Skip to content

CI(actions): Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.4#14

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/lfit/releng-reusable-workflows/dot-github/workflows/reuse-openssf-scorecard.yaml-0.7.4
Open

CI(actions): Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.4#14
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/lfit/releng-reusable-workflows/dot-github/workflows/reuse-openssf-scorecard.yaml-0.7.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 16, 2026

Copy link
Copy Markdown
Contributor

Bumps lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.4.

Release notes

Sourced from lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml's releases.

v0.7.4

Downloads for this release

🔧 Maintenance 🔧

  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#751)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.6.1 to 0.7.2 @dependabot[bot] (#753)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#754)
  • Chore: Bump github/codeql-action/init from 4.36.2 to 4.36.3 @dependabot[bot] (#752)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#755)
  • Chore: Bump dorny/paths-filter from 4.0.1 to 4.0.2 @dependabot[bot] (#756)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#750)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#757)
  • Chore: Bump docker/build-push-action from 7.2.0 to 7.3.0 @dependabot[bot] (#758)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.7.0 to 0.7.2 @dependabot[bot] (#760)
  • Chore: Bump lfreleng-actions/credential-load-action from 1.0.0 to 1.1.0 @dependabot[bot] (#759)
  • Chore: Bump lfreleng-actions/zizmor-scan-action from 0.3.0 to 0.3.1 @dependabot[bot] (#761)
  • Chore: Bump github/codeql-action/upload-sarif from 4.36.2 to 4.36.3 @dependabot[bot] (#762)
  • Chore: pre-commit linting updates @pre-commit-ci[bot] (#765)
  • Chore: Bump jordanconway/package-manager-hardening from 0.4.2 to 0.4.3 @dependabot[bot] (#763)
  • Chore: Bump github/codeql-action/analyze from 4.36.2 to 4.36.3 @dependabot[bot] (#764)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/gerrit-compose-required-tox-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#769)
  • Chore: Bump github/codeql-action/upload-sarif from 4.36.3 to 4.37.0 @dependabot[bot] (#770)
  • Chore: Bump github/codeql-action/analyze from 4.36.3 to 4.37.0 @dependabot[bot] (#768)
  • Chore: Bump step-security/harden-runner from 2.19.4 to 2.20.0 @dependabot[bot] (#771)
  • Chore: Bump lfreleng-actions/credential-load-action from 1.1.0 to 2.0.0 @dependabot[bot] (#767)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#772)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-jjb-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#773)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-verify-github-actions.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#775)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-repo-linting.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#774)
  • Chore: Bump github/codeql-action/init from 4.36.3 to 4.37.0 @dependabot[bot] (#776)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/compose-packer-verify.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#778)
  • Chore: Bump actions/setup-java from 5.4.0 to 5.5.0 @dependabot[bot] (#777)
  • Chore: Bump lfreleng-actions/zizmor-scan-action from 0.3.1 to 0.4.0 @dependabot[bot] (#779)
  • Chore: Bump lfit/releng-reusable-workflows/.github/workflows/reuse-sonatype-lifecycle.yaml from 0.7.2 to 0.7.3 @dependabot[bot] (#780)

Links

v0.7.3

Downloads for this release

🔧 Maintenance 🔧

Links

Commits
  • 5fa62e3 Merge pull request #780 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • 34d94b1 Merge pull request #779 from lfit/dependabot/github_actions/lfreleng-actions/...
  • 70d4d84 Merge pull request #777 from lfit/dependabot/github_actions/actions/setup-jav...
  • 55039c6 Merge pull request #778 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • d940c57 Merge pull request #776 from lfit/dependabot/github_actions/github/codeql-act...
  • 57c5c52 Merge pull request #774 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • a54a16e Merge pull request #775 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • 66b4a1c Merge pull request #773 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • aa3ba13 Merge pull request #772 from lfit/dependabot/github_actions/lfit/releng-reusa...
  • f463514 Merge pull request #767 from lfit/dependabot/github_actions/lfreleng-actions/...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

…use-openssf-scorecard.yaml

Bumps [lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml](https://github.com/lfit/releng-reusable-workflows) from 0.7.2 to 0.7.4.
- [Release notes](https://github.com/lfit/releng-reusable-workflows/releases)
- [Commits](lfit/releng-reusable-workflows@fd3c1b4...5fa62e3)

---
updated-dependencies:
- dependency-name: lfit/releng-reusable-workflows/.github/workflows/reuse-openssf-scorecard.yaml
  dependency-version: 0.7.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 16, 2026
@dependabot dependabot Bot requested a review from a team July 16, 2026 02:54
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 16, 2026
@github-actions github-actions Bot added the CI CI and tests updates label Jul 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

CI CI and tests updates dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants