msb-public
/
samples
mirror of https://github.com/flutter/samples.git
1
0
Code Issues Projects Releases Wiki Activity

Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#2037)

Browse Source 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.2.0 to 2.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p>
<blockquote>
<h2>v2.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1270">ossf/scorecard-action#1270</a>
<ul>
<li>For a full changelist of what this includes, see the <a href="https://github.com/ossf/scorecard/releases/tag/v4.12.0">v4.12.0</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v4.13.0">v4.13.0</a> release notes</li>
</ul>
</li>
<li> Send rekor tlog index to webapp when publishing results by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1169">ossf/scorecard-action#1169</a></li>
<li>🐛 Prevent url clipping for GHES instances by <a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1225">ossf/scorecard-action#1225</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>📖 Update access rights needed to see the results in code scanning by <a href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1229">ossf/scorecard-action#1229</a></li>
<li>📖 Add package comments. by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1221">ossf/scorecard-action#1221</a></li>
<li>📖 Add SECURITY.md file by <a href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li>📖 Fix typo in token input docs by <a href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/david-a-wheeler"><code>@​david-a-wheeler</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1250">ossf/scorecard-action#1250</a></li>
<li><a href="https://github.com/aabouzaid"><code>@​aabouzaid</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1258">ossf/scorecard-action#1258</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0">https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="483ef80eb9"><code>483ef80</code></a> 🌱 Bump docker tag for v2.3.0 release. (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1271">#1271</a>)</li>
<li><a href="5d3591303e"><code>5d35913</code></a> 🌱 Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1270">#1270</a>)</li>
<li><a href="49787a6922"><code>49787a6</code></a> 🌱 Bump distroless/base from <code>46c5b9b</code> to <code>a35b652</code> (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1269">#1269</a>)</li>
<li><a href="4283c75015"><code>4283c75</code></a> 🌱 Bump github/codeql-action from 2.21.8 to 2.21.9 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1268">#1268</a>)</li>
<li><a href="709ecd0815"><code>709ecd0</code></a> 🌱 Bump golang from <code>6974950</code> to <code>c416cee</code> (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1266">#1266</a>)</li>
<li><a href="25bb02cd47"><code>25bb02c</code></a> 🌱 Bump actions/checkout from 4.0.0 to 4.1.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1267">#1267</a>)</li>
<li><a href="b687393d23"><code>b687393</code></a> 🌱 Bump github/codeql-action from 2.21.5 to 2.21.8 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1265">#1265</a>)</li>
<li><a href="6a1c21f537"><code>6a1c21f</code></a> 🌱 Bump golang from <code>cffaba7</code> to <code>6974950</code> (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1264">#1264</a>)</li>
<li><a href="2dee8c185e"><code>2dee8c1</code></a> 🌱 Bump github.com/sigstore/cosign/v2 from 2.1.1 to 2.2.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1254">#1254</a>)</li>
<li><a href="e79dcb6112"><code>e79dcb6</code></a> 🌱 Upgrade to go 1.20 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1262">#1262</a>)</li>
<li>Additional commits viewable in <a href="08b4669551...483ef80eb9">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.2.0&new-version=2.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>
pull/2038/head
dependabot[bot] 9 months ago committed by GitHub
parent 7a098f8a16
commit da1605fce4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
.github/workflows/scorecards-analysis.yml vendored
Unescape View File

@ -27,7 +27,7 @@ jobs:
persist-credentials: false
- name: "Run analysis"
uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031
uses: ossf/scorecard-action@483ef80eb98fb506c348f7d62e28055e49fe2398
with:
results_file: results.sarif
results_format: sarif

Write Preview
Loading…
Cancel
Save