Compare commits

..

4 Commits

Author SHA1 Message Date
github-actions[bot]
f28206551c chore: update generated content 2026-06-28 18:51:09 +00:00
dependabot[bot]
ed5e8e6502 chore(deps): Bump js-yaml from 4.1.1 to 4.2.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.2.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-28 18:50:12 +00:00
temenuzhka-thede
020b7354dd Merge pull request #682 from docker/sec-cli/npm-ci-20260612-184903
fix: replace npm install with npm ci (20260612-184903)
2026-06-12 14:10:33 -05:00
securityeng-bot[bot]
7f842e879c fix: use lockfile-aware install commands 2026-06-12 18:49:05 +00:00
4 changed files with 6 additions and 6 deletions

View File

@@ -29,7 +29,7 @@ jobs:
targets: test
-
name: Upload coverage
uses: codecov/codecov-action@fb8b3582c8e4def4969c97caa2f19720cb33a72f # v7.0.0
uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1
with:
files: ./coverage/clover.xml
token: ${{ secrets.CODECOV_TOKEN }}

View File

@@ -17,7 +17,7 @@ FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /

2
dist/licenses.txt generated vendored
View File

@@ -1795,7 +1795,7 @@ SOFTWARE.
The following npm package may be included in this product:
- js-yaml@4.1.1
- js-yaml@4.2.0
This package contains the following license:

View File

@@ -4075,13 +4075,13 @@ __metadata:
linkType: hard
"js-yaml@npm:^4.1.0, js-yaml@npm:^4.1.1":
version: 4.1.1
resolution: "js-yaml@npm:4.1.1"
version: 4.2.0
resolution: "js-yaml@npm:4.2.0"
dependencies:
argparse: "npm:^2.0.1"
bin:
js-yaml: bin/js-yaml.js
checksum: 10/a52d0519f0f4ef5b4adc1cde466cb54c50d56e2b4a983b9d5c9c0f2f99462047007a6274d7e95617a21d3c91fde3ee6115536ed70991cd645ba8521058b78f77
checksum: 10/51de2067a2b44b07ba5206132e56005f8b568ff279bb4d2f645068958c56fa4827d40a6841c983234671fa0a134bf094d0b0717873c2a3d319185297af145a6d
languageName: node
linkType: hard