chore: update generated content

Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.7.
- [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md)
- [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.7)

---
updated-dependencies:
- dependency-name: tmp
  dependency-version: 0.2.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/codeql.yml

@@ -35,12 +35,12 @@ jobs:
           node-version: ${{ env.NODE_VERSION }}
       -
         name: Initialize CodeQL
-        uses: github/codeql-action/init@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           languages: javascript-typescript
           build-mode: none
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@9e0d7b8d25671d64c341c19c0152d693099fb5ba # v4.35.5
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
         with:
           category: "/language:javascript-typescript"

.github/workflows/test.yml

@@ -23,7 +23,7 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       -
         name: Test
-        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
+        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
         with:
           source: .
           targets: test

.github/workflows/update-dist.yml

@@ -37,7 +37,7 @@ jobs:
           token: ${{ steps.docker-read-app.outputs.token }}
       -
         name: Build
-        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
+        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
         with:
           source: .
           targets: build

.github/workflows/validate.yml

@@ -26,7 +26,7 @@ jobs:
       -
         name: Generate matrix
         id: generate
-        uses: docker/bake-action/subaction/matrix@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
+        uses: docker/bake-action/subaction/matrix@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
         with:
           target: validate
 
@@ -41,6 +41,6 @@ jobs:
     steps:
       -
         name: Validate
-        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
+        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
         with:
           targets: ${{ matrix.target }}

README.md

@@ -117,6 +117,8 @@ instead of a password.
 
 ### Azure Container Registry (ACR)
 
+#### Service principal
+
 [Create a service principal](https://docs.microsoft.com/en-us/azure/container-registry/container-registry-auth-service-principal#create-a-service-principal)
 with access to your container registry through the [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)
 and take note of the generated service principal's ID (also called _client ID_)
@@ -142,10 +144,60 @@ jobs:
           password: ${{ secrets.AZURE_CLIENT_SECRET }}
 ```
 
+> [!NOTE]
+> Replace `<registry-name>` with the name of your registry.
+
+#### OpenID Connect (OIDC)
+
+To authenticate with OpenID Connect, configure a federated identity credential
+for GitHub Actions and use the [Azure Login](https://github.com/Azure/login)
+action to sign in to Azure. Then expose an ACR access token and pass it to this
+action as the password.
+
+```yaml
+name: ci
+
+on:
+  push:
+    branches: main
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  login:
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Login to Azure
+        uses: azure/login@v3
+        with:
+          client-id: ${{ vars.AZURE_CLIENT_ID }}
+          tenant-id: ${{ vars.AZURE_TENANT_ID }}
+          subscription-id: ${{ vars.AZURE_SUBSCRIPTION_ID }}
+      -
+        name: Get ACR access token
+        id: acr-token
+        run: |
+          ACR_TOKEN=$(az acr login --name <registry-name> --expose-token --output tsv --query accessToken)
+          echo "::add-mask::$ACR_TOKEN" # mask the token in workflow logs
+          echo "token=$ACR_TOKEN" >> "$GITHUB_OUTPUT"
+      -
+        name: Login to ACR
+        uses: docker/login-action@v4
+        with:
+          registry: <registry-name>.azurecr.io
+          username: 00000000-0000-0000-0000-000000000000
+          password: ${{ steps.acr-token.outputs.token }}
+```
+
+> [!NOTE]
 > Replace `<registry-name>` with the name of your registry.
 
 ### Google Container Registry (GCR)
 
+> [!NOTE]
 > [Google Artifact Registry](#google-artifact-registry-gar) is the evolution of
 > Google Container Registry. As a fully-managed service with support for both
 > container images and non-container artifacts. If you currently use Google
@@ -176,7 +228,7 @@ jobs:
     -
       name: Authenticate to Google Cloud
       id: auth
-      uses: google-github-actions/auth@v1
+      uses: google-github-actions/auth@v3
       with:
         token_format: access_token
         workload_identity_provider: <workload_identity_provider>
@@ -190,9 +242,10 @@ jobs:
         password: ${{ steps.auth.outputs.access_token }}
 ```
 
+> [!NOTE]
 > Replace `<workload_identity_provider>` with configured workload identity
 > provider. For steps to configure, [see here](https://github.com/google-github-actions/auth#setting-up-workload-identity-federation).
-
+>
 > Replace `<service_account>` with configured service account in workload
 > identity provider which has access to push to GCR
 
@@ -247,7 +300,7 @@ jobs:
       -
         name: Authenticate to Google Cloud
         id: auth
-        uses: google-github-actions/auth@v1
+        uses: google-github-actions/auth@v3
         with:
           token_format: access_token
           workload_identity_provider: <workload_identity_provider>
@@ -261,12 +314,13 @@ jobs:
           password: ${{ steps.auth.outputs.access_token }}
 ```
 
+> [!NOTE]
 > Replace `<workload_identity_provider>` with configured workload identity
 > provider
-
+>
 > Replace `<service_account>` with configured service account in workload
 > identity provider which has access to push to GCR
-
+>
 > Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
 > of the repository where the image is stored.
 
@@ -298,6 +352,7 @@ jobs:
           password: ${{ secrets.GAR_JSON_KEY }}
 ```
 
+> [!NOTE]
 > Replace `<location>` with the regional or multi-regional [location](https://cloud.google.com/artifact-registry/docs/repo-organize#locations)
 > of the repository where the image is stored.
 
@@ -352,6 +407,7 @@ jobs:
           AWS_ACCOUNT_IDS: 012345678910,023456789012
 ```
 
+> [!NOTE]
 > Only available with [AWS CLI version 1](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-login.html)
 
 You can also use the [Configure AWS Credentials](https://github.com/aws-actions/configure-aws-credentials)
@@ -370,7 +426,7 @@ jobs:
     steps:
       -
         name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-access-key-id: ${{ vars.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -382,6 +438,7 @@ jobs:
           registry: <aws-account-number>.dkr.ecr.<region>.amazonaws.com
 ```
 
+> [!NOTE]
 > Replace `<aws-account-number>` and `<region>` with their respective values.
 
 ### AWS Public Elastic Container Registry (ECR)
@@ -413,6 +470,7 @@ jobs:
           AWS_REGION: <region>
 ```
 
+> [!NOTE]
 > Replace `<region>` with its respective value (default `us-east-1`).
 
 ### OCI Oracle Cloud Infrastructure Registry (OCIR)
@@ -445,6 +503,7 @@ jobs:
           password: ${{ secrets.OCI_TOKEN }}
 ```
 
+> [!NOTE]
 > Replace `<region>` with their respective values from [availability regions](https://docs.cloud.oracle.com/iaas/Content/Registry/Concepts/registryprerequisites.htm#Availab)
 
 ### Quay.io
@@ -603,7 +662,7 @@ jobs:
           scope: 'myorg/myimage@push'
       -
         name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           push: true
           tags: myorg/myimage:latest

dist/licenses.txt

@@ -6927,7 +6927,7 @@ THE SOFTWARE.
 
 The following npm package may be included in this product:
 
- - tmp@0.2.5
+ - tmp@0.2.7
 
 This package contains the following license:
 

yarn.lock

@@ -6126,9 +6126,9 @@ __metadata:
   linkType: hard
 
 "tmp@npm:^0.2.5":
-  version: 0.2.5
+  version: 0.2.7
-  resolution: "tmp@npm:0.2.5"
+  resolution: "tmp@npm:0.2.7"
-  checksum: 10/dd4b78b32385eab4899d3ae296007b34482b035b6d73e1201c4a9aede40860e90997a1452c65a2d21aee73d53e93cd167d741c3db4015d90e63b6d568a93d7ec
+  checksum: 10/0a3bc90beb0c6275273c3475fb57e466eaab1c9c4a101d029ff62b18146ce136e7f75d09de34863d9f2c2a492751402508f9e028bc98eb34a1416195d4b15619
   languageName: node
   linkType: hard