v2.1.1

Scorecard version

This release use Scorecard's v4.10.1

Full Changelog: v2.1.0...v2.1.1

v2.1.0

What's Changed

Scorecard version

This release uses scorecard v4.10.0.

Improvements

• Docker build workflow by @naveensrinivasan in #981
• Use root user in distroless to support GitHub Actions by @spencerschrock in #994
• Disable pull_request_target by @laurentsimon in #1031

Documentation

• Add PAT section explaining risks by @olivekl in #1024
• Make the badge text easier to copy by @rajbos in #1026

New Contributors

• @joycebrum made their first contribution in #984
• @rajbos made their first contribution in #1026

Full Changelog: v2.0.6...v2.1.0

v2.0.6

What's Changed

• Fix - Broken dockerfile by @naveensrinivasan in #979

Full Changelog: v2.0.5...v2.0.6

v2.0.5

What's Changed

• Remove trailing space from example by @jamacku in #955
• 🌱 Bump actions/cache from 3.0.8 to 3.0.10 by @dependabot in #956
• 🌱 Bump github/codeql-action from 2.1.25 to 2.1.26 by @dependabot in #957
• 🌱 Bump step-security/harden-runner from 1.4.5 to 1.5.0 by @dependabot in #958
• 🌱 Bump debian from 5cf1d98 to b46fc4e by @dependabot in #959
• 🌱 Bump github.com/sigstore/cosign from 1.12.1 to 1.13.0 by @dependabot in #962
• 🌱 Upgrade to go 1.19 by @naveensrinivasan in #961
• 🌱 Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in #967
• 🌱 Bump golang from c2a98a5 to b850621 by @dependabot in #966
• 🌱 Bump golang from b850621 to 25de7b6 by @dependabot in #968
• New release for Scorecard v4.8.0 by @naveensrinivasan in #969

New Contributors

• @jamacku made their first contribution in #955

Full Changelog: v2.0.4...v2.0.5

v2.0.4

Fixes #856

What's Changed

• 🌱 Bump github.com/caarlos0/env/v6 from 6.10.0 to 6.10.1 by @dependabot in #934
• feat: do not run signing on pull requests by @laurentsimon in #935
• 🌱 Bump debian from 11.4-slim to 11.5-slim by @dependabot in #936
• 🌱 Bump github.com/sigstore/cosign from 1.11.1 to 1.12.0 by @dependabot in #938
• 🌱 Bump github/codeql-action from 2.1.22 to 2.1.24 by @dependabot in #941
• 🐛 Restore behavior of ignoring scorecard runtime errors by @spencerschrock in #948
• 🌱 Bump actions/dependency-review-action from 2.1.0 to 2.4.0 by @dependabot in #950
• 🌱 Bump github.com/sigstore/cosign from 1.12.0 to 1.12.1 by @dependabot in #947
• 🌱 Bump github/codeql-action from 2.1.24 to 2.1.25 by @dependabot in #949
• 🌱 Bump codecov/codecov-action from 3.1.0 to 3.1.1 by @dependabot in #942
• Create v2.0.4 patch by @spencerschrock in #952

New Contributors

• @spencerschrock made their first contribution in #948

Full Changelog: v2.0.3...v2.0.4

v2.0.3

Patch for fix in #898

v2.0.2

Fixes #895

v2.0.1

Fix for #856

v2.0.0

What's Changed

• 🌱 Prepare for a pre-release of the Golang action by @azeemshaikh38 in #750
• 🌱 Bump github/codeql-action from 2.1.12 to 2.1.16 by @dependabot in #751
• 🌱 Bump debian from 11.3-slim to 11.4-slim by @dependabot in #749
• 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 by @dependabot in #646
• 🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #748
• 🐛 Fix dependency conflicts in go.mod by @azeemshaikh38 in #771
• 🌱 Prepare for v2 beta1 release by @azeemshaikh38 in #766
• multi-repo-action: Note that tool is a work-in-progress by @naveensrinivasan in #776
• 🐛 Fix intermittent failures in CI-Tests by @azeemshaikh38 in #778
• 🌱 Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by @dependabot in #775
• 🌱 Bump actions/cache from 3.0.4 to 3.0.5 by @dependabot in #769
• 📖 Update README about the restrictions for scorecard-action:v2 by @azeemshaikh38 in #779
• 🌱 Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #783
• 📖 Update instructions for Scorecard badge to README by @azeemshaikh38 in #785
• 🌱 Bump debian from f576b80 to a811e62 by @dependabot in #787
• 🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by @dependabot in #786
• 🌱 Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #788
• 🌱 Bump actions/cache from 3.0.5 to 3.0.6 by @dependabot in #789
• 🐛 Add request application/json request header by @azeemshaikh38 in #791
• Create a new release v2.0.0-alpha.1 by @azeemshaikh38 in #803
• 🌱 Bump actions/cache from 3.0.6 to 3.0.7 by @dependabot in #807
• Olivekl patch 1 by @olivekl in #809
• 🌱 Fix cosign vulnerability by @naveensrinivasan in #812
• 🌱 Allow for publish URL override by @azeemshaikh38 in #811
• 🌱 Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by @dependabot in #820
• 🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 by @dependabot in #808
• cmd/installer: Cleanups (2/n) by @justaugustus in #833
• Update comments to allow for renovatebot updates by @laurentsimon in #834
• 🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by @dependabot in #839
• 🌱 Update actions/checkout requirement to 2541b1294d2704b0964813337f33b291d3f8596b by @dependabot in #835
• 🌱 Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by @dependabot in #842
• 🌱 Bump github/codeql-action from 2.1.18 to 2.1.21 by @dependabot in #844
• 🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 by @dependabot in #843
• 🌱 Bump debian from a811e62 to 68c1f6b by @dependabot in #840
• Fix workflow path in automatic creation of PR by @RadoslavGatev in #845
• 🌱 Bump actions/dependency-review-action from 310e0dd64f63b1d00101ecd3225d605a74261fb7 to 2.1.0 by @dependabot in #838
• 🌱 Bump actions/cache from 3.0.7 to 3.0.8 by @dependabot in #836
• 📖 Add docs for API by @azeemshaikh38 in #849
• 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 by @dependabot in #853
• 🌱 Included License by @naveensrinivasan in #852
• 🌱 Release v2.0.0 by @naveensrinivasan in #854

New Contributors

• @RadoslavGatev made their first contribution in #845

Full Changelog: v1.1.2...v2.0.0

v2.0.0-alpha.2

Unblocks using OpenAPI/Swagger based API and adds more e2e tests