Update python-package.yml

[github-actions[bot]]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/codecov/codecov-action	4.0.1	:green_circle: 7.6	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 10 9 different organizations found -- score normalized to 10 Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :warning: 0 project is not fuzzed License :green_circle: 10 license file detected Maintained :green_circle: 10 30 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging :warning: -1 no published package detected Pinned-Dependencies :green_circle: 3 dependency not pinned by hash detected -- score normalized to 3 SAST :green_circle: 7 SAST tool detected but not run on all commits Security-Policy :green_circle: 10 security policy file detected Signed-Releases :warning: -1 no releases found Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities :green_circle: 10 no vulnerabilities detected

Scanned Manifest Files

.github/workflows/python-package.yml

• codecov/codecov-action@4.0.1