chore: update generated content

build(deps): bump js-yaml from 4.1.1 to 4.2.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-28 12:50:09 -05:00 · 2026-06-28 15:45:22 +00:00 · 2026-06-28 15:44:33 +00:00 · 2026-06-12 14:11:06 -05:00 · 2026-06-12 18:49:20 +00:00 · 2026-05-28 18:45:44 +02:00
5 changed files with 15 additions and 11 deletions
@@ -1,10 +1,10 @@
 # https://yarnpkg.com/configuration/yarnrc

-compressionLevel: mixed
-enableGlobalCache: false
-enableHardenedMode: true
+nodeLinker: node-modules

 logFilters:
+  - code: YN0004
+    level: discard
  - code: YN0013
    level: discard
  - code: YN0019
@@ -14,4 +14,8 @@ logFilters:
  - code: YN0086
    level: discard

-nodeLinker: node-modules
+compressionLevel: mixed
+enableGlobalCache: false
+enableHardenedMode: true
+enableScripts: false
+npmMinimalAgeGate: 2d
@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /vendor && cp yarn.lock /vendor
+  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor

 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
@@ -1794,7 +1794,7 @@ SOFTWARE.

 The following npm package may be included in this product:

- - js-yaml@4.1.1
+ - js-yaml@4.2.0

 This package contains the following license:

@@ -21,7 +21,7 @@
  ],
  "author": "Docker Inc.",
  "license": "Apache-2.0",
-  "packageManager": "yarn@4.9.2",
+  "packageManager": "yarn@4.15.0",
  "dependencies": {
    "@actions/core": "^3.0.1",
    "@docker/actions-toolkit": "^0.91.0"
@@ -2,7 +2,7 @@
 # Manual changes might be lost - proceed with caution!

 __metadata:
-  version: 8
+  version: 10
  cacheKey: 10

 "@aashutoshrathi/word-wrap@npm:^1.2.3":
@@ -4155,13 +4155,13 @@ __metadata:
  linkType: hard

 "js-yaml@npm:^4.1.0, js-yaml@npm:^4.1.1":
-  version: 4.1.1
-  resolution: "js-yaml@npm:4.1.1"
+  version: 4.2.0
+  resolution: "js-yaml@npm:4.2.0"
  dependencies:
    argparse: "npm:^2.0.1"
  bin:
    js-yaml: bin/js-yaml.js
-  checksum: 10/a52d0519f0f4ef5b4adc1cde466cb54c50d56e2b4a983b9d5c9c0f2f99462047007a6274d7e95617a21d3c91fde3ee6115536ed70991cd645ba8521058b78f77
+  checksum: 10/51de2067a2b44b07ba5206132e56005f8b568ff279bb4d2f645068958c56fa4827d40a6841c983234671fa0a134bf094d0b0717873c2a3d319185297af145a6d
  languageName: node
  linkType: hard
Author	SHA1	Message	Date
github-actions[bot]	869b36c4e6	chore: update generated content	2026-06-28 15:45:22 +00:00
dependabot[bot]	7182ff3087	build(deps): bump js-yaml from 4.1.1 to 4.2.0 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-28 15:44:33 +00:00
temenuzhka-thede	fad6f4094f	Merge pull request #279 from docker/sec-cli/npm-ci-20260612-184919 fix: replace npm install with npm ci (20260612-184919)	2026-06-12 14:11:06 -05:00
securityeng-bot[bot]	1ff0cd31e1	fix: use lockfile-aware install commands	2026-06-12 18:49:20 +00:00
CrazyMax	0bda481195	Merge pull request #273 from crazy-max/yarn-update update yarn to 4.15.0	2026-05-28 18:45:44 +02:00
CrazyMax	60d57a3e88	update yarn to 4.15.0 Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-05-28 15:17:58 +02:00
CrazyMax	58abfcafaa	Merge pull request #271 from docker/sec-cli/ignore-scripts-fix-20260527-193429 ci: add ignore-scripts to Node package manager config (20260527-193429)	2026-05-28 10:01:16 +02:00
securityeng-bot[bot]	4e220bc4c1	ci: enforce ignore-scripts policy for Node package managers	2026-05-27 20:05:10 +00:00