Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(deps): update ossf/scorecard-action action to v2.2.0 (#541)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | action | minor | `v2.1.2` -> `v2.2.0` | --- ### Release Notes <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.2.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.2.0) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1192](https://github.com/ossf/scorecard-action/pull/1192) #### Scorecard Result Viewer Thanks to contributions from [@​cynthia-sg](https://github.com/cynthia-sg) and [@​tegioz](https://github.com/tegioz) at [CLOMonitor](https://github.com/cncf/clomonitor), there is a new Scorecard Result visualization page at `https://securityscorecards.dev/viewer/?uri=<project-url>`. - [https://github.com/ossf/scorecard-webapp/pull/406](https://github.com/ossf/scorecard-webapp/pull/406) - [https://github.com/ossf/scorecard-webapp/pull/422](https://github.com/ossf/scorecard-webapp/pull/422) As an example, you can see our own score visualized [here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard) Checkout our [README](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge) to learn how to link your README badge to the new visualization page. #### Publishing Results This release contains two fixes which will improve the user experience when `publish_results` is `true` - Runs that fail our [workflow restrictions](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions) will fail with a 400 response indicating the problem, instead of a vague 500 status. ([https://github.com/ossf/scorecard-action/pull/1156](https://github.com/ossf/scorecard-action/pull/1156), resolved [https://github.com/ossf/scorecard-action/issues/1150](https://github.com/ossf/scorecard-action/issues/1150)) - Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. ([https://github.com/ossf/scorecard-action/pull/1191](https://github.com/ossf/scorecard-action/pull/1191)) #### Docs - 📖 Update README to accept fine-grained tokens by [@​pnacht](https://github.com/pnacht) in [https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175) - 📖 Update installation instructions to match current GitHub UI by [@​joycebrum](https://github.com/joycebrum) in [https://github.com/ossf/scorecard-action/pull/1153](https://github.com/ossf/scorecard-action/pull/1153) - 📖 Document the GitHub action workflow restrictions when publishing results. by [@​spencerschrock](https://github.com/spencerschrock) in #### New Contributors - [@​bobcallaway](https://github.com/bobcallaway) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1140](https://github.com/ossf/scorecard-action/pull/1140) - [@​pnacht](https://github.com/pnacht) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175) **Full Changelog**: ossf/scorecard-action@v2.1.3...v2.2.0 ### [`v2.1.3`](https://github.com/ossf/scorecard-action/releases/tag/v2.1.3) [Compare Source](https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3) #### What's Changed - 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by [@​spencerschrock](https://github.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1111](https://github.com/ossf/scorecard-action/pull/1111) ##### Bug Fixes - Invalid SARIF files from a bug in scorecard - [#​1076](https://github.com/ossf/scorecard-action/issues/1076), [#​1094](https://github.com/ossf/scorecard-action/issues/1094) - Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner - [#​1092](https://github.com/ossf/scorecard-action/issues/1092) - Scorecard action not reporting binary artifacts in the repo - [#​1116](https://github.com/ossf/scorecard-action/issues/1116) **Full Scorecard Changelog**: ossf/scorecard@v4.10.2...v4.10.5 **Full Changelog**: ossf/scorecard-action@v2.1.2...v2.1.3 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/xmldom/xmldom). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjMiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information