Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
461: Bump ossf/scorecard-action from 1.0.4 to 1.1.0 r=jonasbb a=dependabot[bot] Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v1.1.0</h2> <h2>Main changes</h2> <p>This release lets you run Scorecards without creating a PAT token. If you don't provide a PAT token, Scorecards will use the default <code>GITHUB_TOKEN</code> available in the workflow. Due to limitations of the permissions model and GitHub APIs, be aware of the following limitations:</p> <ol> <li>Without a PAT, the Branch-Protection is not supported, so it will be disabled. You will not receive alerts for this check.</li> <li>Scorecards only supports PAT on private repositories. If you want to install Scorecards on a private repository, you still need to use a PAT.</li> </ol> <p>For more information, visit the <a href="https://github.com/ossf/scorecard-action/tree/v1.1.0#readme">README.md</a></p> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/rohankh532"><code>`@rohankh532</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/112">ossf/scorecard-action#112</a></li> <li><a href="https://github.com/justaugustus"><code>`@justaugustus</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/126">ossf/scorecard-action#126</a></li> <li><a href="https://github.com/jamietanna"><code>`@jamietanna</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/145">ossf/scorecard-action#145</a></li> <li><a href="https://github.com/jonasbb"><code>`@jonasbb</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/129">ossf/scorecard-action#129</a></li> <li><a href="https://github.com/azeemshaikh38"><code>`@azeemshaikh38</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/247">ossf/scorecard-action#247</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0">https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/5c8bc69dc88b65c66584e07611df79d3579b0377"><code>5c8bc69</code></a> multi-repo-action: Cleanups (1/n) (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/301">#301</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/adf2f6d1429b0f0d08284f7f79ac9470edf6c8e2"><code>adf2f6d</code></a> Update container hash for v1.1.0 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/314">#314</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/f10ec7151e838890a3fbfa27875a33f80869977b"><code>f10ec71</code></a> 🌱 Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/206">#206</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/13d967d55a9678d971de8a3def614d3fd573be5d"><code>13d967d</code></a> 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0</li> <li><a href="https://github.com/ossf/scorecard-action/commit/3ed028d1a70c66985ea2bc24e7dcfda43b0b7894"><code>3ed028d</code></a> 🌱 Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0</li> <li><a href="https://github.com/ossf/scorecard-action/commit/23e005799db4bb32470691854cc864118add832f"><code>23e0057</code></a> 🌱 Bump github/codeql-action from 2.1.9 to 2.1.10 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/305">#305</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/71abf05f45b0150b5de82249aae88b08bc3abde7"><code>71abf05</code></a> 🌱 Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2</li> <li><a href="https://github.com/ossf/scorecard-action/commit/c9afc0ecb9701872b4e4791262a8cce4f330a97c"><code>c9afc0e</code></a> 🌱 Bump github.com/sigstore/cosign from 1.7.2 to 1.8.0 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/212">#212</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/e6b77425a0977a015e5ef16656f771c5b605af3b"><code>e6b7742</code></a> 🌱 Bump debian from <code>f75d8a3</code> to <code>fbaacd5</code> (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/287">#287</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/025c54db873c339c8323daedf723153801f00139"><code>025c54d</code></a> update (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/293">#293</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=1.0.4&new-version=1.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - ``@dependabot` rebase` will rebase this PR - ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it - ``@dependabot` merge` will merge this PR after your CI passes on it - ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it - ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging - ``@dependabot` reopen` will reopen this PR if it is closed - ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information