Sourced from ossf/scorecard-action's\r\nreleases.
\r\n\r\n\r\nv2.4.0
\r\nWhat's Changed
\r\nThis update bumps the Scorecard version to the v5 release. For a\r\ncomplete list of changes, please refer to the v5.0.0\r\nrelease notes. Of special note to Scorecard Action is the Maintainer\r\nAnnotation feature, which can be used to suppress some Code Scanning\r\nfalse positives. Alerts will not be generated for any Scorecard Check\r\nwith an annotation.
\r\n\r\n
\r\n- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0 by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1410- :bug: lower license sarif alert threshold to 9 by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1411Documentation
\r\n\r\n
\r\n- docs: dogfooding badge by
\r\n@jkowalleck
in ossf/scorecard-action#1399New Contributors
\r\n\r\n
\r\n- \r\n
@jkowalleck
made\r\ntheir first contribution in ossf/scorecard-action#1399Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0
\r\n
62b2cac
\r\nbump docker tag to v2.4.0 for release (#1414)c09630c
\r\nlower license score alert threshold to 9 (#1411)cf8594c
\r\n:seedling: Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)de5fcb9
\r\n:seedling: Bump the github-actions group with 2 updates (#1412)a46b90b
\r\nbump scorecard to v5.0.0 release (#1410)9fc518d
\r\n:seedling: Bump golang in the docker-images group (#1407)a8eaa1b
\r\n:seedling: Bump the github-actions group with 2 updates (#1408)873d5fd
\r\n:seedling: Bump the github-actions group across 1 directory with 2\r\nupdates (#...54cc1fe
\r\n:seedling: Bump the docker-images group with 2 updates (#1401)82bcb91
\r\n:seedling: Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)Sourced from actions/checkout's\r\nreleases.
\r\n\r\n\r\nv4.1.7
\r\nWhat's Changed
\r\n\r\n
\r\n- Bump the minor-npm-dependencies group across 1 directory with 4\r\nupdates by
\r\n@dependabot
in actions/checkout#1739- Bump actions/checkout from 3 to 4 by
\r\n@dependabot
in actions/checkout#1697- Check out other refs/* by commit by
\r\n@orhantoy
in actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable\r\nversion. by
\r\n@jww3
in\r\nactions/checkout#1776New Contributors
\r\n\r\n
\r\n- \r\n
@orhantoy
\r\nmade their first contribution in actions/checkout#1774Full Changelog: https://github.com/actions/checkout/compare/v4.1.6...v4.1.7
\r\n
Sourced from actions/checkout's\r\nchangelog.
\r\n\r\n\r\nChangelog
\r\nv4.1.7
\r\n\r\n
\r\n- Bump the minor-npm-dependencies group across 1 directory with 4\r\nupdates by
\r\n@dependabot
in actions/checkout#1739- Bump actions/checkout from 3 to 4 by
\r\n@dependabot
in actions/checkout#1697- Check out other refs/* by commit by
\r\n@orhantoy
in actions/checkout#1774- Pin actions/checkout's own workflows to a known, good, stable\r\nversion. by
\r\n@jww3
in\r\nactions/checkout#1776v4.1.6
\r\n\r\n
\r\n- Check platform to set archive extension appropriately by
\r\n@cory-miller
in\r\nactions/checkout#1732v4.1.5
\r\n\r\n
\r\n- Update NPM dependencies by
\r\n@cory-miller
in\r\nactions/checkout#1703- Bump github/codeql-action from 2 to 3 by
\r\n@dependabot
in actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
\r\n@dependabot
in actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
\r\n@dependabot
in actions/checkout#1695- README: Suggest
\r\nuser.email
to be\r\n41898282+github-actions[bot]@users.noreply.github.com
by@cory-miller
in\r\nactions/checkout#1707v4.1.4
\r\n\r\n
\r\n- Disable
\r\nextensions.worktreeConfig
when disabling\r\nsparse-checkout
by@jww3
in actions/checkout#1692- Add dependabot config by
\r\n@cory-miller
in\r\nactions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
\r\n@dependabot
in actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
\r\n@dependabot
in actions/checkout#1643v4.1.3
\r\n\r\n
\r\n- Check git version before attempting to disable\r\n
\r\nsparse-checkout
by@jww3
in actions/checkout#1656- Add SSH user parameter by
\r\n@cory-miller
in\r\nactions/checkout#1685- Update
\r\nactions/checkout
version in\r\nupdate-main-version.yml
by@jww3
in actions/checkout#1650v4.1.2
\r\n\r\n
\r\n- Fix: Disable sparse checkout whenever
\r\nsparse-checkout
\r\noption is not present@dscho
in actions/checkout#1598v4.1.1
\r\n\r\n
\r\n- Correct link to GitHub Docs by
\r\n@peterbe
in actions/checkout#1511- Link to release page from what's new section by
\r\n@cory-miller
in\r\nactions/checkout#1514v4.1.0
\r\n\r\nv4.0.0
\r\n\r\nv3.6.0
\r\n\r\n
\r\n- Fix: Mark\r\ntest scripts with Bash'isms to be run via Bash
\r\n- Add\r\noption to fetch tags even if fetch-depth > 0
\r\nv3.5.3
\r\n\r\n\r\n
... (truncated)
\r\n692973e
\r\nPrepare 4.1.7 release (#1775)6ccd57f
\r\nPin actions/checkout's own workflows to a known, good, stable version.\r\n(#1776)b17fe1e
\r\nHandle hidden refs (#1774)b80ff79
\r\nBump actions/checkout from 3 to 4 (#1697)b1ec302
\r\nBump the minor-npm-dependencies group across 1 directory with 4 updates\r\n(#1739)Sourced from actions/checkout's\r\nreleases.
\r\n\r\n\r\nv4.1.6
\r\nWhat's Changed
\r\n\r\n
\r\n- Check platform to set archive extension appropriately by
\r\n@cory-miller
in\r\nactions/checkout#1732- Update for 4.1.6 release by
\r\n@cory-miller
in\r\nactions/checkout#1733Full Changelog: https://github.com/actions/checkout/compare/v4.1.5...v4.1.6
\r\n
Sourced from actions/checkout's\r\nchangelog.
\r\n\r\n\r\nChangelog
\r\nv4.1.6
\r\n\r\n
\r\n- Check platform to set archive extension appropriately by
\r\n@cory-miller
in\r\nactions/checkout#1732v4.1.5
\r\n\r\n
\r\n- Update NPM dependencies by
\r\n@cory-miller
in\r\nactions/checkout#1703- Bump github/codeql-action from 2 to 3 by
\r\n@dependabot
in actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
\r\n@dependabot
in actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
\r\n@dependabot
in actions/checkout#1695- README: Suggest
\r\nuser.email
to be\r\n41898282+github-actions[bot]@users.noreply.github.com
by@cory-miller
in\r\nactions/checkout#1707v4.1.4
\r\n\r\n
\r\n- Disable
\r\nextensions.worktreeConfig
when disabling\r\nsparse-checkout
by@jww3
in actions/checkout#1692- Add dependabot config by
\r\n@cory-miller
in\r\nactions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
\r\n@dependabot
in actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
\r\n@dependabot
in actions/checkout#1643v4.1.3
\r\n\r\n
\r\n- Check git version before attempting to disable\r\n
\r\nsparse-checkout
by@jww3
in actions/checkout#1656- Add SSH user parameter by
\r\n@cory-miller
in\r\nactions/checkout#1685- Update
\r\nactions/checkout
version in\r\nupdate-main-version.yml
by@jww3
in actions/checkout#1650v4.1.2
\r\n\r\n
\r\n- Fix: Disable sparse checkout whenever
\r\nsparse-checkout
\r\noption is not present@dscho
in actions/checkout#1598v4.1.1
\r\n\r\n
\r\n- Correct link to GitHub Docs by
\r\n@peterbe
in actions/checkout#1511- Link to release page from what's new section by
\r\n@cory-miller
in\r\nactions/checkout#1514v4.1.0
\r\n\r\nv4.0.0
\r\n\r\nv3.6.0
\r\n\r\n
\r\n- Fix: Mark\r\ntest scripts with Bash'isms to be run via Bash
\r\n- Add\r\noption to fetch tags even if fetch-depth > 0
\r\nv3.5.3
\r\n\r\n
\r\n- Fix:\r\nCheckout fail in self-hosted runners when faulty submodule are\r\nchecked-in
\r\n- Fix\r\ntypos found by codespell
\r\n- Add\r\nsupport for sparse checkouts
\r\nv3.5.2
\r\n\r\n
\r\n- Fix\r\napi endpoint for GHES
\r\nv3.5.1
\r\n\r\n
... (truncated)
\r\na5ac7e5
\r\nUpdate for 4.1.6 release (#1733)24ed1a3
\r\nCheck platform for extension (#1732)Sourced from actions/checkout's\r\nreleases.
\r\n\r\n\r\nv4.1.5
\r\nWhat's Changed
\r\n\r\n
\r\n- Update NPM dependencies by
\r\n@cory-miller
in\r\nactions/checkout#1703- Bump github/codeql-action from 2 to 3 by
\r\n@dependabot
in actions/checkout#1694- Bump actions/setup-node from 1 to 4 by
\r\n@dependabot
in actions/checkout#1696- Bump actions/upload-artifact from 2 to 4 by
\r\n@dependabot
in actions/checkout#1695- README: Suggest
\r\nuser.email
to be\r\n41898282+github-actions[bot]@users.noreply.github.com
by@cory-miller
in\r\nactions/checkout#1707Full Changelog: https://github.com/actions/checkout/compare/v4.1.4...v4.1.5
\r\n
44c2b7a
\r\nREADME: Suggest user.email
to be\r\n`41898282+github-actions[bot]@users
.norepl...8459bc0
\r\nBump actions/upload-artifact from 2 to 4 (#1695)3f603f6
\r\nBump actions/setup-node from 1 to 4 (#1696)fd084cd
\r\nBump github/codeql-action from 2 to 3 (#1694)9c1e94e
\r\nUpdate NPM dependencies (#1703)Sourced from ossf/scorecard-action's\r\nreleases.
\r\n\r\n\r\nv2.3.3
\r\n\r\n\r\n[!NOTE]
\r\n
\r\nThere is no v2.3.2 release as a step was skipped in the release process.\r\nThis was fixed and re-released under the v2.3.3 tagWhat's Changed
\r\n\r\n
\r\n- :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to\r\ngithub.com/ossf/scorecard/v5 (v5.0.0-rc1) by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1366- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to\r\nv5.0.0-rc2 by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1374- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0.20240509182734-7ce860946928 by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1377For a full changelist of what these include, see the v5.0.0-rc1\r\nand v5.0.0-rc2\r\nrelease notes.
\r\nDocumentation
\r\n\r\n
\r\n- :book: Move token discussion out of main README. by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1279- :book: link to
\r\nossf/scorecard
workflow instead of\r\nmaintaining an example by@spencerschrock
\r\nin ossf/scorecard-action#1352- :book: update api links to new scorecard.dev site by
\r\n@spencerschrock
\r\nin ossf/scorecard-action#1376Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3
\r\n
dc50aa9
\r\n:seedling: Bump docker tag for v2.3.3 release (#1368)8ff5700
\r\n:seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to\r\nv5.0.0-rc2.0....8ba5e73
\r\nupdate api links to new scorecard.dev site (#1376)92ddde3
\r\nBump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)6c55905
\r\n:seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)09bb953
\r\n:seedling: Bump distroless/base in the docker-images group (#1372)1511e13
\r\n:seedling: Bump the github-actions group across 1 directory with 6\r\nupdates (#...df66cd8
\r\n:seedling: Bump the docker-images group with 2 updates (#1370)fad9a3c
\r\n:seedling: Bump distroless/base in the docker-images group (#1364)1e01a30
\r\n:seedling: Bump the github-actions group with 3 updates (#1365)Sourced from actions/checkout's\r\nreleases.
\r\n\r\n\r\nv4.1.4
\r\nWhat's Changed
\r\n\r\n
\r\n- Disable
\r\nextensions.worktreeConfig
when disabling\r\nsparse-checkout
by@jww3
in actions/checkout#1692- Add dependabot config by
\r\n@cory-miller
in\r\nactions/checkout#1688- Bump word-wrap from 1.2.3 to 1.2.5 by
\r\n@dependabot
in actions/checkout#1643- Bump the minor-actions-dependencies group with 2 updates by
\r\n@dependabot
in actions/checkout#1693Full Changelog: https://github.com/actions/checkout/compare/v4.1.3...v4.1.4
\r\n
Sourced from actions/checkout's\r\nchangelog.
\r\n\r\n\r\nChangelog
\r\nv4.1.4
\r\n\r\n
\r\n- Disable
\r\nextensions.worktreeConfig
when disabling\r\nsparse-checkout
by@jww3
in actions/checkout#1692- Add dependabot config by
\r\n@cory-miller
in\r\nactions/checkout#1688- Bump the minor-actions-dependencies group with 2 updates by
\r\n@dependabot
in actions/checkout#1693- Bump word-wrap from 1.2.3 to 1.2.5 by
\r\n@dependabot
in actions/checkout#1643v4.1.3
\r\n\r\n
\r\n- Check git version before attempting to disable\r\n
\r\nsparse-checkout
by@jww3
in actions/checkout#1656- Add SSH user parameter by
\r\n@cory-miller
in\r\nactions/checkout#1685- Update
\r\nactions/checkout
version in\r\nupdate-main-version.yml
by@jww3
in actions/checkout#1650v4.1.2
\r\n\r\n
\r\n- Fix: Disable sparse checkout whenever
\r\nsparse-checkout
\r\noption is not present@dscho
in actions/checkout#1598v4.1.1
\r\n\r\n
\r\n- Correct link to GitHub Docs by
\r\n@peterbe
in actions/checkout#1511- Link to release page from what's new section by
\r\n@cory-miller
in\r\nactions/checkout#1514v4.1.0
\r\n\r\nv4.0.0
\r\n\r\nv3.6.0
\r\n\r\n
\r\n- Fix: Mark\r\ntest scripts with Bash'isms to be run via Bash
\r\n- Add\r\noption to fetch tags even if fetch-depth > 0
\r\nv3.5.3
\r\n\r\n
\r\n- Fix:\r\nCheckout fail in self-hosted runners when faulty submodule are\r\nchecked-in
\r\n- Fix\r\ntypos found by codespell
\r\n- Add\r\nsupport for sparse checkouts
\r\nv3.5.2
\r\n\r\n
\r\n- Fix\r\napi endpoint for GHES
\r\nv3.5.1
\r\n\r\n
\r\n- Fix\r\nslow checkout on Windows
\r\nv3.5.0
\r\n\r\nv3.4.0
\r\n\r\n\r\n
... (truncated)
\r\n0ad4b8f
\r\nPrep Release v4.1.4 (#1704)43045ae
\r\nDisable extensions.worktreeConfig
when disabling\r\nsparse-checkout
(#1692)37b0821
\r\nBump the minor-actions-dependencies group with 2 updates (#1693)9839dc1
\r\nAdd dependabot config (#1688)9b4c13b
\r\nBump word-wrap from 1.2.3 to 1.2.5 (#1643)