BUG: False positive vulnerablity reported for rust project

[weiznich]

Describe the bug
A clear and concise description of what the bug is.

Reproduction steps
Steps to reproduce the behavior:

1. podman run -e GITHUB_AUTH_TOKEN=your-token -it --rm gcr.io/openssf/scorecard:stable --repo=https://github.com/diesel-rs/diesel --show-details
2. See that it reports the project beeing vulnerable to RUSTSEC-2025-0119
3. Checkout diesels and obverse that the number_prefix is no dependency of the project (can be checked via cargo tree -p number_prefix -i)
4. (The linked advisory is informal and only reports a not maintained dependency not a vulnerability)

Expected behavior
A clear and concise description of what you expected to happen.

No false positives for reported vulnerabilities and possibly more details on how it believes that a certain vulnerability is present.

Additional context
Add any other context about the problem here.

[spencerschrock]

We are in the middle of updating our Docker documentation (#4885) , but the container you're using is out of date and there isn't an issue at HEAD.

podman run -e GITHUB_AUTH_TOKEN=$GITHUB_AUTH_TOKEN -it --rm ghcr.io/ossf/scorecard/v5:v5.4.0 --repo=https://github.com/diesel-rs/diesel --show-details --checks Vulnerabilities

Starting (https://github.com/diesel-rs/diesel) [Vulnerabilities]
Finished (https://github.com/diesel-rs/diesel) [Vulnerabilities]

RESULTS
-------
Aggregate score: 10.0 / 10

Check scores:
|---------|-----------------|-------------------------------------|----------------------------------------------------------------------------------------------------------------|-----------------------------|
|  SCORE  |      NAME       |               REASON                |                                                    DETAILS                                                     | DOCUMENTATION / REMEDIATION |
|---------|-----------------|-------------------------------------|----------------------------------------------------------------------------------------------------------------|-----------------------------|
| 10 / 10 | Vulnerabilities | 0 existing vulnerabilities detected | https://github.com/ossf/scorecard/blob/80ee3ecfedf8b19ab8991713a9fdb2e7dcd7262e/docs/checks.md#vulnerabilities |                             |
|---------|-----------------|-------------------------------------|----------------------------------------------------------------------------------------------------------------|-----------------------------|

But if #4885 merges, then the equivalent image would be ghcr.io/ossf/scorecard:latest