Scorecard - v4.5.0

Changelog

  • 69eb1cc Fix a bug in cron API data exporting (#2112)
  • 89163cc :seedling: Bump google.golang.org/protobuf from 1.28.0 to 1.28.1
  • 6813ed1 :seedling: Bump google.golang.org/protobuf in /tools (#2110)
  • 1e0e44a 🐛 Bug fixing: recurring results of the scorecard fuzzing check for go built-in fuzzers (#2101)
  • 8118e5d :seedling: Bump golang.org/x/tools from 0.1.11 to 0.1.12
  • 384c79d :seedling: Bump actions/stale from 5.1.0 to 5.1.1 (#2106)
  • 5fa7596 Scorecard runs fail with any unrecognized steps (#2103)
  • d7cb711 Fix bug in Scorecard analysis CI (#2099)
  • c581062 Enable Scorecard badge (#2097)
  • 4f30e02 :seedling: Bump sigstore/cosign-installer from 2.4.1 to 2.5.0
  • baedf84 :seedling: Bump imjasonh/setup-ko from 0.4 to 0.5 (#2096)
  • 93a0206 📖 Minor typos and copy-editing to checks/write.md (#2071)
  • 66708ba ✨ Feature: Dependency-diff ecosystem naming convention mapping (GitHub -> OSV) (#2088)
  • 8f96d6b :seedling: Bump crazy-max/ghaction-import-gpg from 5.0.0 to 5.1.0 (#2091)
  • d77f59f :seedling: Bump sigstore/cosign-installer from 1.2.1 to 2.4.1 (#2021)
  • b945eb3 :seedling: Bump cloud.google.com/go/bigquery from 1.35.0 to 1.36.0
  • 96835aa :seedling: Bump actions/stale from 5.0.0 to 5.1.0
  • 1e3f325 :seedling: Bump cloud.google.com/go/pubsub from 1.23.1 to 1.24.0
  • e23ee84 ✨ Export Scorecards results for API (#2081)
  • 30e3f64 ✨ Feature: Dependency-diff API optimize: var re-naming, removing unused JSON tags (#2090)
  • 0e4f5db remove not used workflow (#2089)
  • 7737dbd :seedling: Bump github.com/google/go-containerregistry
  • c15a2e6 :seedling: Bump github.com/onsi/gomega from 1.19.0 to 1.20.0
  • 7c91203 :seedling: Naveen Company updated. (#2082)
  • 096cbd0 ✨ Use crane to add hash suggestion to unpinned Docker images (#2037)
  • a905d66 fix: invalid documentation link (#2073)
  • 4bd1692 🐛 Bug fixing: Using the wrong URI to initialize the repo in Dependencydiff (#2072)
  • 10681da ✨ Feature DependencyDiff (Version 0 Part 2) (#2046)
  • dd8fbc0 ✨ Binary artifact exception for gradle-wrapper.jar when using validation action (#2039)
  • f1b182a :seedling: Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#1998)
  • 4394ac9 :seedling: Bump github.com/bradleyfalzon/ghinstallation/v2
  • 59c06f0 :seedling: Bump ossf/scorecard-action from 1.1.0 to 1.1.2
  • a3de23c :seedling: Bump github.com/google/go-containerregistry (#2003)
  • 7c9bb1c :seedling: Bump distroless/base from d65ac1a to e672eb7 (#1994)
  • 838f62f ✨ Add raw results for Token-Permissions (#1912)
  • 2b8c7b4 :seedling: Bump github.com/jszwec/csvutil from 1.7.0 to 1.7.1 (#2013)
  • e1c3ab0 :seedling: Bump cloud.google.com/go/bigquery from 1.34.1 to 1.35.0 (#2034)
  • 4ff5b2b :seedling: Bump actions/cache from 3.0.4 to 3.0.5 (#2049)
  • 287ee7d :seedling: Bump actions/dependency-review-action from 2.0.2 to 2.0.4 (#2054)
  • f61ed37 🌱 Adjust 'exhaustive' linter to consider 'default' as exhaustive (#2044)
  • 5d9d75b :seedling: Bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 (#2035)
  • 6b8cfb2 :seedling: Bump golang.org/x/tools from 0.1.10 to 0.1.11 (#1993)
  • 220c49d :seedling: Bump actions/setup-go from 3.2.0 to 3.2.1 (#2040)
  • 63e40ae Add a number of new projects to scan. (#2043)
  • 0af8781 1 (#2031)
  • dd780a5 ✨ Feature DependencyDiff CLI (Version 0 Part 1) (#2030)
  • e608741 :seedling: Bump step-security/harden-runner from 1.4.3 to 1.4.4
  • 90ed090 🌱 Build/test fixes: Install protoc and protoc-gen-go (#2038)
  • 9fecf63 :seedling: Bump github.com/rhysd/actionlint from 1.6.13 to 1.6.15 (#2012)
  • 48291a3 Use the proper repo for lombok. (#2029)
  • f3e21fa :seedling: Bump actions/cache from 3.0.3 to 3.0.4 (#1988)
  • f1dfbcb :seedling: Bump actions/dependency-review-action from 1.0.2 to 2.0.2
  • 6a84f97 :seedling: Bump cloud.google.com/go/bigquery from 1.32.0 to 1.34.1 (#2006)
  • bc12ba6 :seedling: Workaround for Protoc failures in GH Actions (#2025)
  • 3430f78 small fixes (#2015)
  • e7faa8f Fix broken link (#2004)
  • 445d7ba Fix bug in docker run scorecard version (#1991)
  • 2fb4093 :seedling: Bump cloud.google.com/go/pubsub from 1.21.1 to 1.23.1 (#2014)
  • 3957460 update (#2011)
  • 6a032a3 ✨ Check for Mach-O binaries in Binary Artifacts (#2000)

Thanks for all contributors!

Details

date
Aug. 2, 2022, 7:18 p.m.
name
v4.5.0
type
Minor
official page
https://github.com/ossf/scorecard/releases/tag/v4.5.0
👇
Register or login to:
  • 🔍View and search all Scorecard releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or