Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update ossf/scorecard-action action to v2.4.0 #97

Merged
merged 1 commit into from
Aug 1, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Aug 1, 2024

Mend Renovate

This PR contains the following updates:

Package Type Update Change
ossf/scorecard-action action minor v2.3.3 -> v2.4.0

Release Notes

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0


Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from mherrmann and a team as code owners August 1, 2024 04:08
Copy link

github-actions bot commented Aug 1, 2024

[puLL-Merge] - ossf/scorecard-action@v2.3.3..v2.4.0

Description

This pull request updates various dependencies and makes minor changes to the project configuration. The main motivation appears to be keeping the project up-to-date with the latest versions of its dependencies and making small adjustments to the build process and policies.

Changes

Changes

  1. .github/workflows/codeql-analysis.yml:

    • Updated versions of actions/checkout, github/codeql-action/init, github/codeql-action/autobuild, and github/codeql-action/analyze
  2. .github/workflows/dependency-review.yml:

    • Updated versions of step-security/harden-runner, actions/checkout, and actions/dependency-review-action
  3. .github/workflows/docker-image.yml:

    • Updated version of actions/checkout
  4. .github/workflows/golangci.yml:

    • Updated versions of actions/checkout, actions/setup-go, and golangci/golangci-lint-action
  5. .github/workflows/scorecards.yml:

    • Updated versions of actions/checkout, actions/upload-artifact, and github/codeql-action/upload-sarif
  6. .github/workflows/tests.yaml:

    • Updated versions of actions/checkout and actions/setup-go
  7. Dockerfile:

    • Updated base image versions for golang and gcr.io/distroless/base
  8. Makefile:

    • Updated LDFLAGS with new version and commit hash
  9. README.md:

    • Added OpenSSF Scorecard badge
  10. action.yaml:

    • Updated docker image version to v2.4.0
  11. go.mod and go.sum:

    • Numerous dependency updates, including major version updates for some packages
  12. policies/template.yml:

    • Changed the License policy score from 10 to 9

Possible Issues

The change in the License policy score from 10 to 9 in the template.yml file might affect the project's compliance or scoring system. This change should be reviewed to ensure it aligns with the project's goals and requirements.

Security Hotspots

No significant security hotspots were identified in this change. However, as with any dependency update, it's important to ensure that the new versions don't introduce any known vulnerabilities.

@renovate renovate bot force-pushed the renovate/ossf-scorecard-action-2.x branch from 86cdbda to 7d2e17c Compare August 1, 2024 07:35
@renovate renovate bot merged commit 8f281e1 into main Aug 1, 2024
4 checks passed
@renovate renovate bot deleted the renovate/ossf-scorecard-action-2.x branch August 1, 2024 09:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants