Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
273: chore(deps): update ossf/scorecard-action action to v2 r=renovate[bot] a=renovate[bot] [](https://renovatebot.com) This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) | action | major | `v1.1.1` -> `v2.0.6` | --- ### Release Notes <details> <summary>ossf/scorecard-action</summary> ### [`v2.0.6`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.6) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.5...v2.0.6) #### What's Changed - Fix - Broken dockerfile by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/979](https://togithub.com/ossf/scorecard-action/pull/979) **Full Changelog**: ossf/scorecard-action@v2.0.5...v2.0.6 ### [`v2.0.5`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.5) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.4...v2.0.5) #### What's Changed - Remove trailing space from example by [`@​jamacku](https://togithub.com/jamacku)` in [https://github.com/ossf/scorecard-action/pull/955](https://togithub.com/ossf/scorecard-action/pull/955) - 🌱 Bump actions/cache from 3.0.8 to 3.0.10 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/956](https://togithub.com/ossf/scorecard-action/pull/956) - 🌱 Bump github/codeql-action from 2.1.25 to 2.1.26 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/957](https://togithub.com/ossf/scorecard-action/pull/957) - 🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/958](https://togithub.com/ossf/scorecard-action/pull/958) - 🌱 Bump debian from `5cf1d98` to `b46fc4e` by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/959](https://togithub.com/ossf/scorecard-action/pull/959) - 🌱 Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/962](https://togithub.com/ossf/scorecard-action/pull/962) - 🌱 Upgrade to go 1.19 by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/961](https://togithub.com/ossf/scorecard-action/pull/961) - 🌱 Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/967](https://togithub.com/ossf/scorecard-action/pull/967) - 🌱 Bump golang from `c2a98a5` to `b850621` by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/966](https://togithub.com/ossf/scorecard-action/pull/966) - 🌱 Bump golang from `b850621` to `25de7b6` by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/968](https://togithub.com/ossf/scorecard-action/pull/968) - New release for Scorecard v4.8.0 by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/969](https://togithub.com/ossf/scorecard-action/pull/969) #### New Contributors - [`@​jamacku](https://togithub.com/jamacku)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/955](https://togithub.com/ossf/scorecard-action/pull/955) **Full Changelog**: ossf/scorecard-action@v2.0.4...v2.0.5 ### [`v2.0.4`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.4) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.3...v2.0.4) Fixes [#​856](https://togithub.com/ossf/scorecard-action/issues/856) #### What's Changed - 🌱 Bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/934](https://togithub.com/ossf/scorecard-action/pull/934) - feat: do not run signing on pull requests by [`@​laurentsimon](https://togithub.com/laurentsimon)` in [https://github.com/ossf/scorecard-action/pull/935](https://togithub.com/ossf/scorecard-action/pull/935) - 🌱 Bump debian from 11.4-slim to 11.5-slim by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/936](https://togithub.com/ossf/scorecard-action/pull/936) - 🌱 Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/938](https://togithub.com/ossf/scorecard-action/pull/938) - 🌱 Bump github/codeql-action from 2.1.22 to 2.1.24 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/941](https://togithub.com/ossf/scorecard-action/pull/941) - 🐛 Restore behavior of ignoring scorecard runtime errors by [`@​spencerschrock](https://togithub.com/spencerschrock)` in [https://github.com/ossf/scorecard-action/pull/948](https://togithub.com/ossf/scorecard-action/pull/948) - 🌱 Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/950](https://togithub.com/ossf/scorecard-action/pull/950) - 🌱 Bump github.com/sigstore/cosign from 1.12.0 to 1.12.1 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/947](https://togithub.com/ossf/scorecard-action/pull/947) - 🌱 Bump github/codeql-action from 2.1.24 to 2.1.25 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/949](https://togithub.com/ossf/scorecard-action/pull/949) - 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.1 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/942](https://togithub.com/ossf/scorecard-action/pull/942) - Create v2.0.4 patch by [`@​spencerschrock](https://togithub.com/spencerschrock)` in [https://github.com/ossf/scorecard-action/pull/952](https://togithub.com/ossf/scorecard-action/pull/952) #### New Contributors - [`@​spencerschrock](https://togithub.com/spencerschrock)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/948](https://togithub.com/ossf/scorecard-action/pull/948) **Full Changelog**: ossf/scorecard-action@v2.0.3...v2.0.4 ### [`v2.0.3`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.2...v2.0.3) Patch for fix in [#​898](https://togithub.com/ossf/scorecard-action/issues/898) ### [`v2.0.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.1...v2.0.2) Fixes [https://github.com/ossf/scorecard-action/issues/895](https://togithub.com/ossf/scorecard-action/issues/895) ### [`v2.0.1`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.1) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.0.0...v2.0.1) Fix for [#​856](https://togithub.com/ossf/scorecard-action/issues/856) ### [`v2.0.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.0.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v1.1.2...v2.0.0) #### What's Changed - 🌱 Prepare for a pre-release of the Golang action by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/750](https://togithub.com/ossf/scorecard-action/pull/750) - 🌱 Bump github/codeql-action from 2.1.12 to 2.1.16 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/751](https://togithub.com/ossf/scorecard-action/pull/751) - 🌱 Bump debian from 11.3-slim to 11.4-slim by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/749](https://togithub.com/ossf/scorecard-action/pull/749) - 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/646](https://togithub.com/ossf/scorecard-action/pull/646) - 🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/748](https://togithub.com/ossf/scorecard-action/pull/748) - 🐛 Fix dependency conflicts in go.mod by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/771](https://togithub.com/ossf/scorecard-action/pull/771) - 🌱 Prepare for v2 beta1 release by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/766](https://togithub.com/ossf/scorecard-action/pull/766) - multi-repo-action: Note that tool is a work-in-progress by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/776](https://togithub.com/ossf/scorecard-action/pull/776) - 🐛 Fix intermittent failures in CI-Tests by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/778](https://togithub.com/ossf/scorecard-action/pull/778) - 🌱 Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/775](https://togithub.com/ossf/scorecard-action/pull/775) - 🌱 Bump actions/cache from 3.0.4 to 3.0.5 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/769](https://togithub.com/ossf/scorecard-action/pull/769) - 📖 Update README about the restrictions for scorecard-action:v2 by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/779](https://togithub.com/ossf/scorecard-action/pull/779) - 🌱 Bump github/codeql-action from 2.1.16 to 2.1.17 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/783](https://togithub.com/ossf/scorecard-action/pull/783) - 📖 Update instructions for Scorecard badge to README by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/785](https://togithub.com/ossf/scorecard-action/pull/785) - 🌱 Bump debian from `f576b80` to `a811e62` by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/787](https://togithub.com/ossf/scorecard-action/pull/787) - 🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/786](https://togithub.com/ossf/scorecard-action/pull/786) - 🌱 Bump github/codeql-action from 2.1.17 to 2.1.18 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/788](https://togithub.com/ossf/scorecard-action/pull/788) - 🌱 Bump actions/cache from 3.0.5 to 3.0.6 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/789](https://togithub.com/ossf/scorecard-action/pull/789) - 🐛 Add request application/json request header by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/791](https://togithub.com/ossf/scorecard-action/pull/791) - Create a new release v2.0.0-alpha.1 by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/803](https://togithub.com/ossf/scorecard-action/pull/803) - 🌱 Bump actions/cache from 3.0.6 to 3.0.7 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/807](https://togithub.com/ossf/scorecard-action/pull/807) - Olivekl patch 1 by [`@​olivekl](https://togithub.com/olivekl)` in [https://github.com/ossf/scorecard-action/pull/809](https://togithub.com/ossf/scorecard-action/pull/809) - 🌱 Fix cosign vulnerability by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/812](https://togithub.com/ossf/scorecard-action/pull/812) - 🌱 Allow for publish URL override by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/811](https://togithub.com/ossf/scorecard-action/pull/811) - 🌱 Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/820](https://togithub.com/ossf/scorecard-action/pull/820) - 🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/808](https://togithub.com/ossf/scorecard-action/pull/808) - cmd/installer: Cleanups (2/n) by [`@​justaugustus](https://togithub.com/justaugustus)` in [https://github.com/ossf/scorecard-action/pull/833](https://togithub.com/ossf/scorecard-action/pull/833) - Update comments to allow for renovatebot updates by [`@​laurentsimon](https://togithub.com/laurentsimon)` in [https://github.com/ossf/scorecard-action/pull/834](https://togithub.com/ossf/scorecard-action/pull/834) - 🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/839](https://togithub.com/ossf/scorecard-action/pull/839) - 🌱 Update actions/checkout requirement to [`2541b12`](https://togithub.com/ossf/scorecard-action/commit/2541b1294d2704b0964813337f33b291d3f8596b) by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/835](https://togithub.com/ossf/scorecard-action/pull/835) - 🌱 Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/842](https://togithub.com/ossf/scorecard-action/pull/842) - 🌱 Bump github/codeql-action from 2.1.18 to 2.1.21 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/844](https://togithub.com/ossf/scorecard-action/pull/844) - 🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/843](https://togithub.com/ossf/scorecard-action/pull/843) - 🌱 Bump debian from `a811e62` to `68c1f6b` by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/840](https://togithub.com/ossf/scorecard-action/pull/840) - Fix workflow path in automatic creation of PR by [`@​RadoslavGatev](https://togithub.com/RadoslavGatev)` in [https://github.com/ossf/scorecard-action/pull/845](https://togithub.com/ossf/scorecard-action/pull/845) - 🌱 Bump actions/dependency-review-action from [`310e0dd`](https://togithub.com/ossf/scorecard-action/commit/310e0dd64f63b1d00101ecd3225d605a74261fb7) to 2.1.0 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/838](https://togithub.com/ossf/scorecard-action/pull/838) - 🌱 Bump actions/cache from 3.0.7 to 3.0.8 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/836](https://togithub.com/ossf/scorecard-action/pull/836) - 📖 Add docs for API by [`@​azeemshaikh38](https://togithub.com/azeemshaikh38)` in [https://github.com/ossf/scorecard-action/pull/849](https://togithub.com/ossf/scorecard-action/pull/849) - 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 by [`@​dependabot](https://togithub.com/dependabot)` in [https://github.com/ossf/scorecard-action/pull/853](https://togithub.com/ossf/scorecard-action/pull/853) - 🌱 Included License by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/852](https://togithub.com/ossf/scorecard-action/pull/852) - 🌱 Release v2.0.0 by [`@​naveensrinivasan](https://togithub.com/naveensrinivasan)` in [https://github.com/ossf/scorecard-action/pull/854](https://togithub.com/ossf/scorecard-action/pull/854) #### New Contributors - [`@​RadoslavGatev](https://togithub.com/RadoslavGatev)` made their first contribution in [https://github.com/ossf/scorecard-action/pull/845](https://togithub.com/ossf/scorecard-action/pull/845) **Full Changelog**: ossf/scorecard-action@v1.1.2...v2.0.0 ### [`v1.1.2`](https://togithub.com/ossf/scorecard-action/releases/tag/v1.1.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v1.1.1...v1.1.2) #### What's Changed - Fix for [https://github.com/ossf/scorecard-action/issues/329](https://togithub.com/ossf/scorecard-action/issues/329) **Full Changelog**: ossf/scorecard-action@v1.1.1...v1.1.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/OpenPoolProject/stratum). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4xOS4wIiwidXBkYXRlZEluVmVyIjoiMzQuMTkuMCJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
- Loading branch information
