Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: ossf/scorecard-action
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v2.3.0
Choose a base ref
...
head repository: ossf/scorecard-action
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v2.3.1
Choose a head ref
  • 11 commits
  • 9 files changed
  • 2 contributors

Commits on Oct 9, 2023

  1. 🌱 Bump golang from 1.21.1 to 1.21.2 (#1272) 

    Bumps golang from 1.21.1 to 1.21.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 9, 2023
    Configuration menu
    Copy the full SHA
    54b14e1 View commit details
    Browse the repository at this point in the history

Commits on Oct 10, 2023

  1. 🌱 Bump step-security/harden-runner from 2.5.1 to 2.6.0 (#1273) 

    Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.5.1 to 2.6.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@8ca2b8b...1b05615)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 10, 2023
    Configuration menu
    Copy the full SHA
    7c1648b View commit details
    Browse the repository at this point in the history

  2. 🌱 Bump github/codeql-action from 2.21.9 to 2.22.1 (#1274) 

    Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.9 to 2.22.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@ddccb87...fdcae64)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 10, 2023
    Configuration menu
    Copy the full SHA
    87157ac View commit details
    Browse the repository at this point in the history

  3. 🌱 Bump distroless/base from a35b652 to b31a6e0 (#1275) 

    Bumps distroless/base from `a35b652` to `b31a6e0`.

---
updated-dependencies:
- dependency-name: distroless/base
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 10, 2023
    Configuration menu
    Copy the full SHA
    cb50491 View commit details
    Browse the repository at this point in the history

  4. 🌱 Group Dependabot updates for GitHub Actions and Dockerfiles (#1276) 

    * group github action updates

Signed-off-by: Spencer Schrock <sschrock@google.com>

* group docker image updates

Signed-off-by: Spencer Schrock <sschrock@google.com>

* change docker to weekly

Signed-off-by: Spencer Schrock <sschrock@google.com>

---------

Signed-off-by: Spencer Schrock <sschrock@google.com>
    @spencerschrock
    spencerschrock authored Oct 10, 2023
    Configuration menu
    Copy the full SHA
    28d0c92 View commit details
    Browse the repository at this point in the history

  5. 🌱 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1277) 

    Bumps [github.com/google/go-cmp](https://github.com/google/go-cmp) from 0.5.9 to 0.6.0.
- [Release notes](https://github.com/google/go-cmp/releases)
- [Commits](google/go-cmp@v0.5.9...v0.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/go-cmp
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 10, 2023
    Configuration menu
    Copy the full SHA
    652ddd0 View commit details
    Browse the repository at this point in the history

  6. 🌱 Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1278) 

    Bumps [golang.org/x/net](https://github.com/golang/net) from 0.16.0 to 0.17.0.
- [Commits](golang/net@v0.16.0...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 10, 2023
    Configuration menu
    Copy the full SHA
    2fa1e2f View commit details
    Browse the repository at this point in the history

Commits on Oct 17, 2023

  1. 🌱 Bump the github-actions group with 1 update (#1280) 

    Bumps the github-actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).

- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@fdcae64...0116bc2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 17, 2023
    Configuration menu
    Copy the full SHA
    dbfd042 View commit details
    Browse the repository at this point in the history

  2. 🌱 Bump the docker-images group with 1 update (#1281) 

    Bumps the docker-images group with 1 update: golang.


---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: docker-images
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] authored Oct 17, 2023
    Configuration menu
    Copy the full SHA
    0ea411f View commit details
    Browse the repository at this point in the history

Commits on Oct 23, 2023

  1. 🌱 Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 (#1282) 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
    @spencerschrock
    spencerschrock authored Oct 23, 2023
    Configuration menu
    Copy the full SHA
    72df3bf View commit details
    Browse the repository at this point in the history

  2. 🌱 Bump docker tag to for v2.3.1 release (#1284) 

    Signed-off-by: Spencer Schrock <sschrock@google.com>
    @spencerschrock
    spencerschrock authored Oct 23, 2023
    Configuration menu
    Copy the full SHA
    0864cf1 View commit details
    Browse the repository at this point in the history
Loading