Skip to content

build(deps): Bump ossf/scorecard-action from ff5dd8929f96a8a4dc67d13f32b8c75057829621 to 62b2cac7ed8198b15735ed49ab1e5cf35480ba46#169

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ossf/scorecard-action-2.4.3
Open

build(deps): Bump ossf/scorecard-action from ff5dd8929f96a8a4dc67d13f32b8c75057829621 to 62b2cac7ed8198b15735ed49ab1e5cf35480ba46#169
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/ossf/scorecard-action-2.4.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 19, 2026
edited
Loading

Bumps ossf/scorecard-action from ff5dd8929f96a8a4dc67d13f32b8c75057829621 to 62b2cac7ed8198b15735ed49ab1e5cf35480ba46.

Changelog

Sourced from ossf/scorecard-action's changelog.

Releasing the scorecard GitHub Action

This is a draft document to describe the release process for the scorecard GitHub Action.

(If there are improvements you'd like to see, please comment on the tracking issue or issue a pull request to discuss.)

Tracking

As the first task, a Release Manager should open a tracking issue for the release.

We don't currently have a template for releasing, but the following issue is a good example to draw inspiration from.

We're not striving for perfection with the template, but the tracking issue will serve as a reference point to aggregate feedback, so try your best to be as descriptive as possible.

Preparing the release

This section covers changes that need to be issued as a pull request and should be merged before releasing the scorecard GitHub Action.

Validate the Action

Manually run the workflow scorecards.yml and verify that the run succeeds.

Update the scorecard-action version

NOTE: we have a chicken-and-egg problem where the commit to be used for the release needs to have the image tag that only gets created after the commit is pushed. We workaround that by pre-selecting and referencing the image tag instead of the SHA which isn't ideal but workable.

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Dependency update or review github_actions Pull requests that update GitHub Actions code labels May 19, 2026
@dependabot dependabot Bot requested a review from ErenAri as a code owner May 19, 2026 22:27
@dependabot dependabot Bot added dependencies Dependency update or review github_actions Pull requests that update GitHub Actions code labels May 19, 2026
@dependabot
build(deps): Bump ossf/scorecard-action
38840f0 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from ff5dd8929f96a8a4dc67d13f32b8c75057829621 to 62b2cac7ed8198b15735ed49ab1e5cf35480ba46.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@ff5dd89...62b2cac)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.3 build(deps): Bump ossf/scorecard-action from ff5dd8929f96a8a4dc67d13f32b8c75057829621 to 62b2cac7ed8198b15735ed49ab1e5cf35480ba46 May 24, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/ossf/scorecard-action-2.4.3 branch from a1c37a3 to 38840f0 Compare May 24, 2026 17:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ErenAri ErenAri Awaiting requested review from ErenAri ErenAri is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Dependency update or review github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants