chore(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3
Open
Number: #10
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: None
Comments: 0
dependabot[bot]Association: None
Comments: 0
Created:
October 01, 2025 at 04:41 AM UTC
(4 months ago)
(4 months ago)
Updated:
October 01, 2025 at 04:41 AM UTC
(4 months ago)
(4 months ago)
Labels:
dependencies github_actions
dependencies github_actions
Description:
Bumps ossf/scorecard-action from 2.4.0 to 2.4.3.
Release notes
Sourced from ossf/scorecard-action's releases.
v2.4.3
What's Changed
This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.
Documentation
- docs: clarify
GITHUB_TOKENpermissions needed for private repos by@pankajtaneja5in ossf/scorecard-action#1574- :book: Fix recommended command to test the image in development by
@deivid-rodriguezin ossf/scorecard-action#1583Other
- add missing top-level token permissions to workflows by
@timothykleein ossf/scorecard-action#1566- setup codeowners for requesting reviews by
@spencerschrockin ossf/scorecard-action#1576- :seedling: Improve printing options by
@deivid-rodriguezin ossf/scorecard-action#1584New Contributors
@timothykleemade their first contribution in ossf/scorecard-action#1566@pankajtaneja5made their first contribution in ossf/scorecard-action#1574@deivid-rodriguezmade their first contribution in ossf/scorecard-action#1584Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3
v2.4.2
What's Changed
This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.
Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2
v2.4.1
What's Changed
- This update bumps the Scorecard version to the v5.1.1 release. For a complete list of changes, please refer to the v5.1.0 and v5.1.1 release notes.
- Publishing results now uses half the API quota as before. The exact savings depends on the repository in question.
- use Scorecard library entrypoint instead of Cobra hooking by
@spencerschrockin ossf/scorecard-action#1423- Some errors were made into annotations to make them more visible
- Make default branch error more prominent by
@jsorefin ossf/scorecard-action#1459- There is now an optional
file_modeinput which controls how repository files are fetched from GitHub. The default isarchive, butgitproduces the most accurate results for repositories with.gitattributesfiles at the cost of analysis speed.
- add input for specifying
--file-modeby@spencerschrockin ossf/scorecard-action#1509- The underlying container for the action is now hosted on GitHub Container Registry. There should be no functional changes.
- :seedling: publish docker images to GitHub Container Registry by
@spencerschrockin ossf/scorecard-action#1453Docs
- Installation docs update by
@JeremiahAHowardin ossf/scorecard-action#1416New Contributors
@JeremiahAHowardmade their first contribution in ossf/scorecard-action#1416@jsorefmade their first contribution in ossf/scorecard-action#1459 Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1
Commits
4eaacf0bump docker to ghcr v2.4.3 (#1587)42e3a01:seedling: Bump the github-actions group with 3 updates (#1585)88c07ac:seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)6c690f2Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)92083b5:book: Fix recommended command to test the image in development (#1583)7975ea6:seedling: Bump the docker-images group across 1 directory with 2 updates (#1...0d1a743:seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)46e6e0c:seedling: Bump the github-actions group with 2 updates (#1580)c3f1350:seedling: Improve printing options (#1584)43e475b:seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
1
Files Changed:
1
1
Additions:
+1
+1
Deletions:
-1
-1
Package Dependencies
Technical Details
| ID: | 8929779 |
| UUID: | 2876835027 |
| Node ID: | PR_kwDOPxlfwc6reQTT |
| Host: | GitHub |
| Repository: | step-security/github-api-commit-action |
| Merge State: | Unknown |