chore(deps): bump the dependencies group across 1 directory with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates in the / directory: Songmu/tagpr, goreleaser/goreleaser-action and docker/build-push-action.

Updates Songmu/tagpr from 1.15.0 to 1.17.0

Release notes

Sourced from Songmu/tagpr's releases.

v1.17.0

What's Changed

• Add fixedMajorVersion option for multiple major version support by @​Konboi in Songmu/tagpr#296

New Contributors

• @​Konboi made their first contribution in Songmu/tagpr#296

Full Changelog: Songmu/tagpr@v1.16.0...v1.17.0

v1.16.0

What's Changed

• docs: improve README for labels and env vars by @​tokuhirom in Songmu/tagpr#300
• Use scoped release yaml path in github releases by @​wreulicke in Songmu/tagpr#304
• fix: latestSemverTag returns empty for zero-padded calver tags by @​k1LoW in Songmu/tagpr#303
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in Songmu/tagpr#305
• build(deps): bump github.com/Songmu/gitconfig from 0.2.1 to 0.2.2 by @​dependabot[bot] in Songmu/tagpr#299
• Migrate gh2changelog to monorepo as local submodule by @​Copilot in Songmu/tagpr#307
• Fix: validate tagPrefix in isTagPR for monorepo isolation by @​Copilot in Songmu/tagpr#311

New Contributors

• @​tokuhirom made their first contribution in Songmu/tagpr#300
• @​Copilot made their first contribution in Songmu/tagpr#307

Full Changelog: Songmu/tagpr@v1.15.0...v1.16.0

Changelog

Sourced from Songmu/tagpr's changelog.

Changelog

v1.17.0 - 2026-02-14

• Add fixedMajorVersion option for multiple major version support by @​Konboi in Songmu/tagpr#296

v1.16.0 - 2026-02-14

• docs: improve README for labels and env vars by @​tokuhirom in Songmu/tagpr#300
• Use scoped release yaml path in github releases by @​wreulicke in Songmu/tagpr#304
• fix: latestSemverTag returns empty for zero-padded calver tags by @​k1LoW in Songmu/tagpr#303
• build(deps): bump golang.org/x/oauth2 from 0.34.0 to 0.35.0 by @​dependabot[bot] in Songmu/tagpr#305
• build(deps): bump github.com/Songmu/gitconfig from 0.2.1 to 0.2.2 by @​dependabot[bot] in Songmu/tagpr#299
• Migrate gh2changelog to monorepo as local submodule by @​Copilot in Songmu/tagpr#307
• Fix: validate tagPrefix in isTagPR for monorepo isolation by @​Copilot in Songmu/tagpr#311

v1.15.0 - 2026-02-01

• feat: allow tagpr.calendarVersioning to accept format string directly by @​k1LoW in Songmu/tagpr#295

v1.14.0 - 2026-01-29

• feat: scoped release configuration by @​wreulicke in Songmu/tagpr#291
• [fix] care nil ReleaseYAML by @​Songmu in Songmu/tagpr#293

v1.13.0 - 2026-01-29

• Add Calendar Versioning (CalVer) support by @​fujiwara in Songmu/tagpr#288
• build(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @​dependabot[bot] in Songmu/tagpr#289

v1.12.1 - 2026-01-21

• fix: pass changelog file path to gh2changelog by @​wreulicke in Songmu/tagpr#286

v1.12.0 - 2026-01-21

• feat: add changelogFile for monorepo support by @​wreulicke in Songmu/tagpr#283
• build(deps): bump actions/setup-go from 6.1.0 to 6.2.0 by @​dependabot[bot] in Songmu/tagpr#281

v1.11.1 - 2026-01-13

• fix: add check for both release.yml and release.yaml files by @​nnnkkk7 in Songmu/tagpr#275
• feat: add base_tag output for GitHub Actions by @​178inaba in Songmu/tagpr#277
• fix: scope git log to tagPrefix path in monorepo mode by @​biosugar0 in Songmu/tagpr#274

v1.11.0 - 2026-01-06

• build(deps): bump golang.org/x/oauth2 from 0.33.0 to 0.34.0 by @​dependabot[bot] in Songmu/tagpr#265
• build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by @​dependabot[bot] in Songmu/tagpr#266
• build(deps): bump github.com/Songmu/gitsemvers from 0.0.3 to 0.1.0 by @​dependabot[bot] in Songmu/tagpr#269
• Add tagPrefix configuration for monorepo support by @​biosugar0 in Songmu/tagpr#268
• build(deps): bump github.com/Songmu/gh2changelog from 0.3.0 to 0.4.0 by @​dependabot[bot] in Songmu/tagpr#270

v1.10.0 - 2025-12-14

• Preserve file modes by @​hekki in Songmu/tagpr#263

v1.9.2 - 2025-12-13

• config: introduce setFromGitconfig, reloadField, reloadBoolField meth… by @​12ya in Songmu/tagpr#251

... (truncated)

Commits

• da82ed6 Merge pull request #312 from Songmu/tagpr-from-v1.16.0
• 55ab9cd [tagpr] update CHANGELOG.md
• bf39ad3 [tagpr] prepare for the next release
• 9547bc3 Merge pull request #296 from Konboi/multiple-major-version
• 9af5627 Merge pull request #301 from Songmu/tagpr-from-v1.15.0
• dd30281 [tagpr] update CHANGELOG.md
• c413cd8 [tagpr] prepare for the next release
• 75a8422 Merge pull request #311 from Songmu/copilot/fix-istagpr-tagprefix-check
• 30dd298 Update tagpr_test.go
• 641e484 Update tagpr.go
• Additional commits viewable in compare view

Updates goreleaser/goreleaser-action from 6.4.0 to 7.0.0

Release notes

Sourced from goreleaser/goreleaser-action's releases.

v7.0.0

What's Changed

• feat!: node 24, update deps, rm yarn, ESM by @​caarlos0 in goreleaser/goreleaser-action#533
• sec: pin github action versions by @​caarlos0 in goreleaser/goreleaser-action#514
• docs: Upgrade checkout GitHub Action in README.md by @​dunglas in goreleaser/goreleaser-action#507
• chore(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in goreleaser/goreleaser-action#504
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#517
• ci(deps): bump the actions group with 2 updates by @​dependabot[bot] in goreleaser/goreleaser-action#523
• ci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#526
• ci(deps): bump the actions group across 1 directory with 4 updates by @​dependabot[bot] in goreleaser/goreleaser-action#532
• ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#534
• chore(deps): bump the npm group across 1 directory with 4 updates by @​dependabot[bot] in goreleaser/goreleaser-action#536
• chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group by @​dependabot[bot] in goreleaser/goreleaser-action#537
• ci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in the actions group by @​dependabot[bot] in goreleaser/goreleaser-action#538
• chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by @​dependabot[bot] in goreleaser/goreleaser-action#539

Full Changelog: goreleaser/goreleaser-action@v6...v7.0.0

Commits

• ec59f47 fix: yargs usage
• 752dede fix: gitignore
• 1881ae0 ci: update dependabot settings
• fdc5e66 chore: gitignore provenance.json
• 51b5b35 chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (#539)
• 4247c53 ci(deps): bump docker/setup-buildx-action in the actions group (#538)
• c169bfd chore(deps): bump @​actions/http-client from 3.0.2 to 4.0.0 in the npm group (...
• 902ab4a chore(deps): bump the npm group across 1 directory with 4 updates (#536)
• c59a691 chore: gitignore
• 56cc8b2 ci: add job to automate dependabot pre-checkin/vendor
• Additional commits viewable in compare view

Updates docker/build-push-action from 6.18.0 to 6.19.2

Release notes

Sourced from docker/build-push-action's releases.

v6.19.2

• Preserve port in GIT_AUTH_TOKEN host by @​crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

• Derive GIT_AUTH_TOKEN host from GitHub server URL by @​crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

• Scope default git auth token to github.com by @​crazy-max in docker/build-push-action#1451
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396
• Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391
• Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429
• Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446
• Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398
• Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits

• 10e90e3 Merge pull request #1458 from crazy-max/git-auth-port
• 5262538 chore: update generated content
• cd130e4 preserve port in GIT_AUTH_TOKEN host
• 806c751 Merge pull request #1452 from crazy-max/update-yarn
• 601a80b Merge pull request #1456 from crazy-max/auth-token-dyn-host
• 8f7fd7c chore: update generated content
• 710e335 derive GIT_AUTH_TOKEN host from GitHub server URL
• c4ca848 update yarn to 4.9.2
• ee4ca42 Merge pull request #1398 from docker/dependabot/npm_and_yarn/tmp-0.2.4
• f1b3bb5 chore: update generated content
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions