Compare commits

...

8 Commits

Author SHA1 Message Date
CrazyMax 330640ae37 Merge pull request #299 from crazy-max/group-codeql-dependabot-updates
chore: group codeql dependabot updates
2026-07-09 13:59:38 +02:00
CrazyMax 411db23e63 chore: group codeql dependabot updates
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-09 12:43:17 +02:00
CrazyMax ff59fa72d6 Merge pull request #296 from docker/dependabot/github_actions/github/codeql-action/init-4.36.3
build(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3
2026-07-06 13:04:32 +02:00
CrazyMax 9e9d3033b3 Merge pull request #297 from docker/dependabot/github_actions/github/codeql-action/analyze-4.36.3
build(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3
2026-07-06 13:04:02 +02:00
dependabot[bot] 79cff6f67d build(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3
Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a)

---
updated-dependencies:
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 10:55:27 +00:00
dependabot[bot] dc540c693e build(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3
Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a)

---
updated-dependencies:
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 10:54:10 +00:00
CrazyMax 0e16b37354 Merge pull request #291 from docker/dependabot/npm_and_yarn/sigstore/verify-3.1.1
build(deps): bump @sigstore/verify from 3.1.0 to 3.1.1
2026-07-03 11:15:48 +02:00
dependabot[bot] 3eec0ee8b2 build(deps): bump @sigstore/verify from 3.1.0 to 3.1.1
Bumps [@sigstore/verify](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

---
updated-dependencies:
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 02:59:06 +00:00
3 changed files with 10 additions and 7 deletions
+3
View File
@@ -10,6 +10,9 @@ updates:
crazy-max-dot-github:
patterns:
- "crazy-max/.github/*"
codeql-actions:
patterns:
- "github/codeql-action/*"
labels:
- "dependencies"
- "bot"
+2 -2
View File
@@ -35,12 +35,12 @@ jobs:
node-version: ${{ env.NODE_VERSION }}
-
name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with:
languages: javascript-typescript
build-mode: none
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with:
category: "/language:javascript-typescript"
+5 -5
View File
@@ -1661,7 +1661,7 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/core@npm:^3.1.0":
"@sigstore/core@npm:^3.1.0, @sigstore/core@npm:^3.2.1":
version: 3.2.1
resolution: "@sigstore/core@npm:3.2.1"
checksum: 10/2f6c1ced55f8ed3f7fc705a668eb95db9471511dfb1f054927822bf97a051dd62228ecf6a9f1932d240c2c4ae69a3b5066550789e5ad8f4257839a4370e5a120
@@ -1717,13 +1717,13 @@ __metadata:
linkType: hard
"@sigstore/verify@npm:^3.1.0":
version: 3.1.0
resolution: "@sigstore/verify@npm:3.1.0"
version: 3.1.1
resolution: "@sigstore/verify@npm:3.1.1"
dependencies:
"@sigstore/bundle": "npm:^4.0.0"
"@sigstore/core": "npm:^3.1.0"
"@sigstore/core": "npm:^3.2.1"
"@sigstore/protobuf-specs": "npm:^0.5.0"
checksum: 10/c85713cc326236ef39608e4b061c1192306fd3edd7a1334237d5d53dbb132f04e3f9d3cfd4bb2d521bf0c95a9f98945a748c97ecb06e5f36cfd09488a0d3d73f
checksum: 10/4cb24b0e62b85ebf2b62698041e0dc212d152fd40a95c05c237357c992265a23e5789f86b138bea2eea0c5f6b994974d968f03dde9c692a514f96ae4b26f31a9
languageName: node
linkType: hard