🌱 Bump dataaxiom/ghcr-cleanup-action from 1.0.16 to 1.2.1 in the all-github-actions group

[dependabot]

Bumps the all-github-actions group with 1 update: dataaxiom/ghcr-cleanup-action.

Updates dataaxiom/ghcr-cleanup-action from 1.0.16 to 1.2.1

Release notes

Sourced from dataaxiom/ghcr-cleanup-action's releases.

v1.2.1

• fix: tolerate every 404 on package version delete (was: fail on the second) (fix #121)
• fix: eliminate spurious "wasn't found" warnings from cosign signature dual-cascade race
• fix: per-image log buffer flushes audit trail even when a cascade errors mid-flight

v1.2.0

• feature: cross-run manifest cache; warm runs only fetch newly-published manifests (hit rate logged)
• perf: parallel API throughout — package pagination, manifest fetches, untag PUTs, child/referrer deletes
• perf: batched untagging — one reload per batch instead of one per tag
• perf: push token reuse across untag PUTs + 429/secondary rate-limit retries on registry auth
• fix: repository input is now informational; cleanup uses owner + package directly (supports unlinked / cross-account packages)
• log volume cap at 1000 lines per group (info); per-image log output buffered to avoid interleaving under concurrent deletes
• package version upgrades

v1.1.0

• fix: preserve OCI 1.1 subject-bearing referrers (cosign sigstore-bundles, attestations) during cleanup — were silently deleted as untagged #71
• fix: keep-n-tagged now gates untag operations; a matched tag is not stripped from an image that keep-n-tagged would protect (#99, #101)
• fix: shared multi-arch platform digests no longer cascade-deleted when one of multiple parent indexes is removed (#91)
• fix: delete-partial-images excludes fully ghost images #112
• fix: Octokit error output visible at all log levels (was suppressed when log-level was error or warn)
• fix: expand-packages rejects fine-grained PATs upfront with a clear message
• fix: setFailed message no longer overwritten by an empty Error in early-failure paths
• feat: ReDoS guard on user-supplied regex (delete-tags, exclude-tags, package) when use-regex: true
• feat: code refactor/split, removal of anys where possible using typed classes
• chore(deps): Node.js 24
• docs: README rewrite + Limitations section (5,000-download undeletable policy, nested-manifest non-support)

Commits

• f092b48 Merge pull request #122 from rohanmars/main
• fa3daf5 ci: hoist fork-PR approval gate to a single job (was per matrix entry)
• c1ba289 fix: synchronously claim digests before delete to prevent concurrent duplicat...
• f5e37e7 fix: tolerate all 404s on package version delete; always flush per-tree log b...
• 374e202 Merge pull request #120 from rohanmars/code-review
• e1e6176 perf: cap per-listing log volume at 1000 lines (truncate at INFO)
• 6516895 fix: drop the post-reload untag-ops invariant assertion (3.1.5 retraction)
• 5a020af feat: buffer deleteImage logs per top-level tree, flush atomically
• 8263ff3 chore: refresh dependencies to latest patches within current ranges
• 5a3f4cc chore: update coverage badge to 94.47%
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

NONE

[kcp-ci-bot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kcp-dev member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[mjudeikis]

/lgtm
/approve

[kcp-ci-bot]

LGTM label has been added.

Details

Git tree hash: 49c3b16aee205eb1a53353fd3e042bfb8a110536

[kcp-ci-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mjudeikis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [mjudeikis]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mjudeikis]

/ok-to-test