🌱 Bump github.com/ossf/scorecard/v5 from 5.4.0 to 5.5.0

[dependabot]

Bumps github.com/ossf/scorecard/v5 from 5.4.0 to 5.5.0.

Release notes

Sourced from github.com/ossf/scorecard/v5's releases.

v5.5.0

What's Changed

General

• The official Scorecard docker images are hosted on GitHub Container Registry starting with v5.5.0. Older releases will be brought over from Google Container/Artifact Registry, before being discontinued.(@​spencerschrock in ossf/scorecard#4885)
• Scorecard will now skip checks that don't apply to the current repo type by @​JamieMagee in ossf/scorecard#5000. If any checks no longer run that previously ran, and you think are supported by the underlying forge please file an issue.

Checks

Branch-Protection

• 🌱 Use rulesets if one exists when classic branch protection rule is inaccessible by @​trask in ossf/scorecard#4853

CII-Best-Practices

• ✨ Support custom CII_Best_Practices_URL via environment variable. by @​kash2104 in ossf/scorecard#4882

Dangerous-Workflow

• 🐛 detect toJSON(github.event) in Dangerous-Workflow check by @​heathdutton in ossf/scorecard#4898

Contributors

• 🐛 Skip CODEOWNERS file in contributors check if there is a parsing error by @​juanis2112 in ossf/scorecard#4851

Dependency-Update-Tool

• ✨ Removing pyup checks by @​colinosullivan-ie in ossf/scorecard#4877

Fuzzing

• ✨ Detect .NET property-based fuzz testing by @​martincostello in ossf/scorecard#4860

Docs

• 📖 Add Security Insights file and update maintainer affiliation by @​justaugustus in ossf/scorecard#4863
• 📖 doc: add CDN design to repository by @​spencerschrock in ossf/scorecard#4932
• 📖 Scorecard v6: OSPS Baseline conformance proposal and 2026 roadmap by @​justaugustus in ossf/scorecard#4952

Other

• 🌱 cron: remove error wrapping workaround by @​alexandear in ossf/scorecard#4864
• 🌱 deps: switch from gopkg.in/yaml.vX to go.yaml.in/yaml/vX by @​scop in ossf/scorecard#4895
• 🌱 ci: use smaller repo for gitlab e2e tests to avoid timeouts by @​spencerschrock in ossf/scorecard#4924
• 🌱 Bump go-github to v82 by @​Kielek in ossf/scorecard#4923
• 🌱 ci: remove all e2e test references to gitlab.com/gitlab-org/gitlab by @​spencerschrock in ossf/scorecard#4927
• 🌱 cron: Add ability to purge cached results from a CDN by @​spencerschrock in ossf/scorecard#4928
• 🌱 cron: enable CDN purging in prod weekly scans by @​spencerschrock in ossf/scorecard#4931
• 🌱 Set OSV User-Agent for scorecard cli and cron workers. by @​kash2104 in ossf/scorecard#4883
• 🌱 Fix PR verifier by replacing deprecated Docker action by @​justaugustus in ossf/scorecard#4972
• 🌱 e2e: add Azure DevOps tests by @​JamieMagee in ossf/scorecard#4993
• 🌱 Fix PR template formatting by @​martincostello in ossf/scorecard#5003
• 🌱 Add Jamie Magee as a maintainer for Azure DevOps by @​JamieMagee in ossf/scorecard#5024

New Contributors

• @​juanis2112 made their first contribution in ossf/scorecard#4851
• @​alexandear made their first contribution in ossf/scorecard#4864
• @​colinosullivan-ie made their first contribution in ossf/scorecard#4877
• @​kash2104 made their first contribution in ossf/scorecard#4882
• @​heathdutton made their first contribution in ossf/scorecard#4898

... (truncated)

Commits

• c395761 🐛 Fix check metadata which skipped some supported checks (#5034)
• 1852490 🌱 Bump the distroless group across 6 directories with 1 update (#5016)
• 5d3ec19 🌱 Bump the golang group across 8 directories with 1 update (#5015)
• be6efba 🌱 Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.18.0 (#5032)
• cf2aef8 🌱 Bump github.com/jackc/pgx/v5 from 5.7.6 to 5.9.2 in /tools (#5031)
• a1d03ef 🌱 Add @​JamieMagee as codeowner for Azure DevOps client (#5024)
• 4b8e9d1 🌱 Bump github.com/sigstore/timestamp-authority/v2 in /tools (#5018)
• 424f70c 🌱 Bump github.com/aws/aws-sdk-go-v2/service/s3 in /tools (#5007)
• 29f186e 🌱 Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 (#5011)
• e8b8afe 🌱 Bump go.opentelemetry.io/otel/sdk in /tools (#5012)
• Additional commits viewable in compare view

[spencerschrock]

also needs to bump the appropriate commit build flag

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 26.51%. Comparing base (ee561a8) to head (3fc8227).
⚠️ Report is 13 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1653      +/-   ##
==========================================
+ Coverage   26.32%   26.51%   +0.18%     
==========================================
  Files          13       13              
  Lines         775      777       +2     
==========================================
+ Hits          204      206       +2     
  Misses        549      549              
  Partials       22       22              

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[Kielek]

@spencerschrock, any chance to finish job on this PR and as a follow up to make a release?
Looking especially for https://github.com/ossf/scorecard/releases/tag/v5.5.0