Commit Graph
205 Commits
Author SHA1 Message Date
github-actions[bot] 310654b5cc [dependabot skip] chore: update generated content 2026-07-01 12:21:25 +00:00
dependabot[bot]andGitHub 2f4a3092b7 chore(deps): bump @docker/actions-toolkit from 0.91.0 to 0.92.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.91.0 to 0.92.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.91.0...v0.92.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.92.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:20:38 +00:00
CrazyMaxandGitHub 7d865ffaf9 Merge pull request #111 from docker/dependabot/npm_and_yarn/undici-6.27.0
chore(deps): bump undici from 6.26.0 to 6.27.0
2026-07-01 14:18:04 +02:00
github-actions[bot] a11ad46116 [dependabot skip] chore: update generated content 2026-07-01 12:13:46 +00:00
dependabot[bot]andGitHub ea03e82695 chore(deps): bump undici from 6.26.0 to 6.27.0
Bumps [undici](https://github.com/nodejs/undici) from 6.26.0 to 6.27.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.26.0...v6.27.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:12:52 +00:00
CrazyMaxandGitHub d37dd72e1d Merge pull request #118 from docker/dependabot/npm_and_yarn/js-yaml-4.3.0
chore(deps): bump js-yaml from 4.1.1 to 4.3.0
2026-07-01 14:12:47 +02:00
github-actions[bot] 146a460e6d [dependabot skip] chore: update generated content 2026-07-01 12:10:56 +00:00
CrazyMaxandGitHub d3b0309f78 Merge pull request #108 from docker/dependabot/npm_and_yarn/tmp-0.2.7
chore(deps): bump tmp from 0.2.6 to 0.2.7
2026-07-01 14:10:15 +02:00
dependabot[bot]andGitHub e04d0bad3c chore(deps): bump js-yaml from 4.1.1 to 4.3.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.3.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.3.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:09:59 +00:00
github-actions[bot] cb0af0a09b [dependabot skip] chore: update generated content 2026-07-01 12:09:39 +00:00
CrazyMaxandGitHub fd436c18c9 Merge pull request #109 from docker/dependabot/github_actions/actions/checkout-7.0.0
chore(deps): bump actions/checkout from 6.0.2 to 7.0.0
2026-07-01 14:09:05 +02:00
dependabot[bot]andGitHub ae64015cc2 chore(deps): bump tmp from 0.2.6 to 0.2.7
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.6 to 0.2.7.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.6...v0.2.7)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:08:51 +00:00
CrazyMaxandGitHub 6ba698af1b Merge pull request #106 from docker/dependabot/github_actions/codecov/codecov-action-7.0.0
chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
2026-07-01 14:08:41 +02:00
CrazyMaxandGitHub daf7ec5eda Merge pull request #104 from docker/dependabot/github_actions/crazy-max-dot-github-a6a0ecf511
chore(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
2026-07-01 14:08:14 +02:00
CrazyMaxandGitHub bf10f6e6a0 Merge pull request #105 from docker/dependabot/github_actions/github/codeql-action-4.36.2
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.2
2026-07-01 14:07:51 +02:00
CrazyMaxandGitHub a55b08de68 Merge pull request #110 from docker/dependabot/npm_and_yarn/vite-7.3.5
chore(deps): bump vite from 7.3.3 to 7.3.6
2026-07-01 14:07:01 +02:00
CrazyMaxandGitHub 2a56b96c64 Merge pull request #115 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
chore(deps): bump @sigstore/core from 3.1.0 to 3.2.1
2026-07-01 14:06:21 +02:00
CrazyMaxandGitHub 398185fd5e Merge pull request #117 from crazy-max/fix-yarn-preapprove-actions-toolkit
chore: allow actions-toolkit to bypass yarn age gate
2026-07-01 12:50:50 +02:00
CrazyMaxandGitHub 0b6d64dd19 Merge pull request #116 from crazy-max/dependabot-skip-update-dist
dependabot: skip for update-dist commits
2026-07-01 12:50:41 +02:00
CrazyMax b7884b55c0 chore: allow actions-toolkit to bypass yarn age gate
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-01 11:43:34 +02:00
CrazyMax 31417945f5 dependabot: skip for update-dist commits
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-30 11:09:28 +02:00
dependabot[bot]andGitHub 9668eca79b chore(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/9ba6e6f9450baf3b1237f8035c1fdc45932510bd...46267a6e61cd56aac2fc79943df180152f4c89d6)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/9ba6e6f9450baf3b1237f8035c1fdc45932510bd...46267a6e61cd56aac2fc79943df180152f4c89d6)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-30 01:32:44 +00:00
dependabot[bot]andGitHub a4632bf49a chore(deps): bump vite from 7.3.3 to 7.3.6
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.3 to 7.3.6.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:18:30 +00:00
github-actions[bot] e94f5ff3d8 chore: update generated content 2026-06-29 14:17:52 +00:00
dependabot[bot]andGitHub 51d5930742 chore(deps): bump @sigstore/core from 3.1.0 to 3.2.1
Bumps [@sigstore/core](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.2.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1)

---
updated-dependencies:
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:17:00 +00:00
CrazyMaxandGitHub a8074e13c2 Merge pull request #114 from crazy-max/fix-esbuild
preserve names in esbuild bundle
2026-06-29 16:15:18 +02:00
CrazyMax 7fbdfd3c1a preserve names in esbuild bundle
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-29 15:04:20 +02:00
dependabot[bot]andGitHub 09ed12acf8 chore(deps): bump actions/checkout from 6.0.2 to 7.0.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-19 01:32:46 +00:00
Alexandre Vallières-LagacéandGitHub 6fe408f5ba Merge pull request #107 from docker/sec-cli/npm-ci-20260615-142203
fix: replace npm install with npm ci (20260615-142203)
2026-06-15 11:53:25 -04:00
securityeng-bot[bot]andGitHub f6cde28f68 fix: use lockfile-aware install commands 2026-06-15 14:22:04 +00:00
dependabot[bot]andGitHub c1ee995bf9 chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.1 to 7.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/e79a6962e0d4c0c17b229090214935d2e33f8354...fb8b3582c8e4def4969c97caa2f19720cb33a72f)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 01:34:29 +00:00
dependabot[bot]andGitHub de9dc1b95d chore(deps): bump github/codeql-action from 4.36.0 to 4.36.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 01:34:24 +00:00
CrazyMaxandGitHub dd8b913e80 Merge pull request #101 from crazy-max/yarn-update
update yarn to 4.15.0
2026-05-28 18:45:01 +02:00
CrazyMax 168cd6c426 update yarn to 4.15.0
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-05-28 15:13:46 +02:00
CrazyMaxandGitHub 410c00e878 Merge pull request #100 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
chore(deps): bump @actions/core from 3.0.0 to 3.0.1
2026-05-28 10:22:30 +02:00
CrazyMaxandGitHub 5d29e18d06 Merge pull request #99 from docker/sec-cli/ignore-scripts-fix-20260527-193420
ci: add ignore-scripts to Node package manager config (20260527-193420)
2026-05-28 09:59:38 +02:00
github-actions[bot] 70b1359563 chore: update generated content 2026-05-28 01:58:55 +00:00
dependabot[bot]andGitHub f0bcefd12e chore(deps): bump @actions/core from 3.0.0 to 3.0.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 3.0.0 to 3.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 01:58:09 +00:00
securityeng-bot[bot]andAlexandre Vallières-Lagacé 41e3c799a3 ci: enforce ignore-scripts policy for Node package managers 2026-05-27 20:05:06 +00:00
CrazyMaxandGitHub 16feee727c Merge pull request #55 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.80.0
chore(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0
v2.2.0
2026-05-27 12:04:17 +02:00
github-actions[bot] 739694b2b5 chore: update generated content 2026-05-27 10:02:59 +00:00
dependabot[bot]andGitHub ae3c6883b5 chore(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.79.0 to 0.91.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.79.0...v0.91.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 10:02:11 +00:00
CrazyMaxandGitHub f399cc13d4 Merge pull request #98 from docker/dependabot/npm_and_yarn/tmp-0.2.6
chore(deps): bump tmp from 0.2.5 to 0.2.6
2026-05-27 11:59:30 +02:00
github-actions[bot] edef9342ff chore: update generated content 2026-05-27 09:55:31 +00:00
dependabot[bot]andGitHub 4c2012ebac chore(deps): bump tmp from 0.2.5 to 0.2.6
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.6.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.6)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 09:54:37 +00:00
CrazyMaxandGitHub 430a1543b5 Merge pull request #70 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
chore(deps): bump handlebars from 4.7.8 to 4.7.9
2026-05-27 11:52:40 +02:00
CrazyMaxandGitHub 929bb642cc Merge pull request #69 from docker/dependabot/npm_and_yarn/brace-expansion-1.1.13
chore(deps): bump brace-expansion from 1.1.11 to 1.1.15
2026-05-27 11:52:14 +02:00
github-actions[bot] 86f8217480 chore: update generated content 2026-05-27 09:48:55 +00:00
dependabot[bot]andGitHub 98cd8afa8b chore(deps): bump brace-expansion from 1.1.11 to 1.1.15
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.11 to 1.1.15.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 09:48:03 +00:00
CrazyMaxandGitHub 7007c0e690 Merge pull request #63 from docker/dependabot/npm_and_yarn/flatted-3.4.2
chore(deps): bump flatted from 3.3.3 to 3.4.2
2026-05-27 11:47:38 +02:00