chore(deps): update ossf/scorecard-action action to v2.4.0

[renovate-coveo]

DEF-160

This PR contains the following updates:

Package	Type	Update	Change
ossf/scorecard-action	action	minor	v2.3.1 -> v2.4.0

---

Release Notes

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1410
• 🐛 lower license sarif alert threshold to 9 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1411

Documentation

• docs: dogfooding badge by @​jkowalleck in https://github.com/ossf/scorecard-action/pull/1399

New Contributors

• @​jkowalleck made their first contribution in https://github.com/ossf/scorecard-action/pull/1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

v2.3.3

Compare Source

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1366
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1374
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• 📖 Move token discussion out of main README. by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1279
• 📖 link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1352
• 📖 update api links to new scorecard.dev site by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

v2.3.2

Compare Source

---

Configuration

📅 Schedule: Branch creation - "* 0-3 * * 1" in timezone America/Toronto, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/ossf/scorecard-action	62b2cac7ed8198b15735ed49ab1e5cf35480ba46	🟢 8.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 20 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 27 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 no vulnerabilities detected
actions/ossf/scorecard-action	0864cf19026789058feabb7e87baa5f140aac736	🟢 8.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 20 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 27 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 no vulnerabilities detected

Scanned Manifest Files

.github/workflows/scorecard.yml

• ossf/scorecard-action@62b2cac
• ossf/scorecard-action@0864cf1

[JPLachance]

Renovate config fixed by: #58