Scorecard - v4.10.3
Changelog
- 9ad9757 Increase recordings, switch API, and lower tolerance
- 8966abd Initial implementation of go-git client (#2720)
- 603263c :bug: Fix typo in CITests runtime errors causing duplicate Code-Review checks. (#2756)
- c20ed9e :seedling: Update .github/workflows/goreleaser.yaml (#2755)
- 0b45c90 :seedling: Bump step-security/harden-runner from 2.2.0 to 2.2.1 (#2753)
- 23bd295 :seedling: Bump github/codeql-action from 2.2.4 to 2.2.6 (#2741)
- fc026ef :seedling: Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools (#2742)
- 2e04214 :seedling: Bump tj-actions/changed-files from 35.6.2 to 35.7.0
- e36b590 :seedling: Bump actions/cache from 3.3.0 to 3.3.1 (#2740)
- 6ff94eb :bug: Handle editable pip installs (#2731)
- 110e352 ✨ Gitlab support: RepoClient (#2655)
- 5625dda :seedling: Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0 in /tools
- d591e38 🌱 Add RepoClient re-use E2E tests. (#2625)
- a7e81bb :seedling: Bump actions/cache from 3.2.6 to 3.3.0 (#2738)
- b5254fe :seedling: Bump tj-actions/changed-files from 35.6.1 to 35.6.2 (#2736)
- 2e6347f :seedling: Bump github.com/moby/buildkit from 0.10.3 to 0.11.4 (#2735)
- 170af75 :bug: Updates osv-scanner dependency to 1.2.0. (#2704)
- 5f13a66 Atomically load from accessState to avoid data race. (#2732)
- 0c090b3 :seedling: Updated the coverage for tests (#2728)
- 0169c37 🌱 Setup cron for running as GitHub App (#2721)
- d708c6c :seedling: Bump tj-actions/changed-files from 35.5.4 to 35.6.1
- fb12a39 :seedling: Bump github.com/google/ko in /tools
- 0bed3da :seedling: Bump github.com/jszwec/csvutil from 1.7.1 to 1.8.0 (#2698)
- 61866a0 🐛 Check OSS Fuzz build file for Fuzzing check (#2719)
- c06ac74 :seedling: Removed failing tests (#2718)
- b8bc65f Add projects to cronjob (#2716)
- def5ead :book: update bigquery docs in README (#2714)
- 36faeac Consider 'src/test' test directories (#2706)
- 846fb19 Refactor githubrepo CheckRun logic (#2710)
- 82a122b :seedling: Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
- c4bd0c5 :warning: Update date formats and fields to RFC3339 (#2712)
- 8add330 :book: Fix links. (#2703)
- 35a7dd5 :seedling: Bump kubernetes-sigs/kubebuilder-release-tools
- c7e362d :seedling: Bump step-security/harden-runner from 2.1.0 to 2.2.0
- be8a437 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.8.1 to 2.8.3 in /tools (#2694)
- 034add1 :seedling: Bump k8s.io/client-go from 0.18.8 to 0.20.0
- feb267a :seedling: Bump golang.org/x/net from 0.6.0 to 0.7.0 in /tools
- 78069d8 Consider ko-build/setup-ko as a packaging workflow (#2692)
- db6a26e :seedling: Bump actions/cache from 3.2.3 to 3.2.6
- 24b779f :seedling: Bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0 (#2615)
- 48813a3 :seedling: Bump golang.org/x/net from 0.5.0 to 0.7.0 (#2680)
- d334409 Add Azure Devops as valid CI system (#2662)
- 047c014 :seedling: Bump github/codeql-action from 2.2.3 to 2.2.4 (#2676)
- 5e6a521 :seedling: Update deps for fixing GHSA-r48q-9g5r-8q2h (#2675)
- adb1ce3 🌱 add new github.com/intel repos (#2673)
- 603cd92 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.8.1 in /tools (#2660)
- 559b71b Invite @raghavkaul as maintainer (#2663)
- 353e2c6 :seedling: Bump tj-actions/changed-files from 35.5.0 to 35.5.4 (#2674)
- c9f582b Limit integration tests to ones that work with the GITHUB_TOKEN. (#2672)
- 7876a13 :seedling: Temporarily skip OSS-Fuzz e2e test. (#2671)
- 93900ac :seedling: Bump github/codeql-action from 2.2.0 to 2.2.3 (#2649)
- 8115756 :seedling: Bump peter-evans/find-comment from 2.1.0 to 2.2.1 (#2641)
- ee8dd5d Image build pipeline (#2613)
- d331f8e Fix typo (add s to ') (#2638)
- ac008ec :seedling: Bump tj-actions/changed-files from 35.4.4 to 35.5.0 (#2635)
- 0f33c37 :book: Update docs on how to run and debug locally (#2587)
- 2ea140a ✨ Structured results for permissions (#2584)
- 4ebe521 :seedling: Bump github/codeql-action from 2.1.39 to 2.2.0 (#2618)
- 1c6ab16 :seedling: Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#2600)
- e6a900d Handle Docker URLs for GitHub actions workflows (#2594)
- 3f372e9 :seedling: Bump tj-actions/changed-files from 35.4.1 to 35.4.4
- 99398db :seedling: Bump github/codeql-action from 2.1.38 to 2.1.39 (#2607)
- 9385905 Revert "perf.: run integration tests only on approved PRs (#2609)" (#2612)
- f25d010 :seedling: Bump github.com/google/addlicense in /tools (#2608)
- a29182d perf.: run integration tests only on approved PRs (#2609)
- 6112c07 :seedling: Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#2539)
- f1ca6d7 :seedling: Bump actions/cache from 3.0.11 to 3.2.3 (#2599)
- 9c49fbf :seedling: Bump step-security/harden-runner from 2.0.0 to 2.1.0 (#2604)
- 1b5bdb4 :seedling: Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#2601)
- 67daacc :seedling: Bump tj-actions/changed-files from 35.2.0 to 35.4.1 (#2598)
- fc299e3 :seedling: Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#2585)
- 2704fc5 :seedling: Bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 (#2591)
- 4a9c774 :seedling: Bump github/codeql-action from 2.1.36 to 2.1.38 (#2597)
- 811bf75 Add correct contact to CODE_OF_CONDUCT.md (#2508)
- 47be523 :bug: Retain tag when remediating unpinned docker images. (#2595)
- b30bc79 :seedling: Bump golang.org/x/tools from 0.4.0 to 0.5.0 (#2592)
- 3e4dca5 :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2586)
- 75adffe :seedling: Bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#2562)
- 63ffde8 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 (#2590)
- bf516e1 🐛 Use leveled scoring for Code Review check (#2542)
- ed9576c Update name of Branch Protection Rule (#2589)
- 6ded57e :seedling: Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 in /tools (#2588)
- 78d0903 :seedling: Bump github.com/goreleaser/goreleaser in /tools (#2573)
- be695d1 🐛 Add wasm files as binary artifacts (#2548)
- a2bc29a :seedling: Bump actions/checkout from 3.2.0 to 3.3.0 (#2583)
- 1d15e9c classic personal access tokens required (#2565)
- 7c0edac :seedling: Bump nick-invision/retry from 2.8.2 to 2.8.3 (#2576)
- 6ff06a3 :seedling: Bump actions/setup-go from 3.3.1 to 3.5.0 (#2575)
- 72d4e98 :seedling: Bump tj-actions/changed-files from 35.1.0 to 35.2.0 (#2574)
- cf3a43f :seedling: Bump ossf/scorecard-action from 2.1.1 to 2.1.2 (#2570)
- 4d5cbb4 :bug: Fix Renovate bot typo (#2569)
- 90cdd98 Disable scorecard on PRs (#2571)
- 6bf19d5 🌱 Switch from paths-ignore to changed-files action to skip required checks. (#2566)
- c6d7680 :seedling: Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 (#2563)
- 7e64b36 :seedling: Bump golang.org/x/tools from 0.3.0 to 0.4.0 (#2525)
Thanks for all contributors!
Details
date
March 16, 2023, 5:54 p.m.
name
v4.10.3
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Scorecard releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!