Skip to content

Commit

Permalink
Merge #461
Browse files Browse the repository at this point in the history 
461: Bump ossf/scorecard-action from 1.0.4 to 1.1.0 r=jonasbb a=dependabot[bot]

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p>
<blockquote>
<h2>v1.1.0</h2>
<h2>Main changes</h2>
<p>This release lets you run Scorecards without creating a PAT token. If you don't provide a PAT token, Scorecards will use the default <code>GITHUB_TOKEN</code> available in the workflow. Due to limitations of the permissions model and GitHub APIs, be aware of the following limitations:</p>
<ol>
<li>Without a PAT, the Branch-Protection is not supported, so it will be disabled. You will not receive alerts for this check.</li>
<li>Scorecards only supports PAT on private repositories. If you want to install Scorecards on a private repository, you still need to use a PAT.</li>
</ol>
<p>For more information, visit the <a href="https://github.com/ossf/scorecard-action/tree/v1.1.0#readme">README.md</a></p>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/rohankh532"><code>`@​rohankh532</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/112">ossf/scorecard-action#112</a></li>
<li><a href="https://github.com/justaugustus"><code>`@​justaugustus</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/126">ossf/scorecard-action#126</a></li>
<li><a href="https://github.com/jamietanna"><code>`@​jamietanna</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/145">ossf/scorecard-action#145</a></li>
<li><a href="https://github.com/jonasbb"><code>`@​jonasbb</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/129">ossf/scorecard-action#129</a></li>
<li><a href="https://github.com/azeemshaikh38"><code>`@​azeemshaikh38</code></a>` made their first contribution in <a href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/247">ossf/scorecard-action#247</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0">https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/ossf/scorecard-action/commit/5c8bc69dc88b65c66584e07611df79d3579b0377"><code>5c8bc69</code></a> multi-repo-action: Cleanups (1/n) (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/301">#301</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/adf2f6d1429b0f0d08284f7f79ac9470edf6c8e2"><code>adf2f6d</code></a> Update container hash for v1.1.0 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/314">#314</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/f10ec7151e838890a3fbfa27875a33f80869977b"><code>f10ec71</code></a> 🌱 Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/206">#206</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/13d967d55a9678d971de8a3def614d3fd573be5d"><code>13d967d</code></a> 🌱 Bump actions/setup-go from 3.0.0 to 3.1.0</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/3ed028d1a70c66985ea2bc24e7dcfda43b0b7894"><code>3ed028d</code></a> 🌱 Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/23e005799db4bb32470691854cc864118add832f"><code>23e0057</code></a> 🌱 Bump github/codeql-action from 2.1.9 to 2.1.10 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/305">#305</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/71abf05f45b0150b5de82249aae88b08bc3abde7"><code>71abf05</code></a> 🌱 Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/c9afc0ecb9701872b4e4791262a8cce4f330a97c"><code>c9afc0e</code></a> 🌱 Bump github.com/sigstore/cosign from 1.7.2 to 1.8.0 (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/212">#212</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/e6b77425a0977a015e5ef16656f771c5b605af3b"><code>e6b7742</code></a> 🌱 Bump debian from <code>f75d8a3</code> to <code>fbaacd5</code> (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/287">#287</a>)</li>
<li><a href="https://github.com/ossf/scorecard-action/commit/025c54db873c339c8323daedf723153801f00139"><code>025c54d</code></a> update (<a href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/293">#293</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/v1.0.4...v1.1.0">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=1.0.4&new-version=1.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting ``@dependabot` rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- ``@dependabot` rebase` will rebase this PR
- ``@dependabot` recreate` will recreate this PR, overwriting any edits that have been made to it
- ``@dependabot` merge` will merge this PR after your CI passes on it
- ``@dependabot` squash and merge` will squash and merge this PR after your CI passes on it
- ``@dependabot` cancel merge` will cancel a previously requested merge and block automerging
- ``@dependabot` reopen` will reopen this PR if it is closed
- ``@dependabot` close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- ``@dependabot` ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- ``@dependabot` ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
  • Loading branch information
@bors @dependabot
bors[bot] and dependabot[bot] committed May 28, 2022
2 parents b3d4156 + 1e9c5b9 commit 299a2ba
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion .github/workflows/scorecards-analysis.yml
View file
Expand Up @@ -28,7 +28,7 @@ jobs:
persist-credentials: false

- name: "Run analysis"
uses: ossf/scorecard-action@v1.0.4
uses: ossf/scorecard-action@v1.1.0
with:
results_file: results.sarif
results_format: sarif
Expand Down

0 comments on commit 299a2ba

Please sign in to comment.