Bump docker/metadata-action from 4 to 5

[dependabot]

This Pull Request Was Automated by Hamster [bot]

Note

Workflow Trigger: push event .
Details of Run: https://github.com/offensive-vk/UntilEverything/actions/runs/11190415929

• Author: @TheHamsterBot
• Branch: master (base) / refs/heads/dependabot/github_actions/docker/metadata-action-5 (head)
• Commit: 09429a2
• Workflow Path: CI / Automated Pull Request
• Pull Request Number: ||
• Pusher Details: offensive-vk [email protected]

---

Thanks.
Oct 05, Saturday 04:30:23 AM
Your Hamster 🐹 PF78VAPPKLZ2

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/docker/metadata-action	5.*.*	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/2 approved changesets -- score normalized to 0 Maintained 🟢 8 9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected
actions/docker/metadata-action	70b2cdc6480c1a8b86edf1777157f8f437de2166	🟢 5.5	Details Check Score Reason Code-Review ⚠️ 0 Found 0/2 approved changesets -- score normalized to 0 Maintained 🟢 8 9 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 8 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Security-Policy 🟢 9 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Fuzzing ⚠️ 0 project is not fuzzed Packaging 🟢 10 packaging workflow detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 9 1 existing vulnerabilities detected

Scanned Manifest Files

.github/workflows/deploy.yml

• docker/metadata-action@5.*.*
• docker/metadata-action@4.*.*

.github/workflows/docker-publish.yml

• docker/metadata-action@70b2cdc
• docker/metadata-action@96383f4

[offensive-vk]

@dependabot recreate

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[dependabot]

Oh no! Something went wrong on our end. Please try again later.

If the problem persists, please contact GitHub support for assistance 🙇