Releases: ossf/scorecard-action
Releases · ossf/scorecard-action
v2.0.5
v2.0.5
This tag was signed with the committer’s verified signature.
naveensrinivasan
Naveen
What's Changed
- Remove trailing space from example by @jamacku in #955
- 🌱 Bump actions/cache from 3.0.8 to 3.0.10 by @dependabot in #956
- 🌱 Bump github/codeql-action from 2.1.25 to 2.1.26 by @dependabot in #957
- 🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 by @dependabot in #958
- 🌱 Bump debian from
5cf1d98tob46fc4eby @dependabot in #959 - 🌱 Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by @dependabot in #962
- 🌱 Upgrade to go 1.19 by @naveensrinivasan in #961
- 🌱 Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in #967
- 🌱 Bump golang from
c2a98a5tob850621by @dependabot in #966 - 🌱 Bump golang from
b850621to25de7b6by @dependabot in #968 - New release for Scorecard v4.8.0 by @naveensrinivasan in #969
New Contributors
Full Changelog: v2.0.4...v2.0.5
Contributors
naveensrinivasan, jamacku, and dependabot
Assets 2
v2.0.4
v2.0.4
This tag was signed with the committer’s verified signature.
naveensrinivasan
Naveen
Fixes #856
What's Changed
- 🌱 Bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 by @dependabot in #934
- feat: do not run signing on pull requests by @laurentsimon in #935
- 🌱 Bump debian from 11.4-slim to 11.5-slim by @dependabot in #936
- 🌱 Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 by @dependabot in #938
- 🌱 Bump github/codeql-action from 2.1.22 to 2.1.24 by @dependabot in #941
- 🐛 Restore behavior of ignoring scorecard runtime errors by @spencerschrock in #948
- 🌱 Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by @dependabot in #950
- 🌱 Bump github.com/sigstore/cosign from 1.12.0 to 1.12.1 by @dependabot in #947
- 🌱 Bump github/codeql-action from 2.1.24 to 2.1.25 by @dependabot in #949
- 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.1 by @dependabot in #942
- Create v2.0.4 patch by @spencerschrock in #952
New Contributors
- @spencerschrock made their first contribution in #948
Full Changelog: v2.0.3...v2.0.4
Contributors
spencerschrock, dependabot, and laurentsimon
Assets 2
v2.0.3
Patch for fix in #898
v2.0.2
Fixes #895
v2.0.1
Fix for #856
v2.0.0
v2.0.0
This tag was signed with the committer’s verified signature.
naveensrinivasan
Naveen
What's Changed
- 🌱 Prepare for a pre-release of the Golang action by @azeemshaikh38 in #750
- 🌱 Bump github/codeql-action from 2.1.12 to 2.1.16 by @dependabot in #751
- 🌱 Bump debian from 11.3-slim to 11.4-slim by @dependabot in #749
- 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 by @dependabot in #646
- 🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #748
- 🐛 Fix dependency conflicts in go.mod by @azeemshaikh38 in #771
- 🌱 Prepare for v2 beta1 release by @azeemshaikh38 in #766
- multi-repo-action: Note that tool is a work-in-progress by @naveensrinivasan in #776
- 🐛 Fix intermittent failures in CI-Tests by @azeemshaikh38 in #778
- 🌱 Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by @dependabot in #775
- 🌱 Bump actions/cache from 3.0.4 to 3.0.5 by @dependabot in #769
- 📖 Update README about the restrictions for scorecard-action:v2 by @azeemshaikh38 in #779
- 🌱 Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #783
- 📖 Update instructions for Scorecard badge to README by @azeemshaikh38 in #785
- 🌱 Bump debian from
f576b80toa811e62by @dependabot in #787 - 🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by @dependabot in #786
- 🌱 Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #788
- 🌱 Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in #789
- 🐛 Add request application/json request header by @azeemshaikh38 in #791
- Create a new release v2.0.0-alpha.1 by @azeemshaikh38 in #803
- 🌱 Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in #807
- Olivekl patch 1 by @olivekl in #809
- 🌱 Fix cosign vulnerability by @naveensrinivasan in #812
- 🌱 Allow for publish URL override by @azeemshaikh38 in #811
- 🌱 Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by @dependabot in #820
- 🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 by @dependabot in #808
- cmd/installer: Cleanups (2/n) by @justaugustus in #833
- Update comments to allow for renovatebot updates by @laurentsimon in #834
- 🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by @dependabot in #839
- 🌱 Update actions/checkout requirement to 2541b1294d2704b0964813337f33b291d3f8596b by @dependabot in #835
- 🌱 Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by @dependabot in #842
- 🌱 Bump github/codeql-action from 2.1.18 to 2.1.21 by @dependabot in #844
- 🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 by @dependabot in #843
- 🌱 Bump debian from
a811e62to68c1f6bby @dependabot in #840 - Fix workflow path in automatic creation of PR by @RadoslavGatev in #845
- 🌱 Bump actions/dependency-review-action from 310e0dd64f63b1d00101ecd3225d605a74261fb7 to 2.1.0 by @dependabot in #838
- 🌱 Bump actions/cache from 3.0.7 to 3.0.8 by @dependabot in #836
- 📖 Add docs for API by @azeemshaikh38 in #849
- 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 by @dependabot in #853
- 🌱 Included License by @naveensrinivasan in #852
- 🌱 Release v2.0.0 by @naveensrinivasan in #854
New Contributors
- @RadoslavGatev made their first contribution in #845
Full Changelog: v1.1.2...v2.0.0
Contributors
naveensrinivasan, justaugustus, and 5 other contributors
Assets 2
v2.0.0-alpha.2
Unblocks using OpenAPI/Swagger based API and adds more e2e tests
v2.0.0-alpha.1
Fixes issue where the right request headers weren't being set.
v2.0.0-beta.1
Scorecard Action's v2.0.0-beta.1 release. This is a beta release and might have few kinks that need ironing out. Accepting and appreciate feedback from our early adopters :)
- Golang based action replacing the bash action for more control and improved testing.
- Pilot the Scorecard badges feature.
- Pilot the Scorecard API.
