build(deps): bump the actions group with 2 updates (#374)

Bumps the actions group with 2 updates:
[mikefarah/yq](https://github.com/mikefarah/yq) and
[docker/login-action](https://github.com/docker/login-action).

Updates `mikefarah/yq` from 4.52.5 to 4.53.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mikefarah/yq/releases">mikefarah/yq's
releases</a>.</em></p>
<blockquote>
<h2>v4.53.2</h2>
<ul>
<li>Releases and tags now signed and immutable!</li>
<li>Add system(command; args) operator (disabled by default) (<a
href="https://redirect.github.com/mikefarah/yq/issues/2640">#2640</a>)</li>
<li>TOML encoder: prefer readable table sections over inline tables (<a
href="https://redirect.github.com/mikefarah/yq/issues/2649">#2649</a>)</li>
<li>Fix TOML encoder to quote keys containing special characters (<a
href="https://redirect.github.com/mikefarah/yq/issues/2648">#2648</a>)</li>
<li>Add string slicing support (<a
href="https://redirect.github.com/mikefarah/yq/issues/2639">#2639</a>)</li>
<li>Fix findInArray misuse on MappingNodes in equality and contains (<a
href="https://redirect.github.com/mikefarah/yq/issues/2645">#2645</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Fix panic on negative slice indices that underflow after adjustment
(<a
href="https://redirect.github.com/mikefarah/yq/issues/2646">#2646</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Fix stack overflow from circular alias in traverse (<a
href="https://redirect.github.com/mikefarah/yq/issues/2647">#2647</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Fix panic and OOM in repeatString for large repeat counts (<a
href="https://redirect.github.com/mikefarah/yq/issues/2644">#2644</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Bumped dependencies</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's
changelog</a>.</em></p>
<blockquote>
<p>4.53.2:</p>
<ul>
<li>Fixing release process</li>
</ul>
<p>4.53.1:</p>
<ul>
<li>Releases and tags now signed and immutable!</li>
<li>Add system(command; args) operator (disabled by default) (<a
href="https://redirect.github.com/mikefarah/yq/issues/2640">#2640</a>)</li>
<li>TOML encoder: prefer readable table sections over inline tables (<a
href="https://redirect.github.com/mikefarah/yq/issues/2649">#2649</a>)</li>
<li>Fix TOML encoder to quote keys containing special characters (<a
href="https://redirect.github.com/mikefarah/yq/issues/2648">#2648</a>)</li>
<li>Add string slicing support (<a
href="https://redirect.github.com/mikefarah/yq/issues/2639">#2639</a>)</li>
<li>Fix findInArray misuse on MappingNodes in equality and contains (<a
href="https://redirect.github.com/mikefarah/yq/issues/2645">#2645</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Fix panic on negative slice indices that underflow after adjustment
(<a
href="https://redirect.github.com/mikefarah/yq/issues/2646">#2646</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Fix stack overflow from circular alias in traverse (<a
href="https://redirect.github.com/mikefarah/yq/issues/2647">#2647</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Fix panic and OOM in repeatString for large repeat counts (<a
href="https://redirect.github.com/mikefarah/yq/issues/2644">#2644</a>)
Thanks <a
href="https://github.com/jandubois"><code>@​jandubois</code></a>!</li>
<li>Bumped dependencies</li>
</ul>
<p>4.52.5:</p>
<ul>
<li>Fix: reset TOML decoder state between files (<a
href="https://redirect.github.com/mikefarah/yq/issues/2634">#2634</a>)
thanks <a
href="https://github.com/terminalchai"><code>@​terminalchai</code></a></li>
<li>Fix: preserve original filename when using --front-matter (<a
href="https://redirect.github.com/mikefarah/yq/issues/2613">#2613</a>)
thanks <a
href="https://github.com/cobyfrombrooklyn-bot"><code>@​cobyfrombrooklyn-bot</code></a></li>
<li>Fix typo in filename (<a
href="https://redirect.github.com/mikefarah/yq/issues/2611">#2611</a>)
thanks <a
href="https://github.com/alexandear"><code>@​alexandear</code></a></li>
<li>Bumped dependencies</li>
</ul>
<p>4.52.4:</p>
<ul>
<li>Dropping windows/arm - no longer supported in cross-compile</li>
</ul>
<p>4.52.3:</p>
<ul>
<li>Fixing comments in TOML arrays (<a
href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li>
<li>Bumped dependencies</li>
</ul>
<p>4.52.2:</p>
<ul>
<li>Fixed bad instructions file breaking go-install (<a
href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>)
Thanks <a
href="https://github.com/theyoprst"><code>@​theyoprst</code></a></li>
<li>Fixed TOML table scope after comments (<a
href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>)
Thanks <a
href="https://github.com/tomers"><code>@​tomers</code></a></li>
<li>Multiply uses a readonly context (<a
href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li>
<li>Fixed merge globbing wildcards in keys (<a
href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li>
<li>Fixing TOML subarray parsing issue (<a
href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li>
</ul>
<p>4.52.1:</p>
<ul>
<li>
<p>TOML encoder support - you can now roundtrip! <a
href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p>
</li>
<li>
<p>Parent now supports negative indices, and added a 'root' command for
referencing the top level document</p>
</li>
<li>
<p>Fixed scalar encoding for HCL</p>
</li>
<li>
<p>Add --yaml-compact-seq-indent / -c flag for compact sequence
indentation (<a
href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>)
Thanks <a href="https://github.com/jfenal"><code>@​jfenal</code></a></p>
</li>
<li>
<p>Add symlink check to file rename util (<a
href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>)
Thanks <a
href="https://github.com/Elias-elastisys"><code>@​Elias-elastisys</code></a></p>
</li>
<li>
<p>Powershell fixed default command used for __completeNoDesc alias (<a
href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>)
Thanks <a
href="https://github.com/teejaded"><code>@​teejaded</code></a></p>
</li>
<li>
<p>Unwrap scalars in shell output mode. (<a
href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>)
Thanks <a
href="https://github.com/flintwinters"><code>@​flintwinters</code></a></p>
</li>
<li>
<p>Added K8S KYAML output format support (<a
href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>)
Thanks <a
href="https://github.com/robbat2"><code>@​robbat2</code></a></p>
</li>
<li>
<p>Bumped dependencies</p>
</li>
<li>
<p>Special shout out to <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> for
reviewing my PRs!</p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mikefarah/yq/commit/751d8ad57b84f1794661bc70c0afb92a22ad7b3c"><code>751d8ad</code></a>
Bumping version</li>
<li><a
href="https://github.com/mikefarah/yq/commit/6dd681a7c0eee3120db5adb3fc8bc6287054a06c"><code>6dd681a</code></a>
Fixing release signing</li>
<li><a
href="https://github.com/mikefarah/yq/commit/fc7c337d8f736edb0fa1bf5ed219435f53e99c7b"><code>fc7c337</code></a>
Updating bump version script</li>
<li><a
href="https://github.com/mikefarah/yq/commit/e969dd789f58a9ae4a2224a8421616760f6dce3b"><code>e969dd7</code></a>
Bumping version</li>
<li><a
href="https://github.com/mikefarah/yq/commit/dc4b4ea1df108c3a47ac18dad60235dc4d8ca707"><code>dc4b4ea</code></a>
Preparing release notes</li>
<li><a
href="https://github.com/mikefarah/yq/commit/602586d8fdb5b93f92b7e374a2e3086a4e8625df"><code>602586d</code></a>
Create scorecard.yml</li>
<li><a
href="https://github.com/mikefarah/yq/commit/9a0335abb2c68b284053c6a931776deb1ca9f6cc"><code>9a0335a</code></a>
fix: restrict GitHub Actions workflow token permissions (OSSF
least-privilege...</li>
<li><a
href="https://github.com/mikefarah/yq/commit/838c51691c78708382f02544af837d603779a420"><code>838c516</code></a>
Trying to test release</li>
<li><a
href="https://github.com/mikefarah/yq/commit/c8f6c1a042937a31bb3b5e7bf1bf0432260d360f"><code>c8f6c1a</code></a>
Updating release to sign checksums</li>
<li><a
href="https://github.com/mikefarah/yq/commit/0e803833fb1f1458a204863136118190b4b128d6"><code>0e80383</code></a>
chore: pin GitHub Actions and Docker base images to full-length hashes
(OSSF ...</li>
<li>Additional commits viewable in <a
href="https://github.com/mikefarah/yq/compare/0f4fb8d35ec1a939d78dd6862f494d19ec589f19...751d8ad57b84f1794661bc70c0afb92a22ad7b3c">compare
view</a></li>
</ul>
</details>
<br />

Updates `docker/login-action` from 4.0.0 to 4.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<ul>
<li>Fix scoped Docker Hub cleanup path when registry is omitted by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/945">docker/login-action#945</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1020.0 in <a
href="https://redirect.github.com/docker/login-action/pull/930">docker/login-action#930</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.77.0 to 0.86.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/932">docker/login-action#932</a>
<a
href="https://redirect.github.com/docker/login-action/pull/936">docker/login-action#936</a></li>
<li>Bump brace-expansion from 1.1.12 to 1.1.13 in <a
href="https://redirect.github.com/docker/login-action/pull/952">docker/login-action#952</a></li>
<li>Bump fast-xml-parser from 5.3.4 to 5.3.6 in <a
href="https://redirect.github.com/docker/login-action/pull/942">docker/login-action#942</a></li>
<li>Bump flatted from 3.3.3 to 3.4.2 in <a
href="https://redirect.github.com/docker/login-action/pull/944">docker/login-action#944</a></li>
<li>Bump glob from 10.3.12 to 10.5.0 in <a
href="https://redirect.github.com/docker/login-action/pull/940">docker/login-action#940</a></li>
<li>Bump handlebars from 4.7.8 to 4.7.9 in <a
href="https://redirect.github.com/docker/login-action/pull/949">docker/login-action#949</a></li>
<li>Bump http-proxy-agent and https-proxy-agent to 8.0.0 in <a
href="https://redirect.github.com/docker/login-action/pull/937">docker/login-action#937</a></li>
<li>Bump lodash from 4.17.23 to 4.18.1 in <a
href="https://redirect.github.com/docker/login-action/pull/958">docker/login-action#958</a></li>
<li>Bump minimatch from 3.1.2 to 3.1.5 in <a
href="https://redirect.github.com/docker/login-action/pull/941">docker/login-action#941</a></li>
<li>Bump picomatch from 4.0.3 to 4.0.4 in <a
href="https://redirect.github.com/docker/login-action/pull/948">docker/login-action#948</a></li>
<li>Bump undici from 6.23.0 to 6.24.1 in <a
href="https://redirect.github.com/docker/login-action/pull/938">docker/login-action#938</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.0.0...v4.1.0">https://github.com/docker/login-action/compare/v4.0.0...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121"><code>4907a6d</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/930">#930</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636"><code>1e233e6</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb"><code>6c24ead</code></a>
build(deps): bump the aws-sdk-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6"><code>ee034d7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/958">#958</a>
from docker/dependabot/npm_and_yarn/lodash-4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb"><code>1527209</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/937">#937</a>
from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li>
<li><a
href="https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b"><code>d39362a</code></a>
build(deps): bump lodash from 4.17.23 to 4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce"><code>a6f092b</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779"><code>60953f0</code></a>
build(deps): bump the proxy-agent-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340"><code>62c6885</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/936">#936</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a"><code>102c0e6</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/scheduled.yml

@@ -16,7 +16,7 @@ jobs:
       configs: ${{ steps.repo_check.outputs.configs }}
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-      - uses: mikefarah/yq@0f4fb8d35ec1a939d78dd6862f494d19ec589f19 # v4.52.5
+      - uses: mikefarah/yq@751d8ad57b84f1794661bc70c0afb92a22ad7b3c # v4.53.2
       - name: Set up Python
         uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
@@ -30,7 +30,7 @@ jobs:
           python generate_config.py
           echo "Generated config.yaml for workflow use"
       - name: Login to Docker Hub
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
         with:
           username: ${{ vars.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}

.github/workflows/vet.yml

@@ -37,7 +37,7 @@ jobs:
         run: pip install PyYAML
       - name: Generate config.yaml
         run: python3 generate_config.py
-      - uses: mikefarah/yq@0f4fb8d35ec1a939d78dd6862f494d19ec589f19 # v4.52.5
+      - uses: mikefarah/yq@751d8ad57b84f1794661bc70c0afb92a22ad7b3c # v4.53.2
       - name: duplicate repository tag check
         run: |
           OUTPUT=$(yq 'group_by(.target.repository + ":" + .target.tag) | map(select(length>1))' config.yaml)