Compare commits

...

84 Commits

Author SHA1 Message Date
CrazyMax 330640ae37 Merge pull request #299 from crazy-max/group-codeql-dependabot-updates
chore: group codeql dependabot updates
2026-07-09 13:59:38 +02:00
CrazyMax 411db23e63 chore: group codeql dependabot updates
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-09 12:43:17 +02:00
CrazyMax ff59fa72d6 Merge pull request #296 from docker/dependabot/github_actions/github/codeql-action/init-4.36.3
build(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3
2026-07-06 13:04:32 +02:00
CrazyMax 9e9d3033b3 Merge pull request #297 from docker/dependabot/github_actions/github/codeql-action/analyze-4.36.3
build(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3
2026-07-06 13:04:02 +02:00
dependabot[bot] 79cff6f67d build(deps): bump github/codeql-action/analyze from 4.36.2 to 4.36.3
Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a)

---
updated-dependencies:
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 10:55:27 +00:00
dependabot[bot] dc540c693e build(deps): bump github/codeql-action/init from 4.36.2 to 4.36.3
Bumps [github/codeql-action/init](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a)

---
updated-dependencies:
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 10:54:10 +00:00
CrazyMax 0e16b37354 Merge pull request #291 from docker/dependabot/npm_and_yarn/sigstore/verify-3.1.1
build(deps): bump @sigstore/verify from 3.1.0 to 3.1.1
2026-07-03 11:15:48 +02:00
dependabot[bot] 3eec0ee8b2 build(deps): bump @sigstore/verify from 3.1.0 to 3.1.1
Bumps [@sigstore/verify](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

---
updated-dependencies:
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 02:59:06 +00:00
CrazyMax 6d7cfa65f6 Merge pull request #290 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.92.0
build(deps): bump @docker/actions-toolkit from 0.91.0 to 0.92.0
2026-07-01 15:38:07 +02:00
github-actions[bot] 77ac140b73 [dependabot skip] chore: update generated content 2026-07-01 13:15:25 +00:00
dependabot[bot] b9f0330e02 build(deps): bump @docker/actions-toolkit from 0.91.0 to 0.92.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.91.0 to 0.92.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.91.0...v0.92.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.92.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 13:14:31 +00:00
CrazyMax 8ec1dbe7c0 Merge pull request #283 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
build(deps): bump js-yaml from 4.1.1 to 4.3.0
2026-07-01 15:12:15 +02:00
CrazyMax d85e7e7b4d Merge pull request #282 from docker/dependabot/npm_and_yarn/undici-6.27.0
build(deps): bump undici from 6.25.0 to 6.27.0
2026-07-01 15:11:47 +02:00
github-actions[bot] d79fe8d950 [dependabot skip] chore: update generated content 2026-07-01 12:47:45 +00:00
dependabot[bot] fdb834de31 build(deps): bump undici from 6.25.0 to 6.27.0
Bumps [undici](https://github.com/nodejs/undici) from 6.25.0 to 6.27.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.25.0...v6.27.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:46:56 +00:00
CrazyMax 8a78e7071e Merge pull request #280 from docker/dependabot/npm_and_yarn/tmp-0.2.7
build(deps): bump tmp from 0.2.6 to 0.2.7
2026-07-01 14:44:15 +02:00
CrazyMax 1089dbe3aa Merge pull request #289 from docker/dependabot/github_actions/actions/checkout-7.0.0
build(deps): bump actions/checkout from 6.0.3 to 7.0.0
2026-07-01 14:43:53 +02:00
dependabot[bot] a544c85209 build(deps): bump actions/checkout from 6.0.3 to 7.0.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:33:21 +00:00
github-actions[bot] 97c520c7cb [dependabot skip] chore: update generated content 2026-07-01 12:32:51 +00:00
github-actions[bot] a5c3af390d [dependabot skip] chore: update generated content 2026-07-01 12:32:39 +00:00
CrazyMax d5f7034d61 Merge pull request #276 from docker/dependabot/github_actions/crazy-max-dot-github-a6a0ecf511
build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
2026-07-01 14:32:17 +02:00
dependabot[bot] d080e951a7 build(deps): bump tmp from 0.2.6 to 0.2.7
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.6 to 0.2.7.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.6...v0.2.7)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:32:00 +00:00
CrazyMax 0411cc11d7 Merge pull request #272 from docker/dependabot/github_actions/docker/build-push-action-7.2.0
build(deps): bump docker/build-push-action from 7.1.0 to 7.2.0
2026-07-01 14:31:55 +02:00
dependabot[bot] 9a7f322a49 build(deps): bump js-yaml from 4.1.1 to 4.3.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.3.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.3.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:31:44 +00:00
CrazyMax fd72ef3a31 Merge pull request #274 from docker/dependabot/github_actions/actions/checkout-6.0.3
build(deps): bump actions/checkout from 6.0.2 to 6.0.3
2026-07-01 14:31:32 +02:00
CrazyMax 7f95dd803a Merge pull request #277 from docker/dependabot/github_actions/codecov/codecov-action-7.0.0
build(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
2026-07-01 14:31:10 +02:00
CrazyMax d4da92b8a7 Merge pull request #278 from docker/dependabot/github_actions/github/codeql-action-4.36.2
build(deps): bump github/codeql-action from 4.36.0 to 4.36.2
2026-07-01 14:30:47 +02:00
CrazyMax 94a1119429 Merge pull request #285 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
build(deps): bump @sigstore/core from 3.1.0 to 3.2.1
2026-07-01 14:29:45 +02:00
CrazyMax cdd694a620 Merge pull request #286 from docker/dependabot/npm_and_yarn/vite-7.3.6
build(deps): bump vite from 7.3.2 to 7.3.6
2026-07-01 14:29:14 +02:00
dependabot[bot] f4d981c6f9 build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/9ba6e6f9450baf3b1237f8035c1fdc45932510bd...46267a6e61cd56aac2fc79943df180152f4c89d6)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/9ba6e6f9450baf3b1237f8035c1fdc45932510bd...46267a6e61cd56aac2fc79943df180152f4c89d6)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 10:52:44 +00:00
CrazyMax 9f0d36ef30 Merge pull request #287 from crazy-max/dependabot-skip-update-dist
dependabot: skip for update-dist commits
2026-07-01 12:51:14 +02:00
CrazyMax d740fd856a Merge pull request #288 from crazy-max/fix-yarn-preapprove-actions-toolkit
chore: allow actions-toolkit to bypass yarn age gate
2026-07-01 12:51:11 +02:00
CrazyMax f31060ea9c chore: allow actions-toolkit to bypass yarn age gate
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-01 11:43:35 +02:00
CrazyMax e4f1214baf dependabot: skip for update-dist commits
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-30 11:09:35 +02:00
github-actions[bot] b228dba1db chore: update generated content 2026-06-29 14:18:07 +00:00
dependabot[bot] 30bf55a774 build(deps): bump vite from 7.3.2 to 7.3.6
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.2 to 7.3.6.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:17:16 +00:00
dependabot[bot] 7fd454c341 build(deps): bump @sigstore/core from 3.1.0 to 3.2.1
Bumps [@sigstore/core](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.2.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1)

---
updated-dependencies:
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:17:13 +00:00
CrazyMax 041b2bc7bf Merge pull request #284 from crazy-max/fix-esbuild
preserve names in esbuild bundle
2026-06-29 16:15:25 +02:00
CrazyMax b99bfad9ec preserve names in esbuild bundle
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-29 15:05:55 +02:00
temenuzhka-thede fad6f4094f Merge pull request #279 from docker/sec-cli/npm-ci-20260612-184919
fix: replace npm install with npm ci (20260612-184919)
2026-06-12 14:11:06 -05:00
securityeng-bot[bot] 1ff0cd31e1 fix: use lockfile-aware install commands 2026-06-12 18:49:20 +00:00
dependabot[bot] 6fb0473f2c build(deps): bump github/codeql-action from 4.36.0 to 4.36.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 10:54:32 +00:00
dependabot[bot] 54f1ae7054 build(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.1 to 7.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/e79a6962e0d4c0c17b229090214935d2e33f8354...fb8b3582c8e4def4969c97caa2f19720cb33a72f)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 10:53:12 +00:00
dependabot[bot] f090a805c3 build(deps): bump actions/checkout from 6.0.2 to 6.0.3
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...df4cb1c069e1874edd31b4311f1884172cec0e10)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-04 10:52:51 +00:00
CrazyMax 0bda481195 Merge pull request #273 from crazy-max/yarn-update
update yarn to 4.15.0
2026-05-28 18:45:44 +02:00
CrazyMax 60d57a3e88 update yarn to 4.15.0
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-05-28 15:17:58 +02:00
dependabot[bot] cd60ef5ef6 build(deps): bump docker/build-push-action from 7.1.0 to 7.2.0
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/bcafcacb16a39f128d818304e6c9c0c18556b85f...f9f3042f7e2789586610d6e8b85c8f03e5195baf)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 11:41:31 +00:00
CrazyMax 58abfcafaa Merge pull request #271 from docker/sec-cli/ignore-scripts-fix-20260527-193429
ci: add ignore-scripts to Node package manager config (20260527-193429)
2026-05-28 10:01:16 +02:00
securityeng-bot[bot] 4e220bc4c1 ci: enforce ignore-scripts policy for Node package managers 2026-05-27 20:05:10 +00:00
CrazyMax 0234bb73cc Merge pull request #270 from docker/dependabot/github_actions/docker/setup-buildx-action-4.1.0
build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
2026-05-27 15:49:10 +02:00
CrazyMax 44285f8ec5 Merge pull request #254 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.89.1
build(deps): bump @docker/actions-toolkit from 0.89.0 to 0.91.0
2026-05-27 15:48:48 +02:00
github-actions[bot] 78c7044ff0 chore: update generated content 2026-05-27 13:04:14 +00:00
dependabot[bot] 369dbb98cc build(deps): bump @docker/actions-toolkit from 0.89.0 to 0.91.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.89.0 to 0.91.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.89.0...v0.91.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.89.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 13:03:12 +00:00
CrazyMax c236cd3580 Merge pull request #255 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
build(deps): bump @actions/core from 3.0.0 to 3.0.1
2026-05-27 15:00:03 +02:00
dependabot[bot] 87e121bf10 build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 12:56:09 +00:00
github-actions[bot] 2224adcf46 chore: update generated content 2026-05-27 12:29:48 +00:00
dependabot[bot] 1c3d74e8a2 build(deps): bump @actions/core from 3.0.0 to 3.0.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 3.0.0 to 3.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 12:28:48 +00:00
CrazyMax e9b16567bf Merge pull request #269 from docker/dependabot/npm_and_yarn/tmp-0.2.6
build(deps): bump tmp from 0.2.5 to 0.2.6
2026-05-27 14:26:43 +02:00
github-actions[bot] 17fa16660f chore: update generated content 2026-05-27 11:58:59 +00:00
dependabot[bot] b28f70d671 build(deps): bump tmp from 0.2.5 to 0.2.6
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.6.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.6)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 11:57:27 +00:00
CrazyMax 3982a48a43 Merge pull request #257 from docker/dependabot/npm_and_yarn/ip-address-10.2.0
build(deps): bump ip-address from 10.0.1 to 10.2.0
2026-05-27 13:53:18 +02:00
CrazyMax 64bee0049b Merge pull request #258 from docker/dependabot/npm_and_yarn/fast-xml-builder-1.2.0
build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0
2026-05-27 13:52:23 +02:00
CrazyMax 0bcbea0acb Merge pull request #260 from docker/dependabot/github_actions/crazy-max-dot-github-6667ecc476
build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
2026-05-27 13:51:52 +02:00
CrazyMax 1b7699b094 Merge pull request #261 from docker/dependabot/github_actions/actions/create-github-app-token-3.2.0
build(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0
2026-05-27 13:51:25 +02:00
CrazyMax 8c6801a431 Merge pull request #263 from docker/dependabot/github_actions/codecov/codecov-action-6.0.1
build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
2026-05-27 13:51:01 +02:00
CrazyMax 11edc305c1 Merge pull request #265 from docker/dependabot/npm_and_yarn/postcss-8.5.15
build(deps): bump postcss from 8.5.6 to 8.5.15
2026-05-27 13:50:38 +02:00
CrazyMax 6a81ef6418 Merge pull request #266 from docker/dependabot/npm_and_yarn/tootallnate/once-2.0.1
build(deps): bump @tootallnate/once from 2.0.0 to 2.0.1
2026-05-27 13:49:49 +02:00
CrazyMax dac2b12349 Merge pull request #268 from docker/dependabot/github_actions/github/codeql-action-4.36.0
build(deps): bump github/codeql-action from 4.35.2 to 4.36.0
2026-05-27 13:33:26 +02:00
CrazyMax 39d205b5f9 Merge pull request #267 from docker/dependabot/github_actions/docker/bake-action-7.2.0
build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
2026-05-27 13:33:04 +02:00
dependabot[bot] c812f562ec build(deps): bump github/codeql-action from 4.35.2 to 4.36.0
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-25 16:34:20 +00:00
dependabot[bot] de945fee55 build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/a66e1c87e2eca0503c343edf1d208c716d54b8a8...6614cfa25eff9a0b2b2697efb0b6159e7680d584)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-25 16:32:28 +00:00
dependabot[bot] 6a117706c3 build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.7.1 to 1.8.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/64a0bfaf6e6bb1c448d6e4c42b11034ee7094f16...9ba6e6f9450baf3b1237f8035c1fdc45932510bd)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.7.1 to 1.8.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/64a0bfaf6e6bb1c448d6e4c42b11034ee7094f16...9ba6e6f9450baf3b1237f8035c1fdc45932510bd)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-22 10:53:09 +00:00
dependabot[bot] 3b19da1dc2 build(deps): bump @tootallnate/once from 2.0.0 to 2.0.1
Bumps [@tootallnate/once](https://github.com/TooTallNate/once) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md)
- [Commits](https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: "@tootallnate/once"
  dependency-version: 2.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-22 05:43:25 +00:00
dependabot[bot] f345107e4d build(deps): bump postcss from 8.5.6 to 8.5.15
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.15.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.15)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-21 13:00:38 +00:00
CrazyMax 328f2e0797 Merge pull request #264 from crazy-max/zizmor-fixes
ci: restrict update-dist GitHub App token scope
2026-05-21 14:58:38 +02:00
CrazyMax 9360424f67 ci: restrict update-dist GitHub App token scope
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-05-21 14:30:10 +02:00
dependabot[bot] 9f8cbcbd32 build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-20 16:38:28 +00:00
dependabot[bot] 257b686322 build(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-14 10:54:58 +00:00
github-actions[bot] ea01e16081 chore: update generated content 2026-05-08 18:04:33 +00:00
dependabot[bot] 91f1665f03 build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0
Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.5 to 1.2.0.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.5...v1.2.0)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-08 18:03:38 +00:00
github-actions[bot] dbea15d3de chore: update generated content 2026-05-07 01:35:18 +00:00
dependabot[bot] 3eee7fbc0d build(deps): bump ip-address from 10.0.1 to 10.2.0
Bumps [ip-address](https://github.com/beaugunderson/ip-address) from 10.0.1 to 10.2.0.
- [Commits](https://github.com/beaugunderson/ip-address/commits)

---
updated-dependencies:
- dependency-name: ip-address
  dependency-version: 10.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-07 01:34:21 +00:00
Paweł Gronowski f6ea87cae1 Merge pull request #253 from crazy-max/ci-bump-macos
ci: update macos runners to 26
2026-04-24 16:52:32 +02:00
CrazyMax b7bb222773 ci: update macos runners to 26
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-04-24 15:38:03 +02:00
16 changed files with 909 additions and 1084 deletions
+3
View File
@@ -10,6 +10,9 @@ updates:
crazy-max-dot-github: crazy-max-dot-github:
patterns: patterns:
- "crazy-max/.github/*" - "crazy-max/.github/*"
codeql-actions:
patterns:
- "github/codeql-action/*"
labels: labels:
- "dependencies" - "dependencies"
- "bot" - "bot"
+25 -25
View File
@@ -32,7 +32,7 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
- ubuntu-24.04-arm - ubuntu-24.04-arm
- macos-15-intel - macos-26-large
- windows-latest - windows-latest
version: version:
- "" - ""
@@ -41,7 +41,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -56,12 +56,12 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
- ubuntu-24.04-arm - ubuntu-24.04-arm
- macos-15-intel - macos-26-large
- windows-latest - windows-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -77,12 +77,12 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
- ubuntu-24.04-arm - ubuntu-24.04-arm
- macos-15-intel - macos-26-large
- windows-latest - windows-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -104,12 +104,12 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
- ubuntu-24.04-arm - ubuntu-24.04-arm
- macos-15-intel - macos-26-large
- windows-latest - windows-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -122,11 +122,11 @@ jobs:
docker context inspect foo docker context inspect foo
lima-start-args: lima-start-args:
runs-on: macos-15-intel runs-on: macos-26-large
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -146,7 +146,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Uninstall containerd name: Uninstall containerd
if: matrix.containerd == 'containerd-tarball' if: matrix.containerd == 'containerd-tarball'
@@ -163,13 +163,13 @@ jobs:
docker run -d -p 5000:5000 --restart=always --name registry registry:2 docker run -d -p 5000:5000 --restart=always --name registry registry:2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
with: with:
driver: docker driver: docker
driver-opts: network=host driver-opts: network=host
- -
name: Build and push name: Build and push
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with: with:
context: ./test context: ./test
push: true push: true
@@ -186,11 +186,11 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
os: os:
- macos-15-intel - macos-26-large
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -202,13 +202,13 @@ jobs:
docker run -d -p 5000:5000 --restart=always --name registry registry:2 docker run -d -p 5000:5000 --restart=always --name registry registry:2
- -
name: Set up Docker Buildx name: Set up Docker Buildx
uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
with: with:
driver: docker driver: docker
driver-opts: network=host driver-opts: network=host
- -
name: Build and push name: Build and push
uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 uses: docker/build-push-action@f9f3042f7e2789586610d6e8b85c8f03e5195baf # v7.2.0
with: with:
context: ./test context: ./test
push: true push: true
@@ -224,7 +224,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -245,7 +245,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -262,7 +262,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -282,12 +282,12 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
- ubuntu-24.04-arm - ubuntu-24.04-arm
- macos-15-intel - macos-26-large
- windows-latest - windows-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
id: setup_docker id: setup_docker
@@ -316,7 +316,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
@@ -333,12 +333,12 @@ jobs:
matrix: matrix:
os: os:
- ubuntu-latest - ubuntu-latest
- macos-15-intel - macos-26-large
- windows-latest - windows-latest
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Set up Docker name: Set up Docker
uses: ./ uses: ./
+3 -3
View File
@@ -22,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Enable corepack name: Enable corepack
run: | run: |
@@ -35,12 +35,12 @@ jobs:
node-version: ${{ env.NODE_VERSION }} node-version: ${{ env.NODE_VERSION }}
- -
name: Initialize CodeQL name: Initialize CodeQL
uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with: with:
languages: javascript-typescript languages: javascript-typescript
build-mode: none build-mode: none
- -
name: Perform CodeQL Analysis name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with: with:
category: "/language:javascript-typescript" category: "/language:javascript-typescript"
+1 -1
View File
@@ -11,7 +11,7 @@ on:
jobs: jobs:
run: run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@64a0bfaf6e6bb1c448d6e4c42b11034ee7094f16 # v1.7.1 uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
permissions: permissions:
contents: read contents: read
pull-requests: write pull-requests: write
+1 -1
View File
@@ -22,7 +22,7 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Publish name: Publish
uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4 uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
+3 -3
View File
@@ -20,16 +20,16 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Test name: Test
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0 uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
source: . source: .
targets: test targets: test
- -
name: Upload coverage name: Upload coverage
uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0 uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
with: with:
files: ./coverage/clover.xml files: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }} token: ${{ secrets.CODECOV_TOKEN }}
+6 -4
View File
@@ -21,21 +21,23 @@ jobs:
- -
name: GitHub auth token from GitHub App name: GitHub auth token from GitHub App
id: docker-read-app id: docker-read-app
uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1 uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with: with:
app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }} app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }} private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
owner: docker owner: docker
repositories: setup-docker-action
permission-contents: write
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with: with:
ref: ${{ github.event.pull_request.head.ref }} ref: ${{ github.event.pull_request.head.ref }}
fetch-depth: 0 fetch-depth: 0
token: ${{ steps.docker-read-app.outputs.token }} token: ${{ steps.docker-read-app.outputs.token }}
- -
name: Build name: Build
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0 uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
source: . source: .
targets: build targets: build
@@ -48,7 +50,7 @@ jobs:
git config user.name "github-actions[bot]" git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add dist git add dist
git commit -m "chore: update generated content" git commit -m "[dependabot skip] chore: update generated content"
git push git push
) )
else else
+3 -3
View File
@@ -22,11 +22,11 @@ jobs:
steps: steps:
- -
name: Checkout name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- -
name: Generate matrix name: Generate matrix
id: generate id: generate
uses: docker/bake-action/subaction/matrix@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0 uses: docker/bake-action/subaction/matrix@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
target: validate target: validate
@@ -41,6 +41,6 @@ jobs:
steps: steps:
- -
name: Validate name: Validate
uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0 uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
with: with:
targets: ${{ matrix.target }} targets: ${{ matrix.target }}
+1 -1
View File
@@ -19,7 +19,7 @@ on:
jobs: jobs:
zizmor: zizmor:
uses: crazy-max/.github/.github/workflows/zizmor.yml@64a0bfaf6e6bb1c448d6e4c42b11034ee7094f16 # v1.7.1 uses: crazy-max/.github/.github/workflows/zizmor.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
permissions: permissions:
contents: read contents: read
security-events: write security-events: write
+11 -4
View File
@@ -1,10 +1,10 @@
# https://yarnpkg.com/configuration/yarnrc # https://yarnpkg.com/configuration/yarnrc
compressionLevel: mixed nodeLinker: node-modules
enableGlobalCache: false
enableHardenedMode: true
logFilters: logFilters:
- code: YN0004
level: discard
- code: YN0013 - code: YN0013
level: discard level: discard
- code: YN0019 - code: YN0019
@@ -14,4 +14,11 @@ logFilters:
- code: YN0086 - code: YN0086
level: discard level: discard
nodeLinker: node-modules npmPreapprovedPackages:
- "@docker/actions-toolkit"
compressionLevel: mixed
enableGlobalCache: false
enableHardenedMode: true
enableScripts: false
npmMinimalAgeGate: 2d
+1 -1
View File
@@ -17,7 +17,7 @@ FROM base AS deps
RUN --mount=type=bind,target=.,rw \ RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \ --mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \ --mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update FROM scratch AS vendor-update
COPY --from=deps /vendor / COPY --from=deps /vendor /
Generated Vendored
+104 -104
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+4 -4
View File
File diff suppressed because one or more lines are too long
Generated Vendored
+305 -689
View File
File diff suppressed because it is too large Load Diff
+4 -4
View File
@@ -4,7 +4,7 @@
"type": "module", "type": "module",
"main": "src/main.ts", "main": "src/main.ts",
"scripts": { "scripts": {
"build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license", "build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify --keep-names && yarn run license",
"lint": "eslint --max-warnings=0 .", "lint": "eslint --max-warnings=0 .",
"format": "eslint --fix .", "format": "eslint --fix .",
"test": "vitest run", "test": "vitest run",
@@ -21,10 +21,10 @@
], ],
"author": "Docker Inc.", "author": "Docker Inc.",
"license": "Apache-2.0", "license": "Apache-2.0",
"packageManager": "yarn@4.9.2", "packageManager": "yarn@4.15.0",
"dependencies": { "dependencies": {
"@actions/core": "^3.0.0", "@actions/core": "^3.0.1",
"@docker/actions-toolkit": "^0.89.0" "@docker/actions-toolkit": "^0.92.0"
}, },
"devDependencies": { "devDependencies": {
"@eslint/js": "^9.39.3", "@eslint/js": "^9.39.3",
+434 -237
View File
File diff suppressed because it is too large Load Diff