Merge pull request #228 from thaJeztah/carry_openbsd_secretservice

secretservice: allow building on openbsd
Merge pull request #428 from thaJeztah/wincred_cleanups
2026-06-28 15:21:29 +05:30 · 2026-04-20 13:02:07 +02:00 · 2026-04-20 13:01:57 +02:00 · 2026-04-20 12:56:55 +02:00 · 2026-04-20 11:48:16 +02:00 · 2026-04-17 17:47:17 +02:00
8 changed files with 92 additions and 51 deletions
@@ -5,6 +5,8 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
    cooldown:
      default-days: 2
    labels:
      - "dependencies"
      - "bot"
@@ -1,18 +1,12 @@
 name: build
 # Default to 'contents: read', which grants actions to read commits.
 #
 # If any permission is set, any permission not included in the list is
 # implicitly set to "none".
 #
 # see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
 permissions:
  contents: read
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
 on:
  workflow_dispatch:
  push:
@@ -24,7 +18,7 @@ on:
 env:
  DESTDIR: ./bin
-  GO_VERSION: 1.25.8
+  GO_VERSION: 1.25.9
 jobs:
  validate:
@@ -39,10 +33,10 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
      -
        name: Run
        run: |
@@ -64,10 +58,10 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      -
        name: Set up Go
-        uses: actions/setup-go@v6
+        uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
        with:
          go-version: ${{ env.GO_VERSION }}
      -
@@ -84,7 +78,7 @@ jobs:
      -
        name: GPG conf
        if: ${{ !startsWith(matrix.os, 'windows-') }}
-        uses: actions/github-script@v8
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
        id: gpg
        with:
          script: |
@@ -101,7 +95,7 @@ jobs:
      -
        name: Import GPG key
        if: ${{ !startsWith(matrix.os, 'windows-') }}
-        uses: crazy-max/ghaction-import-gpg@v7
+        uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0
        with:
          gpg_private_key: ${{ steps.gpg.outputs.key }}
          passphrase: ${{ steps.gpg.outputs.passphrase }}
@@ -119,7 +113,7 @@ jobs:
        shell: bash
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          files: ${{ env.DESTDIR }}/coverage.txt
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -130,10 +124,10 @@ jobs:
    steps:
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
      -
        name: Test
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@a66e1c87e2eca0503c343edf1d208c716d54b8a8 # v7.1.0
        with:
          targets: test
          set: |
@@ -141,7 +135,7 @@ jobs:
            *.cache-to=type=gha,scope=test,mode=max
      -
        name: Upload coverage
-        uses: codecov/codecov-action@v5
+        uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
        with:
          files: ${{ env.DESTDIR }}//coverage.txt
          token: ${{ secrets.CODECOV_TOKEN }}
@@ -155,15 +149,15 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      -
        name: Set up QEMU
-        uses: docker/setup-qemu-action@v4
+        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
      -
        name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v4
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
      -
        name: Build
        run: |
@@ -181,7 +175,7 @@ jobs:
          find ${{ env.DESTDIR }} -type f -exec file -e ascii -e text -- {} +
      -
        name: Upload artifacts
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
        with:
          name: docker-credential-helpers
          path: ${{ env.DESTDIR }}/*
@@ -189,7 +183,7 @@ jobs:
      -
        name: GitHub Release
        if: startsWith(github.ref, 'refs/tags/v')
-        uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b  # v2.5.0
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda  # v3.0.0
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@@ -202,7 +196,7 @@ jobs:
    steps:
      -
        name: Checkout
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          fetch-depth: 0
      -
@@ -0,0 +1,28 @@
 name: zizmor
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
 on:
  workflow_dispatch:
  push:
    branches:
      - 'main'
    tags:
      - 'v*'
  pull_request:
 jobs:
  run:
    uses: crazy-max/.github/.github/workflows/zizmor.yml@d89fe92d808a15e2b2ed5cdb62db7c172c31410d # v1.6.0
    permissions:
      contents: read
      security-events: write
    with:
      min-severity: medium
      min-confidence: medium
      persona: pedantic
@@ -1,12 +1,28 @@
 # syntax=docker/dockerfile:1
-ARG GO_VERSION=1.25.8
+# GO_VERSION sets the version of the golang base image to use.
-ARG DEBIAN_VERSION=bookworm
+# It must be a valid tag in the docker.io/library/golang image repository.
 ARG GO_VERSION=1.25.9
-ARG XX_VERSION=1.7.0
+# BASE_DEBIAN_DISTRO sets the golang base image debian variant to use.
 # It must be a valid variant in the docker.io/library/golang image repository.
 ARG BASE_DEBIAN_DISTRO=bookworm
 # XX_VERSION sets the version of the xx utility to use.
 # It must be a valid tag in the docker.io/tonistiigi/xx image repository.
 ARG XX_VERSION=1.9.0
 # OSXCROSS_VERSION sets the MacOSX cross toolchain to use.
 # It must be a valid tag in the docker.io/crazymax/osxcross image repository.
 ARG OSXCROSS_VERSION=11.3-r8-debian
 ARG GOLANGCI_LINT_VERSION=v2.8
 # GOLANGCI_LINT_VERSION sets the version of the golangci-lint image to use.
 # It must be a valid tag in the docker.io/golangci/golangci-lint image repository.
 ARG GOLANGCI_LINT_VERSION=v2.11
 # PACKAGE sets the package name to print in the "--version" output.
 # It sets the "github.com/docker/docker-credential-helpers/credentials.Package
 # variable at compile time.
 ARG PACKAGE=github.com/docker/docker-credential-helpers
 # xx is a helper for cross-compilation
@@ -15,7 +31,7 @@ FROM --platform=$BUILDPLATFORM tonistiigi/xx:${XX_VERSION} AS xx
 # osxcross contains the MacOSX cross toolchain for xx
 FROM crazymax/osxcross:${OSXCROSS_VERSION} AS osxcross
-FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${DEBIAN_VERSION} AS gobase
+FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO} AS gobase
 COPY --from=xx / /
 RUN apt-get update && apt-get install -y --no-install-recommends clang dpkg-dev file git lld llvm make pkg-config rsync
 ENV GOFLAGS="-mod=vendor"
@@ -1,10 +1,17 @@
 # syntax=docker/dockerfile:1
-ARG GO_VERSION=1.25.8
+# GO_VERSION sets the version of the golang base image to use.
 # It must be a valid tag in the docker.io/library/golang image repository.
 ARG GO_VERSION=1.25.9
 # BASE_DEBIAN_DISTRO sets the golang base image debian variant to use.
 # It must be a valid variant in the docker.io/library/golang image repository.
 ARG BASE_DEBIAN_DISTRO=bookworm
 ARG DISTRO=ubuntu
 ARG SUITE=jammy
-FROM golang:${GO_VERSION}-bookworm AS golang
+FROM golang:${GO_VERSION}-${BASE_DEBIAN_DISTRO} AS gobase
 FROM ${DISTRO}:${SUITE}
 RUN apt-get update && apt-get install -yy debhelper dh-make libsecret-1-dev
@@ -15,7 +22,7 @@ ENV GOPROXY=https://proxy.golang.org|direct
 ENV GO111MODULE=off
 ENV GOPATH=/build
 ENV PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
-COPY --from=golang /usr/local/go /usr/local/go
+COPY --from=gobase /usr/local/go /usr/local/go
 COPY Makefile .
 COPY credentials credentials
@@ -1,4 +1,4 @@
-//go:build linux && cgo
+//go:build (linux || openbsd) && cgo
 package secretservice
@@ -1,4 +1,4 @@
-//go:build linux && cgo
+//go:build (linux || openbsd) && cgo
 package secretservice
@@ -5,7 +5,6 @@ package wincred
 import (
 	"bytes"
 	"net/url"
 	"strings"
 	winc "github.com/danieljoos/wincred"
 	"github.com/docker/docker-credential-helpers/credentials"
@@ -54,9 +53,7 @@ func (h Wincred) Get(serverURL string) (string, string, error) {
 	}
 	for _, attr := range g.Attributes {
-		if strings.Compare(attr.Keyword, "label") == 0 &&
+		if attr.Keyword == "label" && bytes.Equal(attr.Value, []byte(credentials.CredsLabel)) {
 			bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
 			return g.UserName, string(g.CredentialBlob), nil
 		}
 	}
@@ -75,11 +72,10 @@ func getTarget(serverURL string) (string, error) {
 	}
 	var targets []string
-	for i := range creds {
+	for _, cred := range creds {
-		attrs := creds[i].Attributes
+		for _, attr := range cred.Attributes {
 		for _, attr := range attrs {
 			if attr.Keyword == "label" && bytes.Equal(attr.Value, []byte(credentials.CredsLabel)) {
-				targets = append(targets, creds[i].TargetName)
+				targets = append(targets, cred.TargetName)
 			}
 		}
 	}
@@ -136,16 +132,14 @@ func (h Wincred) List() (map[string]string, error) {
 	}
 	resp := make(map[string]string)
 	for i := range creds {
 		attrs := creds[i].Attributes
 		for _, attr := range attrs {
 			if strings.Compare(attr.Keyword, "label") == 0 &&
 				bytes.Compare(attr.Value, []byte(credentials.CredsLabel)) == 0 {
-				resp[creds[i].TargetName] = creds[i].UserName
+	for _, cred := range creds {
 		for _, attr := range cred.Attributes {
 			if attr.Keyword == "label" && bytes.Equal(attr.Value, []byte(credentials.CredsLabel)) {
 				resp[cred.TargetName] = cred.UserName
 				break
 			}
 		}
 	}
 	return resp, nil
Author	SHA1	Message	Date
Paweł Gronowski	ca5e83c83a	Merge pull request #228 from thaJeztah/carry_openbsd_secretservice secretservice: allow building on openbsd	2026-04-20 13:02:07 +02:00
Paweł Gronowski	7cd63786cf	Merge pull request #428 from thaJeztah/wincred_cleanups wincred: minor cleanups	2026-04-20 13:01:57 +02:00
Rafael Ávila de Espíndola	5fcff353e7	secretservice: allow building on openbsd There is nothing linux specific about secretservice. I was able to build it on openbsd with this change. Signed-off-by: Rafael Ávila de Espíndola <rafael@espindo.la> Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-04-20 12:56:55 +02:00
Sebastiaan van Stijn	390d43e7e4	wincred: minor cleanups Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-04-20 11:48:16 +02:00
Paweł Gronowski	ed71c9e95d	Merge pull request #425 from thaJeztah/bump_xx Dockerfile: update xx to v1.9.0	2026-04-17 17:47:17 +02:00
Paweł Gronowski	8af787bb3e	Merge pull request #424 from thaJeztah/bump_go update to Go 1.25.9	2026-04-17 17:47:10 +02:00
Paweł Gronowski	8b34acde14	Merge pull request #426 from thaJeztah/bump_golangci Dockerfile: update golangci-lint to v2.11	2026-04-17 17:47:07 +02:00
Sebastiaan van Stijn	815dddf301	Dockerfile: update xx to v1.9.0 full diff: https://github.com/tonistiigi/xx/compare/v1.7.0...v1.9.0 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-04-17 15:52:06 +02:00
Sebastiaan van Stijn	1be1c1e190	update to Go 1.25.9 go1.25.9 (released 2026-04-07) includes security fixes to the go command, the compiler, and the archive/tar, crypto/tls, crypto/x509, html/template, and os packages, as well as bug fixes to the go command, the compiler, and the runtime. See the Go 1.25.9 milestone on our issue tracker for details. - https://github.com/golang/go/issues?q=milestone%3AGo1.25.9+label%3ACherryPickApproved - full diff: https://github.com/golang/go/compare/go1.25.8...go1.25.9 From the security announce: We have just released Go versions 1.26.2 and 1.25.9, minor point releases. These releases include 10 security fixes following the security policy: - os: Root.Chmod can follow symlinks out of the root on Linux On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod could operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation. On Linux, Root.Chmod now uses the fchmodat2 syscall when available, and an workaround using /proc/self/fd otherwise. Thanks to Uuganbayar Lkhamsuren for reporting this issue. This is CVE-2026-32282 and Go issue https://go.dev/issue/78293. - html/template: JS template literal context incorrectly tracked Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities. This only affects templates that use template actions within JS template literals. This is CVE-2026-32289 and Go issue https://go.dev/issue/78331. - crypto/x509: excluded DNS constraints not properly applied to wildcard domains When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. For example, if a certificate contains the DNS name "*.example.com" and the excluded DNS name "EXAMPLE.COM", the constraint will not be applied. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool. This issue only affects Go 1.26. Thank you to Riyas from Saintgits College of Engineering, k1rnt, @1seal for reporting this issue. This is CVE-2026-33810 and Go issue https://go.dev/issue/78332. - cmd/compile: no-op interface conversion bypasses overlap checking Previously, the compiler failed to unwrap pointers contained within a no-op interface conversion leading to an incorrect determination of a non-overlapping move. To prevent unsafe move operations, the compiler will now unwrap all such conversions before considering a move non-overlapping. Thank you to Jakub Ciolek - https://ciolek.dev/ for reporting this issue. This is CVE-2026-27144 and Go issue https://go.dev/issue/78371. - cmd/compile: possible memory corruption after bound check elimination Previously, slices and arrays accessed using induction variables were sometimes incorrectly proved in-bound. If the induction variable used for indexing were to overflow or underflow, it could allow access to memory beyond the scope of the original slice or array. To prevent this behavior, the compiler ensures that any mutated induction variable that overflows/underflows with respect to its loop condition is not used for bound check elimination. Thank you to Jakub Ciolek - https://ciolek.dev/ for reporting this issue. This is CVE-2026-27143 and Go issue https://go.dev/issue/78333. - archive/tar: unbounded allocation when parsing old format GNU sparse map tar.Reader could allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. We now limit both the number of old GNU sparse map extension blocks, and the total number of sparse file entries, regardless of encoding. Thanks to Colin Walters (wal...@verbum.org) who initially reported this issue. Thanks also to Uuganbayar Lkhamsuren (https://github.com/uug4na) and Jakub Ciolek who additionally reported this issue. This is CVE-2026-32288 and Go issue https://go.dev/issue/78301. - crypto/tls: multiple key update handshake messages can cause connection to deadlock If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3. Thank you to Jakub Ciolek - https://ciolek.dev/ for reporting this issue. This is CVE-2026-32283 and Go issue https://go.dev/issue/78334. - cmd/go: trust layer bypass when using cgo and SWIG A well-crafted SWIG source file could take advantage of a file-naming convention used inside the trust boundary of the cgo compiler. Doing so could result in arbitrary code execution during build time. SWIG files are disallowed from using this convention. Thank you to Juho Forsén of Mattermost for reporting this issue. This is CVE-2026-27140 and Go issue https://go.dev/issue/78335. - crypto/x509: unexpected work during chain building During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls. Thank you to Jakub Ciolek - https://ciolek.dev/ for reporting this issue. This is CVE-2026-32280 and Go issue https://go.dev/issue/78282. - crypto/x509: inefficient policy validation Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool. Thank you to Jakub Ciolek - https://ciolek.dev/ for reporting this issue. This is CVE-2026-32281 and Go issue https://go.dev/issue/78281. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-04-17 15:51:51 +02:00
Sebastiaan van Stijn	73bc2ff95d	Dockerfile: update golangci-lint to v2.11 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-04-17 15:51:34 +02:00
Paweł Gronowski	ae9f7a436a	Merge pull request #412 from thaJeztah/dockerfile_docs Dockerfile: document build-args	2026-04-17 15:41:51 +02:00
Sebastiaan van Stijn	27baf766de	Merge pull request #423 from crazy-max/zizmor ci: zizmor workflow	2026-04-16 16:05:09 +02:00
CrazyMax	9264cc84b4	fix zizmor findings Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-15 12:21:16 +02:00
CrazyMax	28f86c4a07	ci: zizmor workflow Signed-off-by: CrazyMax <1951866+crazy-max@users.noreply.github.com>	2026-04-15 12:21:07 +02:00
Sebastiaan van Stijn	6fe9815c68	Dockerfile: document build-args ``` docker buildx build --quiet --call=outline . BUILD ARG VALUE DESCRIPTION GO_VERSION 1.25.8 sets the version of the golang base image to use. BASE_DEBIAN_DISTRO bookworm sets the golang base image debian variant to use. XX_VERSION 1.7.0 sets the version of the xx utility to use. OSXCROSS_VERSION 11.3-r8-debian sets the MacOSX cross toolchain to use. PACKAGE github.com/docker/docker-credential-helpers sets the package name to print in the "--version" output. ``` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-04-15 11:52:15 +02:00
Sebastiaan van Stijn	16a8c2ce61	Merge pull request #421 from docker/dependabot/github_actions/actions/upload-artifact-7.0.1 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1	2026-04-15 11:49:37 +02:00
Sebastiaan van Stijn	164ec8c494	Merge pull request #422 from docker/dependabot/github_actions/actions/setup-go-6.4.0 build(deps): bump actions/setup-go from 6.3.0 to 6.4.0	2026-04-15 11:48:45 +02:00
dependabot[bot]	defdb5e2f5	build(deps): bump actions/setup-go from 6.3.0 to 6.4.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 6.3.0 to 6.4.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-15 09:43:51 +00:00
dependabot[bot]	28e11f3745	build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-15 09:43:47 +00:00
Sebastiaan van Stijn	e3d1da694f	Merge pull request #419 from docker/dependabot/github_actions/actions/github-script-9 build(deps): bump actions/github-script from 8 to 9	2026-04-14 23:26:08 +02:00
Sebastiaan van Stijn	98a1b9ce53	Merge pull request #413 from docker/dependabot/github_actions/docker/bake-action-7 build(deps): bump docker/bake-action from 6 to 7	2026-04-14 23:25:31 +02:00
Sebastiaan van Stijn	ca21698edc	Merge pull request #418 from docker/dependabot/github_actions/codecov/codecov-action-6 build(deps): bump codecov/codecov-action from 5 to 6	2026-04-14 23:17:01 +02:00
dependabot[bot]	300c1b491f	build(deps): bump docker/bake-action from 6 to 7 Bumps [docker/bake-action](https://github.com/docker/bake-action) from 6 to 7. - [Release notes](https://github.com/docker/bake-action/releases) - [Commits](https://github.com/docker/bake-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/bake-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-14 21:16:09 +00:00
Sebastiaan van Stijn	14b6d371c9	Merge pull request #420 from docker/dependabot/github_actions/softprops/action-gh-release-3.0.0 build(deps): bump softprops/action-gh-release from 2.5.0 to 3.0.0	2026-04-14 23:13:27 +02:00
dependabot[bot]	bfd43cacbb	build(deps): bump codecov/codecov-action from 5 to 6 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 6. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v5...v6) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-14 21:12:32 +00:00
dependabot[bot]	7b43509f5b	build(deps): bump actions/github-script from 8 to 9 Bumps [actions/github-script](https://github.com/actions/github-script) from 8 to 9. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](https://github.com/actions/github-script/compare/v8...v9) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '9' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-14 21:12:31 +00:00
Sebastiaan van Stijn	5ad51ee4a4	Merge pull request #417 from thaJeztah/pin_actions ci: pin actions by sha	2026-04-14 23:11:29 +02:00
dependabot[bot]	5b6a1880fa	build(deps): bump softprops/action-gh-release from 2.5.0 to 3.0.0 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.5.0 to 3.0.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/a06a81a03ee405af7f2048a818ed3f03bbf83c7b...b4309332981a82ec1c5618f44dd2e27cc8bfbfda) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>	2026-04-13 10:33:46 +00:00
Sebastiaan van Stijn	29038b4df4	ci: pin actions by sha Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2026-03-25 20:24:38 +01:00
`@@ -1,4 +1,4 @@`
	`//go:build linux && cgo`	`//go:build (linux \|\| openbsd) && cgo`

	`package secretservice`	`package secretservice`