Bump the dependencies group with 5 updates (#63)

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [denoland/setup-deno](https://github.com/denoland/setup-deno) | `1` |
`2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3`
| `4` |
| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) |
`0.9.0` | `0.9.1` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) |
`2.3.1` | `2.4.3` |

Updates `actions/checkout` from 4 to 6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p>
<h2>v4.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v4.3.1">https://github.com/actions/checkout/compare/v4...v4.3.1</a></p>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a>
Clarify v6 README (<a
href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a>
Add worktree support for persist-credentials includeIf (<a
href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a>
Update all references from v5 and v4 to v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a>
Prepare v5.0.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a>
Update actions checkout to use node 24 (<a
href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v4...v6">compare
view</a></li>
</ul>
</details>
<br />

Updates `denoland/setup-deno` from 1 to 2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/denoland/setup-deno/releases">denoland/setup-deno's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: v2 by <a
href="https://github.com/lucacasonato"><code>@​lucacasonato</code></a>
in <a
href="https://redirect.github.com/denoland/setup-deno/pull/82">denoland/setup-deno#82</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.5.1...v2.0.0">https://github.com/denoland/setup-deno/compare/v1.5.1...v2.0.0</a></p>
<h2>v1.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>refactor: use GitHub downloads for stable version download by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/91">denoland/setup-deno#91</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.5.1...v1.5.2">https://github.com/denoland/setup-deno/compare/v1.5.1...v1.5.2</a></p>
<h2>v1.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: use npm install by <a
href="https://github.com/lucacasonato"><code>@​lucacasonato</code></a>
in <a
href="https://redirect.github.com/denoland/setup-deno/pull/77">denoland/setup-deno#77</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.5.0...v1.5.1">https://github.com/denoland/setup-deno/compare/v1.5.0...v1.5.1</a></p>
<h2>v1.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: allow specifying binary name by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/71">denoland/setup-deno#71</a></li>
<li>feat: support installing rc versions by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/72">denoland/setup-deno#72</a></li>
<li>chore: migrate code to ESM by <a
href="https://github.com/lucacasonato"><code>@​lucacasonato</code></a>
in <a
href="https://redirect.github.com/denoland/setup-deno/pull/73">denoland/setup-deno#73</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.4.1...v1.5.0">https://github.com/denoland/setup-deno/compare/v1.4.1...v1.5.0</a></p>
<h2>1.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: update readme</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/1.4.0...v1.4.1">https://github.com/denoland/setup-deno/compare/1.4.0...v1.4.1</a></p>
<h2>1.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: use dl.deno.land for downloading binaries by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/67">denoland/setup-deno#67</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.3.0...1.4.0">https://github.com/denoland/setup-deno/compare/v1.3.0...1.4.0</a></p>
<h2>v1.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add &quot;latest&quot; as possible version by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/65">denoland/setup-deno#65</a></li>
<li>1.3.0 by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/66">denoland/setup-deno#66</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.2.0...v1.3.0">https://github.com/denoland/setup-deno/compare/v1.2.0...v1.3.0</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/denoland/setup-deno/commit/e95548e56dfa95d4e1a28d6f422fafe75c4c26fb"><code>e95548e</code></a>
2.0.3 (<a
href="https://redirect.github.com/denoland/setup-deno/issues/102">#102</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/8273ddd773c0c6d98f36a2090d9a7ee53dbf3fab"><code>8273ddd</code></a>
fix: switch back to package.json as it's necessary for GH actions (<a
href="https://redirect.github.com/denoland/setup-deno/issues/101">#101</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/609c0055983975d562c8554cc38ee754969f9287"><code>609c005</code></a>
feat: include a hash of deno.lock files in the cache key automatically
(<a
href="https://redirect.github.com/denoland/setup-deno/issues/98">#98</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/aa0fea114b8b900f9aee1f5c4558935c601c17ee"><code>aa0fea1</code></a>
feat: add built-in caching via inputs (<a
href="https://redirect.github.com/denoland/setup-deno/issues/89">#89</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/db3496c46ad1f318f963e2c1f2cce55efe67a327"><code>db3496c</code></a>
feat: add &quot;lts&quot; version option (<a
href="https://redirect.github.com/denoland/setup-deno/issues/97">#97</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/d74ee56ed6e07882f5322d77f64db3751d77bf02"><code>d74ee56</code></a>
refactor: convert action to TS and bundle code (<a
href="https://redirect.github.com/denoland/setup-deno/issues/95">#95</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/909cc5acb0fdd60627fb858598759246509fa755"><code>909cc5a</code></a>
2.0.2 (<a
href="https://redirect.github.com/denoland/setup-deno/issues/92">#92</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/003ac2662742b27a6a44b8d1fe4feef6e34287ad"><code>003ac26</code></a>
refactor: use GitHub downloads for stable version download (<a
href="https://redirect.github.com/denoland/setup-deno/issues/91">#91</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/7c6ecb3883604199b7f8ee31d257d6947a6e1be2"><code>7c6ecb3</code></a>
feat: add problem matchers for <code>deno lint</code> (<a
href="https://redirect.github.com/denoland/setup-deno/issues/62">#62</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/01524fade784327df1a5ad1ead94235d392cd443"><code>01524fa</code></a>
2.0.1 (<a
href="https://redirect.github.com/denoland/setup-deno/issues/86">#86</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/denoland/setup-deno/compare/v1.0.0...v2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3 to 4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.31.9</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.9 - 16 Dec 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.9/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.8</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.8/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.7/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.6/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.5 - 24 Nov 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/7e0b77e3a82119a2eac644853e3d5a57f566502a"><code>7e0b77e</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3349">#3349</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/0264b51610e7835f9fdbfa53ce2dc4d9a4244409"><code>0264b51</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3348">#3348</a>
from github/dependabot/npm_and_yarn/npm-minor-38a2a7...</li>
<li><a
href="https://github.com/github/codeql-action/commit/2ac846d41e37a39ad8b454fd2cfcfa597a78e043"><code>2ac846d</code></a>
Merge branch 'main' into
dependabot/npm_and_yarn/npm-minor-38a2a793c5</li>
<li><a
href="https://github.com/github/codeql-action/commit/5d063dd3af0174d26fa690565f785387ceae2541"><code>5d063dd</code></a>
Populate database upload results telemetry</li>
<li><a
href="https://github.com/github/codeql-action/commit/8e921c3145ddd6334d70b4894c12182936eb3dbf"><code>8e921c3</code></a>
Return status report from <code>cleanupAndUploadDatabases</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/4b675e451b3779918647db783e324bd9fd7f3932"><code>4b675e4</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3356">#3356</a>
from github/mergeback/v4.31.8-to-main-1b168cd3</li>
<li>See full diff in <a
href="https://github.com/github/codeql-action/compare/v3...v4">compare
view</a></li>
</ul>
</details>
<br />

Updates `webfactory/ssh-agent` from 0.9.0 to 0.9.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/webfactory/ssh-agent/releases">webfactory/ssh-agent's
releases</a>.</em></p>
<blockquote>
<h2>v0.9.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Acknowledge custom command inputs in cleanup.js by <a
href="https://github.com/janopae"><code>@​janopae</code></a> in <a
href="https://redirect.github.com/webfactory/ssh-agent/pull/235">webfactory/ssh-agent#235</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/janopae"><code>@​janopae</code></a> made
their first contribution in <a
href="https://redirect.github.com/webfactory/ssh-agent/pull/235">webfactory/ssh-agent#235</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1">https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md">webfactory/ssh-agent's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>,
and this project adheres to <a
href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2>[Unreleased]</h2>
<h2>v0.9.1 [2024-03-17]</h2>
<h3>Fixed</h3>
<ul>
<li>Fix path used to execute ssh-agent in cleanup.js to respect custom
paths set by input (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/235">#235</a>)</li>
</ul>
<h2>v0.9.0 [2024-02-06]</h2>
<h3>Changed</h3>
<ul>
<li>Update all versions of <code>actions/checkout</code> to v4 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/199">#199</a>)</li>
<li>Update to Node 20 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/201">#201</a>)</li>
</ul>
<h2>v0.8.0 [2023-03-24]</h2>
<h3>Changed</h3>
<ul>
<li>No longer writing GitHub's SSH host keys to <code>known_hosts</code>
(<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/171">#171</a>)</li>
<li>Update to actions/checkout@v3 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/143">#143</a>)</li>
<li>Allow the user to override the commands for git, ssh-agent, and
ssh-add (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/154">#154</a>)</li>
</ul>
<h2>v0.7.0 [2022-10-19]</h2>
<h3>Added</h3>
<ul>
<li>Add the <code>log-public-key</code> input that can be used to turn
off logging key identities (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/122">#122</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix path to <code>git</code> binary on Windows, assuming
GitHub-hosted runners (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/136">#136</a>,
<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/137">#137</a>)</li>
<li>Fix a nonsensical log message (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/139">#139</a>)</li>
</ul>
<h2>v0.6.0 [2022-10-19]</h2>
<h3>Changed</h3>
<ul>
<li>Update the version of Node used by the action from 12 to 16 (<a
href="https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/">https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/</a>).</li>
</ul>
<h2>v0.5.4 [2021-11-21]</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd"><code>a6f90b1</code></a>
Release v0.9.1</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e"><code>72c0bfd</code></a>
Improve documentation on why we use os.userInfo()</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4"><code>e3f1a8e</code></a>
Acknowledge custom command inputs in cleanup.js (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/235">#235</a>)</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7"><code>b504c19</code></a>
Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...a6f90b1f127823b31d4d4a8d96047790581349bd">compare
view</a></li>
</ul>
</details>
<br />

Updates `ossf/scorecard-action` from 2.3.1 to 2.4.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.3</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.3.0 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.3.0">Scorecard
v5.3.0 release notes</a>.</p>
<h2>Documentation</h2>
<ul>
<li>docs: clarify <code>GITHUB_TOKEN</code> permissions needed for
private repos by <a
href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li>:book: Fix recommended command to test the image in development by
<a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1583">ossf/scorecard-action#1583</a></li>
</ul>
<h2>Other</h2>
<ul>
<li>add missing top-level token permissions to workflows by <a
href="https://github.com/timothyklee"><code>@​timothyklee</code></a> in
<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li>setup codeowners for requesting reviews by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1576">ossf/scorecard-action#1576</a></li>
<li>:seedling: Improve printing options by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/timothyklee"><code>@​timothyklee</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li><a
href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li><a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3">https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3</a></p>
<h2>v2.4.2</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.2.1 release. For a
complete list of changes, please refer to the Scorecard <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.0">v5.2.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.1">v5.2.1</a>
release notes.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2">https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p>
<h2>v2.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>This update bumps the Scorecard version to the v5.1.1 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.0">v5.1.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.1">v5.1.1</a>
release notes.</li>
<li>Publishing results now uses half the API quota as before. The exact
savings depends on the repository in question.
<ul>
<li>use Scorecard library entrypoint instead of Cobra hooking by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1423">ossf/scorecard-action#1423</a></li>
</ul>
</li>
<li>Some errors were made into annotations to make them more visible
<ul>
<li>Make default branch error more prominent by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a></li>
</ul>
</li>
<li>There is now an optional <code>file_mode</code> input which controls
how repository files are fetched from GitHub. The default is
<code>archive</code>, but <code>git</code> produces the most accurate
results for repositories with <code>.gitattributes</code> files at the
cost of analysis speed.
<ul>
<li>add input for specifying <code>--file-mode</code> by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1509">ossf/scorecard-action#1509</a></li>
</ul>
</li>
<li>The underlying container for the action is now <a
href="https://github.com/ossf/scorecard-action/pkgs/container/scorecard-action">hosted
on GitHub Container Registry</a>. There should be no functional changes.
<ul>
<li>:seedling: publish docker images to GitHub Container Registry by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1453">ossf/scorecard-action#1453</a></li>
</ul>
</li>
</ul>
<h3>Docs</h3>
<ul>
<li>Installation docs update by <a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1">https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1</a></li>
</ul>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a"><code>4eaacf0</code></a>
bump docker to ghcr v2.4.3 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1587">#1587</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a"><code>42e3a01</code></a>
:seedling: Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1585">#1585</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15"><code>88c07ac</code></a>
:seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1579">#1579</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128"><code>6c690f2</code></a>
Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1586">#1586</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd"><code>92083b5</code></a>
:book: Fix recommended command to test the image in development (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1583">#1583</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9"><code>7975ea6</code></a>
:seedling: Bump the docker-images group across 1 directory with 2
updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf"><code>0d1a743</code></a>
:seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1575">#1575</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7"><code>46e6e0c</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1580">#1580</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d"><code>c3f1350</code></a>
:seedling: Improve printing options (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1584">#1584</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a"><code>43e475b</code></a>
:seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1578">#1578</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.4.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/codeql.yml

@@ -26,15 +26,15 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1
+        uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.28.1
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.28.1
+        uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v3.28.1
         with:
           category: "/language:${{ matrix.language }}"

.github/workflows/guix-nix-policy.yml

@@ -4,7 +4,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Enforce Guix primary / Nix fallback
         run: |
           # Check for package manager files

.github/workflows/language-policy.yml

@@ -4,7 +4,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Enforce language policies
         run: |
           # Block new Python files (except SaltStack)

.github/workflows/mirror.yml

@@ -19,12 +19,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
       - name: Setup SSH
-        uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }}
 
@@ -49,12 +49,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
       - name: Setup SSH
-        uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }}
 

.github/workflows/quality.yml

@@ -5,7 +5,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check file permissions
         run: |
@@ -35,7 +35,7 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Check documentation
         run: |
           MISSING=""

.github/workflows/rescript-deno-ci.yml

@@ -5,8 +5,8 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: denoland/setup-deno@v1
+      - uses: actions/checkout@v6
+      - uses: denoland/setup-deno@v2
         with:
           deno-version: v1.x
 
@@ -32,8 +32,8 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: denoland/setup-deno@v1
+      - uses: actions/checkout@v6
+      - uses: denoland/setup-deno@v2
       - name: Check permissions
         run: |
           # Audit for dangerous permissions

.github/workflows/scorecard.yml

@@ -14,17 +14,17 @@ jobs:
       security-events: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           persist-credentials: false
 
       - name: Run Scorecard
-        uses: ossf/scorecard-action@v2.3.1
+        uses: ossf/scorecard-action@v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
 
       - name: Upload results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif

.github/workflows/security-policy.yml

@@ -4,7 +4,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Security checks
         run: |
           FAILED=false

.github/workflows/wellknown-enforcement.yml

@@ -17,7 +17,7 @@ jobs:
   validate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: RFC 9116 security.txt validation
         run: |

.github/workflows/workflow-linter.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Check SPDX Headers
         run: |
@@ -72,7 +72,7 @@ jobs:
             echo "$unpinned"
             echo ""
             echo "Replace version tags with SHA pins, e.g.:"
-            echo "  uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1"
+            echo "  uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v4.1.1"
             exit 1
           fi
           echo "All actions are SHA-pinned"