chore(ci): ossf scorecard.yml #2683
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Dominic Evans <8060970+dnwe@users.noreply.github.com>
paologallinaharbur
pushed a commit
to newrelic/nri-kafka
that referenced
this pull request
Aug 26, 2024
[](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/IBM/sarama](https://togithub.com/IBM/sarama) | `v1.41.3` -> `v1.43.3` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>IBM/sarama (github.com/IBM/sarama)</summary> ### [`v1.43.3`](https://togithub.com/IBM/sarama/releases/tag/v1.43.3): Version 1.43.3 (2024-08-12) [Compare Source](https://togithub.com/IBM/sarama/compare/v1.43.2...v1.43.3) <!-- Release notes generated using configuration in .github/release.yaml at main --> #### What's Changed ##### 🐛 Fixes - fix: declare assignor variable for examples & clean up log format by [@​kumakichi](https://togithub.com/kumakichi) in [IBM/sarama#2909 - fix(consumer): maintain ordering of offset commit requests by [@​prestona](https://togithub.com/prestona) in [IBM/sarama#2947 - fix(producer): treat ErrKafkaStorageError as retriable by [@​richardartoul](https://togithub.com/richardartoul) in [IBM/sarama#2939 ##### 📦 Dependency updates - chore(deps): bump the golang-org-x group across 1 directory with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2956 - chore(deps): bump github.com/eapache/go-resiliency from 1.6.0 to 1.7.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2944 - chore(deps): bump github.com/klauspost/compress from 1.17.8 to 1.17.9 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2926 ##### 🔧 Maintenance - fix(ci): correct docker-compose install by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2954 ##### 📝 Documentation - fix(doc): correct JVM's config name corresponding to MaxWaitTime by [@​abhipranay](https://togithub.com/abhipranay) in [IBM/sarama#2893 #### New Contributors - [@​abhipranay](https://togithub.com/abhipranay) made their first contribution in [IBM/sarama#2893 - [@​kumakichi](https://togithub.com/kumakichi) made their first contribution in [IBM/sarama#2909 - [@​richardartoul](https://togithub.com/richardartoul) made their first contribution in [IBM/sarama#2939 **Full Changelog**: IBM/sarama@v1.43.2...v1.43.3 ### [`v1.43.2`](https://togithub.com/IBM/sarama/releases/tag/v1.43.2): Version 1.43.2 (2024-04-25) [Compare Source](https://togithub.com/IBM/sarama/compare/v1.43.1...v1.43.2) <!-- Release notes generated using configuration in .github/release.yaml at main --> #### What's Changed ##### 🐛 Fixes - chore(ci): add 32-bit alignment check by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2874 ##### 📦 Dependency updates - chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2866 - chore(deps): bump the golang-org-x group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2853 - chore(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2857 - chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 in /examples/txn_producer in the go_modules group by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2865 - chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 in /examples/consumergroup in the go_modules group by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2867 - chore(deps): bump golang.org/x/net from 0.21.0 to 0.23.0 in /examples/exactly_once in the go_modules group by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2868 - chore(deps): bump golang.org/x/net from 0.22.0 to 0.23.0 in /examples/interceptors in the go_modules group by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2869 **Full Changelog**: IBM/sarama@v1.43.1...v1.43.2 ### [`v1.43.1`](https://togithub.com/IBM/sarama/releases/tag/v1.43.1): Version 1.43.1 (2024-03-27) [Compare Source](https://togithub.com/IBM/sarama/compare/v1.43.0...v1.43.1) <!-- Release notes generated using configuration in .github/release.yaml at main --> #### What's Changed ##### 🐛 Fixes - fix: message.max.bytes should default to [`1048576`](https://togithub.com/IBM/sarama/commit/1048576) not 1 MB by [@​puellanivis](https://togithub.com/puellanivis) in [IBM/sarama#2804 - fix: add locking around broker throttle timer to prevent race condition by [@​chengsha](https://togithub.com/chengsha) in [IBM/sarama#2826 ##### 📦 Dependency updates - chore(deps): bump go.opentelemetry.io/otel/sdk from 1.23.1 to 1.24.0 in /examples/interceptors by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2816 - chore(deps): bump the golang-org-x group with 1 update by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2825 - chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2822 - chore(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdoutmetric from 1.23.1 to 1.24.0 in /examples/interceptors by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2815 #### New Contributors - [@​chengsha](https://togithub.com/chengsha) made their first contribution in [IBM/sarama#2826 **Full Changelog**: IBM/sarama@v1.43.0...v1.43.1 ### [`v1.43.0`](https://togithub.com/IBM/sarama/releases/tag/v1.43.0): Version 1.43.0 (2024-02-22) [Compare Source](https://togithub.com/IBM/sarama/compare/v1.42.2...v1.43.0) <!-- Release notes generated using configuration in .github/release.yaml at main --> > \[!NOTE]\ > The go.mod directive has been bumped to 1.19 as the minimum version of Go required for the module. This was necessary to continue to receive updates from some of the third party dependencies that Sarama makes use of for compression. #### What's Changed ##### 🎉 New Features / Improvements - feat: update go directive to 1.19 by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2795 - feat: add BuildSpnFunc to GSSAPIConfig for allow custom spn by [@​fooofei](https://togithub.com/fooofei) in [IBM/sarama#2807 ##### 🐛 Fixes - Use %v formatting words and remove unnecessary newline by [@​puellanivis](https://togithub.com/puellanivis) in [IBM/sarama#2802 ##### 📦 Dependency updates - chore(deps): bump github.com/klauspost/compress from 1.16.7 to 1.17.6 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2784 - chore(deps): bump github.com/eapache/go-resiliency from 1.5.0 to 1.6.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2810 - chore(deps): bump github.com/klauspost/compress from 1.17.6 to 1.17.7 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2811 ##### 🔧 Maintenance - chore(doc): add v1.42.2 to CHANGELOG.md by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2796 #### New Contributors - [@​puellanivis](https://togithub.com/puellanivis) made their first contribution in [IBM/sarama#2802 - [@​fooofei](https://togithub.com/fooofei) made their first contribution in [IBM/sarama#2807 **Full Changelog**: IBM/sarama@v1.42.2...v1.43.0 ### [`v1.42.2`](https://togithub.com/IBM/sarama/releases/tag/v1.42.2): Version 1.42.2 (2024-02-09) [Compare Source](https://togithub.com/IBM/sarama/compare/v1.42.1...v1.42.2) <!-- Release notes generated using configuration in .github/release.yaml at main --> #### What's Changed > \[!NOTE]\ > The go.mod directive has been bumped to 1.18 as the minimum version of Go required for the module. This was necessary to continue to receive updates from some of the third party dependencies that Sarama makes use of for compression. ##### 🎉 New Features / Improvements - feat: update go directive to 1.18 by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2713 - feat: return KError instead of errors in AlterConfigs and DescribeConfig by [@​zhuliquan](https://togithub.com/zhuliquan) in [IBM/sarama#2472 ##### 🐛 Fixes - fix: don't waste time for backoff on member id required error by [@​lzakharov](https://togithub.com/lzakharov) in [IBM/sarama#2759 - fix: prevent ConsumerGroup.Close infinitely locking by [@​maqdev](https://togithub.com/maqdev) in [IBM/sarama#2717 ##### 📦 Dependency updates - chore(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2716 - chore(deps): bump golang.org/x/sync to v0.5.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2718 - chore(deps): bump github.com/pierrec/lz4/v4 from 4.1.18 to 4.1.19 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2739 - chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2748 - chore(deps): bump the golang-org-x group with 1 update by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2734 - chore(deps): bump the golang-org-x group with 2 updates by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2764 - chore(deps): bump github.com/pierrec/lz4/v4 from 4.1.19 to 4.1.21 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2763 - chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /examples/exactly_once by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2749 - chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /examples/consumergroup by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2750 - chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /examples/sasl_scram_client by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2751 - chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /examples/interceptors by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2752 - chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /examples/http_server by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2753 - chore(deps): bump github.com/eapache/go-resiliency from 1.4.0 to 1.5.0 by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2745 - chore(deps): bump golang.org/x/crypto from 0.15.0 to 0.17.0 in /examples/txn_producer by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2754 - chore(deps): bump go.opentelemetry.io/otel/sdk from 1.19.0 to 1.22.0 in /examples/interceptors by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2767 - chore(deps): bump the golang-org-x group with 1 update by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2793 - chore(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdoutmetric from 0.42.0 to 1.23.1 in /examples/interceptors by [@​dependabot](https://togithub.com/dependabot) in [IBM/sarama#2792 ##### 🔧 Maintenance - fix(examples): housekeeping of code and deps by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2720 ##### ➕ Other Changes - fix(test): retry MockBroker Listen for EADDRINUSE by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2721 #### New Contributors - [@​maqdev](https://togithub.com/maqdev) made their first contribution in [IBM/sarama#2717 - [@​zhuliquan](https://togithub.com/zhuliquan) made their first contribution in [IBM/sarama#2472 **Full Changelog**: IBM/sarama@v1.42.1...v1.42.2 ### [`v1.42.1`](https://togithub.com/IBM/sarama/releases/tag/v1.42.1): Version 1.42.1 (2023-11-07) [Compare Source](https://togithub.com/IBM/sarama/compare/v1.42.0...v1.42.1) #### What's Changed ##### 🐛 Fixes - fix: make fetchInitialOffset use correct protocol by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2705 - fix(config): relax ClientID validation after 1.0.0 by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2706 **Full Changelog**: IBM/sarama@v1.42.0...v1.42.1 ### [`v1.42.0`](https://togithub.com/IBM/sarama/releases/tag/v1.42.0): Version 1.42.0 (2023-11-02) [Compare Source](https://togithub.com/IBM/sarama/compare/v1.41.3...v1.42.0) <!-- Release notes generated using configuration in .github/release.yaml at main --> #### What's Changed ##### 🐛 Fixes - Asynchronously close brokers during a RefreshBrokers by [@​bmassemin](https://togithub.com/bmassemin) in [IBM/sarama#2693 - Fix data race on Broker.done channel by [@​prestona](https://togithub.com/prestona) in [IBM/sarama#2698 - fix: data race in Broker.AsyncProduce by [@​lzakharov](https://togithub.com/lzakharov) in [IBM/sarama#2678 - Fix default retention time value in offset commit by [@​prestona](https://togithub.com/prestona) in [IBM/sarama#2700 - fix(txmgr): ErrOffsetsLoadInProgress is retriable by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2701 ##### 🔧 Maintenance - chore(ci): improve ossf scorecard result by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2685 - chore(ci): add kafka 3.6.0 to FVT and versions by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2692 ##### ➕ Other Changes - chore(ci): ossf scorecard.yml by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2683 - fix(ci): always run CodeQL on every commit by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2689 - chore(doc): add OpenSSF Scorecard badge by [@​dnwe](https://togithub.com/dnwe) in [IBM/sarama#2691 #### New Contributors - [@​bmassemin](https://togithub.com/bmassemin) made their first contribution in [IBM/sarama#2693 - [@​lzakharov](https://togithub.com/lzakharov) made their first contribution in [IBM/sarama#2678 **Full Changelog**: IBM/sarama@v1.41.3...v1.42.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/newrelic/nri-kafka). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzguMjAuMSIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
](https://renovatebot.com){kind=link}
This pull request was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.