bitwarden-bot
commented
1 year ago 
Checkmarx One – Scan Summary & Details – 5b4c7c22-11bb-483a-88bd-58ea621dcb69
Closed renovate[bot] closed 10 months ago
bitwarden-bot
commented
1 year ago
Checkmarx One – Scan Summary & Details – 5b4c7c22-11bb-483a-88bd-58ea621dcb69
This PR contains the following updates:
v3.2.0->v4.2.1Release Notes
docker/build-push-action (docker/build-push-action)
### [`v4.2.1`](https://togithub.com/docker/build-push-action/releases/tag/v4.2.1) [Compare Source](https://togithub.com/docker/build-push-action/compare/v4.2.0...v4.2.1) > **Note** > > Buildx v0.10 enables support for a minimal [SLSA Provenance](https://slsa.dev/provenance/) attestation, which requires support for [OCI-compliant](https://togithub.com/opencontainers/image-spec) multi-platform images. This may introduce issues with registry and runtime support (e.g. [Google Cloud Run and AWS Lambda](https://togithub.com/docker/buildx/issues/1533)). You can optionally disable the default provenance attestation functionality using `provenance: false`. - warn if docker config can't be parsed by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/957](https://togithub.com/docker/build-push-action/pull/957) **Full Changelog**: https://github.com/docker/build-push-action/compare/v4.2.0...v4.2.1 ### [`v4.2.0`](https://togithub.com/docker/build-push-action/releases/tag/v4.2.0) [Compare Source](https://togithub.com/docker/build-push-action/compare/v4.1.1...v4.2.0) > **Note** > > Buildx v0.10 enables support for a minimal [SLSA Provenance](https://slsa.dev/provenance/) attestation, which requires support for [OCI-compliant](https://togithub.com/opencontainers/image-spec) multi-platform images. This may introduce issues with registry and runtime support (e.g. [Google Cloud Run and AWS Lambda](https://togithub.com/docker/buildx/issues/1533)). You can optionally disable the default provenance attestation functionality using `provenance: false`. - display proxy configuration by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/872](https://togithub.com/docker/build-push-action/pull/872) - chore(deps): Bump [@docker/actions-toolkit](https://togithub.com/docker/actions-toolkit) from 0.6.0 to 0.8.0 in [https://github.com/docker/build-push-action/pull/930](https://togithub.com/docker/build-push-action/pull/930) - chore(deps): Bump word-wrap from 1.2.3 to 1.2.5 in [https://github.com/docker/build-push-action/pull/925](https://togithub.com/docker/build-push-action/pull/925) - chore(deps): Bump semver from 6.3.0 to 6.3.1 in [https://github.com/docker/build-push-action/pull/902](https://togithub.com/docker/build-push-action/pull/902) **Full Changelog**: https://github.com/docker/build-push-action/compare/v4.1.1...v4.2.0 ### [`v4.1.1`](https://togithub.com/docker/build-push-action/releases/tag/v4.1.1) [Compare Source](https://togithub.com/docker/build-push-action/compare/v4.1.0...v4.1.1) > **Note** > > Buildx v0.10 enables support for a minimal [SLSA Provenance](https://slsa.dev/provenance/) attestation, which requires support for [OCI-compliant](https://togithub.com/opencontainers/image-spec) multi-platform images. This may introduce issues with registry and runtime support (e.g. [Google Cloud Run and AWS Lambda](https://togithub.com/docker/buildx/issues/1533)). You can optionally disable the default provenance attestation functionality using `provenance: false`. - Bump [@docker/actions-toolkit](https://togithub.com/docker/actions-toolkit) from 0.3.0 to 0.5.0 by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/880](https://togithub.com/docker/build-push-action/pull/880) **Full Changelog**: https://github.com/docker/build-push-action/compare/v4.1.0...v4.1.1 ### [`v4.1.0`](https://togithub.com/docker/build-push-action/releases/tag/v4.1.0) [Compare Source](https://togithub.com/docker/build-push-action/compare/v4.0.0...v4.1.0) > **Note** > > Buildx v0.10 enables support for a minimal [SLSA Provenance](https://slsa.dev/provenance/) attestation, which requires support for [OCI-compliant](https://togithub.com/opencontainers/image-spec) multi-platform images. This may introduce issues with registry and runtime support (e.g. [Google Cloud Run and AWS Lambda](https://togithub.com/docker/buildx/issues/1533)). You can optionally disable the default provenance attestation functionality using `provenance: false`. - Switch to actions-toolkit implementation by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/811](https://togithub.com/docker/build-push-action/pull/811) [https://github.com/docker/build-push-action/pull/838](https://togithub.com/docker/build-push-action/pull/838) [https://github.com/docker/build-push-action/pull/855](https://togithub.com/docker/build-push-action/pull/855) [https://github.com/docker/build-push-action/pull/860](https://togithub.com/docker/build-push-action/pull/860) [https://github.com/docker/build-push-action/pull/875](https://togithub.com/docker/build-push-action/pull/875) - e2e: quay.io by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/799](https://togithub.com/docker/build-push-action/pull/799) [https://github.com/docker/build-push-action/pull/805](https://togithub.com/docker/build-push-action/pull/805) - e2e: local harbor and nexus by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/800](https://togithub.com/docker/build-push-action/pull/800) - e2e: add artifactory container registry to test against by [@jedevc](https://togithub.com/jedevc) in [https://github.com/docker/build-push-action/pull/804](https://togithub.com/docker/build-push-action/pull/804) - e2e: add distribution tests by [@jedevc](https://togithub.com/jedevc) in [https://github.com/docker/build-push-action/pull/814](https://togithub.com/docker/build-push-action/pull/814) [https://github.com/docker/build-push-action/pull/815](https://togithub.com/docker/build-push-action/pull/815) **Full Changelog**: https://github.com/docker/build-push-action/compare/v4.0.0...v4.1.0 ### [`v4.0.0`](https://togithub.com/docker/build-push-action/releases/tag/v4.0.0) [Compare Source](https://togithub.com/docker/build-push-action/compare/v3.3.1...v4.0.0) > **Note** > > Buildx v0.10 enables support for a minimal [SLSA Provenance](https://slsa.dev/provenance/) attestation, which requires support for [OCI-compliant](https://togithub.com/opencontainers/image-spec) multi-platform images. This may introduce issues with registry and runtime support (e.g. [Google Cloud Run and AWS Lambda](https://togithub.com/docker/buildx/issues/1533)). You can optionally disable the default provenance attestation functionality using `provenance: false`. - Enable provenance by default if not set by [@crazy-max](https://togithub.com/crazy-max) in [https://github.com/docker/build-push-action/pull/784](https://togithub.com/docker/build-push-action/pull/784) **Full Changelog**: https://github.com/docker/build-push-action/compare/v3.3.1...v4.0.0 ### [`v3.3.1`](https://togithub.com/docker/build-push-action/releases/tag/v3.3.1) [Compare Source](https://togithub.com/docker/build-push-action/compare/v3.3.0...v3.3.1) - Disable provenance by default if not set by [@crazy-max](https://togithub.com/crazy-max) ([#781](https://togithub.com/docker/build-push-action/issues/781)) **Full Changelog**: https://github.com/docker/build-push-action/compare/v3.3.0...v3.3.1 ### [`v3.3.0`](https://togithub.com/docker/build-push-action/releases/tag/v3.3.0) [Compare Source](https://togithub.com/docker/build-push-action/compare/v3.2.0...v3.3.0) > **Note** > > Buildx v0.10 enables support for a minimal [SLSA Provenance](https://slsa.dev/provenance/) attestation, which requires support for [OCI-compliant](https://togithub.com/opencontainers/image-spec) multi-platform images. This may introduce issues with registry and runtime support (e.g. [Google Cloud Run and AWS Lambda](https://togithub.com/docker/buildx/issues/1533)). You can optionally disable the default provenance attestation functionality using `provenance: false`. - Add `attests`, `provenance` and `sbom` inputs by [@crazy-max](https://togithub.com/crazy-max) ([#746](https://togithub.com/docker/build-push-action/issues/746) [#759](https://togithub.com/docker/build-push-action/issues/759)) - Log GitHub Actions runtime token access controls by [@crazy-max](https://togithub.com/crazy-max) ([#707](https://togithub.com/docker/build-push-action/issues/707)) - Examples moved to [docs website](https://docs.docker.com/build/ci/github-actions/examples/) by [@crazy-max](https://togithub.com/crazy-max) ([#718](https://togithub.com/docker/build-push-action/issues/718)) - Bump minimatch from 3.0.4 to 3.1.2 ([#732](https://togithub.com/docker/build-push-action/issues/732)) - Bump csv-parse from 5.3.0 to 5.3.3 ([#729](https://togithub.com/docker/build-push-action/issues/729)) - Bump json5 from 2.2.0 to 2.2.3 ([#749](https://togithub.com/docker/build-push-action/issues/749)) **Full Changelog**: https://github.com/docker/build-push-action/compare/v3.2.0...v3.3.0Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.