Update ossf/scorecard-action action to v2.4.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
ossf/scorecard-action	action	minor	v2.3.3 -> v2.4.0

---

Release Notes

ossf/scorecard-action (ossf/scorecard-action)

v2.4.0

Compare Source

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1410
• 🐛 lower license sarif alert threshold to 9 by @​spencerschrock in https://github.com/ossf/scorecard-action/pull/1411

Documentation

• docs: dogfooding badge by @​jkowalleck in https://github.com/ossf/scorecard-action/pull/1399

New Contributors

• @​jkowalleck made their first contribution in https://github.com/ossf/scorecard-action/pull/1399

Full Changelog: ossf/scorecard-action@v2.3.3...v2.4.0

---

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

[puLL-Merge] - ossf/[email protected]

Description

This pull request updates various dependencies and configurations in the scorecard-action repository. The changes primarily involve version upgrades for multiple packages, tools, and GitHub Actions. Additionally, there's a minor adjustment to the License policy score.

Changes

Changes

1. .github/workflows/codeql-analysis.yml:

   • Updated actions/checkout from v4.1.5 to v4.1.7
   • Updated github/codeql-action versions from v3.25.3 to v3.25.13

2. .github/workflows/dependency-review.yml:

   • Updated step-security/harden-runner from v2.7.1 to v2.9.0
   • Updated actions/checkout from v4.1.5 to v4.1.7
   • Updated actions/dependency-review-action from v4.3.2 to v4.3.4

3. .github/workflows/docker-image.yml:

   • Updated actions/checkout from v4.1.5 to v4.1.7

4. .github/workflows/golangci.yml:

   • Updated actions/checkout from v4.1.5 to v4.1.7
   • Updated actions/setup-go from v5.0.1 to v5.0.2
   • Updated golangci/golangci-lint-action from v5.3.0 to v6.0.1

5. .github/workflows/scorecards.yml:

   • Updated actions/checkout from v4.1.5 to v4.1.7
   • Updated actions/upload-artifact from v4.3.3 to v4.3.4
   • Updated github/codeql-action/upload-sarif from v3.25.3 to v3.25.13

6. .github/workflows/tests.yaml:

   • Updated actions/checkout from v4.1.5 to v4.1.7
   • Updated actions/setup-go from v5.0.1 to v5.0.2

7. Dockerfile:

   • Updated golang base image from 1.22.2 to 1.22.5
   • Updated gcr.io/distroless/base image

8. Makefile:

   • Updated version and commit hash for LDFLAGS

9. README.md:

   • Added OpenSSF Scorecard badge

10. action.yaml:

    • Updated scorecard-action image version from v2.3.3 to v2.4.0

11. go.mod and go.sum:

    • Numerous package updates and version changes

12. policies/template.yml:

    • Changed License policy score from 10 to 9

These changes primarily focus on keeping the project up-to-date with the latest versions of dependencies and tools, which can improve security, performance, and compatibility.