chore: update generated content

build(deps): bump @sigstore/core from 3.1.0 to 3.2.1
Bumps [@sigstore/core](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.2.1. - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1) --- updated-dependencies: - dependency-name: "@sigstore/core" dependency-version: 3.2.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 21:20:07 -05:00 · 2026-06-29 14:18:07 +00:00 · 2026-06-29 14:17:13 +00:00 · 2026-06-29 16:15:25 +02:00 · 2026-06-29 15:05:55 +02:00 · 2026-06-12 14:11:06 -05:00
8 changed files with 121 additions and 132 deletions
@@ -163,7 +163,7 @@ jobs:
          docker run -d -p 5000:5000 --restart=always --name registry registry:2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
        with:
          driver: docker
          driver-opts: network=host
@@ -202,7 +202,7 @@ jobs:
          docker run -d -p 5000:5000 --restart=always --name registry registry:2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
+        uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
        with:
          driver: docker
          driver-opts: network=host
@@ -1,10 +1,10 @@
 # https://yarnpkg.com/configuration/yarnrc

-compressionLevel: mixed
-enableGlobalCache: false
-enableHardenedMode: true
+nodeLinker: node-modules

 logFilters:
+  - code: YN0004
+    level: discard
  - code: YN0013
    level: discard
  - code: YN0019
@@ -14,4 +14,8 @@ logFilters:
  - code: YN0086
    level: discard

-nodeLinker: node-modules
+compressionLevel: mixed
+enableGlobalCache: false
+enableHardenedMode: true
+enableScripts: false
+npmMinimalAgeGate: 2d
@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /vendor && cp yarn.lock /vendor
+  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor

 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
@@ -4,7 +4,6 @@ https://www.npmjs.com/package/generate-license-file
 The following npm packages may be included in this product:

 - @sigstore/bundle@4.0.0
- - @sigstore/core@3.2.0
 - @sigstore/core@3.2.1
 - @sigstore/protobuf-specs@0.5.0
 - @sigstore/sign@4.1.1
@@ -4,7 +4,7 @@
  "type": "module",
  "main": "src/main.ts",
  "scripts": {
-    "build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
+    "build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify --keep-names && yarn run license",
    "lint": "eslint --max-warnings=0 .",
    "format": "eslint --fix .",
    "test": "vitest run",
@@ -21,7 +21,7 @@
  ],
  "author": "Docker Inc.",
  "license": "Apache-2.0",
-  "packageManager": "yarn@4.9.2",
+  "packageManager": "yarn@4.15.0",
  "dependencies": {
    "@actions/core": "^3.0.1",
    "@docker/actions-toolkit": "^0.91.0"
@@ -2,7 +2,7 @@
 # Manual changes might be lost - proceed with caution!

 __metadata:
-  version: 8
+  version: 10
  cacheKey: 10

 "@aashutoshrathi/word-wrap@npm:^1.2.3":
@@ -1653,21 +1653,7 @@ __metadata:
  languageName: node
  linkType: hard

-"@sigstore/core@npm:^3.1.0":
-  version: 3.1.0
-  resolution: "@sigstore/core@npm:3.1.0"
-  checksum: 10/c7a2e2d32f52494b40d9c469bc2241cc5d14d5f93fa028f099dcfe403443713f90ef3178684ee11c32e078a4b9fad79500746dfef10f10044c7fa00c909f3760
-  languageName: node
-  linkType: hard
-
-"@sigstore/core@npm:^3.2.0":
-  version: 3.2.0
-  resolution: "@sigstore/core@npm:3.2.0"
-  checksum: 10/2425d20297d57a5f5a62f0e6c2f4280818015ea00b3defebdac63f13c7d01db988602c316c16e374ba091c3649dd9a22ae8c9ba3ac165f736b0503164c5da5f5
-  languageName: node
-  linkType: hard
-
-"@sigstore/core@npm:^3.2.1":
+"@sigstore/core@npm:^3.1.0, @sigstore/core@npm:^3.2.0, @sigstore/core@npm:^3.2.1":
  version: 3.2.1
  resolution: "@sigstore/core@npm:3.2.1"
  checksum: 10/2f6c1ced55f8ed3f7fc705a668eb95db9471511dfb1f054927822bf97a051dd62228ecf6a9f1932d240c2c4ae69a3b5066550789e5ad8f4257839a4370e5a120
Author	SHA1	Message	Date
github-actions[bot]	b228dba1db	chore: update generated content	2026-06-29 14:18:07 +00:00
dependabot[bot]	7fd454c341	build(deps): bump @sigstore/core from 3.1.0 to 3.2.1 Bumps [@sigstore/core](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.2.1. - [Release notes](https://github.com/sigstore/sigstore-js/releases) - [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1) --- updated-dependencies: - dependency-name: "@sigstore/core" dependency-version: 3.2.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-29 14:17:13 +00:00
CrazyMax	041b2bc7bf	Merge pull request #284 from crazy-max/fix-esbuild preserve names in esbuild bundle	2026-06-29 16:15:25 +02:00
CrazyMax	b99bfad9ec	preserve names in esbuild bundle Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-06-29 15:05:55 +02:00
temenuzhka-thede	fad6f4094f	Merge pull request #279 from docker/sec-cli/npm-ci-20260612-184919 fix: replace npm install with npm ci (20260612-184919)	2026-06-12 14:11:06 -05:00
securityeng-bot[bot]	1ff0cd31e1	fix: use lockfile-aware install commands	2026-06-12 18:49:20 +00:00
CrazyMax	0bda481195	Merge pull request #273 from crazy-max/yarn-update update yarn to 4.15.0	2026-05-28 18:45:44 +02:00
CrazyMax	60d57a3e88	update yarn to 4.15.0 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-05-28 15:17:58 +02:00
CrazyMax	58abfcafaa	Merge pull request #271 from docker/sec-cli/ignore-scripts-fix-20260527-193429 ci: add ignore-scripts to Node package manager config (20260527-193429)	2026-05-28 10:01:16 +02:00
securityeng-bot[bot]	4e220bc4c1	ci: enforce ignore-scripts policy for Node package managers	2026-05-27 20:05:10 +00:00
CrazyMax	0234bb73cc	Merge pull request #270 from docker/dependabot/github_actions/docker/setup-buildx-action-4.1.0 build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0	2026-05-27 15:49:10 +02:00
CrazyMax	44285f8ec5	Merge pull request #254 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.89.1 build(deps): bump @docker/actions-toolkit from 0.89.0 to 0.91.0	2026-05-27 15:48:48 +02:00
dependabot[bot]	87e121bf10	build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 12:56:09 +00:00