build(deps): bump vite from 7.3.2 to 7.3.5

Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.2 to 7.3.5. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.3.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Merge pull request #303 from docker/sec-cli/npm-ci-20260612-184924
2026-06-20 02:17:53 +00:00 · 2026-06-19 22:23:26 +00:00 · 2026-06-12 14:08:05 -05:00 · 2026-06-12 18:49:25 +00:00
3 changed files with 6 additions and 6 deletions
@@ -35,12 +35,12 @@ jobs:
          node-version: ${{ env.NODE_VERSION }}
      -
        name: Initialize CodeQL
-        uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
        with:
          languages: javascript-typescript
          build-mode: none
      -
        name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
+        uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
        with:
          category: "/language:javascript-typescript"
@@ -17,7 +17,7 @@ FROM base AS deps
 RUN --mount=type=bind,target=.,rw \
  --mount=type=cache,target=/src/.yarn/cache \
  --mount=type=cache,target=/src/node_modules \
-  yarn install && mkdir /vendor && cp yarn.lock /vendor
+  yarn install --immutable && mkdir /vendor && cp yarn.lock /vendor

 FROM scratch AS vendor-update
 COPY --from=deps /vendor /
@@ -5962,8 +5962,8 @@ __metadata:
  linkType: hard

 "vite@npm:^6.0.0 || ^7.0.0":
-  version: 7.3.2
-  resolution: "vite@npm:7.3.2"
+  version: 7.3.5
+  resolution: "vite@npm:7.3.5"
  dependencies:
    esbuild: "npm:^0.27.0"
    fdir: "npm:^6.5.0"
@@ -6012,7 +6012,7 @@ __metadata:
      optional: true
  bin:
    vite: bin/vite.js
-  checksum: 10/c5f7a9a60011c41c836cedf31c8ee7624102aff9b6a7f3aab2ff47639721bba0916f81994c3a3ea6577a16c4f0dfee1e7dbd244e0da8edd5954e3c6d48daaaa2
+  checksum: 10/2e1337510d6b81948b035f8b096c9be22daf1101fc52ad3d06cad9e090057ba1c1396e5e12cbaac2485f9c6cdcc854f978fe862280bdfe1a9a4149c60734c125
  languageName: node
  linkType: hard
Author	SHA1	Message	Date
dependabot[bot]	5ba8eadb19	build(deps): bump vite from 7.3.2 to 7.3.5 Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.3.2 to 7.3.5. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v7.3.5/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.3.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.3.5 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-19 22:23:26 +00:00
temenuzhka-thede	eaefd20f59	Merge pull request #303 from docker/sec-cli/npm-ci-20260612-184924 ci / default (push) Has been cancelled Details ci / main (tonistiigi/binfmt:latest, all) (push) Has been cancelled Details ci / main (tonistiigi/binfmt:latest, arm64,riscv64,arm) (push) Has been cancelled Details ci / main (tonistiigi/binfmt:master, all) (push) Has been cancelled Details ci / main (tonistiigi/binfmt:master, arm64,riscv64,arm) (push) Has been cancelled Details ci / error (push) Has been cancelled Details ci / cache-image (false) (push) Has been cancelled Details ci / cache-image (true) (push) Has been cancelled Details ci / version (tonistiigi/binfmt:latest) (push) Has been cancelled Details ci / version (tonistiigi/binfmt:master) (push) Has been cancelled Details ci / version (tonistiigi/binfmt:qemu-v7.0.0) (push) Has been cancelled Details ci / reset (push) Has been cancelled Details codeql / analyze (push) Has been cancelled Details test / test (push) Has been cancelled Details validate / prepare (push) Has been cancelled Details zizmor / zizmor (push) Has been cancelled Details validate / validate (push) Has been cancelled Details fix: replace npm install with npm ci (20260612-184924)	2026-06-12 14:08:05 -05:00
securityeng-bot[bot]	d1e45353ee	fix: use lockfile-aware install commands	2026-06-12 18:49:25 +00:00