Scorecard - v4.10.3


Changelog

  • 9ad9757 Increase recordings, switch API, and lower tolerance
  • 8966abd Initial implementation of go-git client (#2720)
  • 603263c :bug: Fix typo in CITests runtime errors causing duplicate Code-Review checks. (#2756)
  • c20ed9e :seedling: Update .github/workflows/goreleaser.yaml (#2755)
  • 0b45c90 :seedling: Bump step-security/harden-runner from 2.2.0 to 2.2.1 (#2753)
  • 23bd295 :seedling: Bump github/codeql-action from 2.2.4 to 2.2.6 (#2741)
  • fc026ef :seedling: Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools (#2742)
  • 2e04214 :seedling: Bump tj-actions/changed-files from 35.6.2 to 35.7.0
  • e36b590 :seedling: Bump actions/cache from 3.3.0 to 3.3.1 (#2740)
  • 6ff94eb :bug: Handle editable pip installs (#2731)
  • 110e352 ✨ Gitlab support: RepoClient (#2655)
  • 5625dda :seedling: Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0 in /tools
  • d591e38 🌱 Add RepoClient re-use E2E tests. (#2625)
  • a7e81bb :seedling: Bump actions/cache from 3.2.6 to 3.3.0 (#2738)
  • b5254fe :seedling: Bump tj-actions/changed-files from 35.6.1 to 35.6.2 (#2736)
  • 2e6347f :seedling: Bump github.com/moby/buildkit from 0.10.3 to 0.11.4 (#2735)
  • 170af75 :bug: Updates osv-scanner dependency to 1.2.0. (#2704)
  • 5f13a66 Atomically load from accessState to avoid data race. (#2732)
  • 0c090b3 :seedling: Updated the coverage for tests (#2728)
  • 0169c37 🌱 Setup cron for running as GitHub App (#2721)
  • d708c6c :seedling: Bump tj-actions/changed-files from 35.5.4 to 35.6.1
  • fb12a39 :seedling: Bump github.com/google/ko in /tools
  • 0bed3da :seedling: Bump github.com/jszwec/csvutil from 1.7.1 to 1.8.0 (#2698)
  • 61866a0 🐛 Check OSS Fuzz build file for Fuzzing check (#2719)
  • c06ac74 :seedling: Removed failing tests (#2718)
  • b8bc65f Add projects to cronjob (#2716)
  • def5ead :book: update bigquery docs in README (#2714)
  • 36faeac Consider 'src/test' test directories (#2706)
  • 846fb19 Refactor githubrepo CheckRun logic (#2710)
  • 82a122b :seedling: Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
  • c4bd0c5 :warning: Update date formats and fields to RFC3339 (#2712)
  • 8add330 :book: Fix links. (#2703)
  • 35a7dd5 :seedling: Bump kubernetes-sigs/kubebuilder-release-tools
  • c7e362d :seedling: Bump step-security/harden-runner from 2.1.0 to 2.2.0
  • be8a437 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.8.1 to 2.8.3 in /tools (#2694)
  • 034add1 :seedling: Bump k8s.io/client-go from 0.18.8 to 0.20.0
  • feb267a :seedling: Bump golang.org/x/net from 0.6.0 to 0.7.0 in /tools
  • 78069d8 Consider ko-build/setup-ko as a packaging workflow (#2692)
  • db6a26e :seedling: Bump actions/cache from 3.2.3 to 3.2.6
  • 24b779f :seedling: Bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0 (#2615)
  • 48813a3 :seedling: Bump golang.org/x/net from 0.5.0 to 0.7.0 (#2680)
  • d334409 Add Azure Devops as valid CI system (#2662)
  • 047c014 :seedling: Bump github/codeql-action from 2.2.3 to 2.2.4 (#2676)
  • 5e6a521 :seedling: Update deps for fixing GHSA-r48q-9g5r-8q2h (#2675)
  • adb1ce3 🌱 add new github.com/intel repos (#2673)
  • 603cd92 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.8.1 in /tools (#2660)
  • 559b71b Invite @raghavkaul as maintainer (#2663)
  • 353e2c6 :seedling: Bump tj-actions/changed-files from 35.5.0 to 35.5.4 (#2674)
  • c9f582b Limit integration tests to ones that work with the GITHUB_TOKEN. (#2672)
  • 7876a13 :seedling: Temporarily skip OSS-Fuzz e2e test. (#2671)
  • 93900ac :seedling: Bump github/codeql-action from 2.2.0 to 2.2.3 (#2649)
  • 8115756 :seedling: Bump peter-evans/find-comment from 2.1.0 to 2.2.1 (#2641)
  • ee8dd5d Image build pipeline (#2613)
  • d331f8e Fix typo (add s to ') (#2638)
  • ac008ec :seedling: Bump tj-actions/changed-files from 35.4.4 to 35.5.0 (#2635)
  • 0f33c37 :book: Update docs on how to run and debug locally (#2587)
  • 2ea140a ✨ Structured results for permissions (#2584)
  • 4ebe521 :seedling: Bump github/codeql-action from 2.1.39 to 2.2.0 (#2618)
  • 1c6ab16 :seedling: Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#2600)
  • e6a900d Handle Docker URLs for GitHub actions workflows (#2594)
  • 3f372e9 :seedling: Bump tj-actions/changed-files from 35.4.1 to 35.4.4
  • 99398db :seedling: Bump github/codeql-action from 2.1.38 to 2.1.39 (#2607)
  • 9385905 Revert "perf.: run integration tests only on approved PRs (#2609)" (#2612)
  • f25d010 :seedling: Bump github.com/google/addlicense in /tools (#2608)
  • a29182d perf.: run integration tests only on approved PRs (#2609)
  • 6112c07 :seedling: Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#2539)
  • f1ca6d7 :seedling: Bump actions/cache from 3.0.11 to 3.2.3 (#2599)
  • 9c49fbf :seedling: Bump step-security/harden-runner from 2.0.0 to 2.1.0 (#2604)
  • 1b5bdb4 :seedling: Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#2601)
  • 67daacc :seedling: Bump tj-actions/changed-files from 35.2.0 to 35.4.1 (#2598)
  • fc299e3 :seedling: Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#2585)
  • 2704fc5 :seedling: Bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 (#2591)
  • 4a9c774 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.38 (#2597)
  • 811bf75 Add correct contact to CODE_OF_CONDUCT.md (#2508)
  • 47be523 :bug: Retain tag when remediating unpinned docker images. (#2595)
  • b30bc79 :seedling: Bump golang.org/x/tools from 0.4.0 to 0.5.0 (#2592)
  • 3e4dca5 :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2586)
  • 75adffe :seedling: Bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#2562)
  • 63ffde8 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 (#2590)
  • bf516e1 🐛 Use leveled scoring for Code Review check (#2542)
  • ed9576c Update name of Branch Protection Rule (#2589)
  • 6ded57e :seedling: Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 in /tools (#2588)
  • 78d0903 :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2573)
  • be695d1 🐛 Add wasm files as binary artifacts (#2548)
  • a2bc29a :seedling: Bump actions/checkout from 3.2.0 to 3.3.0 (#2583)
  • 1d15e9c classic personal access tokens required (#2565)
  • 7c0edac :seedling: Bump nick-invision/retry from 2.8.2 to 2.8.3 (#2576)
  • 6ff06a3 :seedling: Bump actions/setup-go from 3.3.1 to 3.5.0 (#2575)
  • 72d4e98 :seedling: Bump tj-actions/changed-files from 35.1.0 to 35.2.0 (#2574)
  • cf3a43f :seedling: Bump ossf/scorecard-action from 2.1.1 to 2.1.2 (#2570)
  • 4d5cbb4 :bug: Fix Renovate bot typo (#2569)
  • 90cdd98 Disable scorecard on PRs (#2571)
  • 6bf19d5 🌱 Switch from paths-ignore to changed-files action to skip required checks. (#2566)
  • c6d7680 :seedling: Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 (#2563)
  • 7e64b36 :seedling: Bump golang.org/x/tools from 0.3.0 to 0.4.0 (#2525)

Thanks for all contributors!


Details

date
March 16, 2023, 5:54 p.m.
name
v4.10.3
type
Patch
👇
Register or login to:
  • 🔍View and search all Scorecard releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or