msquic
msquic copied to clipboard
Published
20 hours ago •
microsoft
microsoft
Bump ossf/scorecard-action from 1.0.3 to 2.0.3
Bumps ossf/scorecard-action from 1.0.3 to 2.0.3.
Release notes
Sourced from ossf/scorecard-action's releases.
v2.0.3
Patch for fix in #898
v2.0.2
Fixes ossf/scorecard-action#895
v2.0.1
Fix for #856
v2.0.0
What's Changed
- 🌱 Prepare for a pre-release of the Golang action by
@azeemshaikh38in ossf/scorecard-action#750- :seedling: Bump github/codeql-action from 2.1.12 to 2.1.16 by
@dependabotin ossf/scorecard-action#751- :seedling: Bump debian from 11.3-slim to 11.4-slim by
@dependabotin ossf/scorecard-action#749- :seedling: Bump step-security/harden-runner from 1.4.3 to 1.4.4 by
@dependabotin ossf/scorecard-action#646- :seedling: Bump actions/setup-go from 3.2.0 to 3.2.1 by
@dependabotin ossf/scorecard-action#748- 🐛 Fix dependency conflicts in go.mod by
@azeemshaikh38in ossf/scorecard-action#771- 🌱 Prepare for v2 beta1 release by
@azeemshaikh38in ossf/scorecard-action#766- multi-repo-action: Note that tool is a work-in-progress by
@naveensrinivasanin ossf/scorecard-action#776- 🐛 Fix intermittent failures in CI-Tests by
@azeemshaikh38in ossf/scorecard-action#778- :seedling: Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by
@dependabotin ossf/scorecard-action#775- :seedling: Bump actions/cache from 3.0.4 to 3.0.5 by
@dependabotin ossf/scorecard-action#769- 📖 Update README about the restrictions for scorecard-action:v2 by
@azeemshaikh38in ossf/scorecard-action#779- :seedling: Bump github/codeql-action from 2.1.16 to 2.1.17 by
@dependabotin ossf/scorecard-action#783- 📖 Update instructions for Scorecard badge to README by
@azeemshaikh38in ossf/scorecard-action#785- :seedling: Bump debian from
f576b80toa811e62by@dependabotin ossf/scorecard-action#787- :seedling: Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by
@dependabotin ossf/scorecard-action#786- :seedling: Bump github/codeql-action from 2.1.17 to 2.1.18 by
@dependabotin ossf/scorecard-action#788- :seedling: Bump actions/cache from 3.0.5 to 3.0.6 by
@dependabotin ossf/scorecard-action#789- 🐛 Add request application/json request header by
@azeemshaikh38in ossf/scorecard-action#791- Create a new release v2.0.0-alpha.1 by
@azeemshaikh38in ossf/scorecard-action#803- :seedling: Bump actions/cache from 3.0.6 to 3.0.7 by
@dependabotin ossf/scorecard-action#807- Olivekl patch 1 by
@oliveklin ossf/scorecard-action#809- :seedling: Fix cosign vulnerability by
@naveensrinivasanin ossf/scorecard-action#812- 🌱 Allow for publish URL override by
@azeemshaikh38in ossf/scorecard-action#811- :seedling: Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by
@dependabotin ossf/scorecard-action#820- :seedling: Bump step-security/harden-runner from 1.4.4 to 1.4.5 by
@dependabotin ossf/scorecard-action#808- cmd/installer: Cleanups (2/n) by
@justaugustusin ossf/scorecard-action#833- Update comments to allow for renovatebot updates by
@laurentsimonin ossf/scorecard-action#834- :seedling: Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by
@dependabotin ossf/scorecard-action#839- :seedling: Update actions/checkout requirement to 2541b1294d2704b0964813337f33b291d3f8596b by
@dependabotin ossf/scorecard-action#835- :seedling: Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by
@dependabotin ossf/scorecard-action#842- :seedling: Bump github/codeql-action from 2.1.18 to 2.1.21 by
@dependabotin ossf/scorecard-action#844- :seedling: Bump actions/setup-go from 3.2.1 to 3.3.0 by
@dependabotin ossf/scorecard-action#843- :seedling: Bump debian from
a811e62to68c1f6bby@dependabotin ossf/scorecard-action#840- Fix workflow path in automatic creation of PR by
@RadoslavGatevin ossf/scorecard-action#845- :seedling: Bump actions/dependency-review-action from 310e0dd64f63b1d00101ecd3225d605a74261fb7 to 2.1.0 by
@dependabotin ossf/scorecard-action#838- :seedling: Bump actions/cache from 3.0.7 to 3.0.8 by
@dependabotin ossf/scorecard-action#836- 📖 Add docs for API by
@azeemshaikh38in ossf/scorecard-action#849- :seedling: Bump github/codeql-action from 2.1.21 to 2.1.22 by
@dependabotin ossf/scorecard-action#853
... (truncated)
Commits
865b409Create v2.0.3 patch (#927)60f6d77:seedling: Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#855)a73c72abug: always use the default GITHUB_TOKEN for signing (#898)68bf5b3🐛 Fixes Run all checks on a BranchProtection event - failing tests (#897)f437b3cDowngrade to scorecard:v4.5.0 to fix breakage (#894)13ec8c7:seedling: Release v2.0.0 (#854)183420b:seedling: Included License (#852)9347866:seedling: Bump github/codeql-action from 2.1.21 to 2.1.22 (#853)d4f9a7aAdd docs for API (#849)9b15950:seedling: Bump actions/cache from 3.0.7 to 3.0.8 (#836)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "Published by a pub.dev verified publisher"){kind=small}