Bump docker/login-action from 3.6.0 to 3.7.0

[dependabot]

Bumps docker/login-action from 3.6.0 to 3.7.0.

Release notes

Sourced from docker/login-action's releases.

v3.7.0

• Add scope input to set scopes for the authentication token by @​crazy-max in docker/login-action#912
• Add support for AWS European Sovereign Cloud ECR by @​dphi in docker/login-action#914
• Ensure passwords are redacted with registry-auth input by @​crazy-max in docker/login-action#911
• build(deps): bump lodash from 4.17.21 to 4.17.23 in docker/login-action#915

Full Changelog: docker/login-action@v3.6.0...v3.7.0

Commits

• c94ce9f Merge pull request #915 from docker/dependabot/npm_and_yarn/lodash-4.17.23
• 8339c95 Merge pull request #912 from docker/scope
• c83e932 build(deps): bump lodash from 4.17.21 to 4.17.23
• b268aa5 chore: update generated content
• a603229 documentation for scope input
• 7567f92 Add scope input to set scopes for the authentication token
• 0567fa5 Merge pull request #914 from dphi/add-support-for-amazonaws.eu
• f6ef577 feat: add support for AWS European Sovereign Cloud ECR registries
• 916386b Merge pull request #911 from crazy-max/ensure-redact
• 5b3f94a chore: update generated content
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

🔍 Vulnerabilities of renzof93/github-actions-secrets-mgmt:latest

📦 Image Reference renzof93/github-actions-secrets-mgmt:latest

digest	sha256:0a323544f49fb9dd975a685d4b2efaefb3733982748378e3e67d61713777dfbe
vulnerabilities
platform	linux/amd64
size	104 MB
packages	63

📦 Base Image python:3-alpine3.20

also known as	3.13-alpine3.20 3.13.3-alpine3.20 alpine3.20
digest	sha256:68834522e73344a5337150a62e87a75be9046c0e39b9bab925be078d953e54e1
vulnerabilities

requests 2.32.3 (pypi) pkg:pypi/requests@2.32.3 Insufficiently Protected Credentials Affected range <2.32.4 Fixed version 2.32.4 CVSS Score 5.3 CVSS Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N EPSS Score 0.098% EPSS Percentile 27th percentile Description Impact Due to a URL parsing issue, Requests releases prior to 2.32.4 may leak .netrc credentials to third parties for specific maliciously-crafted URLs. Workarounds For older versions of Requests, use of the .netrc file can be disabled with trust_env=False on your Requests Session (docs). References psf/requests#6965 https://seclists.org/fulldisclosure/2025/Jun/2

pynacl 1.5.0 (pypi) pkg:pypi/pynacl@1.5.0 Incomplete List of Disallowed Inputs Affected range <1.6.2 Fixed version 1.6.2 CVSS Score 4.5 CVSS Vector CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N EPSS Score 0.021% EPSS Percentile 5th percentile Description libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group. This advisoory lists packages in the GitHub Advisory Database's supported ecosystems that are affected by this vulnerability due to a vulnerable dependency.

[github-actions]

Recommended fixes for image renzof93/github-actions-secrets-mgmt:latest

Base image is python:3-alpine3.20

Name	3.13.3-alpine3.20
Digest	sha256:68834522e73344a5337150a62e87a75be9046c0e39b9bab925be078d953e54e1
Vulnerabilities
Pushed	8 months ago
Size	16 MB
Packages	41
Flavor	alpine
OS	3.20
Runtime	3.13.3

Refresh base image

Rebuild the image using a newer base image version. Updating this may result in breaking changes.

✅ This image version is up to date.

Change base image

Tag	Details	Pushed	Vulnerabilities
3-alpine Tag is preferred tag Also known as: alpine alpine3.23 3.14.2-alpine 3.14.2-alpine3.23 3.14-alpine 3.14-alpine3.23 3-alpine3.23	Benefits: Same OS detected Minor runtime version update Minor OS version update Tag is preferred tag Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 18 Image contains equal number of packages 3-alpine was pulled 51K times last month Image details: Size: 18 MB Flavor: alpine OS: 3.23 Runtime: 3.14.2	5 days ago
3.13-alpine Minor runtime version update Also known as: 3.13.11-alpine 3.13.11-alpine3.23 3.13-alpine3.23	Benefits: Same OS detected Minor runtime version update Minor OS version update Image contains 2 fewer packages Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 18 Image details: Size: 17 MB Flavor: alpine OS: 3.23 Runtime: 3.13.11	5 days ago
3.13-alpine3.22 Minor runtime version update Also known as: 3.13.11-alpine3.22	Benefits: Same OS detected Minor runtime version update Minor OS version update Image contains 2 fewer packages Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 18 Image details: Size: 17 MB Flavor: alpine OS: 3.22 Runtime: 3.13.11	5 days ago
3-alpine3.22 Minor runtime version update Also known as: alpine3.22 3.14.2-alpine3.22 3.14-alpine3.22	Benefits: Same OS detected Minor runtime version update Minor OS version update Tag was pushed more recently Image has similar size Image introduces no new vulnerability but removes 18 Image contains equal number of packages Image details: Size: 18 MB Flavor: alpine OS: 3.22 Runtime: 3.14.2	5 days ago