Commit Graph
456 Commits
Author SHA1 Message Date
github-actions[bot] a5c3af390d [dependabot skip] chore: update generated content 2026-07-01 12:32:39 +00:00
dependabot[bot]andGitHub 9a7f322a49 build(deps): bump js-yaml from 4.1.1 to 4.3.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.3.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.3.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:31:44 +00:00
CrazyMaxandGitHub 94a1119429 Merge pull request #285 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
build(deps): bump @sigstore/core from 3.1.0 to 3.2.1
2026-07-01 14:29:45 +02:00
CrazyMaxandGitHub cdd694a620 Merge pull request #286 from docker/dependabot/npm_and_yarn/vite-7.3.6
build(deps): bump vite from 7.3.2 to 7.3.6
2026-07-01 14:29:14 +02:00
CrazyMaxandGitHub 9f0d36ef30 Merge pull request #287 from crazy-max/dependabot-skip-update-dist
dependabot: skip for update-dist commits
2026-07-01 12:51:14 +02:00
CrazyMaxandGitHub d740fd856a Merge pull request #288 from crazy-max/fix-yarn-preapprove-actions-toolkit
chore: allow actions-toolkit to bypass yarn age gate
2026-07-01 12:51:11 +02:00
CrazyMax f31060ea9c chore: allow actions-toolkit to bypass yarn age gate
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-01 11:43:35 +02:00
CrazyMax e4f1214baf dependabot: skip for update-dist commits
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-30 11:09:35 +02:00
github-actions[bot] b228dba1db chore: update generated content 2026-06-29 14:18:07 +00:00
dependabot[bot]andGitHub 30bf55a774 build(deps): bump vite from 7.3.2 to 7.3.6
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.2 to 7.3.6.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:17:16 +00:00
dependabot[bot]andGitHub 7fd454c341 build(deps): bump @sigstore/core from 3.1.0 to 3.2.1
Bumps [@sigstore/core](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.2.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1)

---
updated-dependencies:
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:17:13 +00:00
CrazyMaxandGitHub 041b2bc7bf Merge pull request #284 from crazy-max/fix-esbuild
preserve names in esbuild bundle
2026-06-29 16:15:25 +02:00
CrazyMax b99bfad9ec preserve names in esbuild bundle
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-29 15:05:55 +02:00
temenuzhka-thedeandGitHub fad6f4094f Merge pull request #279 from docker/sec-cli/npm-ci-20260612-184919
fix: replace npm install with npm ci (20260612-184919)
2026-06-12 14:11:06 -05:00
securityeng-bot[bot]andGitHub 1ff0cd31e1 fix: use lockfile-aware install commands 2026-06-12 18:49:20 +00:00
CrazyMaxandGitHub 0bda481195 Merge pull request #273 from crazy-max/yarn-update
update yarn to 4.15.0
2026-05-28 18:45:44 +02:00
CrazyMax 60d57a3e88 update yarn to 4.15.0
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-05-28 15:17:58 +02:00
CrazyMaxandGitHub 58abfcafaa Merge pull request #271 from docker/sec-cli/ignore-scripts-fix-20260527-193429
ci: add ignore-scripts to Node package manager config (20260527-193429)
2026-05-28 10:01:16 +02:00
securityeng-bot[bot]andAlexandre Vallières-Lagacé 4e220bc4c1 ci: enforce ignore-scripts policy for Node package managers 2026-05-27 20:05:10 +00:00
CrazyMaxandGitHub 0234bb73cc Merge pull request #270 from docker/dependabot/github_actions/docker/setup-buildx-action-4.1.0
build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
v5.2.0
2026-05-27 15:49:10 +02:00
CrazyMaxandGitHub 44285f8ec5 Merge pull request #254 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.89.1
build(deps): bump @docker/actions-toolkit from 0.89.0 to 0.91.0
2026-05-27 15:48:48 +02:00
github-actions[bot] 78c7044ff0 chore: update generated content 2026-05-27 13:04:14 +00:00
dependabot[bot]andGitHub 369dbb98cc build(deps): bump @docker/actions-toolkit from 0.89.0 to 0.91.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.89.0 to 0.91.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.89.0...v0.91.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.89.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 13:03:12 +00:00
CrazyMaxandGitHub c236cd3580 Merge pull request #255 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
build(deps): bump @actions/core from 3.0.0 to 3.0.1
2026-05-27 15:00:03 +02:00
dependabot[bot]andGitHub 87e121bf10 build(deps): bump docker/setup-buildx-action from 4.0.0 to 4.1.0
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 12:56:09 +00:00
github-actions[bot] 2224adcf46 chore: update generated content 2026-05-27 12:29:48 +00:00
dependabot[bot]andGitHub 1c3d74e8a2 build(deps): bump @actions/core from 3.0.0 to 3.0.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 3.0.0 to 3.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 12:28:48 +00:00
CrazyMaxandGitHub e9b16567bf Merge pull request #269 from docker/dependabot/npm_and_yarn/tmp-0.2.6
build(deps): bump tmp from 0.2.5 to 0.2.6
2026-05-27 14:26:43 +02:00
github-actions[bot] 17fa16660f chore: update generated content 2026-05-27 11:58:59 +00:00
dependabot[bot]andGitHub b28f70d671 build(deps): bump tmp from 0.2.5 to 0.2.6
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.6.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.6)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 11:57:27 +00:00
CrazyMaxandGitHub 3982a48a43 Merge pull request #257 from docker/dependabot/npm_and_yarn/ip-address-10.2.0
build(deps): bump ip-address from 10.0.1 to 10.2.0
2026-05-27 13:53:18 +02:00
CrazyMaxandGitHub 64bee0049b Merge pull request #258 from docker/dependabot/npm_and_yarn/fast-xml-builder-1.2.0
build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0
2026-05-27 13:52:23 +02:00
CrazyMaxandGitHub 0bcbea0acb Merge pull request #260 from docker/dependabot/github_actions/crazy-max-dot-github-6667ecc476
build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
2026-05-27 13:51:52 +02:00
CrazyMaxandGitHub 1b7699b094 Merge pull request #261 from docker/dependabot/github_actions/actions/create-github-app-token-3.2.0
build(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0
2026-05-27 13:51:25 +02:00
CrazyMaxandGitHub 8c6801a431 Merge pull request #263 from docker/dependabot/github_actions/codecov/codecov-action-6.0.1
build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
2026-05-27 13:51:01 +02:00
CrazyMaxandGitHub 11edc305c1 Merge pull request #265 from docker/dependabot/npm_and_yarn/postcss-8.5.15
build(deps): bump postcss from 8.5.6 to 8.5.15
2026-05-27 13:50:38 +02:00
CrazyMaxandGitHub 6a81ef6418 Merge pull request #266 from docker/dependabot/npm_and_yarn/tootallnate/once-2.0.1
build(deps): bump @tootallnate/once from 2.0.0 to 2.0.1
2026-05-27 13:49:49 +02:00
CrazyMaxandGitHub dac2b12349 Merge pull request #268 from docker/dependabot/github_actions/github/codeql-action-4.36.0
build(deps): bump github/codeql-action from 4.35.2 to 4.36.0
2026-05-27 13:33:26 +02:00
CrazyMaxandGitHub 39d205b5f9 Merge pull request #267 from docker/dependabot/github_actions/docker/bake-action-7.2.0
build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
2026-05-27 13:33:04 +02:00
dependabot[bot]andGitHub c812f562ec build(deps): bump github/codeql-action from 4.35.2 to 4.36.0
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.2 to 4.36.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/95e58e9a2cdfd71adc6e0353d5c52f41a045d225...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-25 16:34:20 +00:00
dependabot[bot]andGitHub de945fee55 build(deps): bump docker/bake-action from 7.1.0 to 7.2.0
Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.1.0 to 7.2.0.
- [Release notes](https://github.com/docker/bake-action/releases)
- [Commits](https://github.com/docker/bake-action/compare/a66e1c87e2eca0503c343edf1d208c716d54b8a8...6614cfa25eff9a0b2b2697efb0b6159e7680d584)

---
updated-dependencies:
- dependency-name: docker/bake-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-25 16:32:28 +00:00
dependabot[bot]andGitHub 6a117706c3 build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.7.1 to 1.8.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/64a0bfaf6e6bb1c448d6e4c42b11034ee7094f16...9ba6e6f9450baf3b1237f8035c1fdc45932510bd)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.7.1 to 1.8.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](https://github.com/crazy-max/.github/compare/64a0bfaf6e6bb1c448d6e4c42b11034ee7094f16...9ba6e6f9450baf3b1237f8035c1fdc45932510bd)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-22 10:53:09 +00:00
dependabot[bot]andGitHub 3b19da1dc2 build(deps): bump @tootallnate/once from 2.0.0 to 2.0.1
Bumps [@tootallnate/once](https://github.com/TooTallNate/once) from 2.0.0 to 2.0.1.
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md)
- [Commits](https://github.com/TooTallNate/once/compare/2.0.0...v2.0.1)

---
updated-dependencies:
- dependency-name: "@tootallnate/once"
  dependency-version: 2.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-22 05:43:25 +00:00
dependabot[bot]andGitHub f345107e4d build(deps): bump postcss from 8.5.6 to 8.5.15
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.15.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.15)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-21 13:00:38 +00:00
CrazyMaxandGitHub 328f2e0797 Merge pull request #264 from crazy-max/zizmor-fixes
ci: restrict update-dist GitHub App token scope
2026-05-21 14:58:38 +02:00
CrazyMax 9360424f67 ci: restrict update-dist GitHub App token scope
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-05-21 14:30:10 +02:00
dependabot[bot]andGitHub 9f8cbcbd32 build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/57e3a136b779b570ffcdbf80b3bdc90e7fab3de2...e79a6962e0d4c0c17b229090214935d2e33f8354)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-20 16:38:28 +00:00
dependabot[bot]andGitHub 257b686322 build(deps): bump actions/create-github-app-token from 3.1.1 to 3.2.0
Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.1.1 to 3.2.0.
- [Release notes](https://github.com/actions/create-github-app-token/releases)
- [Changelog](https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/create-github-app-token/compare/1b10c78c7865c340bc4f6099eb2f838309f1e8c3...bcd2ba49218906704ab6c1aa796996da409d3eb1)

---
updated-dependencies:
- dependency-name: actions/create-github-app-token
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-14 10:54:58 +00:00
github-actions[bot] ea01e16081 chore: update generated content 2026-05-08 18:04:33 +00:00
dependabot[bot]andGitHub 91f1665f03 build(deps): bump fast-xml-builder from 1.1.5 to 1.2.0
Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.5 to 1.2.0.
- [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
- [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.5...v1.2.0)

---
updated-dependencies:
- dependency-name: fast-xml-builder
  dependency-version: 1.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-08 18:03:38 +00:00