759 Commits

Author SHA1 Message Date
CrazyMax
bb05f3f551 Merge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.92.0
build(deps): bump @docker/actions-toolkit from 0.91.0 to 0.92.0
v4 v4.2.0
2026-07-02 11:21:40 +02:00
github-actions[bot]
321c814cb5 [dependabot skip] chore: update generated content 2026-07-02 09:19:04 +00:00
dependabot[bot]
b9a36ef79b build(deps): bump @docker/actions-toolkit from 0.91.0 to 0.92.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.91.0 to 0.92.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.91.0...v0.92.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.92.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 09:18:08 +00:00
CrazyMax
ebeab24128 Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.0
build(deps): bump undici from 6.25.0 to 6.27.0
2026-07-02 11:12:54 +02:00
github-actions[bot]
5c7b8ae78c [dependabot skip] chore: update generated content 2026-07-02 09:11:25 +00:00
dependabot[bot]
037e618cd9 build(deps): bump undici from 6.25.0 to 6.27.0
Bumps [undici](https://github.com/nodejs/undici) from 6.25.0 to 6.27.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.25.0...v6.27.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 09:10:31 +00:00
CrazyMax
66080e5802 Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
build(deps): bump sigstore from 4.1.0 to 4.1.1
2026-07-02 11:08:43 +02:00
CrazyMax
409aef0aa3 Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.0
build(deps): bump js-yaml from 4.1.1 to 5.2.0
2026-07-02 11:08:14 +02:00
dependabot[bot]
49c6e42949 build(deps): bump sigstore from 4.1.0 to 4.1.1
Bumps [sigstore](https://github.com/sigstore/sigstore-js) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 09:06:38 +00:00
github-actions[bot]
2211273e81 [dependabot skip] chore: update generated content 2026-07-02 09:06:38 +00:00
dependabot[bot]
1c203bbd66 build(deps): bump js-yaml from 4.1.1 to 5.2.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 5.2.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...5.2.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 09:05:40 +00:00
CrazyMax
bdb9e8c4a3 Merge pull request #576 from docker/dependabot/npm_and_yarn/sigstore/verify-3.1.1
build(deps): bump @sigstore/verify from 3.1.0 to 3.1.1
2026-07-02 11:04:46 +02:00
CrazyMax
a1ef928785 Merge pull request #569 from docker/dependabot/npm_and_yarn/vite-7.3.5
build(deps): bump vite from 7.3.2 to 7.3.6
2026-07-02 11:04:22 +02:00
CrazyMax
2b9ccacd29 Merge pull request #573 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
build(deps): bump @sigstore/core from 3.1.0 to 3.2.1
2026-07-02 11:03:35 +02:00
CrazyMax
30f516a36d Merge pull request #579 from docker/dependabot/github_actions/codecov/codecov-action-7.0.0
build(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
2026-07-02 11:02:23 +02:00
CrazyMax
7ed1344edc Merge pull request #578 from docker/dependabot/github_actions/actions/checkout-7.0.0
build(deps): bump actions/checkout from 6.0.3 to 7.0.0
2026-07-02 11:01:57 +02:00
dependabot[bot]
62a375d019 build(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.1 to 7.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](e79a6962e0...fb8b3582c8)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 09:00:58 +00:00
dependabot[bot]
911fd9be4b build(deps): bump actions/checkout from 6.0.3 to 7.0.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.3 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](df4cb1c069...9c091bb21b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 08:59:27 +00:00
CrazyMax
425c29b574 Merge pull request #560 from docker/dependabot/github_actions/docker/setup-qemu-action-4.1.0
build(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0
2026-07-02 10:58:28 +02:00
CrazyMax
19a5ebdfd5 Merge pull request #567 from docker/dependabot/github_actions/github/codeql-action-4.36.2
build(deps): bump github/codeql-action from 4.36.0 to 4.36.2
2026-07-02 10:57:53 +02:00
CrazyMax
0727322ec8 Merge pull request #571 from docker/dependabot/github_actions/crazy-max-dot-github-cd60547fee
build(deps): bump the crazy-max-dot-github group across 1 directory with 3 updates
2026-07-02 10:57:30 +02:00
CrazyMax
e929e9255c Merge pull request #564 from docker/dependabot/github_actions/actions/checkout-6.0.3
build(deps): bump actions/checkout from 6.0.2 to 6.0.3
2026-07-02 10:57:04 +02:00
dependabot[bot]
ebf3b1c616 build(deps): bump the crazy-max-dot-github group across 1 directory with 3 updates
Bumps the crazy-max-dot-github group with 3 updates in the / directory: [crazy-max/.github/.github/actions/install-k3s](https://github.com/crazy-max/.github), [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/actions/install-k3s` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...46267a6e61)

Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...46267a6e61)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...46267a6e61)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/actions/install-k3s
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 04:42:29 +00:00
dependabot[bot]
07480ddaf5 build(deps): bump @sigstore/verify from 3.1.0 to 3.1.1
Bumps [@sigstore/verify](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/verify@3.1.1)

---
updated-dependencies:
- dependency-name: "@sigstore/verify"
  dependency-version: 3.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 01:21:02 +00:00
CrazyMax
7b0a0dd78a Merge pull request #575 from crazy-max/fix-yarn-preapprove-actions-toolkit
chore: allow actions-toolkit to bypass yarn age gate
2026-07-01 12:50:03 +02:00
CrazyMax
a0e446b4dd Merge pull request #574 from crazy-max/dependabot-skip-update-dist
dependabot: skip for update-dist commits
2026-07-01 12:50:00 +02:00
CrazyMax
2bc18585f7 chore: allow actions-toolkit to bypass yarn age gate
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-01 11:43:33 +02:00
CrazyMax
bf6e25472a dependabot: skip for update-dist commits
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-30 11:09:22 +02:00
dependabot[bot]
fbfc14c547 build(deps): bump vite from 7.3.2 to 7.3.6
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.2 to 7.3.6.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:18:51 +00:00
github-actions[bot]
49c98a8139 chore: update generated content 2026-06-29 14:17:40 +00:00
dependabot[bot]
03a2247451 build(deps): bump @sigstore/core from 3.1.0 to 3.2.1
Bumps [@sigstore/core](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.2.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1)

---
updated-dependencies:
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:16:42 +00:00
CrazyMax
bed9a68598 Merge pull request #572 from crazy-max/fix-esbuild
preserve names in esbuild bundle
2026-06-29 16:15:09 +02:00
CrazyMax
c6e2526453 preserve names in esbuild bundle
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-29 15:03:17 +02:00
temenuzhka-thede
c887d9748d Merge pull request #568 from docker/sec-cli/npm-ci-20260612-184913
fix: replace npm install with npm ci (20260612-184913)
2026-06-12 14:10:56 -05:00
securityeng-bot[bot]
cfdae34ead fix: use lockfile-aware install commands 2026-06-12 18:49:15 +00:00
dependabot[bot]
40445d9e77 build(deps): bump github/codeql-action from 4.36.0 to 4.36.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7211b7c807...8aad20d150)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 04:44:10 +00:00
dependabot[bot]
0d5ecf6801 build(deps): bump actions/checkout from 6.0.2 to 6.0.3
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...df4cb1c069)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-04 04:43:21 +00:00
dependabot[bot]
86a837e8bd build(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](ce360397dd...06116385d9)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-29 04:56:38 +00:00
CrazyMax
22b48a429f Merge pull request #559 from crazy-max/yarn-update
update yarn to 4.15.0
2026-05-28 18:44:17 +02:00
CrazyMax
5858c5d38b update yarn to 4.15.0
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-05-28 15:13:38 +02:00
CrazyMax
fa8b94d584 Merge pull request #557 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.91.0
build(deps): bump @docker/actions-toolkit from 0.90.0 to 0.91.0
2026-05-28 10:42:30 +02:00
github-actions[bot]
76e60acf32 chore: update generated content 2026-05-28 08:29:20 +00:00
dependabot[bot]
716a6ed7ad build(deps): bump @docker/actions-toolkit from 0.90.0 to 0.91.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.90.0 to 0.91.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.90.0...v0.91.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.91.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 08:28:25 +00:00
CrazyMax
76e58290b2 Merge pull request #551 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
build(deps): bump @actions/core from 3.0.0 to 3.0.1
2026-05-28 10:26:05 +02:00
github-actions[bot]
4c56ab6283 chore: update generated content 2026-05-28 08:24:44 +00:00
dependabot[bot]
7d85158e51 build(deps): bump @actions/core from 3.0.0 to 3.0.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 3.0.0 to 3.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 08:23:48 +00:00
CrazyMax
8508f00982 Merge pull request #556 from docker/dependabot/npm_and_yarn/tmp-0.2.7
build(deps): bump tmp from 0.2.5 to 0.2.7
2026-05-28 10:21:51 +02:00
CrazyMax
b0c3aa1759 Merge pull request #554 from docker/dependabot/github_actions/docker/build-push-action-7.2.0
build(deps): bump docker/build-push-action from 7.1.0 to 7.2.0
2026-05-28 10:21:21 +02:00
CrazyMax
25434de062 Merge pull request #552 from docker/dependabot/github_actions/github/codeql-action-4.36.0
build(deps): bump github/codeql-action from 4.35.5 to 4.36.0
2026-05-28 10:20:57 +02:00
CrazyMax
a7757fd670 Merge pull request #555 from docker/sec-cli/ignore-scripts-fix-20260527-193412
ci: add ignore-scripts to Node package manager config (20260527-193412)
2026-05-28 10:20:21 +02:00