Skip to content

Commit

Permalink
Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#225)
Browse files Browse the repository at this point in the history
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.3.1 to 2.3.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.3.3</h2>
<blockquote>
<p>[!NOTE]<br />
There is no v2.3.2 release as a step was skipped in the release process.
This was fixed and re-released under the v2.3.3 tag</p>
</blockquote>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to
github.com/ossf/scorecard/v5 (v5.0.0-rc1) by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1366">ossf/scorecard-action#1366</a></li>
<li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to
v5.0.0-rc2 by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1374">ossf/scorecard-action#1374</a></li>
<li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0.20240509182734-7ce860946928 by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1377">ossf/scorecard-action#1377</a></li>
</ul>
<p>For a full changelist of what these include, see the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc1">v5.0.0-rc1</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc2">v5.0.0-rc2</a>
release notes.</p>
<h3>Documentation</h3>
<ul>
<li>:book: Move token discussion out of main README. by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1279">ossf/scorecard-action#1279</a></li>
<li>:book: link to <code>ossf/scorecard</code> workflow instead of
maintaining an example by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1352">ossf/scorecard-action#1352</a></li>
<li>:book: update api links to new scorecard.dev site by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1376">ossf/scorecard-action#1376</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3">https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/dc50aa9510b46c811795eb24b2f1ba02a914e534"><code>dc50aa9</code></a>
:seedling: Bump docker tag for v2.3.3 release (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1368">#1368</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/8ff570017382a0ef795f21f71e519b27a9b5f29e"><code>8ff5700</code></a>
:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to
v5.0.0-rc2.0....</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/8ba5e73d11a5fd0917494d02ab01dfd7866d2191"><code>8ba5e73</code></a>
update api links to new scorecard.dev site (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1376">#1376</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/92ddde3eaffd7e147638317c023642a6adc8a874"><code>92ddde3</code></a>
Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1374">#1374</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6c55905542a1ce814c7ec177a96904f5bc74aab5"><code>6c55905</code></a>
:seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1373">#1373</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/09bb953b6a0e34c84fb453985435a07cc2baa3a3"><code>09bb953</code></a>
:seedling: Bump distroless/base in the docker-images group (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1372">#1372</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/1511e1305b9d7e51245388421563264573c77bc7"><code>1511e13</code></a>
:seedling: Bump the github-actions group across 1 directory with 6
updates (#...</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/df66cd8fd834fab4483ac0031b8d8ff819b62422"><code>df66cd8</code></a>
:seedling: Bump the docker-images group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1370">#1370</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/fad9a3cc533bb069b1f01f272f1f630895cd690a"><code>fad9a3c</code></a>
:seedling: Bump distroless/base in the docker-images group (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1364">#1364</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/1e01a309c1de65b6221c25768bcfc322bac8ccee"><code>1e01a30</code></a>
:seedling: Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1365">#1365</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.3.1&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
dependabot[bot] authored May 13, 2024
1 parent eec1833 commit 78af3b4
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
with:
results_file: results.sarif
results_format: sarif
Expand Down

0 comments on commit 78af3b4

Please sign in to comment.