chore: update generated content

Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.1.2...v3.1.5)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-version: 3.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/dependabot.yml

@@ -4,12 +4,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    cooldown:
-      default-days: 2
-    groups:
-      crazy-max-dot-github:
-        patterns:
-          - "crazy-max/.github/*"
     labels:
       - "dependencies"
       - "bot"
@@ -17,8 +11,6 @@ updates:
     directory: "/"
     schedule:
       interval: "daily"
-    cooldown:
-      default-days: 2
     versioning-strategy: "increase"
     groups:
       aws-sdk-dependencies:

.github/workflows/ci.yml

@@ -1,8 +1,5 @@
 name: ci
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -22,7 +19,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Stop docker
         run: |
@@ -46,7 +43,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -63,7 +60,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -73,7 +70,7 @@ jobs:
           password: ${{ secrets.GHCR_PAT }}
       -
         name: DinD
-        uses: docker://docker:29.3@sha256:4d90f1f6c400315c2dba96d3ec93c01e64198395cbba04f79d12adce4f737029
+        uses: docker://docker
         with:
           entrypoint: docker
           args: pull ghcr.io/docker-ghactiontest/test
@@ -88,7 +85,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to ACR
         uses: ./
@@ -108,7 +105,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Docker Hub
         uses: ./
@@ -127,7 +124,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to ECR
         uses: ./
@@ -147,10 +144,10 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -172,7 +169,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Public ECR
         continue-on-error: ${{ matrix.os == 'windows-latest' }}
@@ -195,10 +192,10 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
+        uses: aws-actions/configure-aws-credentials@v6
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -221,7 +218,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -241,7 +238,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitLab
         uses: ./
@@ -261,7 +258,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Google Artifact Registry
         uses: ./
@@ -281,7 +278,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Google Container Registry
         uses: ./
@@ -295,7 +292,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to registries
         uses: ./
@@ -318,7 +315,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to registries
         uses: ./
@@ -339,7 +336,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to registries
         id: login
@@ -371,7 +368,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Docker Hub
         uses: ./
@@ -401,7 +398,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to Docker Hub
         uses: ./
@@ -431,7 +428,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./
@@ -462,7 +459,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Login to GitHub Container Registry
         uses: ./

.github/workflows/codeql.yml

@@ -1,46 +1,50 @@
 name: codeql
 
-permissions:
-  contents: read
-
 on:
   push:
     branches:
       - 'master'
       - 'releases/v*'
+    paths:
+      - '.github/workflows/codeql.yml'
+      - 'dist/**'
+      - 'src/**'
   pull_request:
+    paths:
+      - '.github/workflows/codeql.yml'
+      - 'dist/**'
+      - 'src/**'
 
-env:
+permissions:
-  NODE_VERSION: "24"
+  actions: read
+  contents: read
+  security-events: write
 
 jobs:
   analyze:
     runs-on: ubuntu-latest
-    permissions:
+    strategy:
-      contents: read
+      fail-fast: false
-      security-events: write
+      matrix:
+        language:
+          - javascript-typescript
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
-      -
-        name: Enable corepack
-        run: |
-          corepack enable
-          yarn --version
-      -
-        name: Set up Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
-        with:
-          node-version: ${{ env.NODE_VERSION }}
       -
         name: Initialize CodeQL
-        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/init@v4
         with:
-          languages: javascript-typescript
+          languages: ${{ matrix.language }}
-          build-mode: none
+          config: |
+            paths:
+              - src
+      -
+        name: Autobuild
+        uses: github/codeql-action/autobuild@v4
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/analyze@v4
         with:
-          category: "/language:javascript-typescript"
+          category: "/language:${{matrix.language}}"

.github/workflows/pr-assign-author.yml

@@ -4,14 +4,14 @@ permissions:
   contents: read
 
 on:
-  pull_request_target: # zizmor: ignore[dangerous-triggers] safe to use without checkout
+  pull_request_target:
     types:
       - opened
       - reopened
 
 jobs:
   run:
-    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
+    uses: crazy-max/.github/.github/workflows/pr-assign-author.yml@1b673f36fad86812f538c1df9794904038a23cbf
     permissions:
       contents: read
       pull-requests: write

.github/workflows/publish.yml

@@ -1,12 +1,5 @@
 name: publish
 
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 on:
   release:
     types:
@@ -22,7 +15,7 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Publish
-        uses: actions/publish-immutable-action@4bc8754ffc40f27910afb20287dbbbb675a4e978 # v0.0.4
+        uses: actions/publish-immutable-action@v0.0.4

.github/workflows/test.yml

@@ -1,8 +1,5 @@
 name: test
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -20,16 +17,16 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Test
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@v7
         with:
           source: .
           targets: test
       -
         name: Upload coverage
-        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
+        uses: codecov/codecov-action@v5
         with:
           files: ./coverage/clover.xml
           token: ${{ secrets.CODECOV_TOKEN }}

.github/workflows/update-dist.yml

@@ -1,12 +1,5 @@
 name: update-dist
 
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 on:
   pull_request:
     types:
@@ -15,27 +8,27 @@ on:
 
 jobs:
   update-dist:
-    if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
+    if: github.actor == 'dependabot[bot]'
     runs-on: ubuntu-latest
     steps:
       -
         name: GitHub auth token from GitHub App
         id: docker-read-app
-        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        uses: actions/create-github-app-token@v3
         with:
           app-id: ${{ secrets.GHACTIONS_REPO_WRITE_APP_ID }}
           private-key: ${{ secrets.GHACTIONS_REPO_WRITE_APP_PRIVATE_KEY }}
           owner: docker
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           fetch-depth: 0
-          token: ${{ steps.docker-read-app.outputs.token }}
+          token: ${{ steps.docker-read-app.outputs.token || github.token }}
       -
         name: Build
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@v7
         with:
           source: .
           targets: build

.github/workflows/validate.yml

@@ -1,8 +1,5 @@
 name: validate
 
-permissions:
-  contents: read
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
@@ -22,11 +19,11 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v6
       -
         name: Generate matrix
         id: generate
-        uses: docker/bake-action/subaction/matrix@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action/subaction/matrix@v7
         with:
           target: validate
 
@@ -41,6 +38,6 @@ jobs:
     steps:
       -
         name: Validate
-        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7.0.0
+        uses: docker/bake-action@v7
         with:
           targets: ${{ matrix.target }}

.github/workflows/zizmor.yml

@@ -1,29 +0,0 @@
-name: zizmor
-
-permissions:
-  contents: read
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  workflow_dispatch:
-  push:
-    branches:
-      - 'master'
-      - 'releases/v*'
-    tags:
-      - 'v*'
-  pull_request:
-
-jobs:
-  zizmor:
-    uses: crazy-max/.github/.github/workflows/zizmor.yml@bb328ea508cd6a89d0865555ddbeb148e5724aed # v1.3.0
-    permissions:
-      contents: read
-      security-events: write
-    with:
-      min-severity: medium
-      min-confidence: medium
-      persona: pedantic

.github/zizmor.yml

@@ -1,3 +0,0 @@
-rules:
-  secrets-outside-env: # FIXME: remove this rule when zizmor 1.24.0 is released, fixing the right persona attached to this rule: https://github.com/zizmorcore/zizmor/pull/1783
-    disable: true

__tests__/context.test.ts

@@ -1,17 +1,6 @@
-import {afterEach, expect, test} from 'vitest';
+import {expect, test} from 'vitest';
-import * as path from 'path';
 
-import {Buildx} from '@docker/actions-toolkit/lib/buildx/buildx.js';
+import {getInputs} from '../src/context.js';
-
-import {getAuthList, getInputs} from '../src/context.js';
-
-afterEach(() => {
-  for (const key of Object.keys(process.env)) {
-    if (key.startsWith('INPUT_')) {
-      delete process.env[key];
-    }
-  }
-});
 
 test('with password and username getInputs does not throw error', async () => {
   process.env['INPUT_USERNAME'] = 'dbowie';
@@ -21,15 +10,3 @@ test('with password and username getInputs does not throw error', async () => {
     getInputs();
   }).not.toThrow();
 });
-
-test('getAuthList uses the default Docker Hub registry when computing scoped config dir', async () => {
-  process.env['INPUT_USERNAME'] = 'dbowie';
-  process.env['INPUT_PASSWORD'] = 'groundcontrol';
-  process.env['INPUT_SCOPE'] = 'myscope';
-  process.env['INPUT_LOGOUT'] = 'false';
-  const [auth] = getAuthList(getInputs());
-  expect(auth).toMatchObject({
-    registry: 'docker.io',
-    configDir: path.join(Buildx.configDir, 'config', 'registry-1.docker.io', 'myscope')
-  });
-});

__tests__/docker.test.ts

@@ -1,10 +1,15 @@
 import {expect, test, vi} from 'vitest';
+import * as path from 'path';
 
 import {Docker} from '@docker/actions-toolkit/lib/docker/docker.js';
 
 import {loginStandard, logout} from '../src/docker.js';
 
+process.env['RUNNER_TEMP'] = path.join(__dirname, 'runner');
+
 test('loginStandard calls exec', async () => {
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-ignore
   const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
     return {
       exitCode: expect.any(Number),
@@ -33,6 +38,8 @@ test('loginStandard calls exec', async () => {
 });
 
 test('logout calls exec', async () => {
+  // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+  // @ts-ignore
   const execSpy = vi.spyOn(Docker, 'getExecOutput').mockImplementation(async () => {
     return {
       exitCode: expect.any(Number),

src/context.ts

@@ -42,26 +42,24 @@ export function getAuthList(inputs: Inputs): Array<Auth> {
   }
   let auths: Array<Auth> = [];
   if (!inputs.registryAuth) {
-    const registry = inputs.registry || 'docker.io';
     auths.push({
-      registry,
+      registry: inputs.registry || 'docker.io',
       username: inputs.username,
       password: inputs.password,
       scope: inputs.scope,
       ecr: inputs.ecr || 'auto',
-      configDir: scopeToConfigDir(registry, inputs.scope)
+      configDir: scopeToConfigDir(inputs.registry, inputs.scope)
     });
   } else {
     auths = (yaml.load(inputs.registryAuth) as Array<Auth>).map(auth => {
       core.setSecret(auth.password); // redacted in workflow logs
-      const registry = auth.registry || 'docker.io';
       return {
-        registry,
+        registry: auth.registry || 'docker.io',
         username: auth.username,
         password: auth.password,
         scope: auth.scope,
         ecr: auth.ecr || 'auto',
-        configDir: scopeToConfigDir(registry, auth.scope)
+        configDir: scopeToConfigDir(auth.registry || 'docker.io', auth.scope)
       };
     });
   }

yarn.lock

@@ -1208,22 +1208,6 @@ __metadata:
   languageName: node
   linkType: hard
 
-"@isaacs/balanced-match@npm:^4.0.1":
-  version: 4.0.1
-  resolution: "@isaacs/balanced-match@npm:4.0.1"
-  checksum: 10/102fbc6d2c0d5edf8f6dbf2b3feb21695a21bc850f11bc47c4f06aa83bd8884fde3fe9d6d797d619901d96865fdcb4569ac2a54c937992c48885c5e3d9967fe8
-  languageName: node
-  linkType: hard
-
-"@isaacs/brace-expansion@npm:^5.0.0":
-  version: 5.0.1
-  resolution: "@isaacs/brace-expansion@npm:5.0.1"
-  dependencies:
-    "@isaacs/balanced-match": "npm:^4.0.1"
-  checksum: 10/aec226065bc4285436a27379e08cc35bf94ef59f5098ac1c026495c9ba4ab33d851964082d3648d56d63eb90f2642867bd15a3e1b810b98beb1a8c14efce6a94
-  languageName: node
-  linkType: hard
-
 "@isaacs/cliui@npm:^8.0.2":
   version: 8.0.2
   resolution: "@isaacs/cliui@npm:8.0.2"
@@ -3639,9 +3623,9 @@ __metadata:
   linkType: hard
 
 "flatted@npm:^3.2.9":
-  version: 3.4.2
+  version: 3.3.3
-  resolution: "flatted@npm:3.4.2"
+  resolution: "flatted@npm:3.3.3"
-  checksum: 10/a9e78fe5c2c1fcd98209a015ccee3a6caa953e01729778e83c1fe92e68601a63e1e69cd4e573010ca99eaf585a581b80ccf1018b99283e6cbc2117bcba1e030f
+  checksum: 10/8c96c02fbeadcf4e8ffd0fa24983241e27698b0781295622591fc13585e2f226609d95e422bcf2ef044146ffacb6b68b1f20871454eddf75ab3caa6ee5f4a1fe
   languageName: node
   linkType: hard
 
@@ -4270,16 +4254,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"minimatch@npm:^10.1.1":
+"minimatch@npm:^10.1.1, minimatch@npm:^10.2.2":
-  version: 10.1.1
-  resolution: "minimatch@npm:10.1.1"
-  dependencies:
-    "@isaacs/brace-expansion": "npm:^5.0.0"
-  checksum: 10/110f38921ea527022e90f7a5f43721838ac740d0a0c26881c03b57c261354fb9a0430e40b2c56dfcea2ef3c773768f27210d1106f1f2be19cde3eea93f26f45e
-  languageName: node
-  linkType: hard
-
-"minimatch@npm:^10.2.2":
   version: 10.2.4
   resolution: "minimatch@npm:10.2.4"
   dependencies:
@@ -4288,16 +4263,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"minimatch@npm:^3.0.4, minimatch@npm:^3.1.2":
+"minimatch@npm:^3.0.4, minimatch@npm:^3.1.2, minimatch@npm:^3.1.3":
-  version: 3.1.2
-  resolution: "minimatch@npm:3.1.2"
-  dependencies:
-    brace-expansion: "npm:^1.1.7"
-  checksum: 10/e0b25b04cd4ec6732830344e5739b13f8690f8a012d73445a4a19fbc623f5dd481ef7a5827fde25954cd6026fede7574cc54dc4643c99d6c6b653d6203f94634
-  languageName: node
-  linkType: hard
-
-"minimatch@npm:^3.1.3":
   version: 3.1.5
   resolution: "minimatch@npm:3.1.5"
   dependencies: