Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.81.0

build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0
chore: update generated content
2026-05-27 16:48:19 +01:00 · 2026-05-27 17:04:11 +02:00 · 2026-05-27 14:58:54 +00:00 · 2026-05-27 14:57:58 +00:00 · 2026-05-27 16:55:40 +02:00 · 2026-05-27 14:51:58 +00:00
20 changed files with 6762 additions and 1174 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,6 +4,12 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
    cooldown:
      default-days: 2
    groups:
      crazy-max-dot-github:
        patterns:
          - "crazy-max/.github/*"
    labels:
      - "dependencies"
      - "bot"
@@ -11,6 +17,10 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
    cooldown:
      default-days: 2
      exclude:
        - "@docker/actions-toolkit"
    versioning-strategy: "increase"
    allow:
      - dependency-type: "production"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,5 +1,8 @@
 name: ci
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
@@ -22,7 +25,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        id: qemu
@@ -45,7 +48,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        id: qemu
@@ -62,7 +65,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Stop docker
        run: |
@@ -92,7 +95,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        id: qemu
@@ -116,7 +119,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up QEMU
        uses: ./
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,5 +1,8 @@
 name: codeql
 permissions:
  contents: read
 on:
  push:
    branches:
@@ -7,21 +10,19 @@ on:
      - 'releases/v*'
  pull_request:
 permissions:
  actions: read
  contents: read
  security-events: write
 env:
  NODE_VERSION: "24"
 jobs:
  analyze:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      security-events: write
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Enable corepack
        run: |
@@ -29,17 +30,17 @@ jobs:
          yarn --version
      -
        name: Set up Node
-        uses: actions/setup-node@v6
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
-        uses: github/codeql-action/init@v4
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          languages: javascript-typescript
          build-mode: none
      -
        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v4
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          category: "/language:javascript-typescript"
--- a/.github/workflows/pr-assign-author.yml
+++ b/.github/workflows/pr-assign-author.yml
@@ -4,14 +4,14 @@ permissions:
  contents: read
 on:
-  pull_request_target:
+  pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout
    types:
      - opened
      - reopened
 jobs:
  run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@20ef82212dc54bab5749f5e05576ca6d3c8a5773 # v1.1.0
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
    permissions:
      contents: read
      pull-requests: write
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -1,5 +1,12 @@
 name: publish
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  release:
    types:
@@ -15,7 +22,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Publish
-        uses: actions/publish-immutable-action@v0.0.4
+        uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -1,5 +1,8 @@
 name: test
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
@@ -17,16 +20,16 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Test
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
        with:
          source: .
          targets: test
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          files: ./coverage/clover.xml
          token: ${{ secrets.CODECOV_TOKEN }}
--- a/.github/workflows/update-dist.yml
+++ b/.github/workflows/update-dist.yml
@@ -1,5 +1,12 @@
 name: update-dist
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  pull_request:
    types:
@@ -8,27 +15,29 @@ on:
 jobs:
  update-dist:
-    if: github.actor == 'dependabot[bot]'
+    if: github.actor == 'dependabot[bot]' && github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
    runs-on: ubuntu-latest
    steps:
      -
        name: GitHub auth token from GitHub App
        id: docker-read-app
-        uses: actions/create-github-app-token@v3
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
        with:
          app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
          private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
          owner: docker
          repositories: setup-qemu-action
          permission-contents: write
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          ref: ${{ github.event.pull_request.head.ref }}
          fetch-depth: 0
-          token: ${{ steps.docker-read-app.outputs.token || github.token }}
+          token: ${{ steps.docker-read-app.outputs.token }}
      -
        name: Build
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
        with:
          source: .
          targets: build
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,5 +1,8 @@
 name: validate
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
@@ -19,11 +22,11 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Generate matrix
        id: generate
-        uses: docker/bake-action/subaction/matrix@v7
+        uses: docker/bake-action/subaction/matrix@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
        with:
          target: validate
@@ -38,6 +41,6 @@ jobs:
    steps:
      -
        name: Validate
-        uses: docker/bake-action@v7
+        uses: docker/bake-action@6614cfa25eff9a0b2b2697efb0b6159e7680d584 # v7.2.0
        with:
          targets: ${{ matrix.target }}
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -0,0 +1,29 @@
 name: zizmor
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 on:
  workflow_dispatch:
  push:
    branches:
      - 'master'
      - 'releases/v*'
    tags:
      - 'v*'
  pull_request:
 jobs:
  zizmor:
    uses: crazy-max/.github/.github/workflows/zizmor.yml@9ba6e6f9450baf3b1237f8035c1fdc45932510bd # v1.8.0
    permissions:
      contents: read
      security-events: write
    with:
      min-severity: medium
      min-confidence: medium
      persona: pedantic
--- a/README.md
+++ b/README.md
@@ -35,6 +35,34 @@ jobs:
        uses: docker/setup-qemu-action@v4
 ```
 This action registers QEMU emulators with `binfmt_misc`, so later steps can run
 containers built for another architecture on the GitHub-hosted runner.
 ```yaml
 name: run-cross-platform-container
 on:
  workflow_dispatch:
 jobs:
  qemu-example:
    runs-on: ubuntu-latest
    steps:
      -
        name: Set up QEMU
        uses: docker/setup-qemu-action@v4
      -
        name: Run an arm64 container
        run: docker run --rm --platform linux/arm64 alpine uname -m
 ```
 The command above prints `aarch64` even though the job itself is running on
 `ubuntu-latest`.
 > [!TIP]
 > `setup-qemu-action` enables user-mode emulation for registered platforms. It
 > does not install `qemu-system-*` tools or add `qemu-*` binaries to your PATH.
 > [!NOTE]
 > If you are using [`docker/setup-buildx-action`](https://github.com/docker/setup-buildx-action),
 > this action should come before it:
--- a/action.yml
+++ b/action.yml
@@ -26,5 +26,5 @@ outputs:
 runs:
  using: 'node24'
-  main: 'dist/index.js'
+  main: 'dist/index.cjs'
-  post: 'dist/index.js'
+  post: 'dist/index.cjs'
--- a/dist/index.cjs
+++ b/dist/index.cjs
--- a/dist/index.cjs.map
+++ b/dist/index.cjs.map
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
--- a/dist/package.json
+++ b/dist/package.json
@@ -1,3 +0,0 @@
 {
  "type": "module"
 }
--- a/dist/sourcemap-register.cjs
+++ b/dist/sourcemap-register.cjs
--- a/package.json
+++ b/package.json
@@ -4,10 +4,11 @@
  "type": "module",
  "main": "src/main.ts",
  "scripts": {
-    "build": "ncc build src/main.ts --source-map --minify --license licenses.txt",
+    "build": "esbuild src/main.ts --bundle --platform=node --target=node24 --format=cjs --outfile=dist/index.cjs --sourcemap --minify && yarn run license",
    "lint": "eslint --max-warnings=0 .",
    "format": "eslint --fix .",
-    "test": "vitest run"
+    "test": "vitest run",
    "license": "generate-license-file --input package.json --output dist/licenses.txt --overwrite --ci --no-spinner --eol lf"
  },
  "repository": {
    "type": "git",
@@ -23,19 +24,20 @@
  "packageManager": "yarn@4.9.2",
  "dependencies": {
    "@actions/core": "^3.0.0",
-    "@docker/actions-toolkit": "^0.79.0"
+    "@docker/actions-toolkit": "^0.91.0"
  },
  "devDependencies": {
    "@eslint/js": "^9.39.3",
    "@types/node": "^24.11.0",
    "@typescript-eslint/eslint-plugin": "^8.56.1",
    "@typescript-eslint/parser": "^8.56.1",
    "@vercel/ncc": "^0.38.4",
    "@vitest/coverage-v8": "^4.0.18",
    "@vitest/eslint-plugin": "^1.6.9",
    "esbuild": "^0.28.0",
    "eslint": "^9.39.3",
    "eslint-config-prettier": "^10.1.8",
    "eslint-plugin-prettier": "^5.5.5",
    "generate-license-file": "^4.1.1",
    "globals": "^17.3.0",
    "prettier": "^3.8.1",
    "typescript": "^5.9.3",
--- a/yarn.lock
+++ b/yarn.lock
Author	SHA1	Message	Date
CrazyMax	8c37cd6f34	Merge pull request #250 from docker/dependabot/npm_and_yarn/docker/actions-toolkit-0.81.0 build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0	2026-05-27 17:04:11 +02:00
github-actions[bot]	d1a0ff34af	chore: update generated content	2026-05-27 14:58:54 +00:00
dependabot[bot]	0a8f3dc125	build(deps): bump @docker/actions-toolkit from 0.79.0 to 0.91.0 Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.79.0 to 0.91.0. - [Release notes](https://github.com/docker/actions-toolkit/releases) - [Commits](https://github.com/docker/actions-toolkit/compare/v0.79.0...v0.91.0) --- updated-dependencies: - dependency-name: "@docker/actions-toolkit" dependency-version: 0.81.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 14:57:58 +00:00
CrazyMax	9430f61a76	Merge pull request #291 from docker/dependabot/npm_and_yarn/tmp-0.2.6 build(deps): bump tmp from 0.2.5 to 0.2.6	2026-05-27 16:55:40 +02:00
github-actions[bot]	978bd7796c	chore: update generated content	2026-05-27 14:51:58 +00:00
dependabot[bot]	3479febc62	build(deps): bump tmp from 0.2.5 to 0.2.6 Bumps [tmp](https://github.com/raszi/node-tmp) from 0.2.5 to 0.2.6. - [Changelog](https://github.com/raszi/node-tmp/blob/master/CHANGELOG.md) - [Commits](https://github.com/raszi/node-tmp/compare/v0.2.5...v0.2.6) --- updated-dependencies: - dependency-name: tmp dependency-version: 0.2.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 14:51:06 +00:00
CrazyMax	b113c26414	Merge pull request #255 from docker/dependabot/npm_and_yarn/fast-xml-parser-5.5.7 build(deps): bump fast-xml-parser from 5.4.2 to 5.8.0	2026-05-27 16:48:38 +02:00
github-actions[bot]	0d62f46692	chore: update generated content	2026-05-27 14:44:23 +00:00
dependabot[bot]	18b22fb6dd	build(deps): bump fast-xml-parser from 5.4.2 to 5.8.0 Bumps [fast-xml-parser](https://github.com/NaturalIntelligence/fast-xml-parser) from 5.4.2 to 5.8.0. - [Release notes](https://github.com/NaturalIntelligence/fast-xml-parser/releases) - [Changelog](https://github.com/NaturalIntelligence/fast-xml-parser/blob/master/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-parser/compare/v5.4.2...v5.8.0) --- updated-dependencies: - dependency-name: fast-xml-parser dependency-version: 5.5.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 14:43:32 +00:00
CrazyMax	307ba5d25d	Merge pull request #262 from docker/dependabot/npm_and_yarn/handlebars-4.7.9 build(deps): bump handlebars from 4.7.8 to 4.7.9	2026-05-27 16:41:13 +02:00
CrazyMax	9477555b6a	Merge pull request #265 from docker/dependabot/npm_and_yarn/brace-expansion-1.1.13 build(deps): bump brace-expansion from 1.1.12 to 1.1.15	2026-05-27 16:40:42 +02:00
github-actions[bot]	fd73ae4b74	chore: update generated content	2026-05-27 14:37:08 +00:00
dependabot[bot]	022e3ecd29	build(deps): bump brace-expansion from 1.1.12 to 1.1.15 Bumps [brace-expansion](https://github.com/juliangruber/brace-expansion) from 1.1.12 to 1.1.15. - [Release notes](https://github.com/juliangruber/brace-expansion/releases) - [Commits](https://github.com/juliangruber/brace-expansion/compare/v1.1.12...v1.1.15) --- updated-dependencies: - dependency-name: brace-expansion dependency-version: 1.1.13 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 14:36:17 +00:00
CrazyMax	2f5ed24eb7	Merge pull request #258 from rinadavidyuk826-sudo/docs-add-qemu-usage-example docs: add a runnable QEMU usage example	2026-05-27 16:33:58 +02:00
CrazyMax	5778735069	Merge pull request #251 from docker/dependabot/npm_and_yarn/undici-6.24.0 build(deps): bump undici from 6.23.0 to 6.26.0	2026-05-27 16:30:20 +02:00
github-actions[bot]	d0bca56b99	chore: update generated content	2026-05-27 14:28:49 +00:00
dependabot[bot]	996e022184	build(deps): bump undici from 6.23.0 to 6.26.0 Bumps [undici](https://github.com/nodejs/undici) from 6.23.0 to 6.26.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](https://github.com/nodejs/undici/compare/v6.23.0...v6.26.0) --- updated-dependencies: - dependency-name: undici dependency-version: 6.24.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 14:27:44 +00:00
CrazyMax	85439f04b3	Merge pull request #254 from docker/dependabot/npm_and_yarn/glob-10.5.0 build(deps): bump glob from 10.3.15 to 10.5.0	2026-05-27 16:25:37 +02:00
CrazyMax	1cc3610aed	Merge pull request #257 from docker/dependabot/npm_and_yarn/flatted-3.4.2 build(deps): bump flatted from 3.3.3 to 3.4.2	2026-05-27 16:25:10 +02:00
CrazyMax	8f8e86af25	Merge pull request #261 from docker/dependabot/npm_and_yarn/picomatch-4.0.4 build(deps): bump picomatch from 4.0.3 to 4.0.4	2026-05-27 16:24:41 +02:00
CrazyMax	4048b6c127	Merge pull request #271 from docker/dependabot/npm_and_yarn/vite-7.3.2 build(deps): bump vite from 7.3.1 to 7.3.2	2026-05-27 16:24:05 +02:00
CrazyMax	67d47863c9	Merge pull request #273 from docker/dependabot/npm_and_yarn/lodash-4.18.1 build(deps): bump lodash from 4.17.23 to 4.18.1	2026-05-27 16:23:42 +02:00
CrazyMax	1fc8e57954	Merge pull request #286 from docker/dependabot/npm_and_yarn/fast-xml-builder-1.2.0 build(deps): bump fast-xml-builder from 1.0.0 to 1.2.0	2026-05-27 16:22:56 +02:00
CrazyMax	ba4e02a62a	Merge pull request #279 from docker/dependabot/github_actions/github/codeql-action-4.35.2 build(deps): bump github/codeql-action from 4.35.1 to 4.35.2	2026-05-27 16:20:32 +02:00
CrazyMax	0e29173e9f	Merge pull request #280 from docker/dependabot/github_actions/actions/setup-node-6.4.0 build(deps): bump actions/setup-node from 6.3.0 to 6.4.0	2026-05-27 16:19:56 +02:00
CrazyMax	af55a6d2e1	Merge pull request #276 from docker/dependabot/github_actions/docker/bake-action-7.1.0 build(deps): bump docker/bake-action from 7.0.0 to 7.2.0	2026-05-27 16:14:19 +02:00
dependabot[bot]	cf81fd0aa5	build(deps): bump docker/bake-action from 7.0.0 to 7.2.0 Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.2.0. - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](`82490499d2...6614cfa25e`) --- updated-dependencies: - dependency-name: docker/bake-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 13:59:01 +00:00
CrazyMax	bfdfad855e	Merge pull request #275 from docker/dependabot/github_actions/actions/create-github-app-token-3.1.1 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1	2026-05-27 15:57:35 +02:00
CrazyMax	176fd9f7b5	Merge pull request #281 from docker/dependabot/github_actions/crazy-max-dot-github-6f136b1f9e build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates	2026-05-27 15:57:10 +02:00
CrazyMax	e87fceeec4	Merge pull request #285 from docker/dependabot/npm_and_yarn/postcss-8.5.10 build(deps): bump postcss from 8.5.6 to 8.5.10	2026-05-27 15:56:45 +02:00
CrazyMax	99370af9d1	Merge pull request #287 from docker/dependabot/npm_and_yarn/tar-7.5.15 build(deps): bump tar from 6.2.1 to 7.5.15	2026-05-27 15:56:17 +02:00
dependabot[bot]	5b751102ed	build(deps): bump the crazy-max-dot-github group across 1 directory with 2 updates Bumps the crazy-max-dot-github group with 2 updates in the / directory: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github). Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.6.0 to 1.8.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`d89fe92d80...9ba6e6f945`) Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.6.0 to 1.8.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`d89fe92d80...9ba6e6f945`) --- updated-dependencies: - dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github - dependency-name: crazy-max/.github/.github/workflows/zizmor.yml dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-22 06:20:41 +00:00
CrazyMax	7f9aaaffa5	Merge pull request #290 from crazy-max/zizmor-fixes ci: restrict update-dist GitHub App token scope	2026-05-21 14:58:57 +02:00
CrazyMax	1393c83302	ci: restrict update-dist GitHub App token scope Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-05-21 14:31:27 +02:00
dependabot[bot]	acb469f3e2	build(deps): bump tar from 6.2.1 to 7.5.15 Bumps [tar](https://github.com/isaacs/node-tar) from 6.2.1 to 7.5.15. - [Release notes](https://github.com/isaacs/node-tar/releases) - [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md) - [Commits](https://github.com/isaacs/node-tar/compare/v6.2.1...v7.5.15) --- updated-dependencies: - dependency-name: tar dependency-version: 7.5.15 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-15 00:39:28 +00:00
github-actions[bot]	99b36c7ccc	chore: update generated content	2026-05-08 18:20:17 +00:00
dependabot[bot]	fafa4ba9e7	build(deps): bump fast-xml-builder from 1.0.0 to 1.2.0 Bumps [fast-xml-builder](https://github.com/NaturalIntelligence/fast-xml-builder) from 1.0.0 to 1.2.0. - [Changelog](https://github.com/NaturalIntelligence/fast-xml-builder/blob/main/CHANGELOG.md) - [Commits](https://github.com/NaturalIntelligence/fast-xml-builder/commits/v1.2.0) --- updated-dependencies: - dependency-name: fast-xml-builder dependency-version: 1.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-08 18:19:18 +00:00
dependabot[bot]	a94af66060	build(deps): bump vite from 7.3.1 to 7.3.2 Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.1 to 7.3.2. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.3.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-24 17:42:58 +00:00
dependabot[bot]	60c2d931e8	build(deps): bump picomatch from 4.0.3 to 4.0.4 Bumps [picomatch](https://github.com/micromatch/picomatch) from 4.0.3 to 4.0.4. - [Release notes](https://github.com/micromatch/picomatch/releases) - [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md) - [Commits](https://github.com/micromatch/picomatch/compare/4.0.3...4.0.4) --- updated-dependencies: - dependency-name: picomatch dependency-version: 4.0.4 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-24 17:42:33 +00:00
dependabot[bot]	5fb3f93f25	build(deps): bump postcss from 8.5.6 to 8.5.10 Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.10. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.10) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.10 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-24 17:42:24 +00:00
Tõnis Tiigi	e9a73d0538	Merge pull request #284 from crazy-max/esbuild replace ncc with esbuild for action bundling	2026-04-24 10:40:24 -07:00
CrazyMax	39f273e99b	replace ncc with esbuild for action bundling Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-24 11:26:37 +02:00
dependabot[bot]	333c0cf081	build(deps): bump actions/setup-node from 6.3.0 to 6.4.0 Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](`53b83947a5...48b55a011b`) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-21 06:13:28 +00:00
dependabot[bot]	ede635f9f0	build(deps): bump github/codeql-action from 4.35.1 to 4.35.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`c10b8064de...95e58e9a2c`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-17 06:13:44 +00:00
Tõnis Tiigi	f8607cc714	Merge pull request #278 from crazy-max/fix-zizmor ci(zizmor): update rules	2026-04-15 14:26:22 -07:00
CrazyMax	12ef543ef5	ci(zizmor): update rules Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-15 16:02:59 +02:00
dependabot[bot]	be32618138	build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.0.0 to 3.1.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](`f8d387b68d...1b10c78c78`) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 06:24:26 +00:00
dependabot[bot]	74eee9ca52	build(deps): bump lodash from 4.17.23 to 4.18.1 Bumps [lodash](https://github.com/lodash/lodash) from 4.17.23 to 4.18.1. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/compare/4.17.23...4.18.1) --- updated-dependencies: - dependency-name: lodash dependency-version: 4.18.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-09 08:25:20 +00:00
CrazyMax	76c0984808	Merge pull request #272 from docker/dependabot/github_actions/crazy-max-dot-github-f0991e81fd build(deps): bump the crazy-max-dot-github group with 2 updates	2026-04-09 10:23:39 +02:00
dependabot[bot]	de93a28d33	build(deps): bump the crazy-max-dot-github group with 2 updates Bumps the crazy-max-dot-github group with 2 updates: [crazy-max/.github/.github/workflows/pr-assign-author.yml](https://github.com/crazy-max/.github) and [crazy-max/.github/.github/workflows/zizmor.yml](https://github.com/crazy-max/.github). Updates `crazy-max/.github/.github/workflows/pr-assign-author.yml` from 1.3.0 to 1.6.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`bb328ea508...d89fe92d80`) Updates `crazy-max/.github/.github/workflows/zizmor.yml` from 1.3.0 to 1.6.0 - [Release notes](https://github.com/crazy-max/.github/releases) - [Commits](`bb328ea508...d89fe92d80`) --- updated-dependencies: - dependency-name: crazy-max/.github/.github/workflows/pr-assign-author.yml dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github - dependency-name: crazy-max/.github/.github/workflows/zizmor.yml dependency-version: 1.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: crazy-max-dot-github ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-09 06:11:50 +00:00
CrazyMax	f4e8deed0c	Merge pull request #269 from crazy-max/fix-update-dist ci: stop update-dist reruns after generated dist pushes	2026-04-01 15:09:07 +02:00
CrazyMax	5a1a5cc4f8	ci: stop update-dist reruns after generated dist pushes Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-01 13:16:02 +02:00
CrazyMax	6412e4f975	Merge pull request #268 from docker/dependabot/github_actions/codecov/codecov-action-6.0.0 build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0	2026-03-31 09:27:41 +02:00
dependabot[bot]	3329a8ce3d	build(deps): bump codecov/codecov-action from 5.5.4 to 6.0.0 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.4 to 6.0.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](`75cd11691c...57e3a136b7`) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-31 01:51:28 +00:00
Tõnis Tiigi	cf45d1535a	Merge pull request #267 from crazy-max/zizmor ci: zizmor workflow	2026-03-30 18:50:33 -07:00
CrazyMax	7b4ca36676	fix zizmor findings Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-03-30 14:25:09 +02:00
CrazyMax	9d536b88bb	ci: zizmor workflow Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-03-30 14:24:46 +02:00
rinadavidyuk826-sudo	11ca1cd666	docs: add a README QEMU usage example Signed-off-by: rinadavidyuk826-sudo <rinadavidyuk826@gmail.com>	2026-03-27 22:39:07 +08:00
dependabot[bot]	331c3d742d	build(deps): bump handlebars from 4.7.8 to 4.7.9 Bumps [handlebars](https://github.com/handlebars-lang/handlebars.js) from 4.7.8 to 4.7.9. - [Release notes](https://github.com/handlebars-lang/handlebars.js/releases) - [Changelog](https://github.com/handlebars-lang/handlebars.js/blob/v4.7.9/release-notes.md) - [Commits](https://github.com/handlebars-lang/handlebars.js/compare/v4.7.8...v4.7.9) --- updated-dependencies: - dependency-name: handlebars dependency-version: 4.7.9 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-27 00:22:58 +00:00
dependabot[bot]	b27a081f65	build(deps): bump flatted from 3.3.3 to 3.4.2 Bumps [flatted](https://github.com/WebReflection/flatted) from 3.3.3 to 3.4.2. - [Commits](https://github.com/WebReflection/flatted/compare/v3.3.3...v3.4.2) --- updated-dependencies: - dependency-name: flatted dependency-version: 3.4.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-20 15:59:09 +00:00
dependabot[bot]	fb631e9b1a	build(deps): bump glob from 10.3.15 to 10.5.0 Bumps [glob](https://github.com/isaacs/node-glob) from 10.3.15 to 10.5.0. - [Changelog](https://github.com/isaacs/node-glob/blob/main/changelog.md) - [Commits](https://github.com/isaacs/node-glob/compare/v10.3.15...v10.5.0) --- updated-dependencies: - dependency-name: glob dependency-version: 10.5.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-03-20 00:52:53 +00:00