build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 #47367

dependabot · 2023-04-01T19:02:44Z

Bumps ossf/scorecard-action from 2.1.2 to 2.1.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.1.3

What's Changed

🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 by @spencerschrock in ossf/scorecard-action#1111

Bug Fixes

Invalid SARIF files from a bug in scorecard

#1076, #1094

Vulnerabilities check crashes if a vulnerable dependency is found via OSVScanner

#1092

Scorecard action not reporting binary artifacts in the repo

#1116

Full Scorecard Changelog: ossf/scorecard@v4.10.2...v4.10.5

Full Changelog: ossf/scorecard-action@v2.1.2...v2.1.3

Commits

80e868c 🌱 Bump docker tag for release. (#1117)
aed6134 🌱 Bump golang.org/x/net from 0.7.0 to 0.8.0 (#1099)
33dfbd3 🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5 (#1111)
193ae37 🌱 Bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#1110)
ca9bf95 🌱 Bump actions/cache from 3.2.6 to 3.3.1 (#1103)
fa15212 🌱 Bump github/codeql-action from 2.2.4 to 2.2.7 (#1105)
136025e 🌱 Bump step-security/harden-runner from 2.1.0 to 2.2.1 (#1104)
c59c116 🌱 Bump actions/cache from 3.2.5 to 3.2.6 (#1097)
7cc3711 🌱 Bump github.com/emicklei/go-restful (#1086)
570a953 🌱 Bump actions/cache from 3.2.4 to 3.2.5 (#1088)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

nodejs-github-bot · 2023-04-01T19:02:48Z

Review requested:

@nodejs/actions

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...80e868c)

nodejs-github-bot · 2023-04-15T18:51:01Z

Landed in 49994f3

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...80e868c) PR-URL: #47367 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...80e868c) PR-URL: nodejs#47367 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>

dependabot bot added the dependencies Pull requests that update a dependency file. label Apr 1, 2023

nodejs-github-bot added the meta Issues and PRs related to the general management of the project. label Apr 1, 2023

Trott force-pushed the dependabot/github_actions/ossf/scorecard-action-2.1.3 branch from d403634 to ce61dac Compare April 3, 2023 22:58

Trott approved these changes Apr 3, 2023

View reviewed changes

lpinca approved these changes Apr 15, 2023

View reviewed changes

lpinca added the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 15, 2023

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 15, 2023

nodejs-github-bot merged commit 49994f3 into main Apr 15, 2023
14 checks passed

nodejs-github-bot deleted the dependabot/github_actions/ossf/scorecard-action-2.1.3 branch April 15, 2023 18:51

targos mentioned this pull request May 2, 2023

v20.1.0 release proposal #47820

Merged

danielleadams mentioned this pull request Jul 10, 2023

v18.17.0 release proposal #48694

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 #47367

build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 #47367

dependabot bot commented on behalf of github Apr 1, 2023

nodejs-github-bot commented Apr 1, 2023

nodejs-github-bot commented Apr 15, 2023

build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 #47367

build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3 #47367

Conversation

dependabot bot commented on behalf of github Apr 1, 2023

v2.1.3

What's Changed

Bug Fixes

nodejs-github-bot commented Apr 1, 2023

nodejs-github-bot commented Apr 15, 2023