ossf/scorecard v4.10.3

on GitHub

Changelog

• 9ad9757 Increase recordings, switch API, and lower tolerance
• 8966abd Initial implementation of go-git client (#2720)
• 603263c 🐛 Fix typo in CITests runtime errors causing duplicate Code-Review checks. (#2756)
• c20ed9e 🌱 Update .github/workflows/goreleaser.yaml (#2755)
• 0b45c90 🌱 Bump step-security/harden-runner from 2.2.0 to 2.2.1 (#2753)
• 23bd295 🌱 Bump github/codeql-action from 2.2.4 to 2.2.6 (#2741)
• fc026ef 🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools (#2742)
• 2e04214 🌱 Bump tj-actions/changed-files from 35.6.2 to 35.7.0
• e36b590 🌱 Bump actions/cache from 3.3.0 to 3.3.1 (#2740)
• 6ff94eb 🐛 Handle editable pip installs (#2731)
• 110e352 ✨ Gitlab support: RepoClient (#2655)
• 5625dda 🌱 Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0 in /tools
• d591e38 🌱 Add RepoClient re-use E2E tests. (#2625)
• a7e81bb 🌱 Bump actions/cache from 3.2.6 to 3.3.0 (#2738)
• b5254fe 🌱 Bump tj-actions/changed-files from 35.6.1 to 35.6.2 (#2736)
• 2e6347f 🌱 Bump github.com/moby/buildkit from 0.10.3 to 0.11.4 (#2735)
• 170af75 🐛 Updates osv-scanner dependency to 1.2.0. (#2704)
• 5f13a66 Atomically load from accessState to avoid data race. (#2732)
• 0c090b3 🌱 Updated the coverage for tests (#2728)
• 0169c37 🌱 Setup cron for running as GitHub App (#2721)
• d708c6c 🌱 Bump tj-actions/changed-files from 35.5.4 to 35.6.1
• fb12a39 🌱 Bump github.com/google/ko in /tools
• 0bed3da 🌱 Bump github.com/jszwec/csvutil from 1.7.1 to 1.8.0 (#2698)
• 61866a0 🐛 Check OSS Fuzz build file for Fuzzing check (#2719)
• c06ac74 🌱 Removed failing tests (#2718)
• b8bc65f Add projects to cronjob (#2716)
• def5ead 📖 update bigquery docs in README (#2714)
• 36faeac Consider 'src/test' test directories (#2706)
• 846fb19 Refactor githubrepo CheckRun logic (#2710)
• 82a122b 🌱 Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
• c4bd0c5 ⚠️ Update date formats and fields to RFC3339 (#2712)
• 8add330 📖 Fix links. (#2703)
• 35a7dd5 🌱 Bump kubernetes-sigs/kubebuilder-release-tools
• c7e362d 🌱 Bump step-security/harden-runner from 2.1.0 to 2.2.0
• be8a437 🌱 Bump github.com/onsi/ginkgo/v2 from 2.8.1 to 2.8.3 in /tools (#2694)
• 034add1 🌱 Bump k8s.io/client-go from 0.18.8 to 0.20.0
• feb267a 🌱 Bump golang.org/x/net from 0.6.0 to 0.7.0 in /tools
• 78069d8 Consider ko-build/setup-ko as a packaging workflow (#2692)
• db6a26e 🌱 Bump actions/cache from 3.2.3 to 3.2.6
• 24b779f 🌱 Bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0 (#2615)
• 48813a3 🌱 Bump golang.org/x/net from 0.5.0 to 0.7.0 (#2680)
• d334409 Add Azure Devops as valid CI system (#2662)
• 047c014 🌱 Bump github/codeql-action from 2.2.3 to 2.2.4 (#2676)
• 5e6a521 🌱 Update deps for fixing GHSA-r48q-9g5r-8q2h (#2675)
• adb1ce3 🌱 add new github.com/intel repos (#2673)
• 603cd92 🌱 Bump github.com/onsi/ginkgo/v2 from 2.7.0 to 2.8.1 in /tools (#2660)
• 559b71b Invite @raghavkaul as maintainer (#2663)
• 353e2c6 🌱 Bump tj-actions/changed-files from 35.5.0 to 35.5.4 (#2674)
• c9f582b Limit integration tests to ones that work with the GITHUB_TOKEN. (#2672)
• 7876a13 🌱 Temporarily skip OSS-Fuzz e2e test. (#2671)
• 93900ac 🌱 Bump github/codeql-action from 2.2.0 to 2.2.3 (#2649)
• 8115756 🌱 Bump peter-evans/find-comment from 2.1.0 to 2.2.1 (#2641)
• ee8dd5d Image build pipeline (#2613)
• d331f8e Fix typo (add s to ') (#2638)
• ac008ec 🌱 Bump tj-actions/changed-files from 35.4.4 to 35.5.0 (#2635)
• 0f33c37 📖 Update docs on how to run and debug locally (#2587)
• 2ea140a ✨ Structured results for permissions (#2584)
• 4ebe521 🌱 Bump github/codeql-action from 2.1.39 to 2.2.0 (#2618)
• 1c6ab16 🌱 Bump github.com/go-git/go-git/v5 from 5.4.2 to 5.5.2 (#2600)
• e6a900d Handle Docker URLs for GitHub actions workflows (#2594)
• 3f372e9 🌱 Bump tj-actions/changed-files from 35.4.1 to 35.4.4
• 99398db 🌱 Bump github/codeql-action from 2.1.38 to 2.1.39 (#2607)
• 9385905 Revert "perf.: run integration tests only on approved PRs (#2609)" (#2612)
• f25d010 🌱 Bump github.com/google/addlicense in /tools (#2608)
• a29182d perf.: run integration tests only on approved PRs (#2609)
• 6112c07 🌱 Bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 (#2539)
• f1ca6d7 🌱 Bump actions/cache from 3.0.11 to 3.2.3 (#2599)
• 9c49fbf 🌱 Bump step-security/harden-runner from 2.0.0 to 2.1.0 (#2604)
• 1b5bdb4 🌱 Bump actions/upload-artifact from 3.1.1 to 3.1.2 (#2601)
• 67daacc 🌱 Bump tj-actions/changed-files from 35.2.0 to 35.4.1 (#2598)
• fc299e3 🌱 Bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#2585)
• 2704fc5 🌱 Bump github.com/xanzy/go-gitlab from 0.77.0 to 0.78.0 (#2591)
• 4a9c774 🌱 Bump github/codeql-action from 2.1.36 to 2.1.38 (#2597)
• 811bf75 Add correct contact to CODE_OF_CONDUCT.md (#2508)
• 47be523 🐛 Retain tag when remediating unpinned docker images. (#2595)
• b30bc79 🌱 Bump golang.org/x/tools from 0.4.0 to 0.5.0 (#2592)
• 3e4dca5 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2586)
• 75adffe 🌱 Bump github.com/onsi/gomega from 1.24.1 to 1.24.2 (#2562)
• 63ffde8 🌱 Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 (#2590)
• bf516e1 🐛 Use leveled scoring for Code Review check (#2542)
• ed9576c Update name of Branch Protection Rule (#2589)
• 6ded57e 🌱 Bump github.com/onsi/ginkgo/v2 from 2.5.1 to 2.7.0 in /tools (#2588)
• 78d0903 🌱 Bump github.com/goreleaser/goreleaser in /tools (#2573)
• be695d1 🐛 Add wasm files as binary artifacts (#2548)
• a2bc29a 🌱 Bump actions/checkout from 3.2.0 to 3.3.0 (#2583)
• 1d15e9c classic personal access tokens required (#2565)
• 7c0edac 🌱 Bump nick-invision/retry from 2.8.2 to 2.8.3 (#2576)
• 6ff06a3 🌱 Bump actions/setup-go from 3.3.1 to 3.5.0 (#2575)
• 72d4e98 🌱 Bump tj-actions/changed-files from 35.1.0 to 35.2.0 (#2574)
• cf3a43f 🌱 Bump ossf/scorecard-action from 2.1.1 to 2.1.2 (#2570)
• 4d5cbb4 🐛 Fix Renovate bot typo (#2569)
• 90cdd98 Disable scorecard on PRs (#2571)
• 6bf19d5 🌱 Switch from paths-ignore to changed-files action to skip required checks. (#2566)
• c6d7680 🌱 Bump github.com/xanzy/go-gitlab from 0.76.0 to 0.77.0 (#2563)
• 7e64b36 🌱 Bump golang.org/x/tools from 0.3.0 to 0.4.0 (#2525)

Thanks for all contributors!