)]}'
{
  "commit": "711d8df463eff6de35cd02d12ad87ff59febe61a",
  "tree": "5f18df8bd57fbe5b612a5f9e7b371de8e68bae25",
  "parents": [
    "d77920b4ced4a105ad35659fbe3958800d418fb9"
  ],
  "author": {
    "name": "dependabot[bot]",
    "email": "49699333+dependabot[bot]@users.noreply.github.com",
    "time": "Sat Jul 01 22:19:33 2023 +0200"
  },
  "committer": {
    "name": "GitHub",
    "email": "noreply@github.com",
    "time": "Sat Jul 01 22:19:33 2023 +0200"
  },
  "message": "Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#978)\n\nBumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)\r\nfrom 2.1.3 to 2.2.0.\r\n\u003cdetails\u003e\r\n\u003csummary\u003eRelease notes\u003c/summary\u003e\r\n\u003cp\u003e\u003cem\u003eSourced from \u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/releases\"\u003eossf/scorecard-action\u0027s\r\nreleases\u003c/a\u003e.\u003c/em\u003e\u003c/p\u003e\r\n\u003cblockquote\u003e\r\n\u003ch2\u003ev2.2.0\u003c/h2\u003e\r\n\u003ch2\u003eWhat\u0027s Changed\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003e:seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0\r\nby \u003ca\r\nhref\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e\r\nin \u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1192\"\u003eossf/scorecard-action#1192\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003eScorecard Result Viewer\u003c/h2\u003e\r\n\u003cp\u003eThanks to contributions from \u003ca\r\nhref\u003d\"https://github.com/cynthia-sg\"\u003e\u003ccode\u003e@​cynthia-sg\u003c/code\u003e\u003c/a\u003e and\r\n\u003ca href\u003d\"https://github.com/tegioz\"\u003e\u003ccode\u003e@​tegioz\u003c/code\u003e\u003c/a\u003e at \u003ca\r\nhref\u003d\"https://github.com/cncf/clomonitor\"\u003eCLOMonitor\u003c/a\u003e, there is a new\r\nScorecard Result visualization page at\r\n\u003ccode\u003ehttps://securityscorecards.dev/viewer/?uri\u003d\u0026lt;project-url\u0026gt;\u003c/code\u003e.\u003c/p\u003e\r\n\u003cul\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-webapp/pull/406\"\u003eossf/scorecard-webapp#406\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-webapp/pull/422\"\u003eossf/scorecard-webapp#422\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003cp\u003eAs an example, you can see our own score visualized \u003ca\r\nhref\u003d\"https://securityscorecards.dev/viewer/?uri\u003dgithub.com/ossf/scorecard\"\u003ehere\u003c/a\u003e\r\nCheckout our \u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge\"\u003eREADME\u003c/a\u003e\r\nto learn how to link your README badge to the new visualization\r\npage.\u003c/p\u003e\r\n\u003ch2\u003ePublishing Results\u003c/h2\u003e\r\n\u003cp\u003eThis release contains two fixes which will improve the user\r\nexperience when \u003ccode\u003epublish_results\u003c/code\u003e is \u003ccode\u003etrue\u003c/code\u003e\u003c/p\u003e\r\n\u003cul\u003e\r\n\u003cli\u003eRuns that fail our \u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions\"\u003eworkflow\r\nrestrictions\u003c/a\u003e will fail with a 400 response indicating the problem,\r\ninstead of a vague 500 status. (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1156\"\u003eossf/scorecard-action#1156\u003c/a\u003e,\r\nresolved \u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1150\"\u003eossf/scorecard-action#1150\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003eScorecard action will retry when signing results and submitting them\r\nto our web API. This should help with flakiness from connection\r\nfailures. (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1191\"\u003eossf/scorecard-action#1191\u003c/a\u003e)\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003eDocs\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003e📖 Update README to accept fine-grained tokens by \u003ca\r\nhref\u003d\"https://github.com/pnacht\"\u003e\u003ccode\u003e@​pnacht\u003c/code\u003e\u003c/a\u003e in \u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1175\"\u003eossf/scorecard-action#1175\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003e📖 Update installation instructions to match current GitHub UI by \u003ca\r\nhref\u003d\"https://github.com/joycebrum\"\u003e\u003ccode\u003e@​joycebrum\u003c/code\u003e\u003c/a\u003e in \u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1153\"\u003eossf/scorecard-action#1153\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003e📖 Document the GitHub action workflow restrictions when publishing\r\nresults. by \u003ca\r\nhref\u003d\"https://github.com/spencerschrock\"\u003e\u003ccode\u003e@​spencerschrock\u003c/code\u003e\u003c/a\u003e\r\nin\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003ch2\u003eNew Contributors\u003c/h2\u003e\r\n\u003cul\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/bobcallaway\"\u003e\u003ccode\u003e@​bobcallaway\u003c/code\u003e\u003c/a\u003e\r\nmade their first contribution in \u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1140\"\u003eossf/scorecard-action#1140\u003c/a\u003e\u003c/li\u003e\r\n\u003cli\u003e\u003ca href\u003d\"https://github.com/pnacht\"\u003e\u003ccode\u003e@​pnacht\u003c/code\u003e\u003c/a\u003e made\r\ntheir first contribution in \u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/pull/1175\"\u003eossf/scorecard-action#1175\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003cp\u003e\u003cstrong\u003eFull Changelog\u003c/strong\u003e: \u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0\"\u003ehttps://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0\u003c/a\u003e\u003c/p\u003e\r\n\u003c/blockquote\u003e\r\n\u003c/details\u003e\r\n\u003cdetails\u003e\r\n\u003csummary\u003eCommits\u003c/summary\u003e\r\n\u003cul\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/08b4669551908b1024bb425080c797723083c031\"\u003e\u003ccode\u003e08b4669\u003c/code\u003e\u003c/a\u003e\r\n:seedling: Bump docker tag to for v2.2.0 release. (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1194\"\u003e#1194\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/3c7470f58c4371d8ac58beaeeacf771227d63ce8\"\u003e\u003ccode\u003e3c7470f\u003c/code\u003e\u003c/a\u003e\r\n:book: Update README badge link to use new uri param. (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1185\"\u003e#1185\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/a164dbc12a66d9fae8ec379fff6ba200da366366\"\u003e\u003ccode\u003ea164dbc\u003c/code\u003e\u003c/a\u003e\r\n:seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1192\"\u003e#1192\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/597960e1d95e5c741af238a819f03655e2fa43b8\"\u003e\u003ccode\u003e597960e\u003c/code\u003e\u003c/a\u003e\r\n:book: Update README to accept fine-grained tokens (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1175\"\u003e#1175\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/8808ed28c3b8ba5a7d8059bd0360d8374ff6adb3\"\u003e\u003ccode\u003e8808ed2\u003c/code\u003e\u003c/a\u003e\r\n:seedling: Retry external network calls when publishing results (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1191\"\u003e#1191\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/0eed6cb5da014387b234df059cd4a2db5dbe9e1f\"\u003e\u003ccode\u003e0eed6cb\u003c/code\u003e\u003c/a\u003e\r\n:seedling: Bump golang.org/x/net from 0.10.0 to 0.11.0\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/6c6335c126308fd03da1c3bb267c1ebc3a34db0c\"\u003e\u003ccode\u003e6c6335c\u003c/code\u003e\u003c/a\u003e\r\n:seedling: Bump github/codeql-action from 2.3.6 to 2.20.0\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/7f1baf380a4f4418b4864d5a57bee1beba03e2eb\"\u003e\u003ccode\u003e7f1baf3\u003c/code\u003e\u003c/a\u003e\r\n:book: Switch recommended badge link to the new viewer. (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1176\"\u003e#1176\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/df98bbc13d1c3001cc90b8a2791ffde7ba29f061\"\u003e\u003ccode\u003edf98bbc\u003c/code\u003e\u003c/a\u003e\r\n:seedling: Bump actions/checkout from 3.5.2 to 3.5.3\u003c/li\u003e\r\n\u003cli\u003e\u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/commit/75886d414a5cd048874360697f1e8edb5b1e55ca\"\u003e\u003ccode\u003e75886d4\u003c/code\u003e\u003c/a\u003e\r\n:seedling: Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (\u003ca\r\nhref\u003d\"https://redirect.github.com/ossf/scorecard-action/issues/1172\"\u003e#1172\u003c/a\u003e)\u003c/li\u003e\r\n\u003cli\u003eAdditional commits viewable in \u003ca\r\nhref\u003d\"https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031\"\u003ecompare\r\nview\u003c/a\u003e\u003c/li\u003e\r\n\u003c/ul\u003e\r\n\u003c/details\u003e\r\n\u003cbr /\u003e\r\n\r\n\r\n[![Dependabot compatibility\r\nscore](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name\u003dossf/scorecard-action\u0026package-manager\u003dgithub_actions\u0026previous-version\u003d2.1.3\u0026new-version\u003d2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)\r\n\r\nDependabot will resolve any conflicts with this PR as long as you don\u0027t\r\nalter it yourself. You can also trigger a rebase manually by commenting\r\n`@dependabot rebase`.\r\n\r\n[//]: # (dependabot-automerge-start)\r\n[//]: # (dependabot-automerge-end)\r\n\r\n---\r\n\r\n\u003cdetails\u003e\r\n\u003csummary\u003eDependabot commands and options\u003c/summary\u003e\r\n\u003cbr /\u003e\r\n\r\nYou can trigger Dependabot actions by commenting on this PR:\r\n- `@dependabot rebase` will rebase this PR\r\n- `@dependabot recreate` will recreate this PR, overwriting any edits\r\nthat have been made to it\r\n- `@dependabot merge` will merge this PR after your CI passes on it\r\n- `@dependabot squash and merge` will squash and merge this PR after\r\nyour CI passes on it\r\n- `@dependabot cancel merge` will cancel a previously requested merge\r\nand block automerging\r\n- `@dependabot reopen` will reopen this PR if it is closed\r\n- `@dependabot close` will close this PR and stop Dependabot recreating\r\nit. You can achieve the same result by closing it manually\r\n- `@dependabot ignore this major version` will close this PR and stop\r\nDependabot creating any more for this major version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this minor version` will close this PR and stop\r\nDependabot creating any more for this minor version (unless you reopen\r\nthe PR or upgrade to it yourself)\r\n- `@dependabot ignore this dependency` will close this PR and stop\r\nDependabot creating any more for this dependency (unless you reopen the\r\nPR or upgrade to it yourself)\r\n\r\n\r\n\u003c/details\u003e\r\n\r\n---------\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e\r\nCo-authored-by: Pierre-Louis Guidez \u003cplg@google.com\u003e\r\nCo-authored-by: Pierre-Louis \u003c6655696+guidezpl@users.noreply.github.com\u003e",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "97d0109d0ae1d599a7ac0d9d9c60ee395eec8138",
      "old_mode": 33188,
      "old_path": ".github/workflows/scorecards-analysis.yml",
      "new_id": "9c7e62eaf79811a07fdff688b897318fca9bc818",
      "new_mode": 33188,
      "new_path": ".github/workflows/scorecards-analysis.yml"
    },
    {
      "type": "modify",
      "old_id": "68abe6e24effdbec64302c7364c7da0330c68cf3",
      "old_mode": 33188,
      "old_path": "test_goldens/goldens/home_page_desktop_dark.png",
      "new_id": "4aacb96bdfc1f0763a1e6a785ec237ce5e7eee35",
      "new_mode": 33188,
      "new_path": "test_goldens/goldens/home_page_desktop_dark.png"
    },
    {
      "type": "modify",
      "old_id": "25b0a7a5551024bcf888121e0b97b234bd1b136a",
      "old_mode": 33188,
      "old_path": "test_goldens/goldens/home_page_desktop_light.png",
      "new_id": "a00da475f9be11f13551b1222ad130237873131d",
      "new_mode": 33188,
      "new_path": "test_goldens/goldens/home_page_desktop_light.png"
    },
    {
      "type": "modify",
      "old_id": "815c010845a76e80bf5001e57f9a19281b6bb18b",
      "old_mode": 33188,
      "old_path": "test_goldens/goldens/home_page_mobile_dark.png",
      "new_id": "7b2e338a2247a3f5cff1254deb6b1b817c76b7cd",
      "new_mode": 33188,
      "new_path": "test_goldens/goldens/home_page_mobile_dark.png"
    },
    {
      "type": "modify",
      "old_id": "9ba23f85d391f06ade0104654d5534a6b5fa3173",
      "old_mode": 33188,
      "old_path": "test_goldens/goldens/home_page_mobile_light.png",
      "new_id": "55aa85729bb11d3e29f66988f10868490e24297d",
      "new_mode": 33188,
      "new_path": "test_goldens/goldens/home_page_mobile_light.png"
    }
  ]
}