Compare commits

...

3 Commits

Author SHA1 Message Date
dependabot[bot]
af695667c6
chore(deps): Bump the crazy-max-dot-github group across 1 directory with 2 updates
Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github).


Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...716fd1c51a)

Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.8.0 to 1.10.0
- [Release notes](https://github.com/crazy-max/.github/releases)
- [Commits](9ba6e6f945...716fd1c51a)

---
updated-dependencies:
- dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
- dependency-name: crazy-max/.github/.github/workflows/zizmor.yml
  dependency-version: 1.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: crazy-max-dot-github
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-06-12 19:22:25 +00:00
temenuzhka-thede
020b7354dd
Merge pull request #682 from docker/sec-cli/npm-ci-20260612-184903
Some checks failed
ci / tag-schedule (schedule) (push) Has been cancelled
ci / tag-schedule ({{date 'YYYYMMDD-HHmmss'}}) (push) Has been cancelled
ci / tag-match (\d.\d, 0) (push) Has been cancelled
ci / tag-match (\d.\d.\d, 0) (push) Has been cancelled
ci / tag-match (v(.*), 1) (push) Has been cancelled
ci / tag-semver (auto) (push) Has been cancelled
ci / tag-semver (false) (push) Has been cancelled
ci / tag-semver (true) (push) Has been cancelled
ci / flavor (push) Has been cancelled
ci / images (push) Has been cancelled
ci / custom-labels-annotations (push) Has been cancelled
ci / global-exps (push) Has been cancelled
ci / json (push) Has been cancelled
ci / docker-push (push) Has been cancelled
ci / bake (push) Has been cancelled
ci / sep-tags ( ) (push) Has been cancelled
ci / sep-tags (,) (push) Has been cancelled
ci / output-env (push) Has been cancelled
ci / no-output-env (push) Has been cancelled
ci / bake-annotations (push) Has been cancelled
ci / no-images (push) Has been cancelled
ci / bake-path-context (push) Has been cancelled
ci / sha-short () (push) Has been cancelled
ci / sha-short (16) (push) Has been cancelled
ci / dump (push) Has been cancelled
codeql / analyze (push) Has been cancelled
test / test (push) Has been cancelled
validate / prepare (push) Has been cancelled
zizmor / zizmor (push) Has been cancelled
validate / validate (push) Has been cancelled
fix: replace npm install with npm ci (20260612-184903)
2026-06-12 14:10:33 -05:00
securityeng-bot[bot]
7f842e879c
fix: use lockfile-aware install commands 2026-06-12 18:49:05 +00:00
3 changed files with 3 additions and 3 deletions

View File

@ -11,7 +11,7 @@ on:
jobs:
run:
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
permissions:
contents: read
pull-requests: write

View File

@ -19,7 +19,7 @@ on:
jobs:
zizmor:
uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
uses: crazy-max/.github/.github/workflows/zizmor.yml@716fd1c51a46c5d93a41d44a94b439c9ee802536 # v1.10.0
permissions:
contents: read
security-events: write

View File

@ -17,7 +17,7 @@ FROM base AS deps
RUN --mount=type=bind,target=.,rw \
--mount=type=cache,target=/src/.yarn/cache \
--mount=type=cache,target=/src/node_modules \
yarn install && mkdir /vendor && cp yarn.lock /vendor
yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor
FROM scratch AS vendor-update
COPY --from=deps /vendor /