Compare commits

...

3 Commits

Author SHA1 Message Date
dependabot[bot]
e35f3f210d chore(deps): Bump github/codeql-action/analyze from 4.36.2 to 4.36.3
Bumps [github/codeql-action/analyze](https://github.com/github/codeql-action) from 4.36.2 to 4.36.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](8aad20d150...54f647b7e1)

---
updated-dependencies:
- dependency-name: github/codeql-action/analyze
  dependency-version: 4.36.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-06 11:54:53 +00:00
CrazyMax
3add1637a6 Merge pull request #1577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1
Some checks failed
codeql / analyze (push) Failing after 3m35s
validate / prepare (push) Successful in 24s
zizmor / zizmor (push) Failing after 0s
test / test (push) Successful in 3m25s
validate / validate (push) Successful in 2m13s
e2e / build (GitHub, ghcr, ghcr.io, ghcr.io/docker/build-push-action-test, remote) (push) Failing after 2m1s
e2e / build (Docker Hub, dockerhub, , dockereng/build-push-action-test, remote) (push) Failing after 2m15s
e2e / build (GitLab, gitlab, registry.gitlab.com, registry.gitlab.com/test1716/test, remote) (push) Failing after 2m5s
e2e / build (Artifactory, artifactory, infradock.jfrog.io, infradock.jfrog.io/test-ghaction/build-push-action, remote) (push) Failing after 2m55s
e2e / build (Azure Container Registry, acr, officialgithubactions.azurecr.io, officialgithubactions.azurecr.io/test-docker-action, remote) (push) Failing after 2m53s
e2e / build (distribution, Distribution, none, local) (push) Failing after 53s
e2e / build (harbor, Harbor, none, local) (push) Failing after 1m8s
e2e / build (Quay, quay, quay.io, quay.io/docker_build_team/ghactiontest, remote) (push) Failing after 1m18s
e2e / build (nexus, Nexus, none, local) (push) Failing after 54s
e2e / build (Google Artifact Registry, gar, us-east4-docker.pkg.dev, us-east4-docker.pkg.dev/sandbox-298914/docker-official-github-actions/test-docker-action, remote) (push) Failing after 1m40s
e2e / build (AWS ECR Public, aws, public.ecr.aws, public.ecr.aws/q3b5f1u4/test-docker-action, remote) (push) Failing after 4m12s
ci / example (push) Failing after 10s
ci / error (push) Failing after 14s
ci / docker-driver (push) Failing after 8s
ci / path-context (push) Failing after 1m0s
ci / export-docker (push) Successful in 21s
e2e / build (AWS ECR, aws, 175142243308.dkr.ecr.us-east-2.amazonaws.com, 175142243308.dkr.ecr.us-east-2.amazonaws.com/sandbox/test-docker-action, remote) (push) Failing after 4m48s
ci / error-buildx (push) Successful in 1m3s
ci / secret-files (push) Successful in 36s
ci / secret (push) Successful in 42s
ci / secret-envs (push) Successful in 34s
ci / network (push) Successful in 37s
ci / ulimit (push) Successful in 36s
ci / cgroup-parent (push) Successful in 41s
ci / shm-size (push) Successful in 50s
ci / add-hosts (push) Successful in 34s
ci / no-cache-filters (push) Successful in 31s
ci / attests-compat (moby/buildkit:buildx-stable-1, v0.9.1) (push) Failing after 26s
ci / minimal (push) Successful in 5m11s
ci / attests-compat (moby/buildkit:latest, edge) (push) Successful in 1m38s
ci / attests-compat (moby/buildkit:buildx-stable-1, latest) (push) Successful in 1m55s
ci / attests-compat (moby/buildkit:v0.10.6, latest) (push) Successful in 1m28s
ci / provenance (, type=image,name=localhost:5000/name/app:latest,push=true, image) (push) Failing after 8s
ci / provenance (mode=max, /tmp/buildx-build, binary) (push) Failing after 9s
ci / provenance (mode=max, type=image,name=localhost:5000/name/app:latest,push=true, image) (push) Failing after 9s
ci / sbom (/tmp/buildx-build, binary) (push) Failing after 9s
ci / sbom (type=image,name=localhost:5000/name/app:latest,push=true, image) (push) Failing after 8s
ci / git-context-secret (push) Failing after 4m43s
ci / multi (multi) (push) Failing after 9s
ci / git-context (push) Failing after 5m10s
ci / provenance (, /tmp/buildx-build, binary) (push) Failing after 1m45s
ci / digest (docker, false, true) (push) Failing after 8s
ci / digest (docker-container, false, false) (push) Failing after 9s
ci / git-context-query (push) Failing after 5m5s
ci / digest (docker-container, false, true) (push) Failing after 10s
ci / digest (docker-container, true, false) (push) Failing after 10s
ci / github-cache (push) Failing after 11s
ci / local-cache (push) Failing after 10s
ci / digest (docker, false, false) (push) Successful in 37s
ci / named-context-container (push) Failing after 8s
ci / digest (docker, true, false) (push) Successful in 43s
ci / named-context-docker (push) Successful in 31s
ci / multi (multi-sudo) (push) Failing after 1m2s
ci / docker-config-malformed (push) Successful in 23s
ci / standalone (push) Successful in 43s
ci / proxy-docker-config (push) Failing after 25s
ci / proxy-buildkitd (push) Failing after 16s
ci / named-context-pin (push) Successful in 45s
ci / multi-output (push) Failing after 9s
ci / summary-not-supported (push) Failing after 17s
ci / registry-cache (push) Failing after 1m22s
ci / annotations (push) Failing after 39s
ci / checks (edge) (push) Successful in 32s
ci / load-and-push (push) Failing after 1m0s
ci / checks (latest) (push) Successful in 34s
ci / checks (v0.14.1) (push) Successful in 30s
ci / summary-disable (push) Failing after 2m25s
ci / record-upload-disable (push) Failing after 2m23s
ci / record-retention-days (0) (push) Failing after 2m21s
ci / record-retention-days (2) (push) Failing after 2m15s
ci / annotations-disabled (push) Successful in 35s
ci / call-check (push) Successful in 35s
ci / no-default-attestations (push) Failing after 1m18s
chore(deps): Bump sigstore from 4.1.0 to 4.1.1
2026-07-03 11:08:48 +02:00
dependabot[bot]
6d79e06484 chore(deps): Bump sigstore from 4.1.0 to 4.1.1
Bumps [sigstore](https://github.com/sigstore/sigstore-js) from 4.1.0 to 4.1.1.
- [Release notes](https://github.com/sigstore/sigstore-js/releases)
- [Commits](https://github.com/sigstore/sigstore-js/compare/sigstore@4.1.0...sigstore@4.1.1)

---
updated-dependencies:
- dependency-name: sigstore
  dependency-version: 4.1.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2026-07-02 14:14:12 +00:00
2 changed files with 16 additions and 16 deletions

View File

@@ -41,6 +41,6 @@ jobs:
build-mode: none
-
name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
uses: github/codeql-action/analyze@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3
with:
category: "/language:javascript-typescript"

View File

@@ -1648,7 +1648,7 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/core@npm:^3.1.0, @sigstore/core@npm:^3.2.0":
"@sigstore/core@npm:^3.2.0, @sigstore/core@npm:^3.2.1":
version: 3.2.1
resolution: "@sigstore/core@npm:3.2.1"
checksum: 10/2f6c1ced55f8ed3f7fc705a668eb95db9471511dfb1f054927822bf97a051dd62228ecf6a9f1932d240c2c4ae69a3b5066550789e5ad8f4257839a4370e5a120
@@ -1669,7 +1669,7 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/sign@npm:^4.1.0":
"@sigstore/sign@npm:^4.1.1":
version: 4.1.1
resolution: "@sigstore/sign@npm:4.1.1"
dependencies:
@@ -1683,7 +1683,7 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/tuf@npm:^4.0.1":
"@sigstore/tuf@npm:^4.0.2":
version: 4.0.2
resolution: "@sigstore/tuf@npm:4.0.2"
dependencies:
@@ -1703,14 +1703,14 @@ __metadata:
languageName: node
linkType: hard
"@sigstore/verify@npm:^3.1.0":
version: 3.1.0
resolution: "@sigstore/verify@npm:3.1.0"
"@sigstore/verify@npm:^3.1.1":
version: 3.1.1
resolution: "@sigstore/verify@npm:3.1.1"
dependencies:
"@sigstore/bundle": "npm:^4.0.0"
"@sigstore/core": "npm:^3.1.0"
"@sigstore/core": "npm:^3.2.1"
"@sigstore/protobuf-specs": "npm:^0.5.0"
checksum: 10/c85713cc326236ef39608e4b061c1192306fd3edd7a1334237d5d53dbb132f04e3f9d3cfd4bb2d521bf0c95a9f98945a748c97ecb06e5f36cfd09488a0d3d73f
checksum: 10/4cb24b0e62b85ebf2b62698041e0dc212d152fd40a95c05c237357c992265a23e5789f86b138bea2eea0c5f6b994974d968f03dde9c692a514f96ae4b26f31a9
languageName: node
linkType: hard
@@ -5387,16 +5387,16 @@ __metadata:
linkType: hard
"sigstore@npm:^4.0.0":
version: 4.1.0
resolution: "sigstore@npm:4.1.0"
version: 4.1.1
resolution: "sigstore@npm:4.1.1"
dependencies:
"@sigstore/bundle": "npm:^4.0.0"
"@sigstore/core": "npm:^3.1.0"
"@sigstore/core": "npm:^3.2.1"
"@sigstore/protobuf-specs": "npm:^0.5.0"
"@sigstore/sign": "npm:^4.1.0"
"@sigstore/tuf": "npm:^4.0.1"
"@sigstore/verify": "npm:^3.1.0"
checksum: 10/7312eed22f82bebcd80a897a163e220bb1df2c084c308d17fb431ff03ef28cf20e3b17312fd8024793dcefa27e794c31174d604a28fc85672a9d6d7f34bbd4a6
"@sigstore/sign": "npm:^4.1.1"
"@sigstore/tuf": "npm:^4.0.2"
"@sigstore/verify": "npm:^3.1.1"
checksum: 10/8fb38bbdc3ee1e79b3f19e0015ebf35b7d7f890673722f182960ec88f02a52f2f631fc983e7f8bafa3a37653a760ddc00277721a8f9159ee6ee311159ca3dfbe
languageName: node
linkType: hard