opentelemetry-php-contrib
opentelemetry-php-contrib copied to clipboard
open-telemetry
chore(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3
Bumps ossf/scorecard-action from 2.4.2 to 2.4.3.
Release notes
Sourced from ossf/scorecard-action's releases.
v2.4.3
What's Changed
This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.
Documentation
- docs: clarify
GITHUB_TOKENpermissions needed for private repos by@pankajtaneja5in ossf/scorecard-action#1574- :book: Fix recommended command to test the image in development by
@deivid-rodriguezin ossf/scorecard-action#1583Other
- add missing top-level token permissions to workflows by
@timothykleein ossf/scorecard-action#1566- setup codeowners for requesting reviews by
@spencerschrockin ossf/scorecard-action#1576- :seedling: Improve printing options by
@deivid-rodriguezin ossf/scorecard-action#1584New Contributors
@timothykleemade their first contribution in ossf/scorecard-action#1566@pankajtaneja5made their first contribution in ossf/scorecard-action#1574@deivid-rodriguezmade their first contribution in ossf/scorecard-action#1584Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3
Commits
4eaacf0bump docker to ghcr v2.4.3 (#1587)42e3a01:seedling: Bump the github-actions group with 3 updates (#1585)88c07ac:seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)6c690f2Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)92083b5:book: Fix recommended command to test the image in development (#1583)7975ea6:seedling: Bump the docker-images group across 1 directory with 2 updates (#1...0d1a743:seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)46e6e0c:seedling: Bump the github-actions group with 2 updates (#1580)c3f1350:seedling: Improve printing options (#1584)43e475b:seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}
Codecov Report
:white_check_mark: All modified and coverable lines are covered by tests.
:white_check_mark: Project coverage is 82.52%. Comparing base (f042bae) to head (f129128).
:warning: Report is 3 commits behind head on main.
Additional details and impacted files
@@ Coverage Diff @@
## main #446 +/- ##
=========================================
Coverage 82.52% 82.52%
Complexity 2414 2414
=========================================
Files 167 167
Lines 9711 9711
=========================================
Hits 8014 8014
Misses 1697 1697
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report in Codecov by Sentry.
Legend - Click here to learn more
Δ = absolute <relative> (impact),ø = not affected,? = missing dataPowered by Codecov. Last update f042bae...f129128. Read the comment docs.
:rocket: New features to boost your workflow:
- :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.
If you change your mind, just re-open this PR and I'll resolve any conflicts on it.