Commit graph

203 commits

Author SHA1 Message Date
CrazyMax
7d865ffaf9
Merge pull request #111 from docker/dependabot/npm_and_yarn/undici-6.27.0
chore(deps): bump undici from 6.26.0 to 6.27.0
2026-07-01 14:18:04 +02:00
github-actions[bot]
a11ad46116 [dependabot skip] chore: update generated content 2026-07-01 12:13:46 +00:00
dependabot[bot]
ea03e82695
chore(deps): bump undici from 6.26.0 to 6.27.0
Bumps [undici](https://github.com/nodejs/undici) from 6.26.0 to 6.27.0.
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](https://github.com/nodejs/undici/compare/v6.26.0...v6.27.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 6.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:12:52 +00:00
CrazyMax
d37dd72e1d
Merge pull request #118 from docker/dependabot/npm_and_yarn/js-yaml-4.3.0
chore(deps): bump js-yaml from 4.1.1 to 4.3.0
2026-07-01 14:12:47 +02:00
github-actions[bot]
146a460e6d [dependabot skip] chore: update generated content 2026-07-01 12:10:56 +00:00
CrazyMax
d3b0309f78
Merge pull request #108 from docker/dependabot/npm_and_yarn/tmp-0.2.7
chore(deps): bump tmp from 0.2.6 to 0.2.7
2026-07-01 14:10:15 +02:00
dependabot[bot]
e04d0bad3c
chore(deps): bump js-yaml from 4.1.1 to 4.3.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.3.0.
- [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.3.0)

---
updated-dependencies:
- dependency-name: js-yaml
  dependency-version: 4.3.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:09:59 +00:00
github-actions[bot]
cb0af0a09b [dependabot skip] chore: update generated content 2026-07-01 12:09:39 +00:00
CrazyMax
fd436c18c9
Merge pull request #109 from docker/dependabot/github_actions/actions/checkout-7.0.0
chore(deps): bump actions/checkout from 6.0.2 to 7.0.0
2026-07-01 14:09:05 +02:00
dependabot[bot]
ae64015cc2
chore(deps): bump tmp from 0.2.6 to 0.2.7
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.6 to 0.2.7.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.6...v0.2.7)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-01 12:08:51 +00:00
CrazyMax
6ba698af1b
Merge pull request #106 from docker/dependabot/github_actions/codecov/codecov-action-7.0.0
chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
2026-07-01 14:08:41 +02:00
CrazyMax
daf7ec5eda
Merge pull request #104 from docker/dependabot/github_actions/crazy-max-dot-github-a6a0ecf511
chore(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
2026-07-01 14:08:14 +02:00
CrazyMax
bf10f6e6a0
Merge pull request #105 from docker/dependabot/github_actions/github/codeql-action-4.36.2
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.2
2026-07-01 14:07:51 +02:00
CrazyMax
a55b08de68
Merge pull request #110 from docker/dependabot/npm_and_yarn/vite-7.3.5
chore(deps): bump vite from 7.3.3 to 7.3.6
2026-07-01 14:07:01 +02:00
CrazyMax
2a56b96c64
Merge pull request #115 from docker/dependabot/npm_and_yarn/sigstore/core-3.2.1
chore(deps): bump @sigstore/core from 3.1.0 to 3.2.1
2026-07-01 14:06:21 +02:00
CrazyMax
398185fd5e
Merge pull request #117 from crazy-max/fix-yarn-preapprove-actions-toolkit
chore: allow actions-toolkit to bypass yarn age gate
2026-07-01 12:50:50 +02:00
CrazyMax
0b6d64dd19
Merge pull request #116 from crazy-max/dependabot-skip-update-dist
dependabot: skip for update-dist commits
2026-07-01 12:50:41 +02:00
CrazyMax
b7884b55c0
chore: allow actions-toolkit to bypass yarn age gate
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-01 11:43:34 +02:00
CrazyMax
31417945f5
dependabot: skip for update-dist commits
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-30 11:09:28 +02:00
dependabot[bot]
9668eca79b
chore(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates
Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...46267a6e61)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...46267a6e61)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-30 01:32:44 +00:00
dependabot[bot]
a4632bf49a
chore(deps): bump vite from 7.3.3 to 7.3.6
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.3 to 7.3.6.
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.6/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.6/packages/vite)

---
updated-dependencies:
- dependency-name: vite
  dependency-version: 7.3.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:18:30 +00:00
github-actions[bot]
e94f5ff3d8 chore: update generated content 2026-06-29 14:17:52 +00:00
dependabot[bot]
51d5930742
chore(deps): bump @sigstore/core from 3.1.0 to 3.2.1
Bumps [@sigstore/core](https://github.com/sigstore/sigstore-js) from 3.1.0 to 3.2.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@3.1.0...@sigstore/core@3.2.1)

---
updated-dependencies:
- dependency-name: "@sigstore/core"
  dependency-version: 3.2.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-29 14:17:00 +00:00
CrazyMax
a8074e13c2
Merge pull request #114 from crazy-max/fix-esbuild
Some checks failed
ci / main (latest) (push) Has been cancelled
ci / main (v2.32.4) (push) Has been cancelled
ci / multi (push) Has been cancelled
ci / standalone (push) Has been cancelled
ci / main () (push) Has been cancelled
ci / main (cloud:latest) (push) Has been cancelled
ci / main (cloud:v2.29.1-desktop.2) (push) Has been cancelled
codeql / analyze (push) Has been cancelled
test / test (push) Has been cancelled
validate / prepare (push) Has been cancelled
ci / cache-binary (false) (push) Has been cancelled
ci / cache-binary (true) (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled
validate / validate (push) Has been cancelled
preserve names in esbuild bundle
2026-06-29 16:15:18 +02:00
CrazyMax
7fbdfd3c1a
preserve names in esbuild bundle
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-06-29 15:04:20 +02:00
dependabot[bot]
09ed12acf8
chore(deps): bump actions/checkout from 6.0.2 to 7.0.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 7.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](de0fac2e45...9c091bb21b)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-19 01:32:46 +00:00
Alexandre Vallières-Lagacé
6fe408f5ba
Merge pull request #107 from docker/sec-cli/npm-ci-20260615-142203
Some checks failed
ci / main () (push) Has been cancelled
ci / main (cloud:latest) (push) Has been cancelled
ci / main (cloud:v2.29.1-desktop.2) (push) Has been cancelled
ci / main (latest) (push) Has been cancelled
ci / main (v2.32.4) (push) Has been cancelled
ci / multi (push) Has been cancelled
ci / standalone (push) Has been cancelled
ci / cache-binary (false) (push) Has been cancelled
ci / cache-binary (true) (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled
codeql / analyze (push) Has been cancelled
validate / prepare (push) Has been cancelled
test / test (push) Has been cancelled
validate / validate (push) Has been cancelled
fix: replace npm install with npm ci (20260615-142203)
2026-06-15 11:53:25 -04:00
securityeng-bot[bot]
f6cde28f68
fix: use lockfile-aware install commands 2026-06-15 14:22:04 +00:00
dependabot[bot]
c1ee995bf9
chore(deps): bump codecov/codecov-action from 6.0.1 to 7.0.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.1 to 7.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](e79a6962e0...fb8b3582c8)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 01:34:29 +00:00
dependabot[bot]
de9dc1b95d
chore(deps): bump github/codeql-action from 4.36.0 to 4.36.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.0 to 4.36.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7211b7c807...8aad20d150)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-08 01:34:24 +00:00
CrazyMax
dd8b913e80
Merge pull request #101 from crazy-max/yarn-update
Some checks failed
ci / main () (push) Has been cancelled
ci / main (cloud:latest) (push) Has been cancelled
validate / prepare (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled
ci / main (v2.32.4) (push) Has been cancelled
ci / multi (push) Has been cancelled
validate / validate (push) Has been cancelled
ci / standalone (push) Has been cancelled
codeql / analyze (push) Has been cancelled
test / test (push) Has been cancelled
ci / main (cloud:v2.29.1-desktop.2) (push) Has been cancelled
ci / main (latest) (push) Has been cancelled
ci / cache-binary (false) (push) Has been cancelled
ci / cache-binary (true) (push) Has been cancelled
update yarn to 4.15.0
2026-05-28 18:45:01 +02:00
CrazyMax
168cd6c426
update yarn to 4.15.0
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-05-28 15:13:46 +02:00
CrazyMax
410c00e878
Merge pull request #100 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
Some checks are pending
ci / cache-binary (true) (push) Waiting to run
ci / main (cloud:v2.29.1-desktop.2) (push) Waiting to run
ci / main (latest) (push) Waiting to run
ci / multi (push) Waiting to run
validate / prepare (push) Waiting to run
ci / main (v2.32.4) (push) Waiting to run
ci / standalone (push) Waiting to run
ci / cache-binary (false) (push) Waiting to run
codeql / analyze (push) Waiting to run
test / test (push) Waiting to run
validate / validate (push) Blocked by required conditions
zizmor / zizmor (push) Waiting to run
ci / main () (push) Waiting to run
ci / main (cloud:latest) (push) Waiting to run
chore(deps): bump @actions/core from 3.0.0 to 3.0.1
2026-05-28 10:22:30 +02:00
CrazyMax
5d29e18d06
Merge pull request #99 from docker/sec-cli/ignore-scripts-fix-20260527-193420
ci: add ignore-scripts to Node package manager config (20260527-193420)
2026-05-28 09:59:38 +02:00
github-actions[bot]
70b1359563 chore: update generated content 2026-05-28 01:58:55 +00:00
dependabot[bot]
f0bcefd12e
chore(deps): bump @actions/core from 3.0.0 to 3.0.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 3.0.0 to 3.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 01:58:09 +00:00
securityeng-bot[bot]
41e3c799a3
ci: enforce ignore-scripts policy for Node package managers 2026-05-27 20:05:06 +00:00
CrazyMax
16feee727c
Merge pull request #55 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.80.0
Some checks are pending
ci / main () (push) Waiting to run
ci / main (cloud:latest) (push) Waiting to run
ci / main (cloud:v2.29.1-desktop.2) (push) Waiting to run
ci / main (latest) (push) Waiting to run
ci / main (v2.32.4) (push) Waiting to run
ci / multi (push) Waiting to run
ci / standalone (push) Waiting to run
ci / cache-binary (false) (push) Waiting to run
ci / cache-binary (true) (push) Waiting to run
codeql / analyze (push) Waiting to run
test / test (push) Waiting to run
validate / prepare (push) Waiting to run
validate / validate (push) Blocked by required conditions
zizmor / zizmor (push) Waiting to run
chore(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0
2026-05-27 12:04:17 +02:00
github-actions[bot]
739694b2b5 chore: update generated content 2026-05-27 10:02:59 +00:00
dependabot[bot]
ae3c6883b5
chore(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.79.0 to 0.91.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.79.0...v0.91.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.80.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 10:02:11 +00:00
CrazyMax
f399cc13d4
Merge pull request #98 from docker/dependabot/npm_and_yarn/tmp-0.2.6
chore(deps): bump tmp from 0.2.5 to 0.2.6
2026-05-27 11:59:30 +02:00
github-actions[bot]
edef9342ff chore: update generated content 2026-05-27 09:55:31 +00:00
dependabot[bot]
4c2012ebac
chore(deps): bump tmp from 0.2.5 to 0.2.6
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.6.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.6)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.6
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 09:54:37 +00:00
CrazyMax
430a1543b5
Merge pull request #70 from docker/dependabot/npm_and_yarn/handlebars-4.7.9
chore(deps): bump handlebars from 4.7.8 to 4.7.9
2026-05-27 11:52:40 +02:00
CrazyMax
929bb642cc
Merge pull request #69 from docker/dependabot/npm_and_yarn/brace-expansion-1.1.13
chore(deps): bump brace-expansion from 1.1.11 to 1.1.15
2026-05-27 11:52:14 +02:00
github-actions[bot]
86f8217480 chore: update generated content 2026-05-27 09:48:55 +00:00
dependabot[bot]
98cd8afa8b
chore(deps): bump brace-expansion from 1.1.11 to 1.1.15
Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.11 to 1.1.15.
- [Release notes](https://github.com/juliangruber/brace-expansion/releases)
- [Commits](https://github.com/juliangruber/brace-expansion/compare/1.1.11...v1.1.15)

---
updated-dependencies:
- dependency-name: brace-expansion
  dependency-version: 1.1.13
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-27 09:48:03 +00:00
CrazyMax
7007c0e690
Merge pull request #63 from docker/dependabot/npm_and_yarn/flatted-3.4.2
chore(deps): bump flatted from 3.3.3 to 3.4.2
2026-05-27 11:47:38 +02:00
CrazyMax
39dc2ab81a
Merge pull request #66 from docker/dependabot/npm_and_yarn/picomatch-4.0.4
chore(deps): bump picomatch from 4.0.3 to 4.0.4
2026-05-27 11:47:14 +02:00
CrazyMax
63d8b08073
Merge pull request #61 from docker/dependabot/npm_and_yarn/fast-xml-parser-5.5.7
chore(deps): bump fast-xml-parser from 5.4.1 to 5.8.0
2026-05-27 11:46:40 +02:00