build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.34.0 #154

dependabot · 2024-07-18T06:50:55Z

Bumps @docker/actions-toolkit from 0.31.0 to 0.34.0.

Release notes

Sourced from @docker/actions-toolkit's releases.

v0.34.0

disable DCT for docker commands by @crazy-max in docker/actions-toolkit#412

build(deps): bump semver from 7.6.2 to 7.6.3 in docker/actions-toolkit#413

Full Changelog: docker/actions-toolkit@v0.33.0...v0.34.0

v0.33.0

buildx(history): env var to override export build image by @crazy-max in docker/actions-toolkit#410

buildx: fix broken local state by @crazy-max in docker/actions-toolkit#403 docker/actions-toolkit#404 docker/actions-toolkit#405 docker/actions-toolkit#411

build(deps): bump @actions/artifact from 2.1.7 to 2.1.8 in docker/actions-toolkit#406

Full Changelog: docker/actions-toolkit@v0.32.0...v0.33.0

v0.32.0

docker: contextInspect func by @crazy-max in docker/actions-toolkit#400

Full Changelog: docker/actions-toolkit@v0.31.0...v0.32.0

Commits

163d33a Merge pull request #412 from crazy-max/docker-disable-dct
d283be9 Merge pull request #413 from docker/dependabot/npm_and_yarn/semver-7.6.3
ffc7d98 build(deps): bump semver from 7.6.2 to 7.6.3
d36bef4 disable DCT for docker commands
300c014 Merge pull request #411 from crazy-max/buildx-localstate-regex-fix
b641895 buildx: fix regex in fixLocalState func
4db21c4 Merge pull request #406 from docker/dependabot/npm_and_yarn/actions/artifact-...
8d807b6 Merge pull request #410 from crazy-max/export-build-image-env
99e6b01 github: use isGhes func from actions/artifact module
2320807 buildx(history): env var to override export build image
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.34.0. - [Release notes](https://github.com/docker/actions-toolkit/releases) - [Commits](docker/actions-toolkit@v0.31.0...v0.34.0) --- updated-dependencies: - dependency-name: "@docker/actions-toolkit" dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/login-action](https://github.com/docker/login-action) | action | minor | `v3.2.0` -> `v3.3.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | --- ### Release Notes <details> <summary>docker/login-action (docker/login-action)</summary> ### [`v3.3.0`](https://github.com/docker/login-action/releases/tag/v3.3.0) [Compare Source](https://github.com/docker/login-action/compare/v3.2.0...v3.3.0) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.24.0 to 0.35.0 in [docker/login-action#754 - Bump https-proxy-agent from 7.0.4 to 7.0.5 in [docker/login-action#741 - Bump braces from 3.0.2 to 3.0.3 in [docker/login-action#730 **Full Changelog**: docker/login-action@v3.2.0...v3.3.0 </details> <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/Hapag-Lloyd/Workflow-Templates).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

…186) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | OpenSSF | |---|---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/docker/setup-qemu-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/docker/setup-qemu-action) | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/chezmoi-sh/atlas).

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@h0x0er](https://github.com/h0x0er) and [@varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger).  Signed-off-by: Mend Renovate <bot@renovateapp.com>

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | action | minor | `v3.1.0` -> `v3.2.0` | | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.3.3` -> `v2.4.0` | | [step-security/harden-runner](https://github.com/step-security/harden-runner) | action | minor | `v2.8.1` -> `v2.9.0` | --- ### Release Notes <details> <summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary> ### [`v3.2.0`](https://github.com/docker/setup-qemu-action/releases/tag/v3.2.0) [Compare Source](https://github.com/docker/setup-qemu-action/compare/v3.1.0...v3.2.0) - Bump [@docker/actions-toolkit](https://github.com/docker/actions-toolkit) from 0.31.0 to 0.35.0 in [docker/setup-qemu-action#154 [docker/setup-qemu-action#155 **Full Changelog**: docker/setup-qemu-action@v3.1.0...v3.2.0 </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://github.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1410 - 🐛 lower license sarif alert threshold to 9 by [@spencerschrock](https://github.com/spencerschrock) in [ossf/scorecard-action#1411 ##### Documentation - docs: dogfooding badge by [@jkowalleck](https://github.com/jkowalleck) in [ossf/scorecard-action#1399 #### New Contributors - [@jkowalleck](https://github.com/jkowalleck) made their first contribution in [ossf/scorecard-action#1399 **Full Changelog**: ossf/scorecard-action@v2.3.3...v2.4.0 </details> <details> <summary>step-security/harden-runner (step-security/harden-runner)</summary> ### [`v2.9.0`](https://github.com/step-security/harden-runner/releases/tag/v2.9.0) [Compare Source](https://github.com/step-security/harden-runner/compare/v2.8.1...v2.9.0) ##### What's Changed Release v2.9.0 by [@h0x0er](https://github.com/h0x0er) and [@varunsh-coder](https://github.com/varunsh-coder) in [step-security/harden-runner#435 This release includes: - Enterprise Tier - Telemetry Upload Enhancement: For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this. - Harden-Runner Agent Authentication: The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this. - README Update: A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly. - Dependency Update: Updated the `braces` npm package dependency to a non-vulnerable version. The vulnerability in `braces` did not affect the Harden Runner Action **Full Changelog**: step-security/harden-runner@v2...v2.9.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on the first day of the month" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/jaegertracing/jaeger).  Signed-off-by: Mend Renovate <bot@renovateapp.com> Signed-off-by: Jared Tan <jian.tan@daocloud.io>

dependabot bot added bot dependencies labels Jul 18, 2024

dependabot bot mentioned this pull request Jul 18, 2024

build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.33.0 #153

Closed

crazy-max added 2 commits July 19, 2024 13:01

switch to Docker exec

31629f6

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

chore: update generated content

948a838

Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>

crazy-max force-pushed the dependabot/npm_and_yarn/docker/actions-toolkit-0.34.0 branch from 10dc0a5 to 948a838 Compare July 19, 2024 11:04

crazy-max approved these changes Jul 19, 2024

View reviewed changes

crazy-max merged commit fcfabe0 into master Jul 19, 2024
12 checks passed

dependabot bot deleted the dependabot/npm_and_yarn/docker/actions-toolkit-0.34.0 branch July 19, 2024 11:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.34.0 #154

build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.34.0 #154

dependabot bot commented on behalf of github Jul 18, 2024

build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.34.0 #154

build(deps): bump @docker/actions-toolkit from 0.31.0 to 0.34.0 #154

Conversation

dependabot bot commented on behalf of github Jul 18, 2024

v0.34.0

v0.33.0

v0.32.0