Compare commits

...

22 Commits

Author SHA1 Message Date
CrazyMax
530a407188
Merge pull request #672 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.91.0
Some checks failed
ci / tag-schedule (schedule) (push) Has been cancelled
ci / tag-schedule ({{date 'YYYYMMDD-HHmmss'}}) (push) Has been cancelled
ci / tag-match (\d.\d, 0) (push) Has been cancelled
ci / tag-match (\d.\d.\d, 0) (push) Has been cancelled
ci / tag-match (v(.*), 1) (push) Has been cancelled
ci / tag-semver (auto) (push) Has been cancelled
ci / tag-semver (false) (push) Has been cancelled
ci / tag-semver (true) (push) Has been cancelled
ci / flavor (push) Has been cancelled
ci / images (push) Has been cancelled
ci / custom-labels-annotations (push) Has been cancelled
ci / global-exps (push) Has been cancelled
ci / json (push) Has been cancelled
ci / docker-push (push) Has been cancelled
ci / bake (push) Has been cancelled
ci / sep-tags ( ) (push) Has been cancelled
ci / sep-tags (,) (push) Has been cancelled
ci / output-env (push) Has been cancelled
ci / no-output-env (push) Has been cancelled
ci / bake-annotations (push) Has been cancelled
ci / no-images (push) Has been cancelled
ci / bake-path-context (push) Has been cancelled
ci / sha-short () (push) Has been cancelled
ci / sha-short (16) (push) Has been cancelled
ci / dump (push) Has been cancelled
codeql / analyze (push) Has been cancelled
test / test (push) Has been cancelled
validate / prepare (push) Has been cancelled
validate / validate (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled
chore(deps): Bump @docker/actions-toolkit from 0.90.0 to 0.91.0
2026-05-28 12:59:33 +02:00
github-actions[bot]
afa75d4359 chore: update generated content 2026-05-28 10:57:17 +00:00
dependabot[bot]
26a83f6e31
chore(deps): Bump @docker/actions-toolkit from 0.90.0 to 0.91.0
Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.90.0 to 0.91.0.
- [Release notes](https://github.com/docker/actions-toolkit/releases)
- [Commits](https://github.com/docker/actions-toolkit/compare/v0.90.0...v0.91.0)

---
updated-dependencies:
- dependency-name: "@docker/actions-toolkit"
  dependency-version: 0.91.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 10:56:20 +00:00
CrazyMax
585dfe4a50
Merge pull request #663 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
chore(deps): Bump @actions/core from 3.0.0 to 3.0.1
2026-05-28 12:54:14 +02:00
github-actions[bot]
829c7e6ce9 chore: update generated content 2026-05-28 10:25:16 +00:00
dependabot[bot]
246bbe8935
chore(deps): Bump @actions/core from 3.0.0 to 3.0.1
Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 3.0.0 to 3.0.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core)

---
updated-dependencies:
- dependency-name: "@actions/core"
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 10:24:18 +00:00
CrazyMax
ebb6b285fa
Merge pull request #666 from docker/dependabot/npm_and_yarn/actions/github-9.1.1
chore(deps): Bump @actions/github from 9.0.0 to 9.1.1
2026-05-28 12:22:11 +02:00
github-actions[bot]
cbc0ced701 chore: update generated content 2026-05-28 10:18:59 +00:00
dependabot[bot]
55d77601d7
chore(deps): Bump @actions/github from 9.0.0 to 9.1.1
Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 9.0.0 to 9.1.1.
- [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md)
- [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github)

---
updated-dependencies:
- dependency-name: "@actions/github"
  dependency-version: 9.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 10:17:58 +00:00
CrazyMax
f25e8d2521
Merge pull request #665 from docker/dependabot/npm_and_yarn/semver-7.8.0
chore(deps): Bump semver from 7.7.4 to 7.8.1
2026-05-28 11:35:07 +02:00
github-actions[bot]
8707af5b28 chore: update generated content 2026-05-28 08:44:56 +00:00
dependabot[bot]
f5b5258ae1
chore(deps): Bump semver from 7.7.4 to 7.8.1
Bumps [semver](https://github.com/npm/node-semver) from 7.7.4 to 7.8.1.
- [Release notes](https://github.com/npm/node-semver/releases)
- [Changelog](https://github.com/npm/node-semver/blob/main/CHANGELOG.md)
- [Commits](https://github.com/npm/node-semver/compare/v7.7.4...v7.8.1)

---
updated-dependencies:
- dependency-name: semver
  dependency-version: 7.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 08:43:59 +00:00
CrazyMax
83fa4edf37
Merge pull request #664 from docker/dependabot/npm_and_yarn/moment-timezone-0.6.2
chore(deps): Bump moment-timezone from 0.6.1 to 0.6.2
2026-05-28 10:41:57 +02:00
github-actions[bot]
c57fc5591a chore: update generated content 2026-05-28 08:28:29 +00:00
dependabot[bot]
9c446bddcb
chore(deps): Bump moment-timezone from 0.6.1 to 0.6.2
Bumps [moment-timezone](https://github.com/moment/moment-timezone) from 0.6.1 to 0.6.2.
- [Release notes](https://github.com/moment/moment-timezone/releases)
- [Changelog](https://github.com/moment/moment-timezone/blob/develop/changelog.md)
- [Commits](https://github.com/moment/moment-timezone/compare/0.6.1...0.6.2)

---
updated-dependencies:
- dependency-name: moment-timezone
  dependency-version: 0.6.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 08:27:31 +00:00
CrazyMax
9da27ef7f4
Merge pull request #673 from docker/dependabot/npm_and_yarn/tmp-0.2.7
chore(deps): Bump tmp from 0.2.5 to 0.2.7
2026-05-28 10:24:48 +02:00
github-actions[bot]
ba2f556688 chore: update generated content 2026-05-28 08:21:40 +00:00
dependabot[bot]
47ed4f4109
chore(deps): Bump tmp from 0.2.5 to 0.2.7
Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.7.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 08:20:41 +00:00
CrazyMax
e25b2146bd
Merge pull request #674 from docker/dependabot/github_actions/crazy-max/ghaction-dump-context-3.1.0
chore(deps): Bump crazy-max/ghaction-dump-context from 3.0.0 to 3.1.0
2026-05-28 09:57:10 +02:00
dependabot[bot]
a8639b7509
chore(deps): Bump crazy-max/ghaction-dump-context from 3.0.0 to 3.1.0
Bumps [crazy-max/ghaction-dump-context](https://github.com/crazy-max/ghaction-dump-context) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/crazy-max/ghaction-dump-context/releases)
- [Commits](5d2753e707...4d9eeaf15d)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-dump-context
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-05-28 07:55:44 +00:00
CrazyMax
4e03f56500
Merge pull request #671 from docker/sec-cli/ignore-scripts-fix-20260527-193116
ci: add ignore-scripts to Node package manager config (20260527-193116)
2026-05-28 09:53:58 +02:00
securityeng-bot[bot]
620026c7c4
ci: enforce ignore-scripts policy for Node package managers 2026-05-27 20:04:39 +00:00
7 changed files with 220 additions and 174 deletions

View File

@ -634,4 +634,4 @@ jobs:
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
name: Dump context
uses: crazy-max/ghaction-dump-context@5d2753e7076f4568c7729971e25231f32147e2d8 # v3.0.0
uses: crazy-max/ghaction-dump-context@4d9eeaf15dd59aa4346919ea84a84ccf514b4db8 # v3.1.0

View File

@ -15,3 +15,4 @@ logFilters:
level: discard
nodeLinker: node-modules
enableScripts: false

246
dist/index.cjs generated vendored

File diff suppressed because one or more lines are too long

8
dist/index.cjs.map generated vendored

File diff suppressed because one or more lines are too long

15
dist/licenses.txt generated vendored
View File

@ -4,8 +4,8 @@ https://www.npmjs.com/package/generate-license-file
The following npm packages may be included in this product:
- @sigstore/bundle@4.0.0
- @sigstore/core@3.1.0
- @sigstore/core@3.2.0
- @sigstore/core@3.2.1
- @sigstore/protobuf-specs@0.5.0
- @sigstore/sign@4.1.1
- @sigstore/tuf@4.0.2
@ -218,7 +218,7 @@ Apache License
The following npm package may be included in this product:
- @docker/actions-toolkit@0.90.0
- @docker/actions-toolkit@0.91.0
This package contains the following license:
@ -2701,7 +2701,7 @@ END OF TERMS AND CONDITIONS
The following npm package may be included in this product:
- @sigstore/verify@3.1.0
- @sigstore/verify@3.1.1
This package contains the following license:
@ -3263,12 +3263,14 @@ The following npm packages may be included in this product:
- @azure/core-client@1.10.1
- @azure/core-http-compat@2.3.2
- @azure/core-rest-pipeline@1.22.2
- @azure/core-rest-pipeline@1.23.0
- @azure/core-tracing@1.3.1
- @azure/core-util@1.13.1
- @azure/core-xml@1.5.0
- @azure/logger@1.3.0
- @azure/storage-blob@12.31.0
- @typespec/ts-http-runtime@0.3.3
- @typespec/ts-http-runtime@0.3.5
These packages each contain the following license:
@ -4796,7 +4798,6 @@ The following npm packages may be included in this product:
- once@1.4.0
- semver@7.6.0
- semver@7.7.3
- semver@7.7.4
- semver@7.8.1
- which@2.0.2
- wrappy@1.0.2
@ -5118,7 +5119,7 @@ THE SOFTWARE.
The following npm package may be included in this product:
- tmp@0.2.5
- tmp@0.2.7
This package contains the following license:
@ -5710,7 +5711,7 @@ https://github.com/bitinn/node-fetch
The following npm package may be included in this product:
- moment-timezone@0.6.1
- moment-timezone@0.6.2
This package contains the following license:
@ -5740,7 +5741,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
The following npm packages may be included in this product:
- @actions/artifact@6.2.1
- @actions/cache@6.0.0
- @actions/cache@6.0.1
- @actions/core@3.0.0
- @actions/core@3.0.1
- @actions/exec@3.0.0

View File

@ -25,15 +25,15 @@
"license": "Apache-2.0",
"packageManager": "yarn@4.9.2",
"dependencies": {
"@actions/core": "^3.0.0",
"@actions/github": "^9.0.0",
"@docker/actions-toolkit": "^0.90.0",
"@actions/core": "^3.0.1",
"@actions/github": "^9.1.1",
"@docker/actions-toolkit": "^0.91.0",
"@renovate/pep440": "^1.0.0",
"csv-parse": "^6.2.1",
"handlebars": "^4.7.9",
"moment": "^2.30.1",
"moment-timezone": "^0.6.1",
"semver": "^7.7.4"
"moment-timezone": "^0.6.2",
"semver": "^7.8.1"
},
"devDependencies": {
"@eslint/js": "^9.39.3",

112
yarn.lock
View File

@ -34,20 +34,20 @@ __metadata:
languageName: node
linkType: hard
"@actions/cache@npm:^6.0.0":
version: 6.0.0
resolution: "@actions/cache@npm:6.0.0"
"@actions/cache@npm:^6.0.1":
version: 6.0.1
resolution: "@actions/cache@npm:6.0.1"
dependencies:
"@actions/core": "npm:^3.0.0"
"@actions/core": "npm:^3.0.1"
"@actions/exec": "npm:^3.0.0"
"@actions/glob": "npm:^0.6.1"
"@actions/http-client": "npm:^4.0.0"
"@actions/io": "npm:^3.0.0"
"@azure/core-rest-pipeline": "npm:^1.22.0"
"@azure/storage-blob": "npm:^12.30.0"
"@actions/http-client": "npm:^4.0.1"
"@actions/io": "npm:^3.0.2"
"@azure/core-rest-pipeline": "npm:^1.23.0"
"@azure/storage-blob": "npm:^12.31.0"
"@protobuf-ts/runtime-rpc": "npm:^2.11.1"
semver: "npm:^7.7.3"
checksum: 10/91609983f6ed5829018c6afea9b692762acd34604e44479be3ff25c76f5b869d6727766847193ab9f0724de84cd6043759a55553c500c3538af9951494ca14b6
semver: "npm:^7.7.4"
checksum: 10/05d2c18210fa3b583765d734e9dce6532c76d271805929608ee35f56dd3064e1d30f007400e3a275f74a7ad3e454cf0051b6eab4f15a9669dac081d811ee9d10
languageName: node
linkType: hard
@ -262,6 +262,21 @@ __metadata:
languageName: node
linkType: hard
"@azure/core-rest-pipeline@npm:^1.23.0":
version: 1.23.0
resolution: "@azure/core-rest-pipeline@npm:1.23.0"
dependencies:
"@azure/abort-controller": "npm:^2.1.2"
"@azure/core-auth": "npm:^1.10.0"
"@azure/core-tracing": "npm:^1.3.0"
"@azure/core-util": "npm:^1.13.0"
"@azure/logger": "npm:^1.3.0"
"@typespec/ts-http-runtime": "npm:^0.3.4"
tslib: "npm:^2.6.2"
checksum: 10/9c60c8bb858cec1caf49d3c323667814512fbf0ca3b34fa382c010f4a6fcccf0a6ef8210c2f7d791b2af67b5c427aefb9b1e4c58a9a9ef60d1cff871fca548f3
languageName: node
linkType: hard
"@azure/core-tracing@npm:^1.2.0, @azure/core-tracing@npm:^1.3.0":
version: 1.3.1
resolution: "@azure/core-tracing@npm:1.3.1"
@ -321,7 +336,7 @@ __metadata:
languageName: node
linkType: hard
"@azure/storage-blob@npm:^12.30.0":
"@azure/storage-blob@npm:^12.30.0, @azure/storage-blob@npm:^12.31.0":
version: 12.31.0
resolution: "@azure/storage-blob@npm:12.31.0"
dependencies:
@ -431,12 +446,12 @@ __metadata:
languageName: node
linkType: hard
"@docker/actions-toolkit@npm:^0.90.0":
version: 0.90.0
resolution: "@docker/actions-toolkit@npm:0.90.0"
"@docker/actions-toolkit@npm:^0.91.0":
version: 0.91.0
resolution: "@docker/actions-toolkit@npm:0.91.0"
dependencies:
"@actions/artifact": "npm:^6.2.1"
"@actions/cache": "npm:^6.0.0"
"@actions/cache": "npm:^6.0.1"
"@actions/core": "npm:^3.0.1"
"@actions/exec": "npm:^3.0.0"
"@actions/github": "npm:^9.1.1"
@ -446,7 +461,7 @@ __metadata:
"@sigstore/bundle": "npm:^4.0.0"
"@sigstore/sign": "npm:^4.1.1"
"@sigstore/tuf": "npm:^4.0.2"
"@sigstore/verify": "npm:^3.1.0"
"@sigstore/verify": "npm:^3.1.1"
async-retry: "npm:^1.3.3"
csv-parse: "npm:^6.2.1"
gunzip-maybe: "npm:^1.4.2"
@ -454,10 +469,10 @@ __metadata:
he: "npm:^1.2.0"
js-yaml: "npm:^4.1.1"
jwt-decode: "npm:^4.0.0"
semver: "npm:^7.8.0"
semver: "npm:^7.8.1"
tar-stream: "npm:^3.2.0"
tmp: "npm:^0.2.5"
checksum: 10/5f5d28b1fea503ba54aff18e9ae947ad1bff42c84834120a477b64586251dcf16e67ce0613e60a8a3b596443c9c9d17f7bf982c8754ff4a4cd4cdee3bb97a561
tmp: "npm:^0.2.6"
checksum: 10/31ab0d572e716a765fa4db963a342c9c313460839f9a32c06045e07d47dda314e1dbd50f5f3bed7d4e4caa0f9e0b95d28abce3b4d59bfa54cea3f7d9408e5497
languageName: node
linkType: hard
@ -1675,6 +1690,13 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/core@npm:^3.2.1":
version: 3.2.1
resolution: "@sigstore/core@npm:3.2.1"
checksum: 10/2f6c1ced55f8ed3f7fc705a668eb95db9471511dfb1f054927822bf97a051dd62228ecf6a9f1932d240c2c4ae69a3b5066550789e5ad8f4257839a4370e5a120
languageName: node
linkType: hard
"@sigstore/protobuf-specs@npm:^0.5.0":
version: 0.5.0
resolution: "@sigstore/protobuf-specs@npm:0.5.0"
@ -1741,6 +1763,17 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/verify@npm:^3.1.1":
version: 3.1.1
resolution: "@sigstore/verify@npm:3.1.1"
dependencies:
"@sigstore/bundle": "npm:^4.0.0"
"@sigstore/core": "npm:^3.2.1"
"@sigstore/protobuf-specs": "npm:^0.5.0"
checksum: 10/4cb24b0e62b85ebf2b62698041e0dc212d152fd40a95c05c237357c992265a23e5789f86b138bea2eea0c5f6b994974d968f03dde9c692a514f96ae4b26f31a9
languageName: node
linkType: hard
"@standard-schema/spec@npm:^1.0.0":
version: 1.1.0
resolution: "@standard-schema/spec@npm:1.1.0"
@ -1958,6 +1991,17 @@ __metadata:
languageName: node
linkType: hard
"@typespec/ts-http-runtime@npm:^0.3.4":
version: 0.3.5
resolution: "@typespec/ts-http-runtime@npm:0.3.5"
dependencies:
http-proxy-agent: "npm:^7.0.0"
https-proxy-agent: "npm:^7.0.0"
tslib: "npm:^2.6.2"
checksum: 10/7cf459826e4867ab52a4b9855fdce4590e30a6f37e11fb93155e01c6e80139ec9966b7a3270cffed2c1e88ae66acbae5b4c9a7ecd9274679734da2c18310cc6c
languageName: node
linkType: hard
"@vitest/coverage-v8@npm:^4.0.18":
version: 4.0.18
resolution: "@vitest/coverage-v8@npm:4.0.18"
@ -2838,9 +2882,9 @@ __metadata:
version: 0.0.0-use.local
resolution: "docker-metadata-action@workspace:."
dependencies:
"@actions/core": "npm:^3.0.0"
"@actions/github": "npm:^9.0.0"
"@docker/actions-toolkit": "npm:^0.90.0"
"@actions/core": "npm:^3.0.1"
"@actions/github": "npm:^9.1.1"
"@docker/actions-toolkit": "npm:^0.91.0"
"@eslint/js": "npm:^9.39.3"
"@renovate/pep440": "npm:^1.0.0"
"@types/node": "npm:^24.11.0"
@ -2859,9 +2903,9 @@ __metadata:
globals: "npm:^17.3.0"
handlebars: "npm:^4.7.9"
moment: "npm:^2.30.1"
moment-timezone: "npm:^0.6.1"
moment-timezone: "npm:^0.6.2"
prettier: "npm:^3.8.1"
semver: "npm:^7.7.4"
semver: "npm:^7.8.1"
typescript: "npm:^5.9.3"
vitest: "npm:^4.0.18"
languageName: unknown
@ -4539,12 +4583,12 @@ __metadata:
languageName: node
linkType: hard
"moment-timezone@npm:^0.6.1":
version: 0.6.1
resolution: "moment-timezone@npm:0.6.1"
"moment-timezone@npm:^0.6.2":
version: 0.6.2
resolution: "moment-timezone@npm:0.6.2"
dependencies:
moment: "npm:^2.29.4"
checksum: 10/20a80969712e35cab0ccda1cebe6fd768201bc1c9aa4528881bb8dd352bfcae2564546bf634ee7768aafd1dabb8054982964590084a1af8feab0574dd1d3ea3e
checksum: 10/021f908742a392ff7234b3814fb20c786cb086d0fa3f98a58f6810181c71a305244e908e913d8bd6750c4a7e09300eda2c869cd77ef0b3f83e58028fa75f84de
languageName: node
linkType: hard
@ -5349,7 +5393,7 @@ __metadata:
languageName: node
linkType: hard
"semver@npm:^7.1.1, semver@npm:^7.3.7, semver@npm:^7.5.3, semver@npm:^7.7.4":
"semver@npm:^7.1.1, semver@npm:^7.3.7, semver@npm:^7.5.3":
version: 7.7.4
resolution: "semver@npm:7.7.4"
bin:
@ -5378,7 +5422,7 @@ __metadata:
languageName: node
linkType: hard
"semver@npm:^7.8.0":
"semver@npm:^7.7.4, semver@npm:^7.8.1":
version: 7.8.1
resolution: "semver@npm:7.8.1"
bin:
@ -5802,10 +5846,10 @@ __metadata:
languageName: node
linkType: hard
"tmp@npm:^0.2.5":
version: 0.2.5
resolution: "tmp@npm:0.2.5"
checksum: 10/dd4b78b32385eab4899d3ae296007b34482b035b6d73e1201c4a9aede40860e90997a1452c65a2d21aee73d53e93cd167d741c3db4015d90e63b6d568a93d7ec
"tmp@npm:^0.2.6":
version: 0.2.7
resolution: "tmp@npm:0.2.7"
checksum: 10/0a3bc90beb0c6275273c3475fb57e466eaab1c9c4a101d029ff62b18146ce136e7f75d09de34863d9f2c2a492751402508f9e028bc98eb34a1416195d4b15619
languageName: node
linkType: hard