contribution in aquasecurity/trivy-action#439

Full Changelog: https://github.com/aquasecurity/trivy-action/compare/0.29.0...0.30.0

Commits

• 6c175e9 chore: bump trivy to v0.60.0 (#453)
• 53e8848 Improve README/SBOM (#439)
• ef1b561 fix: typo in description of an input for action.yaml (#452)
• a11da62 fix: Update default trivy version in README (#444)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions