chore(deps): update docker/login-action action to v4.2.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
docker/login-action	action	minor	v4.0.0 → v4.2.0

---

Release Notes

docker/login-action (docker/login-action)

v4.2.0

Compare Source

• Bump @​actions/core from 3.0.0 to 3.0.1 in #​976
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1050.0 in #​960
• Bump @​docker/actions-toolkit from 0.86.0 to 0.90.0 in #​970
• Bump brace-expansion from 2.0.1 to 5.0.6 in #​993
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in #​985
• Bump fast-xml-parser from 5.3.6 to 5.8.0 in #​963
• Bump http-proxy-agent and https-proxy-agent to 9.0.0 in #​961
• Bump postcss from 8.5.6 to 8.5.10 in #​979
• Bump tar from 6.2.1 to 7.5.15 in #​991
• Bump vite from 7.3.1 to 7.3.3 in #​986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

v4.1.0

Compare Source

• Fix scoped Docker Hub cleanup path when registry is omitted by @​crazy-max in #​945
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1020.0 in #​930
• Bump @​docker/actions-toolkit from 0.77.0 to 0.86.0 in #​932 #​936
• Bump brace-expansion from 1.1.12 to 1.1.13 in #​952
• Bump fast-xml-parser from 5.3.4 to 5.3.6 in #​942
• Bump flatted from 3.3.3 to 3.4.2 in #​944
• Bump glob from 10.3.12 to 10.5.0 in #​940
• Bump handlebars from 4.7.8 to 4.7.9 in #​949
• Bump http-proxy-agent and https-proxy-agent to 8.0.0 in #​937
• Bump lodash from 4.17.23 to 4.18.1 in #​958
• Bump minimatch from 3.1.2 to 3.1.5 in #​941
• Bump picomatch from 4.0.3 to 4.0.4 in #​948
• Bump undici from 6.23.0 to 6.24.1 in #​938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At 12:00 AM through 04:59 AM and 10:00 PM through 11:59 PM, Monday through Friday (* 0-4,22-23 * * 1-5)
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

v4.1.0 changes:

• Bug fix: corrected scoped Docker Hub cleanup path when registry input is omitted (not applicable here — this repo uses ghcr.io)
• Dependency bumps: @aws-sdk/client-ecr*, @docker/actions-toolkit, brace-expansion, fast-xml-parser, flatted, glob, handlebars, http-proxy-agent, https-proxy-agent, lodash, minimatch, picomatch, undici

v4.2.0 changes:

• Dependency security/maintenance bumps only: @actions/core 3.0.0→3.0.1, @aws-sdk/client-ecr* → 3.1050.0, @docker/actions-toolkit 0.86.0→0.90.0, brace-expansion 2.0.1→5.0.6, fast-xml-builder 1.1.4→1.2.0, fast-xml-parser 5.3.6→5.8.0, http-proxy-agent/https-proxy-agent → 9.0.0, postcss 8.5.6→8.5.10, tar 6.2.1→7.5.15, vite 7.3.1→7.3.3
• No breaking changes and no API surface changes across either minor release

🎯 Impact Scope Investigation

• Single usage location: .github/workflows/release-please.yml:109 — used to authenticate with ghcr.io before pushing Docker images during releases
• Inputs used: registry: ghcr.io, username: ${{ github.actor }}, password: ${{ github.token }} — all three inputs remain unchanged in v4.1.0 and v4.2.0
• Commit pin updated correctly: b45d80f862d83dbcd57f89517bcf500b2ab88fb2 (v4.0.0) → 650006c6eb7dba73a995cc03b0b2d7f5ca915bee (v4.2.0), maintaining the pinned-SHA security practice this repo follows
• No impact on other dependencies: this is a GitHub Actions action reference, not a Go module dependency

💡 Recommended Actions

• No migration steps or code changes required
• Merge as-is; the diff is a single-line SHA+tag comment update with no behavioral changes for this repo's usage pattern

🔗 Reference Links

• v4.1.0 release notes
• v4.2.0 release notes
• Full changelog v4.0.0→v4.1.0
• Full changelog v4.1.0→v4.2.0

Generated by koki-develop/claude-renovate-review