meta: bump ossf/scorecard-action from 2.3.1 to 2.3.3
Created by: dependabot[bot]
Bumps ossf/scorecard-action from 2.3.1 to 2.3.3.
Release notes
Sourced from ossf/scorecard-action's releases.
v2.3.3
[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tagWhat's Changed
🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by@spencerschrock
in ossf/scorecard-action#1366🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by@spencerschrock
in ossf/scorecard-action#1374🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by@spencerschrock
in ossf/scorecard-action#1377For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.
Documentation
📖 Move token discussion out of main README. by@spencerschrock
in ossf/scorecard-action#1279📖 link toossf/scorecard
workflow instead of maintaining an example by@spencerschrock
in ossf/scorecard-action#1352📖 update api links to new scorecard.dev site by@spencerschrock
in ossf/scorecard-action#1376Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3
Commits
-
dc50aa9
🌱 Bump docker tag for v2.3.3 release (#1368) -
8ff5700
🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.... -
8ba5e73
update api links to new scorecard.dev site (#1376) -
92ddde3
Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374) -
6c55905
🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373) -
09bb953
🌱 Bump distroless/base in the docker-images group (#1372) -
1511e13
🌱 Bump the github-actions group across 1 directory with 6 updates (#... -
df66cd8
🌱 Bump the docker-images group with 2 updates (#1370) -
fad9a3c
🌱 Bump distroless/base in the docker-images group (#1364) -
1e01a30
🌱 Bump the github-actions group with 3 updates (#1365) - Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)