search

brave / omaha

Omaha for brave-browser
Apache License 2.0
20 stars 19 forks source link

Update ossf/scorecard-action action to v2.3.3 #81

Closed renovate[bot] closed 5 months ago

renovate[bot] commented 5 months ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
ossf/scorecard-action action patch v2.3.1 -> v2.3.3

Release Notes

ossf/scorecard-action (ossf/scorecard-action) ### [`v2.3.3`](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.2...v2.3.3) ### [`v2.3.2`](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.1...v2.3.2)

Configuration

πŸ“… Schedule: Branch creation - " 0-4 * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

github-actions[bot] commented 5 months ago

[puLL-Merge] - ossf/scorecard-action@v2.3.1..v2.3.3

Description

This PR updates various dependencies in the scorecard-action repo, including bumping scorecard to v5.0.0-rc2 and updating to more recent versions of several GitHub Actions. It also updates the README with new information about authentication and removes references to "classic" PATs.

Changes ### Changes - `.github/workflows/*`: Updated to newer versions of various GitHub Actions. - `Dockerfile`: Updated base Go image to 1.22.2 and distroless base image to a newer version. - `Makefile`: Updated LDFLAGS to reference scorecard v5.0.0-rc2. - `README.md`: - Added section on authentication with fine-grained PAT and removed section on "classic" PATs. - Updated URLs to use scorecard.dev domain instead of securityscorecards.dev. - Replaced full workflow example with reference to the one in ossf/scorecard repo. - `action.yaml`: Updated default publish URL to scorecard.dev and bumped scorecard-action version to v2.3.3. - `docs/authentication/`: Added docs for fine-grained PAT auth and classic PAT. - `entrypoint/entrypoint.go`: Updated import paths for scorecard v5. - `go.mod` and `go.sum`: Updated dependencies, notably bumping scorecard to v5.0.0-rc2. - `options/*.go`: Updated import paths for scorecard v5.

Possible Issues

Changing the versions of dependencies, especially a major version bump of scorecard, could potentially introduce incompatibilities or behavior changes. Thorough testing of the action with these updates is recommended before merging.

The removal of information about "classic" PATs from the README could be confusing for users who are still using that authentication method. Consider keeping that information somewhere, even if de-emphasized.