build(deps): bump github/codeql-action from 4.36.0 to 4.36.1

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...87557b9c84dde89fdd9b10e88954ac2f4248e463) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #273 from crazy-max/yarn-update
2026-06-06 12:23:37 -05:00 · 2026-06-04 10:54:32 +00:00 · 2026-05-28 18:45:44 +02:00 · 2026-05-28 15:17:58 +02:00 · 2026-05-28 10:01:16 +02:00 · 2026-05-27 20:05:10 +00:00
5 changed files with 14 additions and 10 deletions
@@ -163,7 +163,7 @@ jobs:
          docker run -d -p 5000:5000 --restart=always --name registry registry:2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
        with:
          driver: docker
          driver-opts: network=host
@@ -202,7 +202,7 @@ jobs:
          docker run -d -p 5000:5000 --restart=always --name registry registry:2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
        with:
          driver: docker
          driver-opts: network=host
@@ -35,12 +35,12 @@ jobs:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
-        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/init@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
        with:
          languages: javascript-typescript
          build-mode: none
      -
        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
+        uses: github/codeql-action/analyze@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1
        with:
          category: "/language:javascript-typescript"
@@ -1,10 +1,10 @@
 # https://yarnpkg.com/configuration/yarnrc
-compressionLevel: mixed
+nodeLinker: node-modules
 enableGlobalCache: false
 enableHardenedMode: true
 logFilters:
  - code: YN0004
    level: discard
  - code: YN0013
    level: discard
  - code: YN0019
@@ -14,4 +14,8 @@ logFilters:
  - code: YN0086
    level: discard
-nodeLinker: node-modules
+compressionLevel: mixed
 enableGlobalCache: false
 enableHardenedMode: true
 enableScripts: false
 npmMinimalAgeGate: 2d
@@ -21,7 +21,7 @@
  ],
  "author": "Docker Inc.",
  "license": "Apache-2.0",
-  "packageManager": "yarn@4.9.2",
+  "packageManager": "yarn@4.15.0",
  "dependencies": {
    "@actions/core": "^3.0.1",
    "@docker/actions-toolkit": "^0.91.0"
@@ -2,7 +2,7 @@
 # Manual changes might be lost - proceed with caution!
 __metadata:
-  version: 8
+  version: 10
  cacheKey: 10
 "@aashutoshrathi/word-wrap@npm:^1.2.3":
Author	SHA1	Message	Date
dependabot[bot]	e9d6b5bb57	build(deps): bump github/codeql-action from 4.36.0 to 4.36.1 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...87557b9c84dde89fdd9b10e88954ac2f4248e463) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-04 10:54:32 +00:00
CrazyMax	0bda481195	Merge pull request #273 from crazy-max/yarn-update update yarn to 4.15.0	2026-05-28 18:45:44 +02:00
CrazyMax	60d57a3e88	update yarn to 4.15.0 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-05-28 15:17:58 +02:00
CrazyMax	58abfcafaa	Merge pull request #271 from docker/sec-cli/ignore-scripts-fix-20260527-193429 ci: add ignore-scripts to Node package manager config (20260527-193429)	2026-05-28 10:01:16 +02:00
securityeng-bot[bot]	4e220bc4c1	ci: enforce ignore-scripts policy for Node package managers	2026-05-27 20:05:10 +00:00
CrazyMax	0234bb73cc	Merge pull request #270 from docker/dependabot/github_actions/docker/setup-buildx-action-4.1.0 build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0	2026-05-27 15:49:10 +02:00
CrazyMax	44285f8ec5	Merge pull request #254 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.89.1 build(deps): bump @docker/actions-toolkit from 0.89.0 to 0.91.0	2026-05-27 15:48:48 +02:00
dependabot[bot]	87e121bf10	build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 12:56:09 +00:00