🌱 Bump github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5

[dependabot]

Bumps github.com/ossf/scorecard/v4 from 4.10.2 to 4.10.5.

Release notes

Sourced from github.com/ossf/scorecard/v4's releases.

v4.10.5

Changelog

Bug fixes

• Fixed a bug which resulted in increased API usage when running the SAST check with a Personal Access Token
  • 🐛 Pass proper commit depth to github checkrun handler. by @​spencerschrock in ossf/scorecard#2777

GitLab support (WIP)

• ✨ GitLab: Security Policy check by @​raghavkaul in ossf/scorecard#2754

Full Changelog: ossf/scorecard@v4.10.4...v4.10.5

Thanks for all contributors!

v4.10.4

Changelog

• 9831629 Increase recordings, switch API, and lower tolerance (#2760)
• 8966abd Initial implementation of go-git client (#2720)
• 603263c 🐛 Fix typo in CITests runtime errors causing duplicate Code-Review checks. (#2756)
• c20ed9e 🌱 Update .github/workflows/goreleaser.yaml (#2755)
• 0b45c90 🌱 Bump step-security/harden-runner from 2.2.0 to 2.2.1 (#2753)
• 23bd295 🌱 Bump github/codeql-action from 2.2.4 to 2.2.6 (#2741)
• fc026ef 🌱 Bump github.com/google/ko from 0.12.0 to 0.13.0 in /tools (#2742)
• 2e04214 🌱 Bump tj-actions/changed-files from 35.6.2 to 35.7.0
• e36b590 🌱 Bump actions/cache from 3.3.0 to 3.3.1 (#2740)
• 6ff94eb 🐛 Handle editable pip installs (#2731)
• 110e352 ✨ Gitlab support: RepoClient (#2655)
• 5625dda 🌱 Bump github.com/onsi/ginkgo/v2 from 2.8.3 to 2.9.0 in /tools
• d591e38 🌱 Add RepoClient re-use E2E tests. (#2625)
• a7e81bb 🌱 Bump actions/cache from 3.2.6 to 3.3.0 (#2738)
• b5254fe 🌱 Bump tj-actions/changed-files from 35.6.1 to 35.6.2 (#2736)
• 2e6347f 🌱 Bump github.com/moby/buildkit from 0.10.3 to 0.11.4 (#2735)
• 170af75 🐛 Updates osv-scanner dependency to 1.2.0. (#2704)
• 5f13a66 Atomically load from accessState to avoid data race. (#2732)
• 0c090b3 🌱 Updated the coverage for tests (#2728)
• 0169c37 🌱 Setup cron for running as GitHub App (#2721)
• d708c6c 🌱 Bump tj-actions/changed-files from 35.5.4 to 35.6.1
• fb12a39 🌱 Bump github.com/google/ko in /tools
• 0bed3da 🌱 Bump github.com/jszwec/csvutil from 1.7.1 to 1.8.0 (#2698)
• 61866a0 🐛 Check OSS Fuzz build file for Fuzzing check (#2719)
• c06ac74 🌱 Removed failing tests (#2718)
• b8bc65f Add projects to cronjob (#2716)
• def5ead 📖 update bigquery docs in README (#2714)
• 36faeac Consider 'src/test' test directories (#2706)
• 846fb19 Refactor githubrepo CheckRun logic (#2710)
• 82a122b 🌱 Bump sigstore/cosign-installer from 2.8.1 to 3.0.1
• c4bd0c5 ⚠️ Update date formats and fields to RFC3339 (#2712)
• 8add330 📖 Fix links. (#2703)
• 35a7dd5 🌱 Bump kubernetes-sigs/kubebuilder-release-tools

... (truncated)

Commits

• 27cfe92 🌱 Bump golangci-lint and fix configuration file. (#2783)
• daeb90e 🌱 Bump actions/checkout from 3.3.0 to 3.4.0 (#2767)
• 82f1dea 🌱 Bump tj-actions/changed-files from 35.7.0 to 35.7.6 (#2782)
• ff754c3 🌱 enable fuzzing check in cron. (#2780)
• cc54d42 🐛 Add tie breaker when sorting changesets by RevisionID in tests. (#2781)
• ed55694 ✨ Support for GitHub's internal integration (#2773)
• 7f2e840 🐛 Pass proper commit depth to github checkrun handler. (#2777)
• 9a51f25 Remove unused code from changeset creation (#2776)
• dfc2439 🌱 Bump github/codeql-action from 2.2.6 to 2.2.7
• 1f3f9ef 🌱 Bump gocloud.dev from 0.26.0 to 0.29.0 (#2722)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

Merging #1112 (0bfcef9) into main (193ae37) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1112   +/-   ##
=======================================
  Coverage   62.94%   62.94%           
=======================================
  Files           4        4           
  Lines         251      251           
=======================================
  Hits          158      158           
  Misses         77       77           
  Partials       16       16           

[spencerschrock]

Closing this since this doesn't modify the Makefile and #1111 is open already

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.