fix(deps): update ossf/scorecard-action action to v2.4.0

[renovate-gsuquet]

This PR contains the following updates:

Package	Type	Update	Change
ossf/scorecard-action	action	minor	v2.3.3 -> v2.4.0

---

Release Notes

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1410
• 🐛 lower license sarif alert threshold to 9 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1411

Documentation

• docs: dogfooding badge by @​jkowalleck in https://github.com/ossf/scorecard-action/pull/1399

New Contributors

• @​jkowalleck made their first contribution in https://github.com/ossf/scorecard-action/pull/1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
actions/ossf/scorecard-action	62b2cac7ed8198b15735ed49ab1e5cf35480ba46	🟢 8.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 20 different organizations found -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 27 commit(s) out of 30 and 0 issue activity out of 30 found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 no published package detected Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 no vulnerabilities detected

Scanned Manifest Files

.github/workflows/security-ossf-scorecard.yml

• ossf/scorecard-action@62b2cac
• ossf/scorecard-action@dc50aa9

[renovate-gsuquet]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.