RSS Bot Posted September 12, 2022 Share Posted September 12, 2022 Bumps ossf/scorecard-action from 1.1.2 to 2.0.3. Release notes Sourced from ossf/scorecard-action's releases. v2.0.3 Patch for fix in #898 v2.0.2 Fixes ossf/scorecard-action#895 v2.0.1 Fix for #856 v2.0.0 What's Changed 🌱 Prepare for a pre-release of the Golang action by @azeemshaikh38 in ossf/scorecard-action#750 :seedling: Bump github/codeql-action from 2.1.12 to 2.1.16 by @dependabot in ossf/scorecard-action#751 :seedling: Bump debian from 11.3-slim to 11.4-slim by @dependabot in ossf/scorecard-action#749 :seedling: Bump step-security/harden-runner from 1.4.3 to 1.4.4 by @dependabot in ossf/scorecard-action#646 :seedling: Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in ossf/scorecard-action#748 🐛 Fix dependency conflicts in go.mod by @azeemshaikh38 in ossf/scorecard-action#771 🌱 Prepare for v2 beta1 release by @azeemshaikh38 in ossf/scorecard-action#766 multi-repo-action: Note that tool is a work-in-progress by @naveensrinivasan in ossf/scorecard-action#776 🐛 Fix intermittent failures in CI-Tests by @azeemshaikh38 in ossf/scorecard-action#778 :seedling: Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by @dependabot in ossf/scorecard-action#775 :seedling: Bump actions/cache from 3.0.4 to 3.0.5 by @dependabot in ossf/scorecard-action#769 📖 Update README about the restrictions for scorecard-action:v2 by @azeemshaikh38 in ossf/scorecard-action#779 :seedling: Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in ossf/scorecard-action#783 📖 Update instructions for Scorecard badge to README by @azeemshaikh38 in ossf/scorecard-action#785 :seedling: Bump debian from f576b80 to a811e62 by @dependabot in ossf/scorecard-action#787 :seedling: Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by @dependabot in ossf/scorecard-action#786 :seedling: Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in ossf/scorecard-action#788 :seedling: Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in ossf/scorecard-action#789 🐛 Add request application/json request header by @azeemshaikh38 in ossf/scorecard-action#791 Create a new release v2.0.0-alpha.1 by @azeemshaikh38 in ossf/scorecard-action#803 :seedling: Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in ossf/scorecard-action#807 Olivekl patch 1 by @olivekl in ossf/scorecard-action#809 :seedling: Fix cosign vulnerability by @naveensrinivasan in ossf/scorecard-action#812 🌱 Allow for publish URL override by @azeemshaikh38 in ossf/scorecard-action#811 :seedling: Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by @dependabot in ossf/scorecard-action#820 :seedling: Bump step-security/harden-runner from 1.4.4 to 1.4.5 by @dependabot in ossf/scorecard-action#808 cmd/installer: Cleanups (2/n) by @justaugustus in ossf/scorecard-action#833 Update comments to allow for renovatebot updates by @laurentsimon in ossf/scorecard-action#834 :seedling: Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by @dependabot in ossf/scorecard-action#839 :seedling: Update actions/checkout requirement to 2541b1294d2704b0964813337f33b291d3f8596b by @dependabot in ossf/scorecard-action#835 :seedling: Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by @dependabot in ossf/scorecard-action#842 :seedling: Bump github/codeql-action from 2.1.18 to 2.1.21 by @dependabot in ossf/scorecard-action#844 :seedling: Bump actions/setup-go from 3.2.1 to 3.3.0 by @dependabot in ossf/scorecard-action#843 :seedling: Bump debian from a811e62 to 68c1f6b by @dependabot in ossf/scorecard-action#840 Fix workflow path in automatic creation of PR by @RadoslavGatev in ossf/scorecard-action#845 :seedling: Bump actions/dependency-review-action from 310e0dd64f63b1d00101ecd3225d605a74261fb7 to 2.1.0 by @dependabot in ossf/scorecard-action#838 :seedling: Bump actions/cache from 3.0.7 to 3.0.8 by @dependabot in ossf/scorecard-action#836 📖 Add docs for API by @azeemshaikh38 in ossf/scorecard-action#849 :seedling: Bump github/codeql-action from 2.1.21 to 2.1.22 by @dependabot in ossf/scorecard-action#853 ... (truncated) Commits 865b409 Create v2.0.3 patch (#927) 60f6d77 :seedling: Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#855) a73c72a bug: always use the default GITHUB_TOKEN for signing (#898) 68bf5b3 🐛 Fixes Run all checks on a BranchProtection event - failing tests (#897) f437b3c Downgrade to scorecard:v4.5.0 to fix breakage (#894) 13ec8c7 :seedling: Release v2.0.0 (#854) 183420b :seedling: Included License (#852) 9347866 :seedling: Bump github/codeql-action from 2.1.21 to 2.1.22 (#853) d4f9a7a Add docs for API (#849) 9b15950 :seedling: Bump actions/cache from 3.0.7 to 3.0.8 (#836) Additional commits viewable in compare view Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: @dependabot rebase will rebase this PR @dependabot recreate will recreate this PR, overwriting any edits that have been made to it @dependabot merge will merge this PR after your CI passes on it @dependabot squash and merge will squash and merge this PR after your CI passes on it @dependabot cancel merge will cancel a previously requested merge and block automerging @dependabot reopen will reopen this PR if it is closed @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) View the full article Link to comment Share on other sites More sharing options...
Recommended Posts