From 95c62752254a40523e39e1010867f8d3d6524f3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Jan 2025 18:55:33 +0000 Subject: [PATCH 1/2] Bump ossf/scorecard-action from 2.1.2 to 2.4.0 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/e38b1902ae4f44df626f11ba0734b14fb91f8f86...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index e735b9e..e1ba06a 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -37,7 +37,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif From e827a2bc4eb31b0d460f73e6b8f68853f3fde576 Mon Sep 17 00:00:00 2001 From: Monty Bot Date: Thu, 9 Jan 2025 18:58:45 +0000 Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=93=B0=20Automatic=20changes=20?= =?UTF-8?q?=E2=9A=99=20Adding=20news=20file?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- news/20250109185845.bugfix | 1 + 1 file changed, 1 insertion(+) create mode 100644 news/20250109185845.bugfix diff --git a/news/20250109185845.bugfix b/news/20250109185845.bugfix new file mode 100644 index 0000000..b38c333 --- /dev/null +++ b/news/20250109185845.bugfix @@ -0,0 +1 @@ +Dependency upgrade: scorecard-action-2.4.0