Skip to content

Bump ossf/scorecard-action from 2.4.1 to 2.4.3#242

Merged
DefinetlyNotAI merged 1 commit into
mainfrom
dependabot/github_actions/ossf/scorecard-action-2.4.3
Jan 17, 2026
Merged

Bump ossf/scorecard-action from 2.4.1 to 2.4.3#242
DefinetlyNotAI merged 1 commit into
mainfrom
dependabot/github_actions/ossf/scorecard-action-2.4.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jan 17, 2026

Copy link
Copy Markdown
Contributor

Bumps ossf/scorecard-action from 2.4.1 to 2.4.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

Other

New Contributors

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

v2.4.2

What's Changed

This update bumps the Scorecard version to the v5.2.1 release. For a complete list of changes, please refer to the Scorecard v5.2.0 and v5.2.1 release notes.

Full Changelog: ossf/scorecard-action@v2.4.1...v2.4.2

Commits
  • 4eaacf0 bump docker to ghcr v2.4.3 (#1587)
  • 42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
  • 88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
  • 6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
  • 92083b5 📖 Fix recommended command to test the image in development (#1583)
  • 7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
  • 0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
  • 46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
  • c3f1350 🌱 Improve printing options (#1584)
  • 43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump ossf/scorecard-action from 2.4.1 to 2.4.3
c5c2d13 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.1 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@f49aabe...4eaacf0)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added type/Dependencies Pull requests that update a dependency file type/Github Actions Pull requests that update GitHub Actions code labels Jan 17, 2026
@dependabot dependabot Bot requested a review from DefinetlyNotAI as a code owner January 17, 2026 08:09
@dependabot dependabot Bot added type/Dependencies Pull requests that update a dependency file type/Github Actions Pull requests that update GitHub Actions code labels Jan 17, 2026
@pull-request-size pull-request-size Bot added the size/XS Extra Small size pr label Jan 17, 2026
@coderabbitai

coderabbitai Bot commented Jan 17, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@DefinetlyNotAI DefinetlyNotAI self-assigned this Jan 17, 2026
@github-project-automation github-project-automation Bot moved this from Todo to Waiting on Review in Issue Board Jan 17, 2026
@DefinetlyNotAI DefinetlyNotAI merged commit b57cb8a into main Jan 17, 2026
10 checks passed
@github-project-automation github-project-automation Bot moved this from Waiting on Review to Done in Issue Board Jan 17, 2026
@dependabot dependabot Bot deleted the dependabot/github_actions/ossf/scorecard-action-2.4.3 branch January 17, 2026 08:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DefinetlyNotAI DefinetlyNotAI DefinetlyNotAI approved these changes

Assignees

@DefinetlyNotAI DefinetlyNotAI

Labels

size/XS Extra Small size pr type/Dependencies Pull requests that update a dependency file type/Github Actions Pull requests that update GitHub Actions code

Projects

Issue Board
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@DefinetlyNotAI