Bump ossf/scorecard-action from 2.0.6 to 2.1.0 (#53)

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action)
from 2.0.6 to 2.1.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.1.0</h2>
<h2>What's Changed</h2>
<h3>Scorecard version</h3>
<p>This release uses <a
href="https://github.com/ossf/scorecard/releases/tag/v4.10.0">scorecard
v4.10.0</a>.</p>
<h3>Improvements</h3>
<ul>
<li>Docker build workflow by <a
href="https://github.com/naveensrinivasan"><code>@​naveensrinivasan</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/981">ossf/scorecard-action#981</a></li>
<li>Use root user in distroless to support GitHub Actions by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/994">ossf/scorecard-action#994</a></li>
<li>Disable pull_request_target by <a
href="https://github.com/laurentsimon"><code>@​laurentsimon</code></a>
in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1031">ossf/scorecard-action#1031</a></li>
</ul>
<h3>Documentation</h3>
<ul>
<li>Add PAT section explaining risks by <a
href="https://github.com/olivekl"><code>@​olivekl</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1024">ossf/scorecard-action#1024</a></li>
<li>Make the badge text easier to copy by <a
href="https://github.com/rajbos"><code>@​rajbos</code></a> in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/joycebrum"><code>@​joycebrum</code></a>
made their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/984">ossf/scorecard-action#984</a></li>
<li><a href="https://github.com/rajbos"><code>@​rajbos</code></a> made
their first contribution in <a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/pull/1026">ossf/scorecard-action#1026</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0">https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/937ffa90d79c7d720498178154ad4c7ba1e4ad8c"><code>937ffa9</code></a>
Minor release v2.1.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1040">#1040</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/a42a0805d0e4304ee4c7c212dfbe26772777223b"><code>a42a080</code></a>
Create scorecards.yml (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1041">#1041</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/cf93e24efb76f6ebfa331ce9fb93f8dbc8bb1f78"><code>cf93e24</code></a>
:seedling: Bump github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1039">#1039</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/b2f0d4ed0554bbca06657a42557173b5e03e8558"><code>b2f0d4e</code></a>
:seedling: Bump golang from <code>04f76f9</code> to <code>54184d6</code>
(<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1038">#1038</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/bff7712ee497efb0d73397512a3ade98664a7772"><code>bff7712</code></a>
:seedling: Bump actions/checkout from 3.1.0 to 3.2.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1035">#1035</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/cd50e39e8ab523db25ce263bb28734aa64ea9622"><code>cd50e39</code></a>
:seedling: Bump github/codeql-action from 2.1.35 to 2.1.36 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1036">#1036</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/420fff2430efabf8e215ab219e0efb528410d598"><code>420fff2</code></a>
update (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1031">#1031</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/8d8c1ecfc2c011a4e6b2ea1d0cceca7ded041b92"><code>8d8c1ec</code></a>
:seedling: Bump golang.org/x/net from 0.2.0 to 0.4.0 (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1033">#1033</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/c694c355bcd6661db2153dc37269df85b330f59f"><code>c694c35</code></a>
feat: update logging (<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1032">#1032</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/f27f8fe3e797639e43d28e4b358386e07066ffe2"><code>f27f8fe</code></a>
:seedling: Bump golang from <code>84ac6d8</code> to <code>04f76f9</code>
(<a
href="https://github-redirect.dependabot.com/ossf/scorecard-action/issues/1029">#1029</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/99c53751e09b9529366343771cc321ec74e9bd3d...937ffa90d79c7d720498178154ad4c7ba1e4ad8c">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ossf/scorecard-action&package-manager=github_actions&previous-version=2.0.6&new-version=2.1.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Monty Bot <[email protected]>

Author: dependabot[bot]

.github/workflows/scorecards.yml

@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+        uses: ossf/scorecard-action@937ffa90d79c7d720498178154ad4c7ba1e4ad8c # v2.1.0
         with:
           results_file: results.sarif
           results_format: sarif

news/20221215071255.bugfix

@@ -0,0 +1 @@
+Dependency upgrade: scorecard-action-2.1.0