chore(deps): bump docker/setup-qemu-action from 3 to 4#5836
chore(deps): bump docker/setup-qemu-action from 3 to 4#5836
Conversation
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3...v4) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
dependencies
rtibblesbot
left a comment
rtibblesbot
left a comment
There was a problem hiding this comment.
Routine GitHub Actions dependency update. CI passing, including the Docker build jobs that exercise this action directly.
Dependency Update Review
Package: docker/setup-qemu-action v3 → v4
Semver risk: Major
Dependency type: CI/CD (GitHub Actions workflow only — no runtime impact)
CI status: Passing (Postgres build, nginx build, frontend tests, linting all green)
Changelog Analysis
Sources consulted:
- PR body (release notes for v4.0.0 through v3.1.0)
Breaking changes:
- Node 24 as default runtime (requires Actions Runner v2.327.1 or later) — GitHub-hosted runners meet this requirement; CI passing confirms compatibility.
- Switch to ESM internally — no effect on action inputs/outputs or how the action is called.
Deprecations: None.
Security fixes: Bumps js-yaml 3.14.1 → 3.14.2, lodash 4.17.21 → 4.17.23, @isaacs/brace-expansion 5.0.0 → 5.0.1 — minor security hygiene in action's own dependencies.
Other notable changes: @actions/core 1.11.1 → 3.0.0 and @docker/actions-toolkit 0.67.0 → 0.77.0 inside the action bundle — no API surface change for callers.
Compatibility Assessment
- Project uses affected APIs: No — the action is called with no custom inputs in either step; defaults unchanged.
- Peer dependency changes: None.
- Code changes required: None.
- Prior failed attempts: None (no maintainer comments flagging past issues).
Recommendation
APPROVE — Node 24 runtime requirement is satisfied (CI passing), action interface is unchanged, and this is a workflow-only change with no production impact.
@rtibblesbot's comments are generated by an LLM, and should be evaluated accordingly
How was this generated?
Reviewed the pull request diff checking for:
- Correctness: bugs, edge cases, undocumented behavior, resource leaks, hardcoded values
- Design: unnecessary complexity, naming, readability, comment accuracy, redundant state
- Architecture: duplicated concerns, minimal interfaces, composition over inheritance
- Testing: behavior-based assertions, mocks only at hard boundaries, accurate coverage
- Completeness: missing dependencies, unupdated usages, i18n, accessibility, security
- Principles: DRY (same reason to change), SRP, Rule of Three (no premature abstraction)
- Checked CI status and linked issue acceptance criteria
- For UI changes: inspected screenshots for layout, visual completeness, and consistency
rtibbles
left a comment
rtibbles
left a comment
There was a problem hiding this comment.
Good to merge, breaking change only affects self hosted runners due to NodeJS 24 requirement.
dependabot
bot
deleted the
dependabot/github_actions/docker/setup-qemu-action-4
branch
2 participants
Bumps docker/setup-qemu-action from 3 to 4.
Release notes
Sourced from docker/setup-qemu-action's releases.
... (truncated)
Commits
ce36039Merge pull request #245 from crazy-max/node246386344node 24 as default runtime1ea3db7Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...b56a002chore: update generated contentc43f02dbuild(deps): bump@docker/actions-toolkitfrom 0.67.0 to 0.77.0ce10c58Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0429fc9dchore: update generated content060e5f8build(deps): bump@actions/corefrom 1.11.1 to 3.0.044be13eMerge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.21897438chore: update generated contentDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)