commons-geometry icon indicating copy to clipboard operation
commons-geometry copied to clipboard
verified publisher icon apache

Bump ossf/scorecard-action from 2.2.0 to 2.3.1

Open dependabot[bot] opened this issue 2 years ago • 1 comments

Bumps ossf/scorecard-action from 2.2.0 to 2.3.1.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.1

What's Changed

  • :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by @​spencerschrock in ossf/scorecard-action#1282
    • Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the v4.13.1 release notes

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1

v2.3.0

What's Changed

Documentation

New Contributors

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0

Commits
  • 0864cf1 :seedling: Bump docker tag to for v2.3.1 release (#1284)
  • 72df3bf :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (#1282)
  • 0ea411f :seedling: Bump the docker-images group with 1 update (#1281)
  • dbfd042 :seedling: Bump the github-actions group with 1 update (#1280)
  • 2fa1e2f :seedling: Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1278)
  • 652ddd0 :seedling: Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1277)
  • 28d0c92 :seedling: Group Dependabot updates for GitHub Actions and Dockerfiles (#1276)
  • cb50491 :seedling: Bump distroless/base from a35b652 to b31a6e0 (#1275)
  • 87157ac :seedling: Bump github/codeql-action from 2.21.9 to 2.22.1 (#1274)
  • 7c1648b :seedling: Bump step-security/harden-runner from 2.5.1 to 2.6.0 (#1273)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependabot[bot] avatar Oct 27 '23 16:10 dependabot[bot]

We're currently processing your upload. This comment will be updated when the results are available.

codecov-commenter avatar Oct 27 '23 16:10 codecov-commenter

Superseded by #231.

dependabot[bot] avatar Feb 14 '25 16:02 dependabot[bot]