Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update github-actions #2337

Merged
merged 1 commit into from
Jun 27, 2023

Conversation

renovate-bot
Copy link
Contributor

@renovate-bot renovate-bot commented Jun 24, 2023

Mend Renovate

This PR contains the following updates:

Package Type Update Change
actions/setup-java action digest 45058d7 -> 1f2faad
github/codeql-action action patch v2.20.0 -> v2.20.1
ossf/scorecard-action action minor v2.1.3 -> v2.2.0
sigstore/cosign-installer action minor v3.0.5 -> v3.1.0

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.


Release Notes

github/codeql-action (github/codeql-action)

v2.20.1

Compare Source

ossf/scorecard-action (ossf/scorecard-action)

v2.2.0

Compare Source

What's Changed

Scorecard Result Viewer

Thanks to contributions from @​cynthia-sg and @​tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>.

As an example, you can see our own score visualized here
Checkout our README to learn how to link your README badge to the new visualization page.

Publishing Results

This release contains two fixes which will improve the user experience when publish_results is true

Docs

New Contributors

Full Changelog: ossf/scorecard-action@v2.1.3...v2.2.0

sigstore/cosign-installer (sigstore/cosign-installer)

v3.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: sigstore/cosign-installer@v3.0.5...v3.1.0


Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Signed-off-by: Mend Renovate <bot@renovateapp.com>
@ianlewis ianlewis enabled auto-merge (squash) June 27, 2023 02:06
@ianlewis ianlewis merged commit 8bf8cac into slsa-framework:main Jun 27, 2023
@renovate-bot renovate-bot deleted the renovate/github-actions branch June 27, 2023 02:13
enteraga6 pushed a commit to enteraga6/slsa-github-generator that referenced this pull request Jul 18, 2023
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/setup-java | action | digest | `45058d7` -> `1f2faad` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | patch | `v2.20.0` -> `v2.20.1` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) |
action | minor | `v2.1.3` -> `v2.2.0` |
|
[sigstore/cosign-installer](https://github.com/sigstore/cosign-installer)
| action | minor | `v3.0.5` -> `v3.1.0` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.20.1`](https://github.com/github/codeql-action/compare/v2.20.0...v2.20.1)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.0...v2.20.1)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.2.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.2.0)

[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1192](https://github.com/ossf/scorecard-action/pull/1192)

#### Scorecard Result Viewer

Thanks to contributions from
[@&#8203;cynthia-sg](https://github.com/cynthia-sg) and
[@&#8203;tegioz](https://github.com/tegioz) at
[CLOMonitor](https://github.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.

-
[https://github.com/ossf/scorecard-webapp/pull/406](https://github.com/ossf/scorecard-webapp/pull/406)
-
[https://github.com/ossf/scorecard-webapp/pull/422](https://github.com/ossf/scorecard-webapp/pull/422)

As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.

#### Publishing Results

This release contains two fixes which will improve the user experience
when `publish_results` is `true`

- Runs that fail our [workflow
restrictions](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([https://github.com/ossf/scorecard-action/pull/1156](https://github.com/ossf/scorecard-action/pull/1156),
resolved
[https://github.com/ossf/scorecard-action/issues/1150](https://github.com/ossf/scorecard-action/issues/1150))
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([https://github.com/ossf/scorecard-action/pull/1191](https://github.com/ossf/scorecard-action/pull/1191))

#### Docs

- 📖 Update README to accept fine-grained tokens by
[@&#8203;pnacht](https://github.com/pnacht) in
[https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175)
- 📖 Update installation instructions to match current GitHub UI by
[@&#8203;joycebrum](https://github.com/joycebrum) in
[https://github.com/ossf/scorecard-action/pull/1153](https://github.com/ossf/scorecard-action/pull/1153)
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in

#### New Contributors

- [@&#8203;bobcallaway](https://github.com/bobcallaway) made their
first contribution in
[https://github.com/ossf/scorecard-action/pull/1140](https://github.com/ossf/scorecard-action/pull/1140)
- [@&#8203;pnacht](https://github.com/pnacht) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175)

**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0

</details>

<details>
<summary>sigstore/cosign-installer (sigstore/cosign-installer)</summary>

###
[`v3.1.0`](https://github.com/sigstore/cosign-installer/releases/tag/v3.1.0)

[Compare
Source](https://github.com/sigstore/cosign-installer/compare/v3.0.5...v3.1.0)

#### What's Changed

- update job to use latest action release by
[@&#8203;cpanato](https://github.com/cpanato) in
[https://github.com/sigstore/cosign-installer/pull/130](https://github.com/sigstore/cosign-installer/pull/130)
- Update action example for keyless signing as xarg is not required by
[@&#8203;jbtrystram](https://github.com/jbtrystram) in
[https://github.com/sigstore/cosign-installer/pull/132](https://github.com/sigstore/cosign-installer/pull/132)
- update examples by [@&#8203;cpanato](https://github.com/cpanato) in
[https://github.com/sigstore/cosign-installer/pull/133](https://github.com/sigstore/cosign-installer/pull/133)
- bump cosign to default to release v2.1.0 and update docs by
[@&#8203;cpanato](https://github.com/cpanato) in
[https://github.com/sigstore/cosign-installer/pull/136](https://github.com/sigstore/cosign-installer/pull/136)

#### New Contributors

- [@&#8203;jbtrystram](https://github.com/jbtrystram) made their first
contribution in
[https://github.com/sigstore/cosign-installer/pull/132](https://github.com/sigstore/cosign-installer/pull/132)

**Full Changelog**:
sigstore/cosign-installer@v3.0.5...v3.1.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4xMzEuMCIsInVwZGF0ZWRJblZlciI6IjM1LjE0MS4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Noah Elzner <elzner@google.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants