Compare commits

..

3 Commits

Author SHA1 Message Date
dependabot[bot]
a50bcf185b
chore(deps): Bump the crazy-max-dot-github group across 1 directory with 2 updates
Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...46267a6e61)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.8.0 to 1.10.1
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...46267a6e61)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-15 11:52:28 +00:00
CrazyMax
ff26911fd3
Merge pull request #1562 from docker/sec-cli/npm-ci-20260612-145940
Some checks failed
ci / multi-output (push) Has been cancelled
ci / load-and-push (push) Has been cancelled
ci / summary-disable (push) Has been cancelled
ci / summary-not-supported (push) Has been cancelled
ci / record-upload-disable (push) Has been cancelled
ci / record-retention-days (0) (push) Has been cancelled
ci / record-retention-days (2) (push) Has been cancelled
ci / checks (edge) (push) Has been cancelled
ci / checks (latest) (push) Has been cancelled
ci / checks (v0.14.1) (push) Has been cancelled
ci / annotations-disabled (push) Has been cancelled
ci / call-check (push) Has been cancelled
ci / no-default-attestations (push) Has been cancelled
codeql / analyze (push) Has been cancelled
e2e / build (AWS ECR Public, aws, public.ecr.aws, public.ecr.aws/q3b5f1u4/test-docker-action, remote) (push) Has been cancelled
e2e / build (AWS ECR, aws, 175142243308.dkr.ecr.us-east-2.amazonaws.com, 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action, remote) (push) Has been cancelled
e2e / build (Artifactory, artifactory, infradock.jfrog.io, infradock.jfrog.io/test-ghaction/build-push-action, remote) (push) Has been cancelled
e2e / build (Azure Container Registry, acr, officialgithubactions.azurecr.io, officialgithubactions.azurecr.io/test-docker-action, remote) (push) Has been cancelled
e2e / build (Docker Hub, dockerhub, , dockereng/build-push-action-test, remote) (push) Has been cancelled
e2e / build (GitHub, ghcr, ghcr.io, ghcr.io/docker/build-push-action-test, remote) (push) Has been cancelled
e2e / build (GitLab, gitlab, registry.gitlab.com, registry.gitlab.com/test1716/test, remote) (push) Has been cancelled
e2e / build (Google Artifact Registry, gar, us-east4-docker.pkg.dev, us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action, remote) (push) Has been cancelled
e2e / build (Quay, quay, quay.io, quay.io/docker_build_team/ghactiontest, remote) (push) Has been cancelled
e2e / build (distribution, Distribution, none, local) (push) Has been cancelled
e2e / build (harbor, Harbor, none, local) (push) Has been cancelled
e2e / build (nexus, Nexus, none, local) (push) Has been cancelled
test / test (push) Has been cancelled
validate / prepare (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled
validate / validate (push) Has been cancelled
fix: replace npm install with npm ci (20260612-145940)
2026-06-12 17:16:13 +02:00
securityeng-bot[bot]
c2245a368f
fix: use lockfile-aware install commands 2026-06-12 14:59:41 +00:00
3 changed files with 3 additions and 3 deletions

View File

@ -11,7 +11,7 @@ on:
jobs:
run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
permissions:
contents: read
pull-requests: write

View File

@ -19,7 +19,7 @@ on:
jobs:
zizmor:
uses: crazy-max/.github/.github/workflows/zizmor.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
uses: crazy-max/.github/.github/workflows/zizmor.yml@46267a6e61cd56aac2fc79943df180152f4c89d6 # v1.10.1
permissions:
contents: read
security-events: write

View File

@ -17,7 +17,7 @@ FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /