nektos/act
1
0
Fork 0
mirror of https://github.com/nektos/act.git synced 2026-04-01 05:27:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
act/.gitleaks.toml
Casey Lee 10add23ea1 build(deps): bump GitHub Actions to fix Node.js 20 deprecation (#6036) 
* build(deps): bump GitHub Actions to fix Node.js 20 deprecation warnings

Update actions/checkout v4→v6, actions/setup-go v5→v6, and
fregante/setup-git-user v2→v2.0.2 across all workflow files.

* chore: add CLAUDE.md for Claude Code guidance

* fix: add blank line before list in CLAUDE.md to satisfy markdownlint

* fix: update testdata actions deps to resolve grype vulnerabilities

Bump @actions/github 4.0.0→6.0.1 and @vercel/ncc 0.24.1→0.38.4
in node12/node16/node20 test fixtures to fix @octokit/request-error
CVE (GHSA-xx4v-prfh-6cgc) flagged by grype in CI.

* fix: upgrade node20 test fixture to ESM with @actions/github@9

Rewrite index.js to ESM imports, add "type": "module", and upgrade to
@actions/core@3 and @actions/github@9 to fully resolve all npm
vulnerabilities including undici CVEs.

* build(deps): bump remaining actions to fix Node.js 20 deprecation warnings

- golangci/golangci-lint-action v6.5.0 → v9 (node24)
- test-summary/action v2 → v2.4
- actions/upload-artifact v4 → v7
- goreleaser/goreleaser-action v6 → v7 (node24)
- docker/setup-qemu-action v3 → v4

* build: pin goreleaser version to ~> v2 instead of latest

* fix: resolve lint failures in CLAUDE.md and gitleaks false positive

- Add blank line before list in CLAUDE.md (MD032)
- Add .gitleaks.toml to allowlist testdata dist bundles (false positive
  on example API token string in @actions/core docs)
- Configure megalinter to use local gitleaks config

* build: upgrade golangci-lint v1.64.8 → v2.11.4

golangci-lint-action v9 requires golangci-lint v2+. Migrate
.golangci.yml to v2 config format: linters-settings → linters.settings,
issues.exclude-dirs → linters.exclusions.paths, goimports moved to
formatters section.

* fix: bump docker/cli v28→v29 and migrate to moby/moby split modules

Resolves GHSA-p436-gjf2-799p (Docker CLI local privilege escalation).

- Bump github.com/docker/cli v28.4.0 → v29.3.0
- Migrate github.com/docker/docker/api/types/* → github.com/moby/moby/api/types/*
- Migrate github.com/docker/docker/client → github.com/moby/moby/client
- Migrate github.com/docker/docker/pkg/stdcopy → github.com/moby/moby/api/pkg/stdcopy
- Update vendored docker_cli.go from docker/cli v29 opts.go
- Adapt all Docker client API calls to moby/moby/client v0.3.0 signatures

* fix: move max-issues settings to top-level issues section in golangci config

* fix: fix gitleaks config format and prettier formatting

- Use [allowlist] (map) instead of [[allowlist]] (array) for gitleaks
- Fix indentation in .gitleaks.toml (tabs per editorconfig)
- Run prettier on workflow YAML files

* refactor: remove github.com/docker/docker dependency

Replace errdefs.InvalidParameter() wrapper with plain errors in the
vendored docker_cli.go. No code checks the error type, so the wrapper
was a no-op. This removes the last import of github.com/docker/docker.
2026-03-24 08:06:06 -07:00

9 lines
153 B
TOML
Raw Permalink Blame History

Reference in New Issue View Git Blame Copy Permalink