Skip to content

Commit

Permalink
chore(deps): update ossf/scorecard-action action to v2.2.0 (#541)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) |
action | minor | `v2.1.2` -> `v2.2.0` |

---

### Release Notes

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.2.0`](https://github.com/ossf/scorecard-action/releases/tag/v2.2.0)

[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by [@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1192](https://github.com/ossf/scorecard-action/pull/1192)

#### Scorecard Result Viewer

Thanks to contributions from
[@&#8203;cynthia-sg](https://github.com/cynthia-sg) and
[@&#8203;tegioz](https://github.com/tegioz) at
[CLOMonitor](https://github.com/cncf/clomonitor), there is a new
Scorecard Result visualization page at
`https://securityscorecards.dev/viewer/?uri=<project-url>`.

-
[https://github.com/ossf/scorecard-webapp/pull/406](https://github.com/ossf/scorecard-webapp/pull/406)
-
[https://github.com/ossf/scorecard-webapp/pull/422](https://github.com/ossf/scorecard-webapp/pull/422)

As an example, you can see our own score visualized
[here](https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard)
Checkout our
[README](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge)
to learn how to link your README badge to the new visualization page.

#### Publishing Results

This release contains two fixes which will improve the user experience
when `publish_results` is `true`

- Runs that fail our [workflow
restrictions](https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions)
will fail with a 400 response indicating the problem, instead of a vague
500 status.
([https://github.com/ossf/scorecard-action/pull/1156](https://github.com/ossf/scorecard-action/pull/1156),
resolved
[https://github.com/ossf/scorecard-action/issues/1150](https://github.com/ossf/scorecard-action/issues/1150))
- Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures.
([https://github.com/ossf/scorecard-action/pull/1191](https://github.com/ossf/scorecard-action/pull/1191))

#### Docs

- 📖 Update README to accept fine-grained tokens by
[@&#8203;pnacht](https://github.com/pnacht) in
[https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175)
- 📖 Update installation instructions to match current GitHub UI by
[@&#8203;joycebrum](https://github.com/joycebrum) in
[https://github.com/ossf/scorecard-action/pull/1153](https://github.com/ossf/scorecard-action/pull/1153)
- 📖 Document the GitHub action workflow restrictions when publishing
results. by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in

#### New Contributors

- [@&#8203;bobcallaway](https://github.com/bobcallaway) made their
first contribution in
[https://github.com/ossf/scorecard-action/pull/1140](https://github.com/ossf/scorecard-action/pull/1140)
- [@&#8203;pnacht](https://github.com/pnacht) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1175](https://github.com/ossf/scorecard-action/pull/1175)

**Full Changelog**:
ossf/scorecard-action@v2.1.3...v2.2.0

###
[`v2.1.3`](https://github.com/ossf/scorecard-action/releases/tag/v2.1.3)

[Compare
Source](https://github.com/ossf/scorecard-action/compare/v2.1.2...v2.1.3)

#### What's Changed

- 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by
[@&#8203;spencerschrock](https://github.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1111](https://github.com/ossf/scorecard-action/pull/1111)

##### Bug Fixes

-   Invalid SARIF files from a bug in scorecard
-
[#&#8203;1076](https://github.com/ossf/scorecard-action/issues/1076),
[#&#8203;1094](https://github.com/ossf/scorecard-action/issues/1094)
- Vulnerabilities check crashes if a vulnerable dependency is found via
OSVScanner
- [#&#8203;1092](https://github.com/ossf/scorecard-action/issues/1092)
-   Scorecard action not reporting binary artifacts in the repo
- [#&#8203;1116](https://github.com/ossf/scorecard-action/issues/1116)

**Full Scorecard Changelog**:
ossf/scorecard@v4.10.2...v4.10.5

**Full Changelog**:
ossf/scorecard-action@v2.1.2...v2.1.3

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/xmldom/xmldom).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjMiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYXN0ZXIifQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
renovate[bot] authored Sep 28, 2023
1 parent 7f3ed6c commit 6d75892
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
with:
results_file: results.sarif
results_format: sarif
Expand Down

0 comments on commit 6d75892

Please sign in to comment.