STRLCPY/scorecard

🌱 Bump slsa-framework/slsa-github-generator from 1.4.0 to 1.5.0

Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.4.0 to 1.5.0.
- [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases)
- [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md)
- [Commits](https://github.com/slsa-framework/slsa-github-generator/compare/v1.4.0...v1.5.0)

---
updated-dependencies:
- dependency-name: slsa-framework/slsa-github-generator
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>

dependabot[bot] committed with GitHub 1 year ago

7e7fc85b

1 parent ffdca547

Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)

Total 2 files Show one by one

■ ■ ■ ■ ■ ■

.github/workflows/goreleaser.yaml

		skipped 71 lines
72	72		actions: read # To read the workflow path.
73	73		id-token: write # To sign the provenance.
74	74		contents: write # To add assets to a release.
75		-	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0
	75	+	uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.5.0
76	76		with:
77	77		base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
78	78		upload-assets: true # upload to a new release
		skipped 1 lines

■ ■ ■ ■ ■ ■

.github/workflows/slsa-goreleaser.yml

		skipped 28 lines
29	29		contents: write
30	30		actions: read
31	31		needs: args
32		-	uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@bdd89e60dc5387d8f819bebc702987956bcd4913 # v1.2.0
	32	+	uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.5.0 # v1.2.0
33	33		with:
34	34		go-version: 1.19
35	35		evaluated-envs: "VERSION_LDFLAGS:${{needs.args.outputs.ldflags}}"
		skipped 1 lines