Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#1911) · flutter/samples@a1b2c57

Commit

Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#1911)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.1.3 to 2.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>:seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0
by <a
href="https://github.com/spencerschrock"><code>@spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1192">ossf/scorecard-action#1192</a></li>
</ul>
<h2>Scorecard Result Viewer</h2>
<p>Thanks to contributions from <a
href="https://github.com/cynthia-sg"><code>@cynthia-sg</code></a> and
<a href="https://github.com/tegioz"><code>@tegioz</code></a> at <a
href="https://github.com/cncf/clomonitor">CLOMonitor</a>, there is a new
Scorecard Result visualization page at
<code>https://securityscorecards.dev/viewer/?uri=&lt;project-url&gt;</code>.</p>
<ul>
<li><a
href="https://redirect.github.com/ossf/scorecard-webapp/pull/406">ossf/scorecard-webapp#406</a></li>
<li><a
href="https://redirect.github.com/ossf/scorecard-webapp/pull/422">ossf/scorecard-webapp#422</a></li>
</ul>
<p>As an example, you can see our own score visualized <a
href="https://securityscorecards.dev/viewer/?uri=github.com/ossf/scorecard">here</a>
Checkout our <a
href="https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#scorecard-badge">README</a>
to learn how to link your README badge to the new visualization
page.</p>
<h2>Publishing Results</h2>
<p>This release contains two fixes which will improve the user
experience when <code>publish_results</code> is <code>true</code></p>
<ul>
<li>Runs that fail our <a
href="https://github.com/ossf/scorecard-action/blob/08b4669551908b1024bb425080c797723083c031/README.md#workflow-restrictions">workflow
restrictions</a> will fail with a 400 response indicating the problem,
instead of a vague 500 status. (<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1156">ossf/scorecard-action#1156</a>,
resolved <a
href="https://redirect.github.com/ossf/scorecard-action/issues/1150">ossf/scorecard-action#1150</a>)</li>
<li>Scorecard action will retry when signing results and submitting them
to our web API. This should help with flakiness from connection
failures. (<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1191">ossf/scorecard-action#1191</a>)</li>
</ul>
<h2>Docs</h2>
<ul>
<li>📖 Update README to accept fine-grained tokens by <a
href="https://github.com/pnacht"><code>@pnacht</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li>
<li>📖 Update installation instructions to match current GitHub UI by <a
href="https://github.com/joycebrum"><code>@joycebrum</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1153">ossf/scorecard-action#1153</a></li>
<li>📖 Document the GitHub action workflow restrictions when publishing
results. by <a
href="https://github.com/spencerschrock"><code>@spencerschrock</code></a>
in</li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/bobcallaway"><code>@bobcallaway</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1140">ossf/scorecard-action#1140</a></li>
<li><a href="https://github.com/pnacht"><code>@pnacht</code></a> made
their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1175">ossf/scorecard-action#1175</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0">https://github.com/ossf/scorecard-action/compare/v2.1.3...v2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/08b4669551908b1024bb425080c797723083c031"><code>08b4669</code></a>
:seedling: Bump docker tag to for v2.2.0 release. (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1194">#1194</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/3c7470f58c4371d8ac58beaeeacf771227d63ce8"><code>3c7470f</code></a>
:book: Update README badge link to use new uri param. (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1185">#1185</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/a164dbc12a66d9fae8ec379fff6ba200da366366"><code>a164dbc</code></a>
:seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1192">#1192</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/597960e1d95e5c741af238a819f03655e2fa43b8"><code>597960e</code></a>
:book: Update README to accept fine-grained tokens (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1175">#1175</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/8808ed28c3b8ba5a7d8059bd0360d8374ff6adb3"><code>8808ed2</code></a>
:seedling: Retry external network calls when publishing results (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1191">#1191</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/0eed6cb5da014387b234df059cd4a2db5dbe9e1f"><code>0eed6cb</code></a>
:seedling: Bump golang.org/x/net from 0.10.0 to 0.11.0</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6c6335c126308fd03da1c3bb267c1ebc3a34db0c"><code>6c6335c</code></a>
:seedling: Bump github/codeql-action from 2.3.6 to 2.20.0</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/7f1baf380a4f4418b4864d5a57bee1beba03e2eb"><code>7f1baf3</code></a>
:book: Switch recommended badge link to the new viewer. (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1176">#1176</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/df98bbc13d1c3001cc90b8a2791ffde7ba29f061"><code>df98bbc</code></a>
:seedling: Bump actions/checkout from 3.5.2 to 3.5.3</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/75886d414a5cd048874360697f1e8edb5b1e55ca"><code>75886d4</code></a>
:seedling: Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1172">#1172</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/80e868c13c90f172d68d1f4501dee99e2479f7af...08b4669551908b1024bb425080c797723083c031">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.1.3&new-version=2.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Loading branch information

dependabot[bot] committed Jun 25, 2023

1 parent eac6afa commit a1b2c57

.github/workflows/scorecards-analysis.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -27,7 +27,7 @@ jobs: @@
               persist-credentials: false
           - name: "Run analysis"
-            uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af
+            uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031
             with:
               results_file: results.sarif
               results_format: sarif
@@ Expand Down @@

0 comments on commit `a1b2c57`

Please sign in to comment.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `a1b2c57`

Commit

There are no files selected for viewing

0 comments on commit a1b2c57

0 comments on commit `a1b2c57`