[Armbian build PR] - Bump ossf/scorecard-action from 2.0.6 to 2.1.0

[RSS Bot]

Bumps ossf/scorecard-action from 2.0.6 to 2.1.0.

Release notes

Sourced from ossf/scorecard-action's releases.

v2.1.0

What's Changed

Scorecard version

This release uses scorecard v4.10.0.

Improvements

• Docker build workflow by @​naveensrinivasan in ossf/scorecard-action#981
• Use root user in distroless to support GitHub Actions by @​spencerschrock in ossf/scorecard-action#994
• Disable pull_request_target by @​laurentsimon in ossf/scorecard-action#1031

Documentation

• Add PAT section explaining risks by @​olivekl in ossf/scorecard-action#1024
• Make the badge text easier to copy by @​rajbos in ossf/scorecard-action#1026

New Contributors

• @​joycebrum made their first contribution in ossf/scorecard-action#984
• @​rajbos made their first contribution in ossf/scorecard-action#1026

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.0.6...v2.1.0

Commits

• 937ffa9 Minor release v2.1.0 (#1040)
• a42a080 Create scorecards.yml (#1041)
• cf93e24 :seedling: Bump github.com/ossf/scorecard/v4 from 4.8.0 to 4.10.0 (#1039)
• b2f0d4e :seedling: Bump golang from 04f76f9 to 54184d6 (#1038)
• bff7712 :seedling: Bump actions/checkout from 3.1.0 to 3.2.0 (#1035)
• cd50e39 :seedling: Bump github/codeql-action from 2.1.35 to 2.1.36 (#1036)
• 420fff2 update (#1031)
• 8d8c1ec :seedling: Bump golang.org/x/net from 0.2.0 to 0.4.0 (#1033)
• c694c35 feat: update logging (#1032)
• f27f8fe :seedling: Bump golang from 84ac6d8 to 04f76f9 (#1029)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

View the full article