Bump ossf/scorecard-action from 2.0.6 to 2.3.3

[dependabot[bot]]

Bumps ossf/scorecard-action from 2.0.6 to 2.3.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• :seedling: Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in ossf/scorecard-action#1366
• :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in ossf/scorecard-action#1374
• :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• :book: Move token discussion out of main README. by @​spencerschrock in ossf/scorecard-action#1279
• :book: link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in ossf/scorecard-action#1352
• :book: update api links to new scorecard.dev site by @​spencerschrock in ossf/scorecard-action#1376

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.3.3

v2.3.1

What's Changed

• :seedling: Bump github.com/ossf/scorecard/v4 from v4.13.0 to v4.13.1 by @​spencerschrock in ossf/scorecard-action#1282
  • Adds additional Fuzzing detection and fixes a SAST bug related to detecting CodeQL. For a full changelist of what this includes, see the v4.13.1 release notes

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.0...v2.3.1

v2.3.0

What's Changed

• :seedling: Bump github.com/ossf/scorecard/v4 from v4.11.0 to v4.13.0 by @​spencerschrock in ossf/scorecard-action#1270
  • For a full changelist of what this includes, see the v4.12.0 and v4.13.0 release notes
• :sparkles: Send rekor tlog index to webapp when publishing results by @​spencerschrock in ossf/scorecard-action#1169
• :bug: Prevent url clipping for GHES instances by @​rajbos in ossf/scorecard-action#1225

Documentation

• :book: Update access rights needed to see the results in code scanning by @​rajbos in ossf/scorecard-action#1229
• :book: Add package comments. by @​spencerschrock in ossf/scorecard-action#1221
• :book: Add SECURITY.md file by @​david-a-wheeler in ossf/scorecard-action#1250
• :book: Fix typo in token input docs by @​aabouzaid in ossf/scorecard-action#1258

New Contributors

• @​david-a-wheeler made their first contribution in ossf/scorecard-action#1250
• @​aabouzaid made their first contribution in ossf/scorecard-action#1258

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.2.0...v2.3.0

v2.2.0

What's Changed

• :seedling: Bump github.com/ossf/scorecard/v4 from v4.10.5 to v4.11.0 by @​spencerschrock in ossf/scorecard-action#1192

... (truncated)

Commits

• dc50aa9 :seedling: Bump docker tag for v2.3.3 release (#1368)
• 8ff5700 :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....
• 8ba5e73 update api links to new scorecard.dev site (#1376)
• 92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
• 6c55905 :seedling: Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
• 09bb953 :seedling: Bump distroless/base in the docker-images group (#1372)
• 1511e13 :seedling: Bump the github-actions group across 1 directory with 6 updates (#...
• df66cd8 :seedling: Bump the docker-images group with 2 updates (#1370)
• fad9a3c :seedling: Bump distroless/base in the docker-images group (#1364)
• 1e01a30 :seedling: Bump the github-actions group with 3 updates (#1365)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 100.00%. Comparing base (22c52c2) to head (aa26c5b). Report is 4 commits behind head on master.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #136 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 4 4 Lines 513 531 +18 ========================================= + Hits 513 531 +18 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.