chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 by dependabot[bot] · Pull Request #3 · grimmory-tools/grimmory

dependabot · 2026-03-12T21:44:55Z

Bumps docker/build-push-action from 6.19.2 to 7.0.0.

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

Commits

d08e5c3 Merge pull request #1479 from docker/dependabot/npm_and_yarn/docker/actions-t...
cbd2dff chore: update generated content
f76f51f chore(deps): Bump @docker/actions-toolkit from 0.78.0 to 0.79.0
7d03e66 Merge pull request #1473 from crazy-max/rm-deprecated-envs
98f853d chore: update generated content
cadccf6 remove deprecated envs
03fe877 Merge pull request #1478 from docker/dependabot/github_actions/docker/setup-b...
827e366 chore(deps): Bump docker/setup-buildx-action from 3 to 4
e25db87 Merge pull request #1474 from crazy-max/rm-export-build-tool
1ac2573 Merge pull request #1470 from crazy-max/node24
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot · 2026-03-12T21:44:56Z

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

github-actions · 2026-03-12T21:46:24Z

Frontend Test Results

0 tests 0 ✅ 0s ⏱️
0 suites 0 💤
0 files 0 ❌

Results for commit f110823.

github-actions · 2026-03-12T21:51:56Z

Backend Test Results

444 files 444 suites 1m 34s ⏱️
3 311 tests 3 296 ✅ 15 💤 0 ❌
3 368 runs 3 353 ✅ 15 💤 0 ❌

Results for commit f110823.

Co-authored-by: aditya.chandel <>

* Feature/kobo sync cbx support (#3) * Feature: Add CBX syncing support to Kobo sync (#2) * feat: add cbx sync support * fix: phrasing of setting description to align with CBX terminology * fix: resolve issue with CBX setting persistence * fix: updated dev docker compose to align with Dockerfile * feat: add cbx files as allowed entitlements * fix: relax tomcat query characters for kobo sync * fix: remove hardcoded epub restrictions * fix: reduce image size and resolve relative content paths * fix: resolve issues with the image file encoding * feat: add rar and cb7 support * feat: bring generated epub more in line with epub standard * fix: resolve issues with extra metadata fields * fix: make css background colour white to improve e-ink performance * cleanup: code comments * feat: add cbx unit tests * fix: update zipfile to use builder pattern as current method is deprecated * fix: remove comments * fix: replace regex pattern to a simpler check * fix: remove unused imports * fix: update epub template to use standard language string * fix: missing line end on css * fix: remove duplicate query characters * fix: grammer issue * fix: resolve typo in the entitlement service test * fix: redundant imports and update long types * chore: update test descriptions for cbx conversion * fix: add check for larger images in archive files. unlikely to occur. * fix: merge temp dir logic for the book download * fix: update kobo entitlement to always report the format as epub3 * fix: implement suggested changes around javadocs and some edge cases to handle gracefully * chore: cleanup variable names to be clearer in download service * feat: change function to extract to disk instead of storing images in memory * fix: add temp file clean up into the conversion service * fix: add visual divider to seperate CBX and EPUB settings * fix: update lambdas to use method references * fix: reword setting description for cbx to epub sync --------- Co-authored-by: Aditya Chandel <8075870+adityachandelgit@users.noreply.github.com>

Dependabot couldn't find the original pull request head commit, f110823.

Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

## [2.2.3](v2.2.2...v2.2.3) (2026-03-20) ### Bug Fixes * **build:** make frontend resources optional in test runs ([dfd7a19](dfd7a19)) * **build:** package frontend assets through Gradle resources ([c4b021f](c4b021f)) ### Performance * **ci:** speed up image builds and centralize cache writes ([d148a09](d148a09)) ### Chores * **deps:** bump actions/setup-node from 6.2.0 to 6.3.0 ([#1](#1)) ([489ffb4](489ffb4)) * **deps:** bump docker/build-push-action from 6.19.2 to 7.0.0 ([#3](#3)) ([cd6f37a](cd6f37a)) * **deps:** bump docker/login-action from 3.7.0 to 4.0.0 ([#6](#6)) ([9373b50](9373b50)) * **deps:** bump docker/setup-buildx-action from 3.12.0 to 4.0.0 ([#2](#2)) ([cc4efe5](cc4efe5)) ### Documentation * Add a note about how to make a release ([2b2e08b](2b2e08b)) * Adds a note for moving away from packaging everything in a jar ([2294a38](2294a38))

## [2.2.3](grimmory-tools/grimmory@v2.2.2...v2.2.3) (2026-03-20) ### Bug Fixes * **build:** make frontend resources optional in test runs ([dfd7a19](grimmory-tools/grimmory@dfd7a19)) * **build:** package frontend assets through Gradle resources ([c4b021f](grimmory-tools/grimmory@c4b021f)) ### Performance * **ci:** speed up image builds and centralize cache writes ([d148a09](grimmory-tools/grimmory@d148a09)) ### Chores * **deps:** bump actions/setup-node from 6.2.0 to 6.3.0 ([#1](grimmory-tools/grimmory#1)) ([489ffb4](grimmory-tools/grimmory@489ffb4)) * **deps:** bump docker/build-push-action from 6.19.2 to 7.0.0 ([#3](grimmory-tools/grimmory#3)) ([cd6f37a](grimmory-tools/grimmory@cd6f37a)) * **deps:** bump docker/login-action from 3.7.0 to 4.0.0 ([#6](grimmory-tools/grimmory#6)) ([9373b50](grimmory-tools/grimmory@9373b50)) * **deps:** bump docker/setup-buildx-action from 3.12.0 to 4.0.0 ([#2](grimmory-tools/grimmory#2)) ([cc4efe5](grimmory-tools/grimmory@cc4efe5)) ### Documentation * Add a note about how to make a release ([2b2e08b](grimmory-tools/grimmory@2b2e08b)) * Adds a note for moving away from packaging everything in a jar ([2294a38](grimmory-tools/grimmory@2294a38))

#79) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(archive): infer archive type via Magic Numbers instead of filename * fix(archive): improve archive type detection and improve logging for cover image retrieval --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…hints to supported versions (#76) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(security): update security policy with reporting guidelines and hints to supported versions --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tead of better fields like ISBN in Goodreads/Bookdrop (#85) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(metadata): fix metadata fetching relying for filename "first" instead of better fields like ISBN in Goodreads/Bookdrop * perf(ci): speed up image builds and centralize cache writes - Image builds: - pin frontend and backend Docker build stages to the build platform so multi-arch packaging can reuse architecture-independent work - add an Angular build cache mount and move dynamic version metadata to the end of the runtime stage so static layers stay reusable across tags - reduce image workflow checkout depth and keep preview builds on `linux/amd64` only to avoid unnecessary QEMU and history overhead - Cache policy: - make CI packaging smoke builds consume the shared image cache without writing new BuildKit cache state - make normal preview builds consume shared GHA and registry caches without mutating the canonical cache - keep nightly and stable release builds as the workflows that refresh the shared image cache in both GHA and registry backends - Preview override: - add a `refresh_shared_cache` input to the preview workflow for an explicit no-cache rebuild that repopulates the shared cache when maintainers need to bust and refresh it - keep the default preview behavior optimized for fast disposable builds rather than cache churn - Validation: - keep workflow YAML parsing clean after the cache-policy changes - keep `git diff --check` clean for the touched Docker and workflow files * docs: Add a note about how to make a release * chore: remove unncesary comments --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Cox <james@imaj.es>

grimmory-tools#79) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(archive): infer archive type via Magic Numbers instead of filename * fix(archive): improve archive type detection and improve logging for cover image retrieval --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tead of better fields like ISBN in Goodreads/Bookdrop (grimmory-tools#85) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(metadata): fix metadata fetching relying for filename "first" instead of better fields like ISBN in Goodreads/Bookdrop * perf(ci): speed up image builds and centralize cache writes - Image builds: - pin frontend and backend Docker build stages to the build platform so multi-arch packaging can reuse architecture-independent work - add an Angular build cache mount and move dynamic version metadata to the end of the runtime stage so static layers stay reusable across tags - reduce image workflow checkout depth and keep preview builds on `linux/amd64` only to avoid unnecessary QEMU and history overhead - Cache policy: - make CI packaging smoke builds consume the shared image cache without writing new BuildKit cache state - make normal preview builds consume shared GHA and registry caches without mutating the canonical cache - keep nightly and stable release builds as the workflows that refresh the shared image cache in both GHA and registry backends - Preview override: - add a `refresh_shared_cache` input to the preview workflow for an explicit no-cache rebuild that repopulates the shared cache when maintainers need to bust and refresh it - keep the default preview behavior optimized for fast disposable builds rather than cache churn - Validation: - keep workflow YAML parsing clean after the cache-policy changes - keep `git diff --check` clean for the touched Docker and workflow files * docs: Add a note about how to make a release * chore: remove unncesary comments --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Cox <james@imaj.es>

grimmory-tools#79) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (grimmory-tools#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (grimmory-tools#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (grimmory-tools#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(archive): infer archive type via Magic Numbers instead of filename * fix(archive): improve archive type detection and improve logging for cover image retrieval --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…hints to supported versions (grimmory-tools#76) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (grimmory-tools#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (grimmory-tools#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (grimmory-tools#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(security): update security policy with reporting guidelines and hints to supported versions --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…tead of better fields like ISBN in Goodreads/Bookdrop (grimmory-tools#85) * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#1) Dependabot couldn't find the original pull request head commit, ea510f4. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (grimmory-tools#2) Dependabot couldn't find the original pull request head commit, faed6bf. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (grimmory-tools#3) Dependabot couldn't find the original pull request head commit, f110823. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (grimmory-tools#6) Dependabot couldn't find the original pull request head commit, 9a8d7a1. Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(metadata): fix metadata fetching relying for filename "first" instead of better fields like ISBN in Goodreads/Bookdrop * perf(ci): speed up image builds and centralize cache writes - Image builds: - pin frontend and backend Docker build stages to the build platform so multi-arch packaging can reuse architecture-independent work - add an Angular build cache mount and move dynamic version metadata to the end of the runtime stage so static layers stay reusable across tags - reduce image workflow checkout depth and keep preview builds on `linux/amd64` only to avoid unnecessary QEMU and history overhead - Cache policy: - make CI packaging smoke builds consume the shared image cache without writing new BuildKit cache state - make normal preview builds consume shared GHA and registry caches without mutating the canonical cache - keep nightly and stable release builds as the workflows that refresh the shared image cache in both GHA and registry backends - Preview override: - add a `refresh_shared_cache` input to the preview workflow for an explicit no-cache rebuild that repopulates the shared cache when maintainers need to bust and refresh it - keep the default preview behavior optimized for fast disposable builds rather than cache churn - Validation: - keep workflow YAML parsing clean after the cache-policy changes - keep `git diff --check` clean for the touched Docker and workflow files * docs: Add a note about how to make a release * chore: remove unncesary comments --------- Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Cox <james@imaj.es>