Build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 #2971

dependabot · 2023-07-22T18:25:14Z

Bumps ossf/scorecard-action from 2.1.3 to 2.2.0.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.2.0

What's Changed

🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by @spencerschrock in ossf/scorecard-action#1192

Scorecard Result Viewer

Thanks to contributions from @cynthia-sg and @tegioz at CLOMonitor, there is a new Scorecard Result visualization page at https://securityscorecards.dev/viewer/?uri=<project-url>.

ossf/scorecard-webapp#406

ossf/scorecard-webapp#422

As an example, you can see our own score visualized here Checkout our README to learn how to link your README badge to the new visualization page.

Publishing Results

This release contains two fixes which will improve the user experience when publish_results is true

Runs that fail our workflow restrictions will fail with a 400 response indicating the problem, instead of a vague 500 status. (ossf/scorecard-action#1156, resolved ossf/scorecard-action#1150)

Scorecard action will retry when signing results and submitting them to our web API. This should help with flakiness from connection failures. (ossf/scorecard-action#1191)

Docs

📖 Update README to accept fine-grained tokens by @pnacht in ossf/scorecard-action#1175

📖 Update installation instructions to match current GitHub UI by @joycebrum in ossf/scorecard-action#1153

📖 Document the GitHub action workflow restrictions when publishing results. by @spencerschrock in

New Contributors

@bobcallaway made their first contribution in ossf/scorecard-action#1140

@pnacht made their first contribution in ossf/scorecard-action#1175

Full Changelog: ossf/scorecard-action@v2.1.3...v2.2.0

Commits

08b4669 🌱 Bump docker tag to for v2.2.0 release. (#1194)
3c7470f 📖 Update README badge link to use new uri param. (#1185)
a164dbc 🌱 Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 (#1192)
597960e 📖 Update README to accept fine-grained tokens (#1175)
8808ed2 🌱 Retry external network calls when publishing results (#1191)
0eed6cb 🌱 Bump golang.org/x/net from 0.10.0 to 0.11.0
6c6335c 🌱 Bump github/codeql-action from 2.3.6 to 2.20.0
7f1baf3 📖 Switch recommended badge link to the new viewer. (#1176)
df98bbc 🌱 Bump actions/checkout from 3.5.2 to 3.5.3
75886d4 🌱 Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#1172)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@80e868c...08b4669) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

vercel · 2023-07-22T18:25:16Z

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
github-readme-stats	✅ Ready (Inspect)	Visit Preview	Jul 22, 2023 6:27pm

codecov · 2023-07-22T18:25:58Z

Codecov Report

Patch and project coverage have no change.

Comparison is base (5a3470a) 97.62% compared to head (c4fd547) 97.62%.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2971   +/-   ##
=======================================
  Coverage   97.62%   97.62%           
=======================================
  Files          24       24           
  Lines        5182     5182           
  Branches      460      460           
=======================================
  Hits         5059     5059           
  Misses        122      122           
  Partials        1        1

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

* Refactor: Fixed docstrings for close stale theme PRS workflow helper functions (anuraghazra#2923) * Refactor: Fixed docstrings for preview theme workflow helper functions (anuraghazra#2924) * Build(deps): Bump tough-cookie from 4.1.2 to 4.1.3 (anuraghazra#2927) Bumps [tough-cookie](https://github.com/salesforce/tough-cookie) from 4.1.2 to 4.1.3. - [Release notes](https://github.com/salesforce/tough-cookie/releases) - [Changelog](https://github.com/salesforce/tough-cookie/blob/master/CHANGELOG.md) - [Commits](salesforce/tough-cookie@v4.1.2...v4.1.3) --- updated-dependencies: - dependency-name: tough-cookie dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Set ecmaVersion inside .eslintrc (anuraghazra#2931) * Refactor: Fixed returns statement for wakatime card functions docstrings (anuraghazra#2934) * Refactor: Fixed stats card createTextNode function docstring (anuraghazra#2933) * Refactor: Fixed docstring for retryer function (anuraghazra#2937) * Refactor: Improve docstrings for card class methods (anuraghazra#2938) * Refactor: remove redundant import from wakatime data fetcher (anuraghazra#2944) * Docs: Add note about outdated translations (anuraghazra#2947) * Refactor: Fixed renderStatsCard function docstring (anuraghazra#2946) * Refactor: Fix several eslint errors and warnings (anuraghazra#2930) * CI: Avoid test workflow duplicate (anuraghazra#2945) * CI: Avoid test workflow duplicate * dev * dev * Refactor: wakatime card object shorthand (anuraghazra#2950) * Refactor: Fixed getCardColors function docstring (anuraghazra#2943) * Refactor: Fixed getCardColors function docstring * dev * Build(deps): Bump word-wrap from 1.2.3 to 1.2.4 (anuraghazra#2953) Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add dbaeumer.vscode-eslint extension into workspace recommended (anuraghazra#2939) * Fix lint command (anuraghazra#2932) Co-authored-by: rickstaa <rick.staa@outlook.com> * Uppercase total reviews title to match all another titles style (anuraghazra#2955) * Refactor: Fixed fallbackColor function docstring (anuraghazra#2954) * Refactor: Fixed docstring for flexLayout function (anuraghazra#2949) * Refactor: Fixed docstring for flexLayout function * dev * CI: dependencies pinned by hashes (anuraghazra#2915) * Ranks: Take into account user reviewed PRs count (anuraghazra#2857) * Rank: Take into account user reviewed PRs count * e2e * fix tests * dev * docs * dev * dev * Enable dependabot (anuraghazra#2963) * Build(deps): Bump actions/labeler from 4.2.0 to 4.3.0 (anuraghazra#2966) Bumps [actions/labeler](https://github.com/actions/labeler) from 4.2.0 to 4.3.0. - [Release notes](https://github.com/actions/labeler/releases) - [Commits](actions/labeler@0967ca8...ac9175f) --- updated-dependencies: - dependency-name: actions/labeler dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps): Bump github/codeql-action from 2.3.6 to 2.21.0 (anuraghazra#2968) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.6 to 2.21.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@83f0fe6...1813ca7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps): Bump actions/checkout from 3.5.2 to 3.5.3 (anuraghazra#2969) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v3.5.2...c85c95e) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (anuraghazra#2971) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@80e868c...08b4669) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * build(deps-dev): Bump husky from 8.0.1 to 8.0.3 (anuraghazra#2983) Bumps [husky](https://github.com/typicode/husky) from 8.0.1 to 8.0.3. - [Release notes](https://github.com/typicode/husky/releases) - [Commits](typicode/husky@v8.0.1...v8.0.3) --- updated-dependencies: - dependency-name: husky dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps-dev): Bump lint-staged from 13.0.3 to 13.2.3 (anuraghazra#2977) Bumps [lint-staged](https://github.com/okonet/lint-staged) from 13.0.3 to 13.2.3. - [Release notes](https://github.com/okonet/lint-staged/releases) - [Commits](lint-staged/lint-staged@v13.0.3...v13.2.3) --- updated-dependencies: - dependency-name: lint-staged dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps-dev): Bump @actions/github from 4.0.0 to 5.1.1 (anuraghazra#2981) Bumps [@actions/github](https://github.com/actions/toolkit/tree/HEAD/packages/github) from 4.0.0 to 5.1.1. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/github/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/github) --- updated-dependencies: - dependency-name: "@actions/github" dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps): Bump actions/setup-node from 3.6.0 to 3.7.0 (anuraghazra#2976) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@64ed1c7...e33196f) --- updated-dependencies: - dependency-name: actions/setup-node dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps): Bump rickstaa/top-issues-action from 1.3.18 to 1.3.28 (anuraghazra#2974) Bumps [rickstaa/top-issues-action](https://github.com/rickstaa/top-issues-action) from 1.3.18 to 1.3.28. - [Release notes](https://github.com/rickstaa/top-issues-action/releases) - [Commits](rickstaa/top-issues-action@d2877f7...2119b20) --- updated-dependencies: - dependency-name: rickstaa/top-issues-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps): Bump rickstaa/empty-issues-closer-action (anuraghazra#2973) Bumps [rickstaa/empty-issues-closer-action](https://github.com/rickstaa/empty-issues-closer-action) from 1.0.92 to 1.0.99. - [Release notes](https://github.com/rickstaa/empty-issues-closer-action/releases) - [Commits](rickstaa/empty-issues-closer-action@ed1f6e2...eff8a15) --- updated-dependencies: - dependency-name: rickstaa/empty-issues-closer-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps-dev): Bump @actions/core from 1.9.1 to 1.10.0 (anuraghazra#2975) Bumps [@actions/core](https://github.com/actions/toolkit/tree/HEAD/packages/core) from 1.9.1 to 1.10.0. - [Changelog](https://github.com/actions/toolkit/blob/main/packages/core/RELEASES.md) - [Commits](https://github.com/actions/toolkit/commits/HEAD/packages/core) --- updated-dependencies: - dependency-name: "@actions/core" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps-dev): Bump eslint from 8.43.0 to 8.45.0 (anuraghazra#2972) Bumps [eslint](https://github.com/eslint/eslint) from 8.43.0 to 8.45.0. - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](eslint/eslint@v8.43.0...v8.45.0) --- updated-dependencies: - dependency-name: eslint dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps-dev): Bump jest-environment-jsdom from 29.5.0 to 29.6.1 (anuraghazra#2982) Bumps [jest-environment-jsdom](https://github.com/facebook/jest/tree/HEAD/packages/jest-environment-jsdom) from 29.5.0 to 29.6.1. - [Release notes](https://github.com/facebook/jest/releases) - [Changelog](https://github.com/jestjs/jest/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/jest/commits/v29.6.1/packages/jest-environment-jsdom) --- updated-dependencies: - dependency-name: jest-environment-jsdom dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps): Bump word-wrap from 1.2.4 to 1.2.5 (anuraghazra#2978) Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.4 to 1.2.5. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.4...1.2.5) --- updated-dependencies: - dependency-name: word-wrap dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps-dev): Bump @testing-library/jest-dom from 5.16.5 to 5.17.0 (anuraghazra#2979) Bumps [@testing-library/jest-dom](https://github.com/testing-library/jest-dom) from 5.16.5 to 5.17.0. - [Release notes](https://github.com/testing-library/jest-dom/releases) - [Changelog](https://github.com/testing-library/jest-dom/blob/main/CHANGELOG.md) - [Commits](testing-library/jest-dom@v5.16.5...v5.17.0) --- updated-dependencies: - dependency-name: "@testing-library/jest-dom" dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> * Build(deps): Bump peter-evans/create-pull-request from 4.2.4 to 5.0.2 (anuraghazra#2970) Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 4.2.4 to 5.0.2. - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](peter-evans/create-pull-request@38e0b6e...1534078) --- updated-dependencies: - dependency-name: peter-evans/create-pull-request dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Build(deps-dev): Bump axios-mock-adapter from 1.21.2 to 1.21.5 (anuraghazra#2980) Bumps [axios-mock-adapter](https://github.com/ctimmerm/axios-mock-adapter) from 1.21.2 to 1.21.5. - [Release notes](https://github.com/ctimmerm/axios-mock-adapter/releases) - [Changelog](https://github.com/ctimmerm/axios-mock-adapter/blob/master/CHANGELOG.md) - [Commits](ctimmerm/axios-mock-adapter@v1.21.2...v1.21.5) --- updated-dependencies: - dependency-name: axios-mock-adapter dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Alexandr Garbuzov <qwerty541zxc@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: rickstaa <rick.staa@outlook.com>

…zra#2971) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@80e868c...08b4669) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandr <qwerty541zxc@gmail.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 22, 2023

github-actions bot added ci CI related features. and removed dependencies Pull requests that update a dependency file labels Jul 22, 2023

vercel bot deployed to Preview July 22, 2023 18:27 View deployment

qwerty541 approved these changes Jul 22, 2023

View reviewed changes

qwerty541 merged commit aa4cebb into master Jul 22, 2023
6 checks passed

qwerty541 deleted the dependabot/github_actions/ossf/scorecard-action-2.2.0 branch July 22, 2023 18:42

commit-lint bot mentioned this pull request Oct 12, 2023

[pull] master from anuraghazra:master Crushoverride007/readme-stats#2

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 #2971

Build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 #2971

dependabot bot commented on behalf of github Jul 22, 2023

vercel bot commented Jul 22, 2023 •

edited

Loading

codecov bot commented Jul 22, 2023

Build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 #2971

Build(deps): Bump ossf/scorecard-action from 2.1.3 to 2.2.0 #2971

Conversation

dependabot bot commented on behalf of github Jul 22, 2023

v2.2.0

What's Changed

Scorecard Result Viewer

Publishing Results

Docs

New Contributors

vercel bot commented Jul 22, 2023 • edited Loading

codecov bot commented Jul 22, 2023

Codecov Report

vercel bot commented Jul 22, 2023 •

edited

Loading