Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Bump docker/build-push-action from 2 to 4 #40

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Bump docker/build-push-action from 2 to 4 #40

wants to merge 2 commits into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 31, 2023

Bumps docker/build-push-action from 2 to 4.

Release notes

Sourced from docker/build-push-action's releases.

v4.0.0

Warning

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v3.3.1...v4.0.0

v3.3.1

Full Changelog: docker/build-push-action@v3.3.0...v3.3.1

v3.3.0

Warning

Buildx v0.10 enables support for a minimal SLSA Provenance attestation, which requires support for OCI-compliant multi-platform images. This may introduce issues with registry and runtime support (e.g. Google Cloud Run and AWS Lambda). You can optionally disable the default provenance attestation functionality using provenance: false.

Full Changelog: docker/build-push-action@v3.2.0...v3.3.0

v3.2.0

Full Changelog: docker/build-push-action@v3.1.1...v3.2.0

v3.1.1

Full Changelog: docker/build-push-action@v3.1.0...v3.1.1

v3.1.0

  • no-cache-filters input by @​crazy-max (#653)
  • Bump @​actions/github from 5.0.1 to 5.0.3 (#619)
  • Bump @​actions/core from 1.6.0 to 1.9.0 (#620 #637)
  • Bump csv-parse from 5.0.4 to 5.3.0 (#623 #650)

Full Changelog: docker/build-push-action@v3.0.0...v3.1.0

... (truncated)

Commits
  • 3b5e802 Merge pull request #784 from crazy-max/enable-provenance
  • 02d3266 update generated content
  • f403daf revert disable provenance by default if not set
  • 1104d47 Merge pull request #781 from crazy-max/disable-provenance
  • 838bf90 update generated content
  • 337a09d disable provenance by default if not set
  • 37abced Merge pull request #760 from crazy-max/test-envs
  • 67109bc test: move envs to jest config
  • d1b0eb0 Merge pull request #759 from crazy-max/fix-provenance-input
  • a0635fe update generated content
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

MarcialRosales and others added 2 commits January 30, 2023 20:51
@MarcialRosales @lemenkov
Support Oauth2 authentication
593f0aa 
With protocol plugins such as mqtt, or stomp, when
they accept an incoming connection, immediately after,
an internal amqp connection is created and the credentials received
during the initial connection are passed to the internal amqp
connection.

With AMQP 1.0 plugin things are different. It only creates
an internal amqp connection when a session is created.
However, the full credentials, i.e. username and password are
received during the initial connection establishment phase.
During that phase the user is authenticated and its username is
kept in User record.
However, when a session is established and the plugin has to create
an internal amqp connection, given that we are using Oauth2 backend,
we still need to pass around the token as password. However, at this
point we no longer have it.

Therefore, to have to preserve the password. This PR suggests to
optionally keep the token in the password attribute of the #user record
and #auth-user record for auth backend which are token based such as
oauth2. Other backend such as internal, http or ldap, do not need to
preseve the initial password because to authenticate the internal
amqp connection, they support "password-less" authentication, i.e. they
only check the user exists.
@dependabot
Bump docker/build-push-action from 2 to 4
b204330 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2 to 4.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@v2...v4)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 31, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@MarcialRosales