1263 Commits

This Branch

This Branch

All Branches

• Merge pull request #1562 from docker/sec-cli/npm-ci-20260612-145940

  fix: replace npm install with npm ci (20260612-145940)

  CrazyMax · 2026-06-12 17:16:13 +02:00
  ff26911fd3
• fix: use lockfile-aware install commands
  securityeng-bot[bot] · 2026-06-12 14:59:41 +00:00
  c2245a368f
• Merge pull request #1561 from docker/e2e-aws-ecr-oidc

  ci(e2e): use OIDC for AWS ECR

  CrazyMax · 2026-06-11 23:21:40 +02:00
  d2aace88c2
• ci(e2e): use OIDC for AWS ECR

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-06-11 21:54:33 +02:00
  ffca5157f0
• Merge pull request #1555 from crazy-max/e2e-dockerhub

  ci(e2e): use org-owned Docker Hub credentials for e2e pushes

  CrazyMax · 2026-06-08 19:08:26 +02:00
  f72b3cf665
• ci(e2e): use org-owned Docker Hub credentials for e2e pushes

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-06-04 16:03:24 +02:00
  405b217da0
• Merge pull request #1554 from crazy-max/e2e-ghcr

  ci(e2e): use GITHUB_TOKEN for GHCR e2e

  CrazyMax · 2026-06-04 16:00:12 +02:00
  7b93b2b85c
• ci(e2e): use GITHUB_TOKEN for GHCR e2e

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-06-02 14:18:39 +02:00
  f55bd083f2
• Merge pull request #1548 from crazy-max/docs-link-secret-inputs

  readme: link secret inputs to the GitHub Actions secrets guide

  Tõnis Tiigi · 2026-05-28 17:30:01 -07:00
  1d0c110a5d
• Merge pull request #1549 from crazy-max/ci-e2e-dockerhub-push-scope

  ci(e2e): limit push-scoped login to Docker Hub

  Tõnis Tiigi · 2026-05-28 17:29:24 -07:00
  8db8ba8e45
• Merge pull request #1551 from crazy-max/yarn-update

  update yarn to 4.15.0

  CrazyMax · 2026-05-28 18:41:31 +02:00
  abf612226d
• update yarn to 4.15.0

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-05-28 15:13:15 +02:00
  fe2165d9f3
• ci(e2e): limit push-scoped login to Docker Hub

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-05-28 11:38:49 +02:00
  77c0af9da9
• readme: link secret inputs to the GitHub Actions secrets guide

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-05-28 11:22:02 +02:00
  2258452e7c
• Merge pull request #1545 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.91.0

  chore(deps): Bump @docker/actions-toolkit from 0.90.0 to 0.91.0

  CrazyMax · 2026-05-28 10:27:20 +02:00
  c0132ad86b
• chore: update generated content
  github-actions[bot] · 2026-05-28 08:19:42 +00:00
  eaa27f4741
• chore(deps): Bump @docker/actions-toolkit from 0.90.0 to 0.91.0

  Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.90.0 to 0.91.0.
  - [Release notes](https://github.com/docker/actions-toolkit/releases)
  - [Commits](https://github.com/docker/actions-toolkit/compare/v0.90.0...v0.91.0)
  
  ---
  updated-dependencies:
  - dependency-name: "@docker/actions-toolkit"
    dependency-version: 0.91.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-28 08:18:45 +00:00
  6d21a1aa84
• Merge pull request #1547 from docker/dependabot/npm_and_yarn/tmp-0.2.7

  chore(deps): Bump tmp from 0.2.5 to 0.2.7

  CrazyMax · 2026-05-28 10:16:11 +02:00
  799faff3ac
• Merge pull request #1546 from docker/sec-cli/ignore-scripts-fix-20260527-192735

  ci: add ignore-scripts to Node package manager config (20260527-192735)

  CrazyMax · 2026-05-28 09:51:59 +02:00
  9c9a2860cb
• chore: update generated content
  github-actions[bot] · 2026-05-28 02:50:37 +00:00
  3bef58aab7
• chore(deps): Bump tmp from 0.2.5 to 0.2.7

  Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.7.
  - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
  - [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7)
  
  ---
  updated-dependencies:
  - dependency-name: tmp
    dependency-version: 0.2.7
    dependency-type: indirect
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-28 02:49:37 +00:00
  a92e9d178d
• ci: enforce ignore-scripts policy for Node package managers
  securityeng-bot[bot] · 2026-05-27 20:02:21 +00:00
  6d45611f19
• Merge pull request #1539 from crazy-max/e2e-scope-login

  ci(e2e): scope login to push

  Tõnis Tiigi · 2026-05-26 10:11:53 -07:00
  473e09f9b5
• Merge pull request #1538 from crazy-max/secrets-no-trim

  preserve trailing whitespace in secrets input

  Tõnis Tiigi · 2026-05-26 10:11:03 -07:00
  d4bf874859
• Merge pull request #1540 from docker/dependabot/github_actions/docker/metadata-action-6.1.0

  chore(deps): Bump docker/metadata-action from 6.0.0 to 6.1.0

  CrazyMax · 2026-05-26 17:22:51 +02:00
  a00e37fb35
• Merge pull request #1541 from docker/dependabot/github_actions/github/codeql-action-4.36.0

  chore(deps): Bump github/codeql-action from 4.35.5 to 4.36.0

  CrazyMax · 2026-05-26 17:22:40 +02:00
  43af6b15d8
• Merge pull request #1542 from docker/dependabot/github_actions/docker/setup-buildx-action-4.1.0

  chore(deps): Bump docker/setup-buildx-action from 4.0.0 to 4.1.0

  CrazyMax · 2026-05-26 17:22:38 +02:00
  79aa6fa61a
• Merge pull request #1544 from docker/dependabot/github_actions/docker/login-action-4.2.0

  chore(deps): Bump docker/login-action from 4.1.0 to 4.2.0

  CrazyMax · 2026-05-26 17:22:36 +02:00
  d0a02127dc
• chore(deps): Bump github/codeql-action from 4.35.5 to 4.36.0

  Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.5 to 4.36.0.
  - [Release notes](https://github.com/github/codeql-action/releases)
  - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
  - [Commits](https://github.com/github/codeql-action/compare/9e0d7b8d25671d64c341c19c0152d693099fb5ba...7211b7c8077ea37d8641b6271f6a365a22a5fbfa)
  
  ---
  updated-dependencies:
  - dependency-name: github/codeql-action
    dependency-version: 4.36.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-26 07:52:07 +00:00
  3a412c25fe
• chore(deps): Bump docker/login-action from 4.1.0 to 4.2.0

  Bumps [docker/login-action](https://github.com/docker/login-action) from 4.1.0 to 4.2.0.
  - [Release notes](https://github.com/docker/login-action/releases)
  - [Commits](https://github.com/docker/login-action/compare/4907a6ddec9925e35a0a9e82d7399ccc52663121...650006c6eb7dba73a995cc03b0b2d7f5ca915bee)
  
  ---
  updated-dependencies:
  - dependency-name: docker/login-action
    dependency-version: 4.2.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-26 07:51:19 +00:00
  d26e5cbfa7
• chore(deps): Bump docker/setup-buildx-action from 4.0.0 to 4.1.0

  Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 4.0.0 to 4.1.0.
  - [Release notes](https://github.com/docker/setup-buildx-action/releases)
  - [Commits](https://github.com/docker/setup-buildx-action/compare/4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd...d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5)
  
  ---
  updated-dependencies:
  - dependency-name: docker/setup-buildx-action
    dependency-version: 4.1.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-26 07:51:07 +00:00
  91c19095e2
• chore(deps): Bump docker/metadata-action from 6.0.0 to 6.1.0

  Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 6.0.0 to 6.1.0.
  - [Release notes](https://github.com/docker/metadata-action/releases)
  - [Commits](https://github.com/docker/metadata-action/compare/030e881283bb7a6894de51c315a6bfe6a94e05cf...80c7e94dd9b9319bd5eb7a0e0fe9291e23a2a2e9)
  
  ---
  updated-dependencies:
  - dependency-name: docker/metadata-action
    dependency-version: 6.1.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-26 07:50:17 +00:00
  e8d3fdadde
• Merge pull request #1543 from docker/dependabot/github_actions/docker/bake-action-7.2.0

  chore(deps): Bump docker/bake-action from 7.1.0 to 7.2.0

  CrazyMax · 2026-05-26 09:48:58 +02:00
  9e8d01178c
• chore(deps): Bump docker/bake-action from 7.1.0 to 7.2.0

  Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.1.0 to 7.2.0.
  - [Release notes](https://github.com/docker/bake-action/releases)
  - [Commits](https://github.com/docker/bake-action/compare/a66e1c87e2eca0503c343edf1d208c716d54b8a8...6614cfa25eff9a0b2b2697efb0b6159e7680d584)
  
  ---
  updated-dependencies:
  - dependency-name: docker/bake-action
    dependency-version: 7.2.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-25 17:41:31 +00:00
  f0ca506b75
• ci(e2e): scope login to push

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-05-22 18:15:25 +02:00
  41ef05cd53
• chore: update generated content

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-05-22 17:44:11 +02:00
  be165868b7
• preserve trailing whitespace in secrets input

  Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

  CrazyMax · 2026-05-22 17:43:30 +02:00
  2d1196fa34
• Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.88.0

  chore(deps): Bump @docker/actions-toolkit from 0.87.0 to 0.90.0

  CrazyMax · 2026-05-21 17:17:52 +02:00
  v7 v7.2.0 f9f3042f7e
• chore: update generated content
  github-actions[bot] · 2026-05-21 15:14:24 +00:00
  812d5fd921
• chore(deps): Bump @docker/actions-toolkit from 0.87.0 to 0.90.0

  Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.87.0 to 0.90.0.
  - [Release notes](https://github.com/docker/actions-toolkit/releases)
  - [Commits](https://github.com/docker/actions-toolkit/compare/v0.87.0...v0.90.0)
  
  ---
  updated-dependencies:
  - dependency-name: "@docker/actions-toolkit"
    dependency-version: 0.88.0
    dependency-type: direct:production
    update-type: version-update:semver-minor
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-21 15:13:14 +00:00
  b6f6693076
• Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1

  chore(deps): Bump @actions/core from 3.0.0 to 3.0.1

  CrazyMax · 2026-05-21 17:02:09 +02:00
  c1c626eced
• chore: update generated content
  github-actions[bot] · 2026-05-21 14:59:33 +00:00
  51bb284cd4
• chore(deps): Bump @actions/core from 3.0.0 to 3.0.1

  Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 3.0.0 to 3.0.1.
  - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
  - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)
  
  ---
  updated-dependencies:
  - dependency-name: "@actions/core"
    dependency-version: 3.0.1
    dependency-type: direct:production
    update-type: version-update:semver-patch
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-21 14:58:26 +00:00
  5f7884def8
• Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-5.7.1

  chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0

  CrazyMax · 2026-05-21 16:56:15 +02:00
  e01deff7d9
• chore: update generated content
  github-actions[bot] · 2026-05-21 14:54:16 +00:00
  3804d49793
• chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0

  Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.5.7 to 5.8.0.
  - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases)
  - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md)
  - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.5.7...v5.8.0)
  
  ---
  updated-dependencies:
  - dependency-name: fast-xml-parser
    dependency-version: 5.7.1
    dependency-type: indirect
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-21 14:53:05 +00:00
  71e8947aac
• Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10

  chore(deps): Bump postcss from 8.5.6 to 8.5.10

  CrazyMax · 2026-05-21 16:50:55 +02:00
  4925ad24cd
• Merge pull request #1529 from docker/dependabot/npm_and_yarn/fast-xml-builder-1.2.0

  chore(deps): Bump fast-xml-builder from 1.1.4 to 1.2.0

  CrazyMax · 2026-05-21 16:50:28 +02:00
  08c59e6569
• chore: update generated content
  github-actions[bot] · 2026-05-21 14:48:38 +00:00
  63e6a3e1d8
• chore(deps): Bump fast-xml-builder from 1.1.4 to 1.2.0

  Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.1.4 to 1.2.0.
  - [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md)
  - [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/compare/v1.1.4...v1.2.0)
  
  ---
  updated-dependencies:
  - dependency-name: fast-xml-builder
    dependency-version: 1.2.0
    dependency-type: indirect
  ...
  
  Signed-off-by: dependabot[bot] <support@github.com>

  dependabot[bot] · 2026-05-21 14:47:34 +00:00
  7c3825ea74