Bump ossf/scorecard-action from 1.1.2 to 2.0.3

[dependabot]

Bumps ossf/scorecard-action from 1.1.2 to 2.0.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.0.3

Patch for fix in #898

v2.0.2

Fixes ossf/scorecard-action#895

v2.0.1

Fix for #856

v2.0.0

What's Changed

• 🌱 Prepare for a pre-release of the Golang action by @​azeemshaikh38 in ossf/scorecard-action#750
• 🌱 Bump github/codeql-action from 2.1.12 to 2.1.16 by @​dependabot in ossf/scorecard-action#751
• 🌱 Bump debian from 11.3-slim to 11.4-slim by @​dependabot in ossf/scorecard-action#749
• 🌱 Bump step-security/harden-runner from 1.4.3 to 1.4.4 by @​dependabot in ossf/scorecard-action#646
• 🌱 Bump actions/setup-go from 3.2.0 to 3.2.1 by @​dependabot in ossf/scorecard-action#748
• 🐛 Fix dependency conflicts in go.mod by @​azeemshaikh38 in ossf/scorecard-action#771
• 🌱 Prepare for v2 beta1 release by @​azeemshaikh38 in ossf/scorecard-action#766
• multi-repo-action: Note that tool is a work-in-progress by @​naveensrinivasan in ossf/scorecard-action#776
• 🐛 Fix intermittent failures in CI-Tests by @​azeemshaikh38 in ossf/scorecard-action#778
• 🌱 Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by @​dependabot in ossf/scorecard-action#775
• 🌱 Bump actions/cache from 3.0.4 to 3.0.5 by @​dependabot in ossf/scorecard-action#769
• 📖 Update README about the restrictions for scorecard-action:v2 by @​azeemshaikh38 in ossf/scorecard-action#779
• 🌱 Bump github/codeql-action from 2.1.16 to 2.1.17 by @​dependabot in ossf/scorecard-action#783
• 📖 Update instructions for Scorecard badge to README by @​azeemshaikh38 in ossf/scorecard-action#785
• 🌱 Bump debian from f576b80 to a811e62 by @​dependabot in ossf/scorecard-action#787
• 🌱 Bump github.com/ossf/scorecard/v4 from 4.4.0 to 4.5.0 by @​dependabot in ossf/scorecard-action#786
• 🌱 Bump github/codeql-action from 2.1.17 to 2.1.18 by @​dependabot in ossf/scorecard-action#788
• 🌱 Bump actions/cache from 3.0.5 to 3.0.6 by @​dependabot in ossf/scorecard-action#789
• 🐛 Add request application/json request header by @​azeemshaikh38 in ossf/scorecard-action#791
• Create a new release v2.0.0-alpha.1 by @​azeemshaikh38 in ossf/scorecard-action#803
• 🌱 Bump actions/cache from 3.0.6 to 3.0.7 by @​dependabot in ossf/scorecard-action#807
• Olivekl patch 1 by @​olivekl in ossf/scorecard-action#809
• 🌱 Fix cosign vulnerability by @​naveensrinivasan in ossf/scorecard-action#812
• 🌱 Allow for publish URL override by @​azeemshaikh38 in ossf/scorecard-action#811
• 🌱 Bump github.com/ossf/scorecard/v4 from 4.5.0 to 4.6.0 by @​dependabot in ossf/scorecard-action#820
• 🌱 Bump step-security/harden-runner from 1.4.4 to 1.4.5 by @​dependabot in ossf/scorecard-action#808
• cmd/installer: Cleanups (2/n) by @​justaugustus in ossf/scorecard-action#833
• Update comments to allow for renovatebot updates by @​laurentsimon in ossf/scorecard-action#834
• 🌱 Bump github.com/caarlos0/env/v6 from 6.9.3 to 6.10.0 by @​dependabot in ossf/scorecard-action#839
• 🌱 Update actions/checkout requirement to 2541b1294d2704b0964813337f33b291d3f8596b by @​dependabot in ossf/scorecard-action#835
• 🌱 Bump github.com/sigstore/cosign from 1.11.0 to 1.11.1 by @​dependabot in ossf/scorecard-action#842
• 🌱 Bump github/codeql-action from 2.1.18 to 2.1.21 by @​dependabot in ossf/scorecard-action#844
• 🌱 Bump actions/setup-go from 3.2.1 to 3.3.0 by @​dependabot in ossf/scorecard-action#843
• 🌱 Bump debian from a811e62 to 68c1f6b by @​dependabot in ossf/scorecard-action#840
• Fix workflow path in automatic creation of PR by @​RadoslavGatev in ossf/scorecard-action#845
• 🌱 Bump actions/dependency-review-action from 310e0dd64f63b1d00101ecd3225d605a74261fb7 to 2.1.0 by @​dependabot in ossf/scorecard-action#838
• 🌱 Bump actions/cache from 3.0.7 to 3.0.8 by @​dependabot in ossf/scorecard-action#836
• 📖 Add docs for API by @​azeemshaikh38 in ossf/scorecard-action#849
• 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 by @​dependabot in ossf/scorecard-action#853

... (truncated)

Commits

• 865b409 Create v2.0.3 patch (#927)
• 60f6d77 🌱 Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#855)
• a73c72a bug: always use the default GITHUB_TOKEN for signing (#898)
• 68bf5b3 🐛 Fixes Run all checks on a BranchProtection event - failing tests (#897)
• f437b3c Downgrade to scorecard:v4.5.0 to fix breakage (#894)
• 13ec8c7 🌱 Release v2.0.0 (#854)
• 183420b 🌱 Included License (#852)
• 9347866 🌱 Bump github/codeql-action from 2.1.21 to 2.1.22 (#853)
• d4f9a7a Add docs for API (#849)
• 9b15950 🌱 Bump actions/cache from 3.0.7 to 3.0.8 (#836)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov-commenter]

Codecov Report

Merging #171 (708442c) into master (2b3c92d) will increase coverage by 0.19%.
The diff coverage is n/a.

@@             Coverage Diff              @@
##             master     #171      +/-   ##
============================================
+ Coverage     81.93%   82.12%   +0.19%     
- Complexity      761      763       +2     
============================================
  Files            42       42              
  Lines          3066     3066              
  Branches        309      309              
============================================
+ Hits           2512     2518       +6     
+ Misses          448      444       -4     
+ Partials        106      104       -2     

Impacted Files	Coverage Δ
...g/apache/commons/pool2/impl/GenericObjectPool.java	85.41% <0.00%> (+0.78%)	⬆️
...apache/commons/pool2/impl/DefaultPooledObject.java	87.64% <0.00%> (+3.37%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[garydgregory]

The newer version is not authorized by Apache Infra.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.