deps(docker): Bump python from 3.12-slim to 3.14-slim in the docker-all group#71
Closed
dependabot[bot] wants to merge 28 commits intomainfrom
Closed
deps(docker): Bump python from 3.12-slim to 3.14-slim in the docker-all group#71dependabot[bot] wants to merge 28 commits intomainfrom
dependabot[bot] wants to merge 28 commits intomainfrom
Conversation
* fix: remediate scorecard security findings Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: address PR 37 CI failures Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: restore fuzz dependency hash pinning Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: validate official marketplace source objects * test(scanner): update marketplace fixture for official source shape * test(scanner): cover official marketplace source validation * fix: harden marketplace validation Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: remediate scanner security alerts Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: address PR review feedback Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: restore publishable cisco extra metadata Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: derive cisco action install from package extras Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: support multi-plugin marketplace repos Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: handle remote marketplace entries cleanly Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: publish action repo releases automatically Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: address action release review feedback Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: detect untracked action bundle files Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: make action release publication rerunnable Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * docs: tighten action marketplace copy Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: authenticate action repo pushes Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * style: normalize action repo variable reference Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: use Cisco scanner 2.0.8 in action Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: bump Cisco scanner to 2.0.8 Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: harden action package provenance Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: avoid heredoc break in action install Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: standardize action pip invocations Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden workflow shell guards Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: keep action release sync on main pushes Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: add action install sources and container image Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden action install and docker path Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: harden scorecard release signals Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: refine hardened container layout Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden release assets and container entrypoint Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: add trust provenance scoring Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: restore ci command resolution Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: address trust provenance review feedback Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: tighten trust provenance validation Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* docs: use universal logo in README Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * test: align action readme branding assertion Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: align trust scores to published hcs patterns Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * style: format trust scoring modules Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: fail trust signals closed without evidence Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: tighten plugin trust adapter applicability Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: add multi-ecosystem plugin scanner adapters Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * style: apply ruff formatting to ecosystem scanner modules Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: resolve ecosystem review findings for repository auto scan Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * chore: bump scanner to v2.0.0 Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: address follow-up ecosystem review regressions Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * style: apply ruff format after ecosystem fixes Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: mark mixed marketplace scans as repository scope Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * style: reformat scanner after repository scope fix Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: dual-publish plugin-scanner and refresh ecosystem docs Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: restore build and frozen lock after package rename Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: pin codeql source root for renamed repository path Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: stabilize codeql finalize path after repo rename Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * chore: rerun checks after code scanning default setup reset Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: address mixed-scan review gaps and namespace docs Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: migrate action identity to ai plugin scanner Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: move action output defaults into runner Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: shorten canonical action slug Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: gate action tag publication on bundle changes Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: derive action tags from both published repos Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: avoid action release tag collisions Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: ignore peeled action tag refs Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: preserve action outputs on failure paths Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: keep action release tags aligned across repos Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: improve guard cli diagnostics Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: align guard files with ci formatting Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: use active interpreter for claude hooks Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: preserve empty hook override state Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: tighten guard cli behavior Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: validate scoped guard policies Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: tighten guard artifact tracking Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard policy state Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: scope guard adapter artifact ids Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: preserve blocked guard baselines Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard runtime fallbacks Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard command validation Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard cli fallbacks Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: migrate action identity to ai plugin scanner Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: move action output defaults into runner Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: shorten canonical action slug Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: gate action tag publication on bundle changes Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: derive action tags from both published repos Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: avoid action release tag collisions Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: ignore peeled action tag refs Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: preserve action outputs on failure paths Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: keep action release tags aligned across repos Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: improve guard cli diagnostics Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: align guard files with ci formatting Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: use active interpreter for claude hooks Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: preserve empty hook override state Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: tighten guard cli behavior Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: validate scoped guard policies Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: tighten guard artifact tracking Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard policy state Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: scope guard adapter artifact ids Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: preserve blocked guard baselines Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard runtime fallbacks Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard command validation Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard cli fallbacks Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: ship local-first guard runtime Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: format guard cli sources Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: keep guard home separate from harness home Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* fix: simplify hol guard package and cli Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * style: format guard render output Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: support guard entrypoints on windows Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: require guard subcommands Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: finish guard product flow Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: accept default action overrides Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* docs: simplify guard readme Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * docs: trim readme guard alias mention Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * docs: align readme compatibility defaults Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: add guard approval center Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden approval center html Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: validate workspace approval scope Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* feat: add guard approval center Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden approval center html Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: validate workspace approval scope Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: add local guard approval center Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard approval center Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: persist successful headless guard runs Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: reject spoofed guard daemon origins Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: rebuild local approval center UX Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: trim approval dashboard diff Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: redesign guard approval center Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * feat: update guard flow Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard policy resolution Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: harden guard approval backend Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
* chore: expand dependabot coverage Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: address dependabot review feedback Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: make dependabot lockfile sync write-capable Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: avoid privileged dependency installs in lock sync Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> * fix: disable source builds in dependabot lock sync Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com> --------- Signed-off-by: Michael Kantor <6068672+kantorcodes@users.noreply.github.com>
Bumps the docker-all group with 1 update: python. Updates `python` from 3.12-slim to 3.14-slim --- updated-dependencies: - dependency-name: python dependency-version: 3.14-slim dependency-type: direct:production dependency-group: docker-all ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
dependabot
bot
added
the
dependencies
Code Review SummaryStatus: No Issues Found | Recommendation: Merge Files Reviewed (1 file)
ObservationsThis is a straightforward Dependabot version bump with a verified SHA256 digest. Python 3.14 was released in October 2025 and is stable for production use. No code changes are affected - only the Docker base image version. Note: There's an existing comment from Dependabot about a missing Reviewed by minimax-m2.5-20260211 · 59,440 tokens |
kantorcodes
approved these changes
Apr 12, 2026
Member
kantorcodes
left a comment
kantorcodes
left a comment
There was a problem hiding this comment.
Reviewed dependency update; scope and change are appropriate.
kantorcodes
previously approved these changes
Apr 12, 2026
kantorcodes
dismissed
their stale review
The merge-base changed after approval.
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the docker-all group with 1 update: python.
Updates
pythonfrom 3.12-slim to 3.14-slimDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions