[PR #425] [MERGED] Bump ossf/scorecard-action from 2.3.1 to 2.3.3 #436

New issue

Closed

opened 2026-03-03 14:31:10 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 14:31:10 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/425
Author: @dependabot[bot]
Created: 5/10/2024
Status: ✅ Merged
Merged: 5/10/2024
Merged by: @konstruktoid

Base: master ← Head: dependabot/github_actions/ossf/scorecard-action-2.3.3

---

📝 Commits (1)

• b6ad6ad Bump ossf/scorecard-action from 2.3.1 to 2.3.3

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/scorecards.yml (+1 -1)

📄 Description

Bumps ossf/scorecard-action from 2.3.1 to 2.3.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in ossf/scorecard-action#1366
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in ossf/scorecard-action#1374
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• 📖 Move token discussion out of main README. by @​spencerschrock in ossf/scorecard-action#1279
• 📖 link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in ossf/scorecard-action#1352
• 📖 update api links to new scorecard.dev site by @​spencerschrock in ossf/scorecard-action#1376

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

Commits

• dc50aa9 🌱 Bump docker tag for v2.3.3 release (#1368)
• 8ff5700 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....
• 8ba5e73 update api links to new scorecard.dev site (#1376)
• 92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
• 6c55905 🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
• 09bb953 🌱 Bump distroless/base in the docker-images group (#1372)
• 1511e13 🌱 Bump the github-actions group across 1 directory with 6 updates (#...
• df66cd8 🌱 Bump the docker-images group with 2 updates (#1370)
• fad9a3c 🌱 Bump distroless/base in the docker-images group (#1364)
• 1e01a30 🌱 Bump the github-actions group with 3 updates (#1365)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/425 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 5/10/2024 **Status:** ✅ Merged **Merged:** 5/10/2024 **Merged by:** [@konstruktoid](https://github.com/konstruktoid) **Base:** `master` ← **Head:** `dependabot/github_actions/ossf/scorecard-action-2.3.3` --- ### 📝 Commits (1) - [`b6ad6ad`](https://github.com/konstruktoid/hardening/commit/b6ad6ad0e46e91379dce51747410c044bf5f37a0) Bump ossf/scorecard-action from 2.3.1 to 2.3.3 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/scorecards.yml` (+1 -1) </details> ### 📄 Description Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.3.3</h2> <blockquote> <p>[!NOTE]<br /> There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag</p> </blockquote> <h2>What's Changed</h2> <ul> <li>:seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1366">ossf/scorecard-action#1366</a></li> <li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1374">ossf/scorecard-action#1374</a></li> <li>:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1377">ossf/scorecard-action#1377</a></li> </ul> <p>For a full changelist of what these include, see the <a href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc1">v5.0.0-rc1</a> and <a href="https://github.com/ossf/scorecard/releases/tag/v5.0.0-rc2">v5.0.0-rc2</a> release notes.</p> <h3>Documentation</h3> <ul> <li>:book: Move token discussion out of main README. by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1279">ossf/scorecard-action#1279</a></li> <li>:book: link to <code>ossf/scorecard</code> workflow instead of maintaining an example by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1352">ossf/scorecard-action#1352</a></li> <li>:book: update api links to new scorecard.dev site by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1376">ossf/scorecard-action#1376</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3">https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/dc50aa9510b46c811795eb24b2f1ba02a914e534"><code>dc50aa9</code></a> :seedling: Bump docker tag for v2.3.3 release (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1368">#1368</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/8ff570017382a0ef795f21f71e519b27a9b5f29e"><code>8ff5700</code></a> :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....</li> <li><a href="https://github.com/ossf/scorecard-action/commit/8ba5e73d11a5fd0917494d02ab01dfd7866d2191"><code>8ba5e73</code></a> update api links to new scorecard.dev site (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1376">#1376</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/92ddde3eaffd7e147638317c023642a6adc8a874"><code>92ddde3</code></a> Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1374">#1374</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/6c55905542a1ce814c7ec177a96904f5bc74aab5"><code>6c55905</code></a> :seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1373">#1373</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/09bb953b6a0e34c84fb453985435a07cc2baa3a3"><code>09bb953</code></a> :seedling: Bump distroless/base in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1372">#1372</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/1511e1305b9d7e51245388421563264573c77bc7"><code>1511e13</code></a> :seedling: Bump the github-actions group across 1 directory with 6 updates (#...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/df66cd8fd834fab4483ac0031b8d8ff819b62422"><code>df66cd8</code></a> :seedling: Bump the docker-images group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1370">#1370</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/fad9a3cc533bb069b1f01f272f1f630895cd690a"><code>fad9a3c</code></a> :seedling: Bump distroless/base in the docker-images group (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1364">#1364</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/1e01a309c1de65b6221c25768bcfc322bac8ccee"><code>1e01a30</code></a> :seedling: Bump the github-actions group with 3 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1365">#1365</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 14:31:10 +03:00

• closed this issue
• added the
  pull-request
  label

kerem referenced this issue 2026-03-03 14:31:13 +03:00

[PR #436] [CLOSED] Update actions/dependency-review-action action to v4.3.3 - autoclosed #447

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/github-codeql-action-4.x

v2.2.0

v2.1.0

v2.0.0

v1.0.0

v1.0

Labels

Clear labels   

Stale

  

bug

  

bug

  

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

Stale

bug

bug

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hardening#436

No description provided.