build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#486) · vaninrao10/notation@c6ab817

Commit

build(deps): bump ossf/scorecard-action from 2.0.6 to 2.1.0 (notarypr…

…oject#486)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.0.6 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<h3>Scorecard version</h3>
<p>This release uses <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.0">scorecard
v4.10.0</a>.</p>
<h3>Improvements</h3>
<ul>
<li>Docker build workflow by <a
href="https://github.com/naveensrinivasan"><code>@naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/981">ossf/scorecard-action#981</a></li>
<li>Use root user in distroless to support GitHub Actions by <a
href="https://github.com/spencerschrock"><code>@spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/994">ossf/scorecard-action#994</a></li>
<li>Disable pull_request_target by <a
href="https://github.com/laurentsimon"><code>@laurentsimon</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1031">ossf/scorecard-action#1031</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add PAT section explaining risks by <a
href="https://github.com/olivekl"><code>@olivekl</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1024">ossf/scorecard-action#1024</a></li>
<li>Make the badge text easier to copy by <a
href="https://github.com/rajbos"><code>@rajbos</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joycebrum"><code>@joycebrum</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/984">ossf/scorecard-action#984</a></li>
<li><a href="https://github.com/rajbos"><code>@rajbos</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0">https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/937ffa90d79c7d720498178154ad4c7ba1e4ad8c"><code>937ffa9</code></a>
Minor release v2.1.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1040">#1040</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/a42a0805d0e4304ee4c7c212dfbe26772777223b"><code>a42a080</code></a>
Create scorecards.yml (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1041">#1041</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/cf93e24efb76f6ebfa331ce9fb93f8dbc8bb1f78"><code>cf93e24</code></a>
:seedling: Bump github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1039">#1039</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/b2f0d4ed0554bbca06657a42557173b5e03e8558"><code>b2f0d4e</code></a>
:seedling: Bump golang from <code>04f76f9</code> to <code>54184d6</code>
(<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1038">#1038</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/bff7712ee497efb0d73397512a3ade98664a7772"><code>bff7712</code></a>
:seedling: Bump actions/checkout from 3.1.0 to 3.2.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1035">#1035</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/cd50e39e8ab523db25ce263bb28734aa64ea9622"><code>cd50e39</code></a>
:seedling: Bump github/codeql-action from 2.1.35 to 2.1.36 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1036">#1036</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/420fff2430efabf8e215ab219e0efb528410d598"><code>420fff2</code></a>
update (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1031">#1031</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/8d8c1ecfc2c011a4e6b2ea1d0cceca7ded041b92"><code>8d8c1ec</code></a>
:seedling: Bump golang.org/x/net from 0.2.0 to 0.4.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1033">#1033</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/c694c355bcd6661db2153dc37269df85b330f59f"><code>c694c35</code></a>
feat: update logging (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1032">#1032</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/f27f8fe3e797639e43d28e4b358386e07066ffe2"><code>f27f8fe</code></a>
:seedling: Bump golang from <code>84ac6d8</code> to <code>04f76f9</code>
(<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1029">#1029</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/99c53751e09b9529366343771cc321ec74e9bd3d...937ffa90d79c7d720498178154ad4c7ba1e4ad8c">compare
view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.0.6&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)

</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Signed-off-by: vaninrao10 <[email protected]>

Loading branch information

dependabot[bot] authored and vaninrao10 committed Jan 5, 2023

1 parent d7d7934 commit c6ab817

.github/workflows/scorecard.yml

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -31,7 +31,7 @@ jobs:
  
              persist-credentials: false

          - name: "Run analysis"

            uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6

            uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # tag=v2.1.0

            with:

              results_file: results.sarif

              results_format: sarif

0 comments on commit `c6ab817`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `c6ab817`

Commit

There are no files selected for viewing

0 comments on commit c6ab817

0 comments on commit `c6ab817`