)]}' { "commit": "0ae2606dd23e36fbc1c8f5699bd383a725bdcfbd", "tree": "59f659861a25758154d8b81c788cfc3cd1ce9e32", "parents": [ "496e6335aa4e5ee40064853c0c83e08e6b305f58" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Oct 31 23:39:34 2023 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Oct 31 23:39:34 2023 +0000" }, "message": "Bump ossf/scorecard-action from 2.2.0 to 2.3.1 (#1034)\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.1.\n\u003cdetails\u003e\n\u003csummary\u003eRelease notes\u003c/summary\u003e\n\u003cp\u003e\u003cem\u003eSourced from \u003ca href\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s releases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\n\u003cblockquote\u003e\n\u003ch2\u003ev2.3.1\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e:seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1282\"\u003eossf/scorecard-action#1282\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eAdds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v4.13.1\"\u003ev4.13.1\u003c/a\u003e release notes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1\u003c/a\u003e\u003c/p\u003e\n\u003ch2\u003ev2.3.0\u003c/h2\u003e\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e:seedling: Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1270\"\u003eossf/scorecard-action#1270\u003c/a\u003e\n\u003cul\u003e\n\u003cli\u003eFor a full changelist of what this includes, see the \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v4.12.0\"\u003ev4.12.0\u003c/a\u003e and \u003ca href\u003d\"https://github.com/ossf/scorecard/releases/tag/v4.13.0\"\u003ev4.13.0\u003c/a\u003e release notes\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/li\u003e\n\u003cli\u003e:sparkles: Send rekor tlog index to webapp when publishing results by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1169\"\u003eossf/scorecard-action#1169\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:bug: Prevent url clipping for GHES instances by \u003ca href\u003d\"https://github.com/rajbos\"\u003e\u003ccode\u003e@​rajbos\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1225\"\u003eossf/scorecard-action#1225\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3\u003eDocumentation\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e:book: Update access rights needed to see the results in code scanning by \u003ca href\u003d\"https://github.com/rajbos\"\u003e\u003ccode\u003e@​rajbos\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1229\"\u003eossf/scorecard-action#1229\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:book: Add package comments. by \u003ca href\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1221\"\u003eossf/scorecard-action#1221\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:book: Add SECURITY.md file by \u003ca href\u003d\"https://github.com/david-a-wheeler\"\u003e\u003ccode\u003e@​david-a-wheeler\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1250\"\u003eossf/scorecard-action#1250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e:book: Fix typo in token input docs by \u003ca href\u003d\"https://github.com/aabouzaid\"\u003e\u003ccode\u003e@​aabouzaid\u003c/code\u003e\u003c/a\u003e in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1258\"\u003eossf/scorecard-action#1258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/david-a-wheeler\"\u003e\u003ccode\u003e@​david-a-wheeler\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1250\"\u003eossf/scorecard-action#1250\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/aabouzaid\"\u003e\u003ccode\u003e@​aabouzaid\u003c/code\u003e\u003c/a\u003e made their first contribution in \u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1258\"\u003eossf/scorecard-action#1258\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003c/details\u003e\n\u003cdetails\u003e\n\u003csummary\u003eCommits\u003c/summary\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/0864cf19026789058feabb7e87baa5f140aac736\"\u003e\u003ccode\u003e0864cf1\u003c/code\u003e\u003c/a\u003e :seedling: Bump docker tag to for v2.3.1 release (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1284\"\u003e#1284\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/72df3bff668d052aaec251accaffec0b280410fb\"\u003e\u003ccode\u003e72df3bf\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1282\"\u003e#1282\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/0ea411f94ac145b6fd793458b7f75ebbe7ae0a8f\"\u003e\u003ccode\u003e0ea411f\u003c/code\u003e\u003c/a\u003e :seedling: Bump the docker-images group with 1 update (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1281\"\u003e#1281\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/dbfd042453ccc43ade96943685dbece2dd86bbae\"\u003e\u003ccode\u003edbfd042\u003c/code\u003e\u003c/a\u003e :seedling: Bump the github-actions group with 1 update (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1280\"\u003e#1280\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/2fa1e2fa153141e2950c7e1299ed05e2081ead0c\"\u003e\u003ccode\u003e2fa1e2f\u003c/code\u003e\u003c/a\u003e :seedling: Bump golang.org/x/net from 0.16.0 to 0.17.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1278\"\u003e#1278\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/652ddd06c802ac1ba4021a9f02978dc5150b223e\"\u003e\u003ccode\u003e652ddd0\u003c/code\u003e\u003c/a\u003e :seedling: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1277\"\u003e#1277\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/28d0c92b8bb9dd266a8cf4dde7bae71c06a0c62f\"\u003e\u003ccode\u003e28d0c92\u003c/code\u003e\u003c/a\u003e :seedling: Group Dependabot updates for GitHub Actions and Dockerfiles (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1276\"\u003e#1276\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/cb50491a46a858cb57669a16a720b7a00e1f9d29\"\u003e\u003ccode\u003ecb50491\u003c/code\u003e\u003c/a\u003e :seedling: Bump distroless/base from \u003ccode\u003ea35b652\u003c/code\u003e to \u003ccode\u003eb31a6e0\u003c/code\u003e (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1275\"\u003e#1275\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/87157ac77d7ec18a631049bc92fdac7ee63a471a\"\u003e\u003ccode\u003e87157ac\u003c/code\u003e\u003c/a\u003e :seedling: Bump github/codeql-action from 2.21.9 to 2.22.1 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1274\"\u003e#1274\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003e\u003ca href\u003d\"https://github.com/ossf/scorecard-action/commit/7c1648b23e27a96acf7c3842fd1921d16bd8d4d2\"\u003e\u003ccode\u003e7c1648b\u003c/code\u003e\u003c/a\u003e :seedling: Bump step-security/harden-runner from 2.5.1 to 2.6.0 (\u003ca href\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1273\"\u003e#1273\u003c/a\u003e)\u003c/li\u003e\n\u003cli\u003eAdditional commits viewable in \u003ca href\u003d\"https://github.com/ossf/scorecard-action/compare/08b4669551908b1024bb425080c797723083c031...0864cf19026789058feabb7e87baa5f140aac736\"\u003ecompare view\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n\u003c/details\u003e\n\u003cbr /\u003e\n\n[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dossf/scorecard-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d2.2.0\u0026new-version\u003d2.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\n\nDependabot will resolve any conflicts with this PR as long as you don\u0027t alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\n\u003cbr /\u003e\n\nYou can trigger Dependabot actions by commenting on this PR:\n- `@dependabot rebase` will rebase this PR\n- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it\n- `@dependabot merge` will merge this PR after your CI passes on it\n- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it\n- `@dependabot cancel merge` will cancel a previously requested merge and block automerging\n- `@dependabot reopen` will reopen this PR if it is closed\n- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually\n- `@dependabot show \u003cdependency name\u003e ignore conditions` will show all of the ignore conditions of the specified dependency\n- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)\n- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)\n\n\u003c/details\u003e", "tree_diff": [ { "type": "modify", "old_id": "11522b4387428d9df24cb10e724e605f2d66c9d6", "old_mode": 33188, "old_path": ".github/workflows/scorecards-analysis.yml", "new_id": "29038efb073cfce09df4159c19399e1592cec708", "new_mode": 33188, "new_path": ".github/workflows/scorecards-analysis.yml" } ] }