chore: update generated content

chore(deps): Bump js-yaml from 4.1.1 to 4.2.0
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
2026-06-28 22:56:55 +00:00 · 2026-06-28 18:51:09 +00:00 · 2026-06-28 18:50:12 +00:00 · 2026-06-12 14:10:33 -05:00 · 2026-06-12 18:49:05 +00:00
4 changed files with 7 additions and 7 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -35,12 +35,12 @@ jobs:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
-        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
        with:
          languages: javascript-typescript
          build-mode: none
      -
        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
        with:
          category: "/language:javascript-typescript"
--- a/dev.Dockerfile
+++ b/dev.Dockerfile
@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /vendor && cp yarn.lock /vendor
+  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor

 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
--- a/dist/licenses.txt
+++ b/dist/licenses.txt
@@ -1795,7 +1795,7 @@ SOFTWARE.

 The following npm package may be included in this product:

- - js-yaml@4.1.1
+ - js-yaml@4.2.0

 This package contains the following license:

--- a/yarn.lock
+++ b/yarn.lock
@@ -4075,13 +4075,13 @@ __metadata:
  linkType: hard

 "js-yaml@npm:^4.1.0, js-yaml@npm:^4.1.1":
-  version: 4.1.1
-  resolution: "js-yaml@npm:4.1.1"
+  version: 4.2.0
+  resolution: "js-yaml@npm:4.2.0"
  dependencies:
    argparse: "npm:^2.0.1"
  bin:
    js-yaml: bin/js-yaml.js
-  checksum: 10/a52d0519f0f4ef5b4adc1cde466cb54c50d56e2b4a983b9d5c9c0f2f99462047007a6274d7e95617a21d3c91fde3ee6115536ed70991cd645ba8521058b78f77
+  checksum: 10/51de2067a2b44b07ba5206132e56005f8b568ff279bb4d2f645068958c56fa4827d40a6841c983234671fa0a134bf094d0b0717873c2a3d319185297af145a6d
  languageName: node
  linkType: hard
Author	SHA1	Message	Date
github-actions[bot]	f28206551c	chore: update generated content	2026-06-28 18:51:09 +00:00
dependabot[bot]	ed5e8e6502	chore(deps): Bump js-yaml from 4.1.1 to 4.2.0 Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.1 to 4.2.0. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](https://github.com/nodeca/js-yaml/compare/4.1.1...4.2.0) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.2.0 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-28 18:50:12 +00:00
temenuzhka-thede	020b7354dd	Merge pull request #682 from docker/sec-cli/npm-ci-20260612-184903 fix: replace npm install with npm ci (20260612-184903)	2026-06-12 14:10:33 -05:00
securityeng-bot[bot]	7f842e879c	fix: use lockfile-aware install commands	2026-06-12 18:49:05 +00:00