build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by dependabot[bot] · Pull Request #6795

build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3 by dependabot[bot] · Pull Request #6795 · expressjs/express

Bumps ossf/scorecard-action from 2.4.2 to 2.4.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.3

What's Changed

This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the Scorecard v5.3.0 release notes.

Documentation

docs: clarify GITHUB_TOKEN permissions needed for private repos by @pankajtaneja5 in ossf/scorecard-action#1574

📖 Fix recommended command to test the image in development by @deivid-rodriguez in ossf/scorecard-action#1583

Other

add missing top-level token permissions to workflows by @timothyklee in ossf/scorecard-action#1566

setup codeowners for requesting reviews by @spencerschrock in ossf/scorecard-action#1576

🌱 Improve printing options by @deivid-rodriguez in ossf/scorecard-action#1584

New Contributors

@timothyklee made their first contribution in ossf/scorecard-action#1566

@pankajtaneja5 made their first contribution in ossf/scorecard-action#1574

@deivid-rodriguez made their first contribution in ossf/scorecard-action#1584

Full Changelog: ossf/scorecard-action@v2.4.2...v2.4.3

Commits

4eaacf0 bump docker to ghcr v2.4.3 (#1587)
42e3a01 🌱 Bump the github-actions group with 3 updates (#1585)
88c07ac 🌱 Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (#1579)
6c690f2 Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (#1586)
92083b5 📖 Fix recommended command to test the image in development (#1583)
7975ea6 🌱 Bump the docker-images group across 1 directory with 2 updates (#1...
0d1a743 🌱 Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1575)
46e6e0c 🌱 Bump the github-actions group with 2 updates (#1580)
c3f1350 🌱 Improve printing options (#1584)
43e475b 🌱 Bump golang.org/x/net from 0.42.0 to 0.44.0 (#1578)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)