chore(deps): Bump github/codeql-action from 4.35.1 to 4.35.2

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](c10b8064de...95e58e9a2c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #1516 from crazy-max/fix-zizmor
2026-04-17 14:58:23 +02:00 · 2026-04-17 11:54:18 +00:00 · 2026-04-15 14:25:13 -07:00 · 2026-04-15 16:01:32 +02:00 · 2026-04-15 14:48:56 +02:00 · 2026-04-15 14:48:40 +02:00
7 changed files with 10 additions and 11 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -19,6 +19,8 @@ updates:
      interval: "daily"
    cooldown:
      default-days: 2
      exclude:
        - "@docker/actions-toolkit"
    versioning-strategy: "increase"
    allow:
      - dependency-type: "production"
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1044,7 +1044,7 @@ jobs:
          buildkitd-flags: --debug
      -
        name: Cache Build
-        uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.4
+        uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
        with:
          path: /tmp/.buildx-cache
          key: ${{ runner.os }}-local-test-${{ github.sha }}
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -35,12 +35,12 @@ jobs:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
-        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          languages: javascript-typescript
          build-mode: none
      -
        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
        with:
          category: "/language:javascript-typescript"
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,7 +23,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Test
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          source: .
          targets: test
--- a/.github/workflows/update-dist.yml
+++ b/.github/workflows/update-dist.yml
@@ -21,7 +21,7 @@ jobs:
      -
        name: GitHub auth token from GitHub App
        id: docker-read-app
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
        with:
          app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
          private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
@@ -35,7 +35,7 @@ jobs:
          token: ${{ steps.docker-read-app.outputs.token }}
      -
        name: Build
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          source: .
          targets: build
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -26,7 +26,7 @@ jobs:
      -
        name: Generate matrix
        id: generate
-        uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action/subaction/matrix@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          target: validate
@@ -41,6 +41,6 @@ jobs:
    steps:
      -
        name: Validate
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          targets: ${{ matrix.target }}
--- a/.github/zizmor.yml
+++ b/.github/zizmor.yml
@@ -1,3 +0,0 @@
 rules:
  secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783
    disable: true
Author	SHA1	Message	Date
dependabot[bot]	011a9bc52d	chore(deps): Bump github/codeql-action from 4.35.1 to 4.35.2 Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.1 to 4.35.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](`c10b8064de...95e58e9a2c`) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.35.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-17 11:54:18 +00:00
Tõnis Tiigi	c269a24fa2	Merge pull request #1516 from crazy-max/fix-zizmor ci(zizmor): update rules	2026-04-15 14:25:13 -07:00
CrazyMax	64fda479ac	ci(zizmor): update rules Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-15 16:01:32 +02:00
CrazyMax	c1d0c0cc42	Merge pull request #1514 from docker/dependabot/github_actions/actions/create-github-app-token-3.1.1 chore(deps): Bump actions/create-github-app-token from 3.0.0 to 3.1.1	2026-04-15 14:48:56 +02:00
CrazyMax	d5c8665698	Merge pull request #1515 from docker/dependabot/github_actions/actions/cache-5.0.5 chore(deps): Bump actions/cache from 5.0.4 to 5.0.5	2026-04-15 14:48:40 +02:00
dependabot[bot]	e4086eff94	chore(deps): Bump actions/cache from 5.0.4 to 5.0.5 Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](`668228422a...27d5ce7f10`) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-15 11:54:10 +00:00
CrazyMax	e6ed27f63f	Merge pull request #1513 from docker/dependabot/github_actions/docker/bake-action-7.1.0 chore(deps): Bump docker/bake-action from 7.0.0 to 7.1.0	2026-04-14 10:54:30 +02:00
dependabot[bot]	dba6f6cfd6	chore(deps): Bump actions/create-github-app-token from 3.0.0 to 3.1.1 Bumps [actions/create-github-app-token](https://github.com/actions/create-github-app-token) from 3.0.0 to 3.1.1. - [Release notes](https://github.com/actions/create-github-app-token/releases) - [Commits](`f8d387b68d...1b10c78c78`) --- updated-dependencies: - dependency-name: actions/create-github-app-token dependency-version: 3.1.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 12:35:24 +00:00
dependabot[bot]	4fc600fc62	chore(deps): Bump docker/bake-action from 7.0.0 to 7.1.0 Bumps [docker/bake-action](https://github.com/docker/bake-action) from 7.0.0 to 7.1.0. - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](`82490499d2...a66e1c87e2`) --- updated-dependencies: - dependency-name: docker/bake-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 12:34:56 +00:00