From f9fd65213c4e9b7a60a3bce3a5444e82fb8d0bb7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 May 2024 05:57:50 +0000 Subject: [PATCH] Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (flutter/engine#52799) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.3.1&new-version=2.3.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
--- engine/src/flutter/.github/workflows/scorecards-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/engine/src/flutter/.github/workflows/scorecards-analysis.yml b/engine/src/flutter/.github/workflows/scorecards-analysis.yml index d8b03e9e4e1..f0b99c68515 100644 --- a/engine/src/flutter/.github/workflows/scorecards-analysis.yml +++ b/engine/src/flutter/.github/workflows/scorecards-analysis.yml @@ -26,7 +26,7 @@ jobs: with: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 with: results_file: results.sarif results_format: sarif