build(deps): bump @devcontainers/cli from 0.84.1 to 0.85.0#488
Closed
dependabot[bot] wants to merge 1 commit intodevfrom
Closed
build(deps): bump @devcontainers/cli from 0.84.1 to 0.85.0#488dependabot[bot] wants to merge 1 commit intodevfrom
dependabot[bot] wants to merge 1 commit intodevfrom
Conversation
Bumps [@devcontainers/cli](https://github.com/devcontainers/cli) from 0.84.1 to 0.85.0. - [Changelog](https://github.com/devcontainers/cli/blob/main/CHANGELOG.md) - [Commits](devcontainers/cli@v0.84.1...v0.85.0) --- updated-dependencies: - dependency-name: "@devcontainers/cli" dependency-version: 0.85.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
c-vigo
added a commit
that referenced
this pull request
Apr 7, 2026
Contributor
|
Superseded by #491 |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/dev/devcontainers/cli-0.85.0
branch
c-vigo
added a commit
that referenced
this pull request
Apr 7, 2026
## Summary Cherry-picks dependency updates from open Dependabot PRs targeting `dev` so `release/0.3.2` stays aligned. ## Changes - **#488** — Bump `@devcontainers/cli` from `0.84.1` to `0.85.0` (`package.json`, `package-lock.json`) - **#489** — Bump `docker/login-action` from `4.0.0` to `4.1.0` (`.github/workflows/release.yml`, `.github/workflows/promote-release.yml`) ## Changelog - Added Dependabot batch entry under `## [0.3.2] - TBD` → `### Changed` in root and workspace `CHANGELOG.md`. Refs: #488, #489
This was referenced Apr 7, 2026
Merged
vig-os-release-app Bot
added a commit
to vig-os/devcontainer-smoke-test
that referenced
this pull request
Apr 7, 2026
# Release 0.3.2 This PR prepares release 0.3.2 for merge to main. ## [0.3.2] - TBD ### Added - **Downstream `promote-release.yml` workspace template** ([#463](vig-os/devcontainer#463)) - Add `assets/workspace/.github/workflows/promote-release.yml` as the counter-party to root `promote-release.yml`: validate draft release and release PR, publish the release, merge to `main`, best-effort git RC tag cleanup (no GHCR/cosign/smoke-test gate) - Document in `docs/DOWNSTREAM_RELEASE.md` and align `docs/RELEASE_CYCLE.md` Phase 5 for consumer vs upstream paths - **Optional draft pre-release for downstream release candidates** ([#463](vig-os/devcontainer#463)) - Workspace `release.yml` adds `create-release` (`workflow_dispatch`, default `false`); `release-publish.yml` creates a draft GitHub pre-release only when set for `candidate` runs - Smoke-test `repository-dispatch.yml` passes `create-release=true` when triggering downstream `release.yml` - `just publish-candidate` forwards `create-release` in `justfile.gh` and the workspace template copy ### Changed - **RELEASE_APP permissions and GHCR cleanup token model** ([#463](vig-os/devcontainer#463)) - Document Packages read/write on the org for `promote-release` cleanup, align the app table in `docs/RELEASE_CYCLE.md`, and explain why cleanup uses the GitHub App token instead of `GITHUB_TOKEN` - **Promote-release cleans up stale RC artifacts after merge** ([#463](vig-os/devcontainer#463)) - Best-effort job deletes GHCR package versions for `${VERSION}-rc*` and `sha256-*`-only orphans, and deletes remote git RC tags for that base version when no GitHub Release exists; does not fail the workflow on error - **Downstream release helper recipes via GitHub justfile import** ([#373](vig-os/devcontainer#373)) - Move `prepare-release`, `finalize-release`, `publish-candidate`, and `reset-changelog` into `justfile.gh` so downstream workspace templates expose these release helpers by default - Keep root recipe availability (including `pull`) through `import 'justfile.gh'` while consolidating release helper ownership in the GitHub-focused recipe file; the workspace template copy omits the `pull` recipe - **Split final release into publish and promote phases** ([#456](vig-os/devcontainer#456)) - Final `release.yml` publishes versioned GHCR tags and a draft GitHub Release but no longer updates `:latest` - New `promote-release.yml` runs after downstream smoke-test publishes its final release: updates `:latest`, publishes the draft release, merges the release PR to `main` - Add `just promote-release` in `justfile.gh` (and workspace template copy) - **Smoke-test dispatch fails fast when deploy PR checks fail** ([#381](vig-os/devcontainer#381)) - `wait-deploy-merge` in `assets/smoke-test/.github/workflows/repository-dispatch.yml` exits as soon as all required checks have completed with failures instead of waiting for the merge poll timeout (`gh pr checks --required`) - **Scheduled security scan pulls GHCR `:latest` instead of rebuilding** ([#461](vig-os/devcontainer#461)) - Runs nightly at 05:00 UTC, pulls the published image, gates on fixable HIGH/CRITICAL vulnerabilities, auto-creates a deduplicated GitHub issue on failure, and uploads SARIF under `container-image-latest` - **Dependabot dependency update batch** ([#474](vig-os/devcontainer#474)) - Bump `github/codeql-action` from `4.34.1` to `4.35.1` - Bump `sigstore/cosign-installer` from `4.1.0` to `4.1.1` - **Dependabot dependency update batch** ([#488](vig-os/devcontainer#488), [#489](vig-os/devcontainer#489)) - Bump `@devcontainers/cli` from `0.84.1` to `0.85.0` - Bump `docker/login-action` from `4.0.0` to `4.1.0` - **Simplify `just pull` in `justfile.gh`** ([#482](vig-os/devcontainer#482)) - Pull `ghcr.io/vig-os/devcontainer` by tag; drop redundant shell fallback, per-recipe `repo` argument, and unused `REGISTRY_TEST` TLS path (imported `justfile.gh` cannot reference root `repo`) ### Removed - **One-time GHCR/git RC prune script** ([#463](vig-os/devcontainer#463)) - Remove `scripts/prune-ghcr-tags.sh`; RC and `sha256-*` orphan cleanup remains in root `promote-release.yml` - **Downstream RC pre-release gate from release validate job** ([#463](vig-os/devcontainer#463)) - Removed dead `if: false` steps from `release.yml`; downstream final release is verified only in `promote-release.yml` before promote - **Nightly full CI schedule from `ci.yml`** ([#492](vig-os/devcontainer#492)) - Remove the `schedule` trigger and schedule-only checkout overrides; CI remains on pull requests and `workflow_dispatch` only - Nightly GHCR `:latest` scan in `security-scan.yml` is unchanged ### Fixed - **Prepare-release changelog commits silently skipped due to FILE_PATHS delimiter mismatch** ([#483](vig-os/devcontainer#483)) - Change `FILE_PATHS` from space-separated to comma-separated in all `commit-action` steps of `prepare-release.yml` so the action correctly commits both `CHANGELOG.md` and `assets/workspace/.devcontainer/CHANGELOG.md` - Join finalization changed files with commas in `release.yml` (`Collect finalization files`) so `commit-action` receives multiple paths correctly - **`publish-candidate` recipe sends unknown `create-release` input** ([#479](vig-os/devcontainer#479)) - Remove `create-release` parameter and `-f` flag from upstream `justfile.gh`; the input was added to the downstream workflow only but the recipe was updated in both places - **Image tests expect current `just` minor** ([#479](vig-os/devcontainer#479)) - Align `EXPECTED_VERSIONS["just"]` with the latest `just` release installed by the Containerfile (1.49.x) - **Git commit now falls back to nano when editor config is unusable** ([#383](vig-os/devcontainer#383)) - `setup-git-conf.sh` now validates the effective Git editor and sets `core.editor=nano` only when the configured editor is missing or invalid in-container - Add integration regression coverage to ensure invalid editor settings are corrected during setup - **Release finalize no longer races sync-issues; CHANGELOG TBD verified after reset** ([#455](vig-os/devcontainer#455)) - Run `sync-issues` after capturing finalize SHA so downstream build/publish use the finalized commit
vig-os-release-app Bot
added a commit
to vig-os/devcontainer-smoke-test
that referenced
this pull request
Apr 7, 2026
# Release 0.3.2 This PR prepares release 0.3.2 for merge to main. ## [0.3.2] - TBD ### Added - **Downstream `promote-release.yml` workspace template** ([#463](vig-os/devcontainer#463)) - Add `assets/workspace/.github/workflows/promote-release.yml` as the counter-party to root `promote-release.yml`: validate draft release and release PR, publish the release, merge to `main`, best-effort git RC tag cleanup (no GHCR/cosign/smoke-test gate) - Document in `docs/DOWNSTREAM_RELEASE.md` and align `docs/RELEASE_CYCLE.md` Phase 5 for consumer vs upstream paths - **Optional draft pre-release for downstream release candidates** ([#463](vig-os/devcontainer#463)) - Workspace `release.yml` adds `create-release` (`workflow_dispatch`, default `false`); `release-publish.yml` creates a draft GitHub pre-release only when set for `candidate` runs - Smoke-test `repository-dispatch.yml` passes `create-release=true` when triggering downstream `release.yml` - `just publish-candidate` forwards `create-release` in `justfile.gh` and the workspace template copy ### Changed - **RELEASE_APP permissions and GHCR cleanup token model** ([#463](vig-os/devcontainer#463)) - Document Packages read/write on the org for `promote-release` cleanup, align the app table in `docs/RELEASE_CYCLE.md`, and explain why cleanup uses the GitHub App token instead of `GITHUB_TOKEN` - **Promote-release cleans up stale RC artifacts after merge** ([#463](vig-os/devcontainer#463)) - Best-effort job deletes GHCR package versions for `${VERSION}-rc*` and `sha256-*`-only orphans, and deletes remote git RC tags for that base version when no GitHub Release exists; does not fail the workflow on error - **Downstream release helper recipes via GitHub justfile import** ([#373](vig-os/devcontainer#373)) - Move `prepare-release`, `finalize-release`, `publish-candidate`, and `reset-changelog` into `justfile.gh` so downstream workspace templates expose these release helpers by default - Keep root recipe availability (including `pull`) through `import 'justfile.gh'` while consolidating release helper ownership in the GitHub-focused recipe file; the workspace template copy omits the `pull` recipe - **Split final release into publish and promote phases** ([#456](vig-os/devcontainer#456)) - Final `release.yml` publishes versioned GHCR tags and a draft GitHub Release but no longer updates `:latest` - New `promote-release.yml` runs after downstream smoke-test publishes its final release: updates `:latest`, publishes the draft release, merges the release PR to `main` - Add `just promote-release` in `justfile.gh` (and workspace template copy) - **Smoke-test dispatch fails fast when deploy PR checks fail** ([#381](vig-os/devcontainer#381)) - `wait-deploy-merge` in `assets/smoke-test/.github/workflows/repository-dispatch.yml` exits as soon as all required checks have completed with failures instead of waiting for the merge poll timeout (`gh pr checks --required`) - **Scheduled security scan pulls GHCR `:latest` instead of rebuilding** ([#461](vig-os/devcontainer#461)) - Runs nightly at 05:00 UTC, pulls the published image, gates on fixable HIGH/CRITICAL vulnerabilities, auto-creates a deduplicated GitHub issue on failure, and uploads SARIF under `container-image-latest` - **Dependabot dependency update batch** ([#474](vig-os/devcontainer#474)) - Bump `github/codeql-action` from `4.34.1` to `4.35.1` - Bump `sigstore/cosign-installer` from `4.1.0` to `4.1.1` - **Dependabot dependency update batch** ([#488](vig-os/devcontainer#488), [#489](vig-os/devcontainer#489)) - Bump `@devcontainers/cli` from `0.84.1` to `0.85.0` - Bump `docker/login-action` from `4.0.0` to `4.1.0` - **Simplify `just pull` in `justfile.gh`** ([#482](vig-os/devcontainer#482)) - Pull `ghcr.io/vig-os/devcontainer` by tag; drop redundant shell fallback, per-recipe `repo` argument, and unused `REGISTRY_TEST` TLS path (imported `justfile.gh` cannot reference root `repo`) - **prepare-changelog finalize adds GitHub release link to version headings** ([#496](vig-os/devcontainer#496))
vig-os-release-app Bot
added a commit
to vig-os/devcontainer-smoke-test
that referenced
this pull request
Apr 8, 2026
# Release 0.3.2 This PR prepares release 0.3.2 for merge to main. ## [0.3.2] - TBD ### Added - **Downstream `promote-release.yml` workspace template** ([#463](vig-os/devcontainer#463)) - Add `assets/workspace/.github/workflows/promote-release.yml` as the counter-party to root `promote-release.yml`: validate draft release and release PR, publish the release, merge to `main`, best-effort git RC tag cleanup (no GHCR/cosign/smoke-test gate) - Document in `docs/DOWNSTREAM_RELEASE.md` and align `docs/RELEASE_CYCLE.md` Phase 5 for consumer vs upstream paths - **Optional draft pre-release for downstream release candidates** ([#463](vig-os/devcontainer#463)) - Workspace `release.yml` adds `create-release` (`workflow_dispatch`, default `false`); `release-publish.yml` creates a draft GitHub pre-release only when set for `candidate` runs - Smoke-test `repository-dispatch.yml` passes `create-release=true` when triggering downstream `release.yml` - `just publish-candidate` forwards `create-release` in `justfile.gh` and the workspace template copy ### Changed - **RELEASE_APP permissions and GHCR cleanup token model** ([#463](vig-os/devcontainer#463)) - Document Packages read/write on the org for `promote-release` cleanup, align the app table in `docs/RELEASE_CYCLE.md`, and explain why cleanup uses the GitHub App token instead of `GITHUB_TOKEN` - **Promote-release cleans up stale RC artifacts after merge** ([#463](vig-os/devcontainer#463)) - Best-effort job deletes GHCR package versions for `${VERSION}-rc*` and `sha256-*`-only orphans, and deletes remote git RC tags for that base version when no GitHub Release exists; does not fail the workflow on error - **Downstream release helper recipes via GitHub justfile import** ([#373](vig-os/devcontainer#373)) - Move `prepare-release`, `finalize-release`, `publish-candidate`, and `reset-changelog` into `justfile.gh` so downstream workspace templates expose these release helpers by default - Keep root recipe availability (including `pull`) through `import 'justfile.gh'` while consolidating release helper ownership in the GitHub-focused recipe file; the workspace template copy omits the `pull` recipe - **Split final release into publish and promote phases** ([#456](vig-os/devcontainer#456)) - Final `release.yml` publishes versioned GHCR tags and a draft GitHub Release but no longer updates `:latest` - New `promote-release.yml` runs after downstream smoke-test publishes its final release: updates `:latest`, publishes the draft release, merges the release PR to `main` - Add `just promote-release` in `justfile.gh` (and workspace template copy) - **Smoke-test dispatch fails fast when deploy PR checks fail** ([#381](vig-os/devcontainer#381)) - `wait-deploy-merge` in `assets/smoke-test/.github/workflows/repository-dispatch.yml` exits as soon as all required checks have completed with failures instead of waiting for the merge poll timeout (`gh pr checks --required`) - **Scheduled security scan pulls GHCR `:latest` instead of rebuilding** ([#461](vig-os/devcontainer#461)) - Runs nightly at 05:00 UTC, pulls the published image, gates on fixable HIGH/CRITICAL vulnerabilities, auto-creates a deduplicated GitHub issue on failure, and uploads SARIF under `container-image-latest` - **Dependabot dependency update batch** ([#474](vig-os/devcontainer#474)) - Bump `github/codeql-action` from `4.34.1` to `4.35.1` - Bump `sigstore/cosign-installer` from `4.1.0` to `4.1.1` - **Dependabot dependency update batch** ([#488](vig-os/devcontainer#488), [#489](vig-os/devcontainer#489)) - Bump `@devcontainers/cli` from `0.84.1` to `0.85.0` - Bump `docker/login-action` from `4.0.0` to `4.1.0` - **Simplify `just pull` in `justfile.gh`** ([#482](vig-os/devcontainer#482)) - Pull `ghcr.io/vig-os/devcontainer` by tag; drop redundant shell fallback, per-recipe `repo` argument, and unused `REGISTRY_TEST` TLS path (imported `justfile.gh` cannot reference root `repo`) - **prepare-changelog finalize adds GitHub release link to version headings** ([#496](vig-os/devcontainer#496))
c-vigo
added a commit
that referenced
this pull request
Apr 8, 2026
# [Release 0.3.2](https://github.com/vig-os/devcontainer/releases/tag/0.3.2) - 2026-04-08 This PR prepares release 0.3.2 for merge to main. ## [0.3.2](https://github.com/vig-os/devcontainer/releases/tag/0.3.2) - 2026-04-08 ### Added - **Downstream `promote-release.yml` workspace template** ([#463](#463)) - Add `assets/workspace/.github/workflows/promote-release.yml` as the counter-party to root `promote-release.yml`: validate draft release and release PR, publish the release, merge to `main`, best-effort git RC tag cleanup (no GHCR/cosign/smoke-test gate) - Document in `docs/DOWNSTREAM_RELEASE.md` and align `docs/RELEASE_CYCLE.md` Phase 5 for consumer vs upstream paths - **Optional draft pre-release for downstream release candidates** ([#463](#463)) - Workspace `release.yml` adds `create-release` (`workflow_dispatch`, default `false`); `release-publish.yml` creates a draft GitHub pre-release only when set for `candidate` runs - Smoke-test `repository-dispatch.yml` passes `create-release=true` when triggering downstream `release.yml` - `just publish-candidate` forwards `create-release` in `justfile.gh` and the workspace template copy ### Changed - **RELEASE_APP permissions and GHCR cleanup token model** ([#463](#463)) - Document Packages read/write on the org for `promote-release` cleanup, align the app table in `docs/RELEASE_CYCLE.md`, and explain why cleanup uses the GitHub App token instead of `GITHUB_TOKEN` - **Promote-release cleans up stale RC artifacts after merge** ([#463](#463)) - Best-effort job deletes GHCR package versions for `${VERSION}-rc*` and `sha256-*`-only orphans, and deletes remote git RC tags for that base version when no GitHub Release exists; does not fail the workflow on error - **Downstream release helper recipes via GitHub justfile import** ([#373](#373)) - Move `prepare-release`, `finalize-release`, `publish-candidate`, and `reset-changelog` into `justfile.gh` so downstream workspace templates expose these release helpers by default - Keep root recipe availability (including `pull`) through `import 'justfile.gh'` while consolidating release helper ownership in the GitHub-focused recipe file; the workspace template copy omits the `pull` recipe - **Split final release into publish and promote phases** ([#456](#456)) - Final `release.yml` publishes versioned GHCR tags and a draft GitHub Release but no longer updates `:latest` - New `promote-release.yml` runs after downstream smoke-test publishes its final release: updates `:latest`, publishes the draft release, merges the release PR to `main` - Add `just promote-release` in `justfile.gh` (and workspace template copy) - **Smoke-test dispatch fails fast when deploy PR checks fail** ([#381](#381)) - `wait-deploy-merge` in `assets/smoke-test/.github/workflows/repository-dispatch.yml` exits as soon as all required checks have completed with failures instead of waiting for the merge poll timeout (`gh pr checks --required`) - **Scheduled security scan pulls GHCR `:latest` instead of rebuilding** ([#461](#461)) - Runs nightly at 05:00 UTC, pulls the published image, gates on fixable HIGH/CRITICAL vulnerabilities, auto-creates a deduplicated GitHub issue on failure, and uploads SARIF under `container-image-latest` - **Dependabot dependency update batch** ([#474](#474)) - Bump `github/codeql-action` from `4.34.1` to `4.35.1` - Bump `sigstore/cosign-installer` from `4.1.0` to `4.1.1` - **Dependabot dependency update batch** ([#488](#488), [#489](#489)) - Bump `@devcontainers/cli` from `0.84.1` to `0.85.0` - Bump `docker/login-action` from `4.0.0` to `4.1.0` - **Simplify `just pull` in `justfile.gh`** ([#482](#482)) - Pull `ghcr.io/vig-os/devcontainer` by tag; drop redundant shell fallback, per-recipe `repo` argument, and unused `REGISTRY_TEST` TLS path (imported `justfile.gh` cannot reference root `repo`) - **prepare-changelog finalize adds GitHub release link to version headings** ([#496](#496)) - `finalize_release_date` writes `## [X.Y.Z](https://github.com/owner/repo/releases/tag/X.Y.Z) - date`; repository slug comes from `GITHUB_REPOSITORY` (set in Actions) or from `prepare-changelog finalize ... --github-repository owner/repo` - `unprepare` recognizes linked `## [semver](url) - …` headings ### Removed - **One-time GHCR/git RC prune script** ([#463](#463)) - Remove `scripts/prune-ghcr-tags.sh`; RC and `sha256-*` orphan cleanup remains in root `promote-release.yml` - **Downstream RC pre-release gate from release validate job** ([#463](#463)) - Removed dead `if: false` steps from `release.yml`; downstream final release is verified only in `promote-release.yml` before promote - **Nightly full CI schedule from `ci.yml`** ([#492](#492)) - Remove the `schedule` trigger and schedule-only checkout overrides; CI remains on pull requests and `workflow_dispatch` only - Nightly GHCR `:latest` scan in `security-scan.yml` is unchanged ### Fixed - **Prepare-release changelog commits silently skipped due to FILE_PATHS delimiter mismatch** ([#483](#483)) - Change `FILE_PATHS` from space-separated to comma-separated in all `commit-action` steps of `prepare-release.yml` so the action correctly commits both `CHANGELOG.md` and `assets/workspace/.devcontainer/CHANGELOG.md` - Join finalization changed files with commas in `release.yml` (`Collect finalization files`) so `commit-action` receives multiple paths correctly - **`publish-candidate` recipe sends unknown `create-release` input** ([#479](#479)) - Remove `create-release` parameter and `-f` flag from upstream `justfile.gh`; the input was added to the downstream workflow only but the recipe was updated in both places - **Image tests expect current `just` minor** ([#479](#479)) - Align `EXPECTED_VERSIONS["just"]` with the latest `just` release installed by the Containerfile (1.49.x) - **Git commit now falls back to nano when editor config is unusable** ([#383](#383)) - `setup-git-conf.sh` now validates the effective Git editor and sets `core.editor=nano` only when the configured editor is missing or invalid in-container - Add integration regression coverage to ensure invalid editor settings are corrected during setup - **Release finalize no longer races sync-issues; CHANGELOG TBD verified after reset** ([#455](#455)) - Run `sync-issues` after capturing finalize SHA so downstream build/publish use the finalized commit - Fail finalize if `CHANGELOG.md` still contains `## [version] - TBD` after `git reset --hard` - **generate-docs pre-commit runs when CHANGELOG.md changes** ([#455](#455)) - Keeps README “Latest Version” and other generated docs aligned with the changelog - **prepare-release tolerates GitHub API ref propagation and reliable CHANGELOG rollback** ([#453](#453)) - Poll until the new release branch ref resolves before `commit-action` commits to it - Fetch dev `CHANGELOG.md` by resolved commit SHA during rollback so Contents API staleness does not skip the rollback commit - **sync-main-to-dev sync job no longer depends on dev's setup-env** ([#459](#459)) - Inline the same `retry` shell helper used by `setup-env` so the job works when `main`'s workflow expects helpers not yet on `dev` - **CI container build avoids shared-runner Docker Hub rate limits** ([#473](#473)) - `build-image` logs in to `docker.io` before `setup-buildx-action` when `DOCKERHUB_USERNAME` and `DOCKERHUB_TOKEN` secrets are set; `ci.yml` and `release.yml` pass them - Omitting secrets (e.g. forks) keeps prior anonymous-pull behavior - **Release finalize commit blocked by Release protection ruleset** ([#487](#487)) - Generate a dedicated Commit App token (`COMMIT_APP_ID`) for the `commit-action` step in the `finalize` job of `release.yml`, matching the pattern used by `prepare-release.yml` and other workflows; the previous Release App token lacked ruleset bypass - **Release finalize installs just for doc generation** ([#494](#494)) - Remove `install-just: 'false'` from the finalize job `setup-env` step so `docs/generate.py` can run `just --list` - `get_just_help()` exits non-zero on failure instead of writing placeholder content into generated docs - **Release rollback and CI `retry` exit codes** ([#500](#500)) - `retry` shell helper now propagates the command's non-zero exit code when all attempts fail - Release rollback creates a fast-forward revert commit via the Git API instead of force-pushing, compatible with branch protection on `release/*` - Rollback Git Data API steps authenticate with the Commit app token (same as finalize) so protected `release/*` ref updates are not blocked - Canonical `retry()` implementation lives in `.github/scripts/retry.sh`; `setup-env` and BATS source it so CI and tests stay aligned (`sync-main-to-dev.yml` keeps an inline copy documented as in sync) - **Release rollback restores release PR body after finalize** ([#502](#502)) - `rollback` job in `release.yml` restores the PR description from pre-finalization `CHANGELOG.md` (TBD / prepare-release format) using RELEASE_APP when `release_kind` is final, after branch rollback; failure issue and job summary report the step outcome - **Final release notes extraction after linked changelog headings** ([#504](#504)) - Publish job `awk` matches `## [VERSION]` prefix so finalized `## [X.Y.Z](url) - date` headings produce GitHub Release notes (regression after prepare-changelog linked headings in #496) ### Security - **Nightly vulnerability gate for published container image** ([#461](#461)) - Scheduled security scan now fails on fixable HIGH/CRITICAL CVEs and auto-files a GitHub issue, replacing the previous non-blocking weekly scan
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps @devcontainers/cli from 0.84.1 to 0.85.0.
Changelog
Sourced from
@devcontainers/cli's changelog.Commits
39685cfMerge pull request #1185 from devcontainers/chrmarti/imaginative-duck218a1b90.85.060a4580Update dependencies with security fixes217ae9cInline buildx global build and target platform envvars when resolving base im...Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)