Skip to content

Commit

Permalink
Merge #273
Browse files Browse the repository at this point in the history
273: chore(deps): update ossf/scorecard-action action to v2 r=renovate[bot] a=renovate[bot]

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | major | `v1.1.1` -> `v2.0.6` |

---

### Release Notes

<details>
<summary>ossf/scorecard-action</summary>

### [`v2.0.6`](https://github.com/ossf/scorecard-action/releases/tag/v2.0.6)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6)

#### What's Changed

-   Fix - Broken dockerfile by [`@&#8203;naveensrinivasan](https://github.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/979](https://github.com/ossf/scorecard-action/pull/979)

**Full Changelog**: ossf/scorecard-action@v2.0.5...v2.0.6

### [`v2.0.5`](https://github.com/ossf/scorecard-action/releases/tag/v2.0.5)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v2.0.4...v2.0.5)

#### What's Changed

-   Remove trailing space from example by [`@&#8203;jamacku](https://github.com/jamacku)` in [https://github.com/ossf/scorecard-action/pull/955](https://github.com/ossf/scorecard-action/pull/955)
-   🌱 Bump actions/cache from 3.0.8 to 3.0.10 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/956](https://github.com/ossf/scorecard-action/pull/956)
-   🌱 Bump github/codeql-action from 2.1.25 to 2.1.26 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/957](https://github.com/ossf/scorecard-action/pull/957)
-   🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/958](https://github.com/ossf/scorecard-action/pull/958)
-   🌱 Bump debian from `5cf1d98` to `b46fc4e` by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/959](https://github.com/ossf/scorecard-action/pull/959)
-   🌱 Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/962](https://github.com/ossf/scorecard-action/pull/962)
-   🌱 Upgrade to go 1.19 by [`@&#8203;naveensrinivasan](https://github.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/961](https://github.com/ossf/scorecard-action/pull/961)
-   🌱 Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/967](https://github.com/ossf/scorecard-action/pull/967)
-   🌱 Bump golang from `c2a98a5` to `b850621` by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/966](https://github.com/ossf/scorecard-action/pull/966)
-   🌱 Bump golang from `b850621` to `25de7b6` by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/968](https://github.com/ossf/scorecard-action/pull/968)
-   New release for Scorecard v4.8.0 by [`@&#8203;naveensrinivasan](https://github.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/969](https://github.com/ossf/scorecard-action/pull/969)

#### New Contributors

-   [`@&#8203;jamacku](https://github.com/jamacku)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/955](https://github.com/ossf/scorecard-action/pull/955)

**Full Changelog**: ossf/scorecard-action@v2.0.4...v2.0.5

### [`v2.0.4`](https://github.com/ossf/scorecard-action/releases/tag/v2.0.4)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v2.0.3...v2.0.4)

Fixes [#&#8203;856](https://github.com/ossf/scorecard-action/issues/856)

#### What's Changed

-   🌱 Bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/934](https://github.com/ossf/scorecard-action/pull/934)
-   feat: do not run signing on pull requests by [`@&#8203;laurentsimon](https://github.com/laurentsimon)` in [https://github.com/ossf/scorecard-action/pull/935](https://github.com/ossf/scorecard-action/pull/935)
-   🌱 Bump debian from 11.4-slim to 11.5-slim by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/936](https://github.com/ossf/scorecard-action/pull/936)
-   🌱 Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/938](https://github.com/ossf/scorecard-action/pull/938)
-   🌱 Bump github/codeql-action from 2.1.22 to 2.1.24 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/941](https://github.com/ossf/scorecard-action/pull/941)
-   🐛 Restore behavior of ignoring scorecard runtime errors by [`@&#8203;spencerschrock](https://github.com/spencerschrock)` in [https://github.com/ossf/scorecard-action/pull/948](https://github.com/ossf/scorecard-action/pull/948)
-   🌱 Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/950](https://github.com/ossf/scorecard-action/pull/950)
-   🌱 Bump github.com/sigstore/cosign from 1.12.0 to 1.12.1 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/947](https://github.com/ossf/scorecard-action/pull/947)
-   🌱 Bump github/codeql-action from 2.1.24 to 2.1.25 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/949](https://github.com/ossf/scorecard-action/pull/949)
-   🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.1 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/942](https://github.com/ossf/scorecard-action/pull/942)
-   Create v2.0.4 patch by [`@&#8203;spencerschrock](https://github.com/spencerschrock)` in [https://github.com/ossf/scorecard-action/pull/952](https://github.com/ossf/scorecard-action/pull/952)

#### New Contributors

-   [`@&#8203;spencerschrock](https://github.com/spencerschrock)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/948](https://github.com/ossf/scorecard-action/pull/948)

**Full Changelog**: ossf/scorecard-action@v2.0.3...v2.0.4

### [`v2.0.3`](https://github.com/ossf/scorecard-action/releases/tag/v2.0.3)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v2.0.2...v2.0.3)

Patch for fix in [#&#8203;898](https://github.com/ossf/scorecard-action/issues/898)

### [`v2.0.2`](https://github.com/ossf/scorecard-action/releases/tag/v2.0.2)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v2.0.1...v2.0.2)

Fixes [https://github.com/ossf/scorecard-action/issues/895](https://github.com/ossf/scorecard-action/issues/895)

### [`v2.0.1`](https://github.com/ossf/scorecard-action/releases/tag/v2.0.1)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v2.0.0...v2.0.1)

Fix for [#&#8203;856](https://github.com/ossf/scorecard-action/issues/856)

### [`v2.0.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.0.0)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v1.1.2...v2.0.0)

#### What's Changed

-   🌱 Prepare for a pre-release of the Golang action by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/750](https://github.com/ossf/scorecard-action/pull/750)
-   🌱 Bump github/codeql-action from 2.1.12 to 2.1.16 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/751](https://github.com/ossf/scorecard-action/pull/751)
-   🌱 Bump debian from 11.3-slim to 11.4-slim by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/749](https://github.com/ossf/scorecard-action/pull/749)
-   🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/646](https://github.com/ossf/scorecard-action/pull/646)
-   🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/748](https://github.com/ossf/scorecard-action/pull/748)
-   🐛 Fix dependency conflicts in go.mod by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/771](https://github.com/ossf/scorecard-action/pull/771)
-   🌱 Prepare for v2 beta1 release by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/766](https://github.com/ossf/scorecard-action/pull/766)
-   multi-repo-action: Note that tool is a work-in-progress by [`@&#8203;naveensrinivasan](https://github.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/776](https://github.com/ossf/scorecard-action/pull/776)
-   🐛 Fix intermittent failures in CI-Tests by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/778](https://github.com/ossf/scorecard-action/pull/778)
-   🌱 Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/775](https://github.com/ossf/scorecard-action/pull/775)
-   🌱 Bump actions/cache from 3.0.4 to 3.0.5 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/769](https://github.com/ossf/scorecard-action/pull/769)
-   📖 Update README about the restrictions for scorecard-action:v2 by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/779](https://github.com/ossf/scorecard-action/pull/779)
-   🌱 Bump github/codeql-action from 2.1.16 to 2.1.17 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/783](https://github.com/ossf/scorecard-action/pull/783)
-   📖 Update instructions for Scorecard badge to README by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/785](https://github.com/ossf/scorecard-action/pull/785)
-   🌱 Bump debian from `f576b80` to `a811e62` by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/787](https://github.com/ossf/scorecard-action/pull/787)
-   🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/786](https://github.com/ossf/scorecard-action/pull/786)
-   🌱 Bump github/codeql-action from 2.1.17 to 2.1.18 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/788](https://github.com/ossf/scorecard-action/pull/788)
-   🌱 Bump actions/cache from 3.0.5 to 3.0.6 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/789](https://github.com/ossf/scorecard-action/pull/789)
-   🐛 Add request application/json request header by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/791](https://github.com/ossf/scorecard-action/pull/791)
-   Create a new release v2.0.0-alpha.1 by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/803](https://github.com/ossf/scorecard-action/pull/803)
-   🌱 Bump actions/cache from 3.0.6 to 3.0.7 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/807](https://github.com/ossf/scorecard-action/pull/807)
-   Olivekl patch 1 by [`@&#8203;olivekl](https://github.com/olivekl)` in [https://github.com/ossf/scorecard-action/pull/809](https://github.com/ossf/scorecard-action/pull/809)
-   🌱 Fix cosign vulnerability by [`@&#8203;naveensrinivasan](https://github.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/812](https://github.com/ossf/scorecard-action/pull/812)
-   🌱 Allow for publish URL override by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/811](https://github.com/ossf/scorecard-action/pull/811)
-   🌱 Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/820](https://github.com/ossf/scorecard-action/pull/820)
-   🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/808](https://github.com/ossf/scorecard-action/pull/808)
-   cmd/installer: Cleanups (2/n) by [`@&#8203;justaugustus](https://github.com/justaugustus)` in [https://github.com/ossf/scorecard-action/pull/833](https://github.com/ossf/scorecard-action/pull/833)
-   Update comments to allow for renovatebot updates by [`@&#8203;laurentsimon](https://github.com/laurentsimon)` in [https://github.com/ossf/scorecard-action/pull/834](https://github.com/ossf/scorecard-action/pull/834)
-   🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/839](https://github.com/ossf/scorecard-action/pull/839)
-   🌱 Update actions/checkout requirement to [`2541b12`](https://github.com/ossf/scorecard-action/commit/2541b1294d2704b0964813337f33b291d3f8596b) by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/835](https://github.com/ossf/scorecard-action/pull/835)
-   🌱 Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/842](https://github.com/ossf/scorecard-action/pull/842)
-   🌱 Bump github/codeql-action from 2.1.18 to 2.1.21 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/844](https://github.com/ossf/scorecard-action/pull/844)
-   🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/843](https://github.com/ossf/scorecard-action/pull/843)
-   🌱 Bump debian from `a811e62` to `68c1f6b` by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/840](https://github.com/ossf/scorecard-action/pull/840)
-   Fix workflow path in automatic creation of PR  by [`@&#8203;RadoslavGatev](https://github.com/RadoslavGatev)` in [https://github.com/ossf/scorecard-action/pull/845](https://github.com/ossf/scorecard-action/pull/845)
-   🌱 Bump actions/dependency-review-action from [`310e0dd`](https://github.com/ossf/scorecard-action/commit/310e0dd64f63b1d00101ecd3225d605a74261fb7) to 2.1.0 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/838](https://github.com/ossf/scorecard-action/pull/838)
-   🌱 Bump actions/cache from 3.0.7 to 3.0.8 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/836](https://github.com/ossf/scorecard-action/pull/836)
-   📖 Add docs for API by [`@&#8203;azeemshaikh38](https://github.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/849](https://github.com/ossf/scorecard-action/pull/849)
-   🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 by [`@&#8203;dependabot](https://github.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/853](https://github.com/ossf/scorecard-action/pull/853)
-   🌱 Included License by [`@&#8203;naveensrinivasan](https://github.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/852](https://github.com/ossf/scorecard-action/pull/852)
-   🌱 Release v2.0.0 by [`@&#8203;naveensrinivasan](https://github.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/854](https://github.com/ossf/scorecard-action/pull/854)

#### New Contributors

-   [`@&#8203;RadoslavGatev](https://github.com/RadoslavGatev)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/845](https://github.com/ossf/scorecard-action/pull/845)

**Full Changelog**: ossf/scorecard-action@v1.1.2...v2.0.0

### [`v1.1.2`](https://github.com/ossf/scorecard-action/releases/tag/v1.1.2)

[Compare Source](https://github.com/ossf/scorecard-action/compare/v1.1.1...v1.1.2)

#### What's Changed

-   Fix for [https://github.com/ossf/scorecard-action/issues/329](https://github.com/ossf/scorecard-action/issues/329)

**Full Changelog**: ossf/scorecard-action@v1.1.1...v1.1.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/OpenPoolProject/stratum).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzQuMTkuMCJ9-->


Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
bors[bot] and renovate[bot] authored Nov 6, 2022
2 parents 4989170 + 0d900e0 commit 4de0ed6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/scorecards.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # v1.1.1
uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
with:
results_file: results.sarif
results_format: sarif
Expand Down

0 comments on commit 4de0ed6

Please sign in to comment.