[PR #256] [MERGED] build(deps): Bump ossf/scorecard-action from 2.4.2 to 2.4.3 #253

New issue

Closed

opened 2026-02-26 18:33:58 +03:00 by kerem · 0 comments

kerem commented 2026-02-26 18:33:58 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/decke/smtprelay/pull/256
Author: @dependabot[bot]
Created: 10/1/2025
Status: ✅ Merged
Merged: 10/1/2025
Merged by: @decke

Base: master ← Head: dependabot/github_actions/ossf/scorecard-action-2.4.3

---

📝 Commits (1)

• edab232 build(deps): Bump ossf/scorecard-action from 2.4.2 to 2.4.3

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 .github/workflows/scorecards.yml (+1 -1)

📄 Description

Bumps ossf/scorecard-action from 2.4.2 to 2.4.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

• docs: clarify GITHUB_TOKEN permissions needed for private repos by @​pankajtaneja5 in ossf/scorecard-action#1574
• 📖 Fix recommended command to test the image in development by @​deivid-rodriguez in ossf/scorecard-action#1583

Other

• add missing top-level token permissions to workflows by @​timothyklee in ossf/scorecard-action#1566
• setup codeowners for requesting reviews by @​spencerschrock in ossf/scorecard-action#1576
• 🌱 Improve printing options by @​deivid-rodriguez in ossf/scorecard-action#1584

New Contributors

• @​timothyklee made their first contribution in ossf/scorecard-action#1566
• @​pankajtaneja5 made their first contribution in ossf/scorecard-action#1574
• @​deivid-rodriguez made their first contribution in ossf/scorecard-action#1584

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3

Commits

• 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
• 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
• 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
• 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
• 92083b5 📖 Fix recommended command to test the image in development (#1583)
• 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
• 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
• 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
• c3f1350 🌱 Improve printing options (#1584)
• 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/decke/smtprelay/pull/256 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 10/1/2025 **Status:** ✅ Merged **Merged:** 10/1/2025 **Merged by:** [@decke](https://github.com/decke) **Base:** `master` ← **Head:** `dependabot/github_actions/ossf/scorecard-action-2.4.3` --- ### 📝 Commits (1) - [`edab232`](https://github.com/decke/smtprelay/commit/edab232f8223c08205bec5a4c60a89942d505da9) build(deps): Bump ossf/scorecard-action from 2.4.2 to 2.4.3 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `.github/workflows/scorecards.yml` (+1 -1) </details> ### 📄 Description Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.2 to 2.4.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's releases</a>.</em></p> <blockquote> <h2>v2.4.3</h2> <h2>What's Changed</h2> <p>This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the <a href="https://github.com/ossf/scorecard/releases/tag/v5.3.0">Scorecard v5.3.0 release notes</a>.</p> <h2>Documentation</h2> <ul> <li>docs: clarify <code>GITHUB_TOKEN</code> permissions needed for private repos by <a href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li> <li>:book: Fix recommended command to test the image in development by <a href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1583">ossf/scorecard-action#1583</a></li> </ul> <h2>Other</h2> <ul> <li>add missing top-level token permissions to workflows by <a href="https://github.com/timothyklee"><code>@​timothyklee</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li> <li>setup codeowners for requesting reviews by <a href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1576">ossf/scorecard-action#1576</a></li> <li>:seedling: Improve printing options by <a href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a> in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/timothyklee"><code>@​timothyklee</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li> <li><a href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li> <li><a href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a> made their first contribution in <a href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3">https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a"><code>4eaacf0</code></a> bump docker to ghcr v2.4.3 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1587">#1587</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a"><code>42e3a01</code></a> :seedling: Bump the github-actions group with 3 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1585">#1585</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15"><code>88c07ac</code></a> :seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1579">#1579</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128"><code>6c690f2</code></a> Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1586">#1586</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd"><code>92083b5</code></a> :book: Fix recommended command to test the image in development (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1583">#1583</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9"><code>7975ea6</code></a> :seedling: Bump the docker-images group across 1 directory with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li> <li><a href="https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf"><code>0d1a743</code></a> :seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1575">#1575</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7"><code>46e6e0c</code></a> :seedling: Bump the github-actions group with 2 updates (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1580">#1580</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d"><code>c3f1350</code></a> :seedling: Improve printing options (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1584">#1584</a>)</li> <li><a href="https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a"><code>43e475b</code></a> :seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (<a href="https://redirect.github.com/ossf/scorecard-action/issues/1578">#1578</a>)</li> <li>Additional commits viewable in <a href="https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-02-26 18:33:58 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

dependabot/go_modules/github.com/rs/zerolog-1.35.1

dependabot/go_modules/github.com/DeRuina/timberjack-1.4.2

dependabot/go_modules/github.com/chrj/smtpd-1.0.0

dependabot/github_actions/step-security/harden-runner-2.19.0

dependabot/github_actions/github/codeql-action-4.35.2

add-service

v1.13.2

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.0

v1.8.0

v1.7.0

v1.6.0

v1.5.0

v1.4.0

v1.3.0

v1.2.0

v1.1.0

v1.0.1

v1.0.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/smtprelay#253

No description provided.