Scorecard - v4.3.0

Changelog

  • 6406cfd :seedling: Bump actions/setup-go from 3.0.0 to 3.1.0
  • 236b296 Do not fail on empty repositories (#1914)
  • b1ab7eb ✨ Update raw format for Dangerous workflows (#1865)
  • cd04704 :book: Fixes description for webhook check (#1882)
  • 0275a94 :warn: Remove the old Details field from CheckResult (#1906)
  • b9f333b :warning: Remove the pass from the CheckResult
  • f048164 :seedling: Bump github.com/caarlos0/env/v6 from 6.9.1 to 6.9.2
  • 74f521f :seedling: Bump mvdan.cc/sh/v3 from 3.4.3 to 3.5.0
  • 2b35afc :seedling: Bump github.com/golangci/golangci-lint in /tools
  • 0f30f4e ✨ Make permission check aware of GH Pages Action (#1902)
  • 2fc6fbb :seedling: Bump cloud.google.com/go/bigquery from 1.31.0 to 1.32.0
  • 804127f Upgrade to buildkit 0.10.3
  • c5d787a pkg: refactor out scorecard_version
  • 62e3de5 🐛 Remove Options that belong to the Action (#1898)
  • 7ff4b7e :warning: Removing the confidence field from CheckResult struct (#1896)
  • 6d79817 :book: Fix command Usage (#1814)
  • 815de18 :book: Remove erroneous ref to CSV output (#1813)
  • 5758364 Fix bug in Scorecard tag Docker image creation (#1890)
  • 8c97d46 ✨ Add custom remediation for workflow permissions/pinned dependencies (#1885)
  • 22694dc Support commits reviewed through Piper (#1889)
  • 9a7d030 :sparkles: Added additional github repositories in projects.csv (#1886)
  • 72086c9 ✨ Add support for Phabricator as a code review system (#1884)
  • f779fb8 :seedling: Bump cloud.google.com/go/pubsub from 1.21.0 to 1.21.1
  • 74ea0f4 🐛 Fix .lib false positives in binary artifacts (#1879)
  • 2cb6541 :warning: Removing the pass field from result (#1853)
  • 875b6f6 🐛 Ignore shell parsing errors when reporting results (#1878)
  • e97bf30 :seedling: Bump step-security/harden-runner from 1.4.2 to 1.4.3
  • 815de5c Propagate error in log (#1875)
  • 2b68f38 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4
  • 3a9f011 :seedling: Bump github.com/google/go-cmp from 0.5.7 to 0.5.8
  • a598b2a :seedling: Bump cloud.google.com/go/pubsub from 1.20.0 to 1.21.0
  • ac14ce7 :seedling: Bump github.com/onsi/ginkgo/v2 from 2.1.3 to 2.1.4 in /tools
  • 05d8c01 🐛 Don't look for secrets in pull_request (#1864)
  • b304306 ✨ Add token needed for checks in README (#1854)
  • ac88460 ✨ Raw results for best practices badge (#1795)
  • fe6e091 ✨ Support for detecting choco installer without required hash (#1810)
  • 5d8a277 :seedling: Bump crazy-max/ghaction-import-gpg from 4.3.0 to 4.4.0
  • dbaba8a :seedling: Bump step-security/harden-runner from 1.4.1 to 1.4.2

Thanks for all contributors!

Details

date
May 23, 2022, 4:52 p.m.
name
v4.3.0
type
Minor
official page
https://github.com/ossf/scorecard/releases/tag/v4.3.0
👇
Register or login to:
  • 🔍View and search all Scorecard releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or