Bump github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.2

[dependabot]

Bumps github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.2.

Release notes

Sourced from github.com/ossf/scorecard/v4's releases.

v4.10.2

What's Changed

Bug fixes

• 🐛 Remove unnecessary Printf by @​lucacome in ossf/scorecard#2557

New Contributors

• @​lucacome made their first contribution in ossf/scorecard#2557

Full Changelog: ossf/scorecard@v4.10.1...v4.10.2

v4.10.1

Changelog

• 6c5d964 🐛 Fix broken go mod download check (#2550)
• a71b47e ✨ Add support for RequiresLastPushReview in Branch Protection for GitHub (#2492)
• 746b6e9 🐛 Ensure CODEOWNERS file exists for corresponding Branch-Protection check (#2463)

Thanks for all contributors!

v4.10.0

What's Changed

Check improvements

• ✨ Removed job-level permissions check for actions and packages by @​eddie-knight in ossf/scorecard#2367
• ✨ Add Sonatype Lift as a dependency update tool, doc upgrade by @​theresa-m in ossf/scorecard#2328
• ⚠️ OSV scanner integration by @​another-rex in ossf/scorecard#2509

Cron improvements

• 🌱 Add soft mem limit to controller k8s spec by @​spencerschrock in ossf/scorecard#2362
• 🌱 cron: generalize and expose worker (6/n) by @​spencerschrock in ossf/scorecard#2317
• 🐛 Fix typo which prevented cron metadata from going to BigQuery dataset by @​spencerschrock in ossf/scorecard#2370
• 🌱 [cron] generalize some of the transfer logic so it is easy to build new transfer agents by @​calebbrown in ossf/scorecard#2454

CLI

• ✨ Commit depth feature by @​latortuga71 in ossf/scorecard#2407

Documentation

• 📖 Use scorecard (singular) consistently by @​lehors in ossf/scorecard#2428
• 📖 Use new project name in Copyright notices by @​lehors in ossf/scorecard#2505
• 📖 Fix copyright notices by @​lehors in ossf/scorecard#2514
• 📖 Mention 2FA relevance although not checked by Scorecard by @​joycebrum in ossf/scorecard#2528
• 📖 Clarify CII-Best-Practices score for each badge by @​hugovk in ossf/scorecard#2313

BinAuthZ support (WIP)

• ✨ CLI for scorecard-attestor by @​raghavkaul in ossf/scorecard#2309
• 🌱 Add Pinned-Dependency, Vulnerability, and Code-Review checks to attestor by @​raghavkaul in
• 🌱 attestor: Dockerize + small improvements for Cloud Build usage by @​raghavkaul in ossf/scorecard#2456
• 🌱 attestor: e2e tests by @​raghavkaul in ossf/scorecard#2529

GitLab support (WIP)

• ✨ Gitlab support by @​N8BWert ossf/scorecard#2265

... (truncated)

Commits

• 376f465 🌱 Bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#2551)
• 9efd21d 🌱 Bump ossf/scorecard-action from 2.0.6 to 2.1.1 (#2553)
• 9e6870c Remove unnecessary Printf (#2557)
• 6c5d964 🐛 Fix broken go mod download check (#2550)
• a71b47e ✨ Add support for RequiresLastPushReview in Branch Protection for GitHub (#2492)
• 746b6e9 🐛 Ensure CODEOWNERS file exists for corresponding Branch-Protection check (#2...
• 93ef087 update (#2541)
• 20cc4ee 🌱 Bump actions/checkout from 3.1.0 to 3.2.0 (#2537)
• f983480 ⚠️ OSV scanner integration (#2509)
• 7206a2b 🌱 attestor: e2e tests (#2529)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)