[Snyk] Upgrade @docker/actions-toolkit from 0.37.1 to 0.62.1

[blacksmith-axlora]

Snyk has created this PR to upgrade @docker/actions-toolkit from 0.37.1 to 0.62.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 27 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Insecure Randomness SNYK-JS-UNDICI-8641354	631	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	631	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-OCTOKITENDPOINT-8730856	631	Proof of Concept
	Missing Release of Memory after Effective Lifetime SNYK-JS-UNDICI-10176064	631	Proof of Concept

Release notes

Package name: @docker/actions-toolkit

• 0.62.1 - 2025-05-27
  
  • github: fix summary handling for dbc by @ crazy-max in #707

  Full Changelog: v0.62.0...v0.62.1

• 0.62.0 - 2025-05-27
  
  • history: finalize when exporting by @ crazy-max in #690
  • github: support cloud build URL when writing summary by @ crazy-max in #686
  • docker(install): fix constructor by @ crazy-max in #697
  • build(deps): bump @ actions/github from 6.0.0 to 6.0.1 in #683
  • build(deps): bump semver and @ types/semver in #687

  Full Changelog: v0.61.0...v0.62.0

• 0.61.0 - 2025-04-24
  
  • buildx(builder): inspect devices and new gc policy opts support by @ crazy-max in #604
  • docker(install): use undock to extract image by @ crazy-max in #567

  Full Changelog: v0.60.0...v0.61.0

• 0.60.0 - 2025-04-23
  
  • buildx(history): export build using history command support by @ crazy-max in #652
  • regclient with regctl support by @ crazy-max in #665 #666 #667

  Full Changelog: v0.59.0...v0.60.0

• 0.59.0 - 2025-04-08
  
  • buildx(build): always register as secret the value passed as build secret string by @ crazy-max in #645

  Full Changelog: v0.58.0...v0.59.0

• 0.58.0 - 2025-04-01
  
  • build(deps): bump @ actions/artifact from 2.3.0 to 2.3.2 in #621 #633
  • build(deps): bump @ actions/cache from 4.0.2 to 4.0.3 in #631

  Full Changelog: v0.57.0...v0.58.0

• 0.57.0 - 2025-03-11
  
  • docker(install): update lima images by @ crazy-max in #619
  • build(deps): bump @ actions/artifact from 2.2.2 to 2.3.0 in #620

  Full Changelog: v0.56.0...v0.57.0

• 0.56.0 - 2025-02-26
  
  • build(deps): bump @ actions/artifact from 2.2.1 to 2.2.2 in #603
  • build(deps): bump @ actions/cache from 4.0.1 to 4.0.2 in #612

  Full Changelog: v0.55.0...v0.56.0

• 0.55.0 - 2025-02-19
  
  • buildx(build): support binary data when copying secret files by @ matthiasfehr in #599
  • build(deps): bump @ actions/cache from 4.0.0 to 4.0.1 in #593

  Full Changelog: v0.54.0...v0.55.0

• 0.54.0 - 2025-02-04
  
  • compose(install): fix base cache dir by @ crazy-max in #580
  • build(deps): bump semver from 7.6.3 to 7.7.1 in #585

  Full Changelog: v0.53.0...v0.54.0

• 0.53.0 - 2025-01-23
• 0.52.0 - 2025-01-20
• 0.51.0 - 2025-01-15
• 0.50.0 - 2025-01-10
• 0.49.0 - 2024-12-16
• 0.48.0 - 2024-12-12
• 0.47.0 - 2024-12-03
• 0.46.0 - 2024-11-25
• 0.45.0 - 2024-11-18
• 0.44.0 - 2024-11-13
• 0.43.0 - 2024-11-07
• 0.42.0 - 2024-10-30
• 0.41.1 - 2024-10-29
• 0.41.0 - 2024-10-29
• 0.40.0 - 2024-10-24
• 0.39.0 - 2024-09-30
• 0.38.0 - 2024-09-27
• 0.37.1 - 2024-08-07

from @docker/actions-toolkit GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[cursor]

Bug: Version Specifier Mismatch in Dependency Files

Version specifier inconsistency for @docker/actions-toolkit: package.json pins to 0.62.1 (exact), but package-lock.json uses ^0.62.1 (caret range). This mismatch can cause different versions to be installed across environments, leading to reproducibility issues or unexpected behavior.

package-lock.json#L13-L14

build-push-action/package-lock.json

Lines 13 to 14 in 49f6913

	"@connectrpc/connect-node": "^1.6.1",
	"@docker/actions-toolkit": "^0.62.1",

Fix in Cursor

---

Was this report helpful? Give feedback by reacting with 👍 or 👎