Skip to content

chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3#22

Merged
nfb2021 merged 1 commit into
mainfrom
dependabot/github_actions/ossf/scorecard-action-2.4.3
Apr 6, 2026
Merged

chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3#22
nfb2021 merged 1 commit into
mainfrom
dependabot/github_actions/ossf/scorecard-action-2.4.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 6, 2026
edited
Loading

Bumps ossf/scorecard-action from 2.4.0 to 2.4.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

v2.4.1

What's Changed

  • This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
  • Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
  • Some errors were made into annotations to make them more visible
  • There is now an optional file_mode input which controls how repository files are fetched from GitHub. The default is archive, but git produces the most accurate results for repositories with .gitattributes files at the cost of analysis speed.
  • The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.

Docs

New Contributors

Commits
  • 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
  • 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
  • 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
  • 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
  • 92083b5 📖 Fix recommended command to test the image in development (#1583)
  • 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
  • 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
  • 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
  • c3f1350 🌱 Improve printing options (#1584)
  • 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
  • Additional commits viewable in compare view

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 6, 2026

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot requested a review from nfb2021 as a code owner April 6, 2026 13:03
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 6, 2026

Coverage report

This PR does not seem to contain any modification to coverable code.

@nfb2021
Copy link
Copy Markdown
Owner

nfb2021 commented Apr 6, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 6, 2026

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@dependabot dependabot Bot force-pushed the dependabot/github_actions/ossf/scorecard-action-2.4.3 branch from d942710 to 9cf6973 Compare April 6, 2026 18:45
@nfb2021
Copy link
Copy Markdown
Owner

nfb2021 commented Apr 6, 2026

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/github_actions/ossf/scorecard-action-2.4.3 branch 3 times, most recently from 5ee7ec6 to 5a80f5c Compare April 6, 2026 19:05
@nfb2021
Copy link
Copy Markdown
Owner

nfb2021 commented Apr 6, 2026

@dependabot rebase

@dependabot
chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3
d11cefa 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@62b2cac...4eaacf0)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/ossf/scorecard-action-2.4.3 branch from 5a80f5c to d11cefa Compare April 6, 2026 19:12
@nfb2021 nfb2021 merged commit e60b9f0 into main Apr 6, 2026
20 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/ossf/scorecard-action-2.4.3 branch April 6, 2026 19:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nfb2021 nfb2021 Awaiting requested review from nfb2021 nfb2021 is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nfb2021