sonarcloud[bot]
commented
1 month ago 
Quality Gate passed
Issues
0 New issues
0 Accepted issues
Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code
This PR contains the following updates:
v4.3.4->v4.3.6e78eb21->5e9c881v3.25.13->v3.26.01.22.5->1.22.6v2.3.3->v2.4.0v3.5.0->v3.6.0Release Notes
actions/upload-artifact (actions/upload-artifact)
### [`v4.3.6`](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.5...v4.3.6) ### [`v4.3.5`](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5) [Compare Source](https://togithub.com/actions/upload-artifact/compare/v4.3.4...v4.3.5)github/codeql-action (github/codeql-action)
### [`v3.26.0`](https://togithub.com/github/codeql-action/compare/v3.25.15...v3.26.0) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.15...v3.26.0) ### [`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15) ### [`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14) [Compare Source](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)golang/go (go)
### [`v1.22.6`](https://togithub.com/golang/go/compare/go1.22.5...go1.22.6)ossf/scorecard-action (ossf/scorecard-action)
### [`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0) [Compare Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0) #### What's Changed This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the [v5.0.0 release notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation. - :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410) - :bug: lower license sarif alert threshold to 9 by [@spencerschrock](https://togithub.com/spencerschrock) in [https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411) ##### Documentation - docs: dogfooding badge by [@jkowalleck](https://togithub.com/jkowalleck) in [https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399) #### New Contributors - [@jkowalleck](https://togithub.com/jkowalleck) made their first contribution in [https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399) **Full Changelog**: https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0sigstore/cosign-installer (sigstore/cosign-installer)
### [`v3.6.0`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.6.0) [Compare Source](https://togithub.com/sigstore/cosign-installer/compare/v3.5.0...v3.6.0) #### What's Changed - Bump actions/checkout from 4.1.2 to 4.1.3 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/161](https://togithub.com/sigstore/cosign-installer/pull/161) - Bump actions/checkout from 4.1.3 to 4.1.4 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/162](https://togithub.com/sigstore/cosign-installer/pull/162) - Bump actions/setup-go from 5.0.0 to 5.0.1 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/163](https://togithub.com/sigstore/cosign-installer/pull/163) - Bump actions/checkout from 4.1.4 to 4.1.5 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/164](https://togithub.com/sigstore/cosign-installer/pull/164) - Bump actions/checkout from 4.1.5 to 4.1.6 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/165](https://togithub.com/sigstore/cosign-installer/pull/165) - Bump actions/checkout from 4.1.6 to 4.1.7 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/166](https://togithub.com/sigstore/cosign-installer/pull/166) - Bump actions/setup-go from 5.0.1 to 5.0.2 by [@dependabot](https://togithub.com/dependabot) in [https://github.com/sigstore/cosign-installer/pull/167](https://togithub.com/sigstore/cosign-installer/pull/167) - pin public key used for verification by [@bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/169](https://togithub.com/sigstore/cosign-installer/pull/169) - bump default version to v2.4.0 release by [@bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/168](https://togithub.com/sigstore/cosign-installer/pull/168) - update readme for new release by [@bobcallaway](https://togithub.com/bobcallaway) in [https://github.com/sigstore/cosign-installer/pull/170](https://togithub.com/sigstore/cosign-installer/pull/170) **Full Changelog**: https://github.com/sigstore/cosign-installer/compare/v3...v3.6.0Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.