🌱 Bump github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.0

[dependabot]

Bumps github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.0.

Release notes

Sourced from github.com/ossf/scorecard/v4's releases.

v4.10.0

What's Changed

Check improvements

• ✨ Removed job-level permissions check for actions and packages by @​eddie-knight in ossf/scorecard#2367
• ✨ Add Sonatype Lift as a dependency update tool, doc upgrade by @​theresa-m in ossf/scorecard#2328
• ⚠️ OSV scanner integration by @​another-rex in ossf/scorecard#2509

Cron improvements

• 🌱 Add soft mem limit to controller k8s spec by @​spencerschrock in ossf/scorecard#2362
• 🌱 cron: generalize and expose worker (6/n) by @​spencerschrock in ossf/scorecard#2317
• 🐛 Fix typo which prevented cron metadata from going to BigQuery dataset by @​spencerschrock in ossf/scorecard#2370
• 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents by @​calebbrown in ossf/scorecard#2454

CLI

• ✨ Commit depth feature by @​latortuga71 in ossf/scorecard#2407

Documentation

• 📖 Use scorecard (singular) consistently by @​lehors in ossf/scorecard#2428
• 📖 Use new project name in Copyright notices by @​lehors in ossf/scorecard#2505
• 📖 Fix copyright notices by @​lehors in ossf/scorecard#2514
• 📖 Mention 2FA relevance although not checked by Scorecard by @​joycebrum in ossf/scorecard#2528
• 📖 Clarify CII-Best-Practices score for each badge by @​hugovk in ossf/scorecard#2313

BinAuthZ support (WIP)

• ✨ CLI for scorecard-attestor by @​raghavkaul in ossf/scorecard#2309
• 🌱 Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor by @​raghavkaul in
• 🌱 attestor: Dockerize + small improvements for Cloud Build usage by @​raghavkaul in ossf/scorecard#2456
• 🌱 attestor: e2e tests by @​raghavkaul in ossf/scorecard#2529

GitLab support (WIP)

• ✨ Gitlab support by @​N8BWert ossf/scorecard#2265

New Contributors

• @​theresa-m made their first contribution in ossf/scorecard#2328
• @​dvbnrg made their first contribution in ossf/scorecard#2366
• @​hugovk made their first contribution in ossf/scorecard#2313
• @​gabibguti made their first contribution in ossf/scorecard#2384
• @​shissam made their first contribution in ossf/scorecard#2195
• @​favonia made their first contribution in ossf/scorecard#2447
• @​latortuga71 made their first contribution in ossf/scorecard#2407
• @​balhar-jakub made their first contribution in ossf/scorecard#2488
• @​another-rex made their first contribution in ossf/scorecard#2509

Full Changelog: ossf/scorecard@v4.8.0...v4.10.0

v4.9.0

What's Changed

Check improvements

• ✨ Removed job-level permissions check for actions and packages by @​eddie-knight in ossf/scorecard#2367

... (truncated)

Commits

• 93ef087 update (#2541)
• 20cc4ee 🌱 Bump actions/checkout from 3.1.0 to 3.2.0 (#2537)
• f983480 ⚠️ OSV scanner integration (#2509)
• 7206a2b 🌱 attestor: e2e tests (#2529)
• 6107786 🐛 license check accumulates results (#2534)
• ac8c575 🌱 Bump github/codeql-action from 2.1.35 to 2.1.36 (#2530)
• e8b0223 📖 Mention 2FA relevance although not checked by Scorecard (#2528)
• fa0592f 🌱 Remove parallel tests because of rate limiting issues. (#2527)
• f5e6f63 🌱 Bump actions/stale from 5.1.1 to 6.0.1 (#2511)
• d834d3b ✨ Accept Go modules with semantic versions (#2519)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #1039 (7ac73fd) into main (b2f0d4e) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1039   +/-   ##
=======================================
  Coverage   62.94%   62.94%           
=======================================
  Files           4        4           
  Lines         251      251           
=======================================
  Hits          158      158           
  Misses         77       77           
  Partials       16       16