Public Access
1
0
mirror of https://github.com/docker/build-push-action.git synced 2026-07-10 00:53:21 +03:00

Compare commits

...

5 Commits

Author SHA1 Message Date
dependabot[bot] dcf78c2308 chore(deps): Bump the codeql-actions group with 2 updates
Bumps the codeql-actions group with 2 updates: [github/codeql-action/init](https://github.com/github/codeql-action) and [github/codeql-action/analyze](https://github.com/github/codeql-action).


Updates `github/codeql-action/init` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a)

Updates `github/codeql-action/analyze` from 4.36.2 to 4.36.3
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/8aad20d150bbac5944a9f9d289da16a4b0d87c1e...54f647b7e1bb85c95cddabcd46b0c578ec92bc1a)

---
updated-dependencies:
- dependency-name: github/codeql-action/init
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: codeql-actions
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: codeql-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-09 12:00:33 +00:00
CrazyMax cb941d0b89 Merge pull request #1583 from crazy-max/group-codeql-dependabot-updates
chore: group codeql dependabot updates
2026-07-09 13:57:08 +02:00
CrazyMax a9855f30a5 chore: group codeql dependabot updates
Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>
2026-07-09 12:39:06 +02:00
CrazyMax 3add1637a6 Merge pull request #1577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
chore(deps): Bump sigstore from 4.1.0 to 4.1.1
2026-07-03 11:08:48 +02:00
dependabot[bot] 6d79e06484 chore(deps): Bump sigstore from 4.1.0 to 4.1.1
Bumps [sigstore](https://github.com/sigstore/sigstore-js) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 14:14:12 +00:00
3 changed files with 20 additions and 17 deletions
+3
View File
@@ -10,6 +10,9 @@ updates:
crazy-max-dot-github: crazy-max-dot-github:
patterns: patterns:
- "crazy-max/.github/*" - "crazy-max/.github/*"
codeql-actions:
patterns:
- "github/codeql-action/*"
labels: labels:
- "dependencies" - "dependencies"
- "bot" - "bot"
+2 -2
View File
@@ -35,12 +35,12 @@ jobs:
node-version: ${{ env.NODE_VERSION }} node-version: ${{ env.NODE_VERSION }}
- -
name: Initialize CodeQL name: Initialize CodeQL
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 uses: github/codeql-action/init@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with: with:
languages: javascript-typescript languages: javascript-typescript
build-mode: none build-mode: none
- -
name: Perform CodeQL Analysis name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with: with:
category: "/language:javascript-typescript" category: "/language:javascript-typescript"
+15 -15
View File
@@ -1648,7 +1648,7 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"@sigstore/core@npm:^3.1.0, @sigstore/core@npm:^3.2.0": "@sigstore/core@npm:^3.2.0, @sigstore/core@npm:^3.2.1":
version: 3.2.1 version: 3.2.1
resolution: "@sigstore/core@npm:3.2.1" resolution: "@sigstore/core@npm:3.2.1"
checksum: 10/2f6c1ced55f8ed3f7fc705a668eb95db9471511dfb1f054927822bf97a051dd62228ecf6a9f1932d240c2c4ae69a3b5066550789e5ad8f4257839a4370e5a120 checksum: 10/2f6c1ced55f8ed3f7fc705a668eb95db9471511dfb1f054927822bf97a051dd62228ecf6a9f1932d240c2c4ae69a3b5066550789e5ad8f4257839a4370e5a120
@@ -1669,7 +1669,7 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"@sigstore/sign@npm:^4.1.0": "@sigstore/sign@npm:^4.1.1":
version: 4.1.1 version: 4.1.1
resolution: "@sigstore/sign@npm:4.1.1" resolution: "@sigstore/sign@npm:4.1.1"
dependencies: dependencies:
@@ -1683,7 +1683,7 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"@sigstore/tuf@npm:^4.0.1": "@sigstore/tuf@npm:^4.0.2":
version: 4.0.2 version: 4.0.2
resolution: "@sigstore/tuf@npm:4.0.2" resolution: "@sigstore/tuf@npm:4.0.2"
dependencies: dependencies:
@@ -1703,14 +1703,14 @@ __metadata:
languageName: node languageName: node
linkType: hard linkType: hard
"@sigstore/verify@npm:^3.1.0": "@sigstore/verify@npm:^3.1.1":
version: 3.1.0 version: 3.1.1
resolution: "@sigstore/verify@npm:3.1.0" resolution: "@sigstore/verify@npm:3.1.1"
dependencies: dependencies:
"@sigstore/bundle": "npm:^4.0.0" "@sigstore/bundle": "npm:^4.0.0"
"@sigstore/core": "npm:^3.1.0" "@sigstore/core": "npm:^3.2.1"
"@sigstore/protobuf-specs": "npm:^0.5.0" "@sigstore/protobuf-specs": "npm:^0.5.0"
checksum: 10/c85713cc326236ef39608e4b061c1192306fd3edd7a1334237d5d53dbb132f04e3f9d3cfd4bb2d521bf0c95a9f98945a748c97ecb06e5f36cfd09488a0d3d73f checksum: 10/4cb24b0e62b85ebf2b62698041e0dc212d152fd40a95c05c237357c992265a23e5789f86b138bea2eea0c5f6b994974d968f03dde9c692a514f96ae4b26f31a9
languageName: node languageName: node
linkType: hard linkType: hard
@@ -5387,16 +5387,16 @@ __metadata:
linkType: hard linkType: hard
"sigstore@npm:^4.0.0": "sigstore@npm:^4.0.0":
version: 4.1.0 version: 4.1.1
resolution: "sigstore@npm:4.1.0" resolution: "sigstore@npm:4.1.1"
dependencies: dependencies:
"@sigstore/bundle": "npm:^4.0.0" "@sigstore/bundle": "npm:^4.0.0"
"@sigstore/core": "npm:^3.1.0" "@sigstore/core": "npm:^3.2.1"
"@sigstore/protobuf-specs": "npm:^0.5.0" "@sigstore/protobuf-specs": "npm:^0.5.0"
"@sigstore/sign": "npm:^4.1.0" "@sigstore/sign": "npm:^4.1.1"
"@sigstore/tuf": "npm:^4.0.1" "@sigstore/tuf": "npm:^4.0.2"
"@sigstore/verify": "npm:^3.1.0" "@sigstore/verify": "npm:^3.1.1"
checksum: 10/7312eed22f82bebcd80a897a163e220bb1df2c084c308d17fb431ff03ef28cf20e3b17312fd8024793dcefa27e794c31174d604a28fc85672a9d6d7f34bbd4a6 checksum: 10/8fb38bbdc3ee1e79b3f19e0015ebf35b7d7f890673722f182960ec88f02a52f2f631fc983e7f8bafa3a37653a760ddc00277721a8f9159ee6ee311159ca3dfbe
languageName: node languageName: node
linkType: hard linkType: hard