🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0

[dependabot]

Bumps github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0.

Release notes

Sourced from github.com/ossf/scorecard/v4's releases.

v4.5.0

Changelog

• 69eb1cc Fix a bug in cron API data exporting (#2112)
• 89163cc 🌱 Bump google.golang.org/protobuf from 1.28.0 to 1.28.1
• 6813ed1 🌱 Bump google.golang.org/protobuf in /tools (#2110)
• 1e0e44a 🐛 Bug fixing: recurring results of the scorecard fuzzing check for go built-in fuzzers (#2101)
• 8118e5d 🌱 Bump golang.org/x/tools from 0.1.11 to 0.1.12
• 384c79d 🌱 Bump actions/stale from 5.1.0 to 5.1.1 (#2106)
• 5fa7596 Scorecard runs fail with any unrecognized steps (#2103)
• d7cb711 Fix bug in Scorecard analysis CI (#2099)
• c581062 Enable Scorecard badge (#2097)
• 4f30e02 🌱 Bump sigstore/cosign-installer from 2.4.1 to 2.5.0
• baedf84 🌱 Bump imjasonh/setup-ko from 0.4 to 0.5 (#2096)
• 93a0206 📖 Minor typos and copy-editing to checks/write.md (#2071)
• 66708ba ✨ Feature: Dependency-diff ecosystem naming convention mapping (GitHub -> OSV) (#2088)
• 8f96d6b 🌱 Bump crazy-max/ghaction-import-gpg from 5.0.0 to 5.1.0 (#2091)
• d77f59f 🌱 Bump sigstore/cosign-installer from 1.2.1 to 2.4.1 (#2021)
• b945eb3 🌱 Bump cloud.google.com/go/bigquery from 1.35.0 to 1.36.0
• 96835aa 🌱 Bump actions/stale from 5.0.0 to 5.1.0
• 1e3f325 🌱 Bump cloud.google.com/go/pubsub from 1.23.1 to 1.24.0
• e23ee84 ✨ Export Scorecards results for API (#2081)
• 30e3f64 ✨ Feature: Dependency-diff API optimize: var re-naming, removing unused JSON tags (#2090)
• 0e4f5db remove not used workflow (#2089)
• 7737dbd 🌱 Bump github.com/google/go-containerregistry
• c15a2e6 🌱 Bump github.com/onsi/gomega from 1.19.0 to 1.20.0
• 7c91203 🌱 Naveen Company updated. (#2082)
• 096cbd0 ✨ Use crane to add hash suggestion to unpinned Docker images (#2037)
• a905d66 fix: invalid documentation link (#2073)
• 4bd1692 🐛 Bug fixing: Using the wrong URI to initialize the repo in Dependencydiff (#2072)
• 10681da ✨ Feature DependencyDiff (Version 0 Part 2) (#2046)
• dd8fbc0 ✨ Binary artifact exception for gradle-wrapper.jar when using validation action (#2039)
• f1b182a 🌱 Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#1998)
• 4394ac9 🌱 Bump github.com/bradleyfalzon/ghinstallation/v2
• 59c06f0 🌱 Bump ossf/scorecard-action from 1.1.0 to 1.1.2
• a3de23c 🌱 Bump github.com/google/go-containerregistry (#2003)
• 7c9bb1c 🌱 Bump distroless/base from d65ac1a to e672eb7 (#1994)
• 838f62f ✨ Add raw results for Token-Permissions (#1912)
• 2b8c7b4 🌱 Bump github.com/jszwec/csvutil from 1.7.0 to 1.7.1 (#2013)
• e1c3ab0 🌱 Bump cloud.google.com/go/bigquery from 1.34.1 to 1.35.0 (#2034)
• 4ff5b2b 🌱 Bump actions/cache from 3.0.4 to 3.0.5 (#2049)
• 287ee7d 🌱 Bump actions/dependency-review-action from 2.0.2 to 2.0.4 (#2054)
• f61ed37 🌱 Adjust 'exhaustive' linter to consider 'default' as exhaustive (#2044)
• 5d9d75b 🌱 Bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 (#2035)
• 6b8cfb2 🌱 Bump golang.org/x/tools from 0.1.10 to 0.1.11 (#1993)
• 220c49d 🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 (#2040)
• 63e40ae Add a number of new projects to scan. (#2043)
• 0af8781 1 (#2031)
• dd780a5 ✨ Feature DependencyDiff CLI (Version 0 Part 1) (#2030)
• e608741 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4
• 90ed090 🌱 Build/test fixes: Install protoc and protoc-gen-go (#2038)

... (truncated)

Commits

• 69eb1cc Fix a bug in cron API data exporting (#2112)
• 89163cc 🌱 Bump google.golang.org/protobuf from 1.28.0 to 1.28.1
• 6813ed1 🌱 Bump google.golang.org/protobuf in /tools (#2110)
• 1e0e44a 🐛 Bug fixing: recurring results of the scorecard fuzzing check for go built-i...
• 8118e5d 🌱 Bump golang.org/x/tools from 0.1.11 to 0.1.12
• 384c79d 🌱 Bump actions/stale from 5.1.0 to 5.1.1 (#2106)
• 5fa7596 Scorecard runs fail with any unrecognized steps (#2103)
• d7cb711 Fix bug in Scorecard analysis CI (#2099)
• c581062 Enable Scorecard badge (#2097)
• 4f30e02 🌱 Bump sigstore/cosign-installer from 2.4.1 to 2.5.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will merge this PR once it's up-to-date and CI passes on it, as requested by @naveensrinivasan.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #786 (d719389) into main (cf9608a) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #786   +/-   ##
=======================================
  Coverage   63.63%   63.63%           
=======================================
  Files           4        4           
  Lines         231      231           
=======================================
  Hits          147      147           
  Misses         72       72           
  Partials       12       12           

[naveensrinivasan]

@dependabot merge