Merge pull request #965 from docker/dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.0

build(deps): bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0
Merge pull request #967 from docker/dependabot/github_actions/actions/create-github-app-token-3.1.1
2026-05-12 08:18:19 +01:00 · 2026-04-24 09:53:48 +02:00 · 2026-04-24 09:49:05 +02:00 · 2026-04-24 09:48:54 +02:00 · 2026-04-24 09:48:31 +02:00 · 2026-04-24 09:46:17 +02:00
12 changed files with 42 additions and 25 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -19,6 +19,8 @@ updates:
      interval: "daily"
    cooldown:
      default-days: 2
+      exclude:
+        - "@docker/actions-toolkit"
    versioning-strategy: "increase"
    groups:
      aws-sdk-dependencies:
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -150,7 +150,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -198,7 +198,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -30,17 +30,17 @@ jobs:
          yarn --version
      -
        name: Set up Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
-        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          languages: javascript-typescript
          build-mode: none
      -
        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          category: "/language:javascript-typescript"
--- a/.github/workflows/pr-assign-author.yml
+++ b/.github/workflows/pr-assign-author.yml
@@ -11,7 +11,7 @@ on:

 jobs:
  run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@4a17dbaa9ce13920fc5bb8824eb89c16301e5ab2 # v1.7.0
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Test
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          source: .
          targets: test
--- a/.github/workflows/update-dist.yml
+++ b/.github/workflows/update-dist.yml
@@ -21,7 +21,7 @@ jobs:
      -
        name: GitHub auth token from GitHub App
        id: docker-read-app
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
        with:
          app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
          private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
@@ -35,7 +35,7 @@ jobs:
          token: ${{ steps.docker-read-app.outputs.token }}
      -
        name: Build
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          source: .
          targets: build
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -26,7 +26,7 @@ jobs:
      -
        name: Generate matrix
        id: generate
-        uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action/subaction/matrix@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          target: validate

@@ -41,6 +41,6 @@ jobs:
    steps:
      -
        name: Validate
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          targets: ${{ matrix.target }}
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -19,7 +19,7 @@ on:

 jobs:
  zizmor:
-    uses: crazy-max/.github/.github/workflows/zizmor.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
+    uses: crazy-max/.github/.github/workflows/zizmor.yml@4a17dbaa9ce13920fc5bb8824eb89c16301e5ab2 # v1.7.0
    permissions:
      contents: read
      security-events: write
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,3 +0,0 @@
-rules:
-  secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783
-    disable: true
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/yarn.lock
+++ b/yarn.lock
@@ -3596,7 +3596,7 @@ __metadata:
  languageName: node
  linkType: hard

-"fast-xml-parser@npm:5.5.8, fast-xml-parser@npm:^5.0.7":
+"fast-xml-parser@npm:5.5.8":
  version: 5.5.8
  resolution: "fast-xml-parser@npm:5.5.8"
  dependencies:
@@ -3609,6 +3609,17 @@ __metadata:
  languageName: node
  linkType: hard

+"fast-xml-parser@npm:^5.0.7":
+  version: 5.3.6
+  resolution: "fast-xml-parser@npm:5.3.6"
+  dependencies:
+    strnum: "npm:^2.1.2"
+  bin:
+    fxparser: src/cli/cli.js
+  checksum: 10/03527ab0bdf49d960fdc8f6088cd0715c052e06b68b39459da87b1a1fbb3439a855b2d83cbf3c400e983b8e668b396296b072a4dd5c63403cf1e618c9326b6df
+  languageName: node
+  linkType: hard
+
 "fdir@npm:^6.5.0":
  version: 6.5.0
  resolution: "fdir@npm:6.5.0"
@@ -5264,6 +5275,13 @@ __metadata:
  languageName: node
  linkType: hard

+"strnum@npm:^2.1.2":
+  version: 2.2.0
+  resolution: "strnum@npm:2.2.0"
+  checksum: 10/2969dbc8441f5af1b55db1d2fcea64a8f912de18515b57f85574e66bdb8f30ae76c419cf1390b343d72d687e2aea5aca82390f18b9e0de45d6bcc6d605eb9385
+  languageName: node
+  linkType: hard
+
 "strnum@npm:^2.2.0":
  version: 2.2.2
  resolution: "strnum@npm:2.2.2"
Author	SHA1	Message	Date
CrazyMax	e33c55ff04	Merge pull request #965 from docker/dependabot/github_actions/aws-actions/configure-aws-credentials-6.1.0 build(deps): bump aws-actions/configure-aws-credentials from 6.0.0 to 6.1.0	2026-04-24 09:53:48 +02:00
CrazyMax	c318662ea5	Merge pull request #967 from docker/dependabot/github_actions/actions/create-github-app-token-3.1.1 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1	2026-04-24 09:49:05 +02:00
CrazyMax	ae469901b0	Merge pull request #971 from docker/dependabot/github_actions/github/codeql-action-4.35.2 build(deps): bump github/codeql-action from 4.35.1 to 4.35.2	2026-04-24 09:48:54 +02:00
CrazyMax	a1b00d1f67	Merge pull request #973 from docker/dependabot/github_actions/actions/setup-node-6.4.0 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0	2026-04-24 09:48:31 +02:00
CrazyMax	60b37403f5	Merge pull request #974 from docker/dependabot/github_actions/crazy-max-dot-github-6f136b1f9e build(deps): bump the crazy-max-dot-github group with 2 updates	2026-04-24 09:46:17 +02:00
dependabot[bot]	1307053441	build(deps): bump the crazy-max-dot-github group with 2 updates Bumps the crazy-max-dot-github group with 2 updates: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github). Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`d89fe92d80...4a17dbaa9c`) Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.6.0 to 1.7.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`d89fe92d80...4a17dbaa9c`) --- updated-dependencies: - dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github - dependency-name: crazy-max/.github/.github/workflows/zizmor.yml dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-22 05:52:24 +00:00
dependabot[bot]	1ed1634702	build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](`53b83947a5...48b55a011b`) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-21 05:53:38 +00:00
dependabot[bot]	5565f3ba0d	build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`c10b8064de...95e58e9a2c`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-17 05:53:52 +00:00
Tõnis Tiigi	4a8376e001	Merge pull request #969 from crazy-max/fix-zizmor ci(zizmor): update rules	2026-04-15 14:25:37 -07:00
CrazyMax	d0fa2cf570	ci(zizmor): update rules Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-15 16:01:48 +02:00
CrazyMax	d43e1c853e	Merge pull request #968 from docker/dependabot/github_actions/docker/bake-action-7.1.0 build(deps): bump docker/bake-action from 7.0.0 to 7.1.0	2026-04-13 13:22:36 +02:00
dependabot[bot]	2f6998335c	build(deps): bump docker/bake-action from 7.0.0 to 7.1.0 Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0. - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](`82490499d2...a66e1c87e2`) --- updated-dependencies: - dependency-name: docker/bake-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 05:56:43 +00:00
dependabot[bot]	d65286840f	build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.0.0 to 3.1.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](`f8d387b68d...1b10c78c78`) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 05:56:34 +00:00
CrazyMax	36864503dc	Merge pull request #964 from docker/dependabot/github_actions/crazy-max-dot-github-f0991e81fd build(deps): bump the crazy-max-dot-github group with 2 updates	2026-04-09 10:21:51 +02:00
dependabot[bot]	ada68c7d01	build(deps): bump aws-actions/configure-aws-credentials Bumps [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) from 6.0.0 to 6.1.0. - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](`8df5847569...ec61189d14`) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-09 05:53:57 +00:00
dependabot[bot]	55e1ea5a9a	build(deps): bump the crazy-max-dot-github group with 2 updates Bumps the crazy-max-dot-github group with 2 updates: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github). Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.3.0 to 1.6.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`bb328ea508...d89fe92d80`) Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.3.0 to 1.6.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`bb328ea508...d89fe92d80`) --- updated-dependencies: - dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github - dependency-name: crazy-max/.github/.github/workflows/zizmor.yml dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-09 05:52:26 +00:00