Bump ossf/scorecard-action from 2.3.1 to 2.3.3

[dependabot]

Bumps ossf/scorecard-action from 2.3.1 to 2.3.3.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.3.3

[!NOTE]
There is no v2.3.2 release as a step was skipped in the release process. This was fixed and re-released under the v2.3.3 tag

What's Changed

• 🌱 Bump github.com/ossf/scorecard/v4 (v4.13.1) to github.com/ossf/scorecard/v5 (v5.0.0-rc1) by @​spencerschrock in ossf/scorecard-action#1366
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 by @​spencerschrock in ossf/scorecard-action#1374
• 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0.20240509182734-7ce860946928 by @​spencerschrock in ossf/scorecard-action#1377

For a full changelist of what these include, see the v5.0.0-rc1 and v5.0.0-rc2 release notes.

Documentation

• 📖 Move token discussion out of main README. by @​spencerschrock in ossf/scorecard-action#1279
• 📖 link to ossf/scorecard workflow instead of maintaining an example by @​spencerschrock in ossf/scorecard-action#1352
• 📖 update api links to new scorecard.dev site by @​spencerschrock in ossf/scorecard-action#1376

Full Changelog: ossf/scorecard-action@v2.3.1...v2.3.3

Commits

• dc50aa9 🌱 Bump docker tag for v2.3.3 release (#1368)
• 8ff5700 🌱 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0-rc2.0....
• 8ba5e73 update api links to new scorecard.dev site (#1376)
• 92ddde3 Bump github.com/ossf/scorecard/v5 from v5.0.0-rc1 to v5.0.0-rc2 (#1374)
• 6c55905 🌱 Bump golang.org/x/net from 0.24.0 to 0.25.0 (#1373)
• 09bb953 🌱 Bump distroless/base in the docker-images group (#1372)
• 1511e13 🌱 Bump the github-actions group across 1 directory with 6 updates (#...
• df66cd8 🌱 Bump the docker-images group with 2 updates (#1370)
• fad9a3c 🌱 Bump distroless/base in the docker-images group (#1364)
• 1e01a30 🌱 Bump the github-actions group with 3 updates (#1365)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Dependabot tried to add @keyonghan, @yusuf-goog and @ricardoamador as reviewers to this PR, but received the following error from GitHub:

POST https://api.github.com/repos/flutter/packages/pulls/6709/requested_reviewers: 422 - Reviews may only be requested from collaborators. One or more of the users or teams you specified is not a collaborator of the flutter/packages repository. // See: https://docs.github.com/rest/pulls/review-requests#request-reviewers-for-a-pull-request