Commit 48bbc37
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump ossf/scorecard-action from 2.4.0 to 2.4.3 (#9)
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.4.0 to 2.4.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.3</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.3.0 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.3.0">Scorecard
v5.3.0 release notes</a>.</p>
<h2>Documentation</h2>
<ul>
<li>docs: clarify <code>GITHUB_TOKEN</code> permissions needed for
private repos by <a
href="https://github.com/pankajtaneja5"><code>@pankajtaneja5</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li>:book: Fix recommended command to test the image in development by
<a
href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1583">ossf/scorecard-action#1583</a></li>
</ul>
<h2>Other</h2>
<ul>
<li>add missing top-level token permissions to workflows by <a
href="https://github.com/timothyklee"><code>@timothyklee</code></a> in
<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li>setup codeowners for requesting reviews by <a
href="https://github.com/spencerschrock"><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1576">ossf/scorecard-action#1576</a></li>
<li>:seedling: Improve printing options by <a
href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/timothyklee"><code>@timothyklee</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li><a
href="https://github.com/pankajtaneja5"><code>@pankajtaneja5</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li><a
href="https://github.com/deivid-rodriguez"><code>@deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3">https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3</a></p>
<h2>v2.4.2</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.2.1 release. For a
complete list of changes, please refer to the Scorecard <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.0">v5.2.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.1">v5.2.1</a>
release notes.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2">https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p>
<h2>v2.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>This update bumps the Scorecard version to the v5.1.1 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.0">v5.1.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.1">v5.1.1</a>
release notes.</li>
<li>Publishing results now uses half the API quota as before. The exact
savings depends on the repository in question.
<ul>
<li>use Scorecard library entrypoint instead of Cobra hooking by <a
href="https://github.com/spencerschrock"><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1423">ossf/scorecard-action#1423</a></li>
</ul>
</li>
<li>Some errors were made into annotations to make them more visible
<ul>
<li>Make default branch error more prominent by <a
href="https://github.com/jsoref"><code>@jsoref</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a></li>
</ul>
</li>
<li>There is now an optional <code>file_mode</code> input which controls
how repository files are fetched from GitHub. The default is
<code>archive</code>, but <code>git</code> produces the most accurate
results for repositories with <code>.gitattributes</code> files at the
cost of analysis speed.
<ul>
<li>add input for specifying <code>--file-mode</code> by <a
href="https://github.com/spencerschrock"><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1509">ossf/scorecard-action#1509</a></li>
</ul>
</li>
<li>The underlying container for the action is now <a
href="https://github.com/ossf/scorecard-action/pkgs/container/scorecard-action">hosted
on GitHub Container Registry</a>. There should be no functional changes.
<ul>
<li>:seedling: publish docker images to GitHub Container Registry by <a
href="https://github.com/spencerschrock"><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1453">ossf/scorecard-action#1453</a></li>
</ul>
</li>
</ul>
<h3>Docs</h3>
<ul>
<li>Installation docs update by <a
href="https://github.com/JeremiahAHoward"><code>@JeremiahAHoward</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/JeremiahAHoward"><code>@JeremiahAHoward</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
<li><a href="https://github.com/jsoref"><code>@jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1">https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a"><code>4eaacf0</code></a>
bump docker to ghcr v2.4.3 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1587">#1587</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a"><code>42e3a01</code></a>
:seedling: Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1585">#1585</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15"><code>88c07ac</code></a>
:seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1579">#1579</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128"><code>6c690f2</code></a>
Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1586">#1586</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd"><code>92083b5</code></a>
:book: Fix recommended command to test the image in development (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1583">#1583</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9"><code>7975ea6</code></a>
:seedling: Bump the docker-images group across 1 directory with 2
updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf"><code>0d1a743</code></a>
:seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1575">#1575</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7"><code>46e6e0c</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1580">#1580</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d"><code>c3f1350</code></a>
:seedling: Improve printing options (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1584">#1584</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a"><code>43e475b</code></a>
:seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1578">#1578</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...4eaacf0543bb3f2c246792bd56e8cdeffafb205a">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent db91c2b commit 48bbc37
1 file changed
+1
-1
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
24 | | - | |
| 24 | + | |
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
| |||
0 commit comments