build(deps): bump ossf/scorecard-action from 2.4.2 to 2.4.3

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.2 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](05b42c6244...4eaacf0543)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/enforce-license-compliance.yml

@@ -0,0 +1,14 @@
+name: Enforce License Compliance
+
+on:
+  pull_request:
+    branches: [main]
+
+jobs:
+  enforce-license-compliance:
+    runs-on: ubuntu-latest
+    steps:
+      - name: 'Enforce License Compliance'
+        uses: getsentry/action-enforce-license-compliance@57ba820387a1a9315a46115ee276b2968da51f3d # main
+        with:
+          fossa_api_key: ${{ secrets.FOSSA_API_KEY }}

.github/workflows/scorecards-analysis.yml

@@ -30,7 +30,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+        uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif

CHANGELOG.md

@@ -1,11 +1,3 @@
-## v5.5.2
-
-### What's Changed
-
-
-**Full Changelog**: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2
-
-
 ## v5.5.1
 
 ### What's Changed

Makefile

@@ -1,7 +1,7 @@
 deploy:
 	$(eval VERSION := $(shell cat src/version))
-	git tag -d v7
-	git push origin :v7
-	git tag v7
+	git tag -d v5
+	git push origin :v5
+	git tag v5
 	git tag v$(VERSION) -s -m ""
 	git push origin --tags

README.md

@@ -6,14 +6,6 @@
 
 ### Easily upload coverage reports to Codecov from GitHub Actions
 
-## v7 Release
-
-`v7` of the Codecov GitHub Action bumps the [Codecov Wrapper](https://github.com/codecov/wrapper) submodule, which now fetches the Codecov Uploader PGP verification key from the `codecovsecops` Keybase account.
-
-## v6 Release
-
-`v6` of the Codecov GitHub Action support node24
-
 ## v5 Release
 
 `v5` of the Codecov GitHub Action will use the [Codecov Wrapper](https://github.com/codecov/wrapper) to encapsulate the [CLI](https://github.com/codecov/codecov-cli). This will help ensure that the Action gets updates quicker.
@@ -148,7 +140,7 @@ Codecov's Action supports inputs from the user. These inputs, along with their d
 | `env_vars` | Environment variables to tag the upload with (e.g. PYTHON \| OS,PYTHON) | Optional
 | `exclude` | Comma-separated list of folders to exclude from search. | Optional
 | `fail_ci_if_error` | On error, exit with non-zero code | Optional
-| `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable_search" to disable uploading other files. | Optional
+| `files` | Comma-separated explicit list of files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using "disable-search" to disable uploading other files. | Optional
 | `flags` | Comma-separated list of flags to upload to group coverage metrics. | Optional
 | `force` | Only used for empty-upload run command | Optional
 | `git_service` | Override the git_service (e.g. github_enterprise) | Optional

action.yml

@@ -50,7 +50,7 @@ inputs:
     required: false
     default: 'false'
   files:
-    description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable_search to disable uploading other files.'
+    description: 'Comma-separated list of explicit files to upload. These will be added to the coverage files found for upload. If you wish to only upload the specified files, please consider using disable-search to disable uploading other files.'
     required: false
   flags:
     description: 'Comma-separated list of flags to upload to group coverage metrics.'
@@ -177,25 +177,16 @@ runs:
   steps:
     - name: Check system dependencies
       shell: sh
-      env:
-        INPUT_SKIP_VALIDATION: ${{ inputs.skip_validation }}
       run: |
         missing_deps=""
 
-        # Check for always-required commands
-        for cmd in bash git curl; do
+        # Check for required commands
+        for cmd in bash git curl gpg; do
           if ! command -v "$cmd" >/dev/null 2>&1; then
             missing_deps="$missing_deps $cmd"
           fi
         done
 
-        # Check for gpg only if validation is not being skipped
-        if [ "$INPUT_SKIP_VALIDATION" != "true" ]; then
-          if ! command -v gpg >/dev/null 2>&1; then
-            missing_deps="$missing_deps gpg"
-          fi
-        fi
-
         # Report missing required dependencies
         if [ -n "$missing_deps" ]; then
           echo "Error: The following required dependencies are missing:$missing_deps"
@@ -232,7 +223,7 @@ runs:
         GITHUB_REPOSITORY: ${{ github.repository }}
 
     - name: Get OIDC token
-      uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
       id: oidc
       with:
         script: |
@@ -247,27 +238,24 @@ runs:
     - name: Get and set token
       shell: bash
       run: |
-        if [ "$INPUT_USE_OIDC" == 'true' ] && [ "$CC_FORK" != 'true' ];
+        if [ "${{ inputs.use_oidc }}" == 'true' ] && [ "$CC_FORK" != 'true' ];
         then
           echo "CC_TOKEN=$CC_OIDC_TOKEN" >> "$GITHUB_ENV"
-        elif [ -n "$INPUT_CODECOV_TOKEN" ];
+        elif [ -n "${{ env.CODECOV_TOKEN }}" ];
         then
           echo -e "\033[0;32m==>\033[0m Token set from env"
-            echo "CC_TOKEN=$INPUT_CODECOV_TOKEN" >> "$GITHUB_ENV"
+            echo "CC_TOKEN=${{ env.CODECOV_TOKEN }}" >> "$GITHUB_ENV"
         else
-          if [ -n "$INPUT_TOKEN" ];
+          if [ -n "${{ inputs.token }}" ];
           then
             echo -e "\033[0;32m==>\033[0m Token set from input"
-            CC_TOKEN=$(echo "$INPUT_TOKEN" | tr -d '\n')
+            CC_TOKEN=$(echo "${{ inputs.token }}" | tr -d '\n')
             echo "CC_TOKEN=$CC_TOKEN" >> "$GITHUB_ENV"
           fi
         fi
       env:
         CC_OIDC_TOKEN: ${{ steps.oidc.outputs.result }}
         CC_OIDC_AUDIENCE: ${{ inputs.url || 'https://codecov.io' }}
-        INPUT_USE_OIDC: ${{ inputs.use_oidc }}
-        INPUT_TOKEN: ${{ inputs.token }}
-        INPUT_CODECOV_TOKEN: ${{ env.CODECOV_TOKEN }}
 
     - name: Override branch for forks
       shell: bash

dist/codecov.sh

@@ -37,7 +37,7 @@ g="\033[0;32m"  # info/debug
 r="\033[0;31m"  # errors
 x="\033[0m"
 retry="--retry 5 --retry-delay 2"
-CC_WRAPPER_VERSION="0.2.9"
+CC_WRAPPER_VERSION="0.2.7"
 CC_VERSION="${CC_VERSION:-latest}"
 CC_FAIL_ON_ERROR="${CC_FAIL_ON_ERROR:-false}"
 CC_RUN_CMD="${CC_RUN_CMD:-upload-coverage}"
@@ -69,13 +69,7 @@ then
     exit_if_error "Could not install via pypi."
     exit
   fi
-  if [[ "$CC_CLI_TYPE" == "codecov-cli" ]]; then
-    CC_COMMAND="codecovcli"
-  elif [[ "$CC_CLI_TYPE" == "sentry-prevent-cli" ]]; then
-    CC_COMMAND="sentry-prevent-cli"
-  else
-    CC_COMMAND="${CC_CLI_TYPE}"
-  fi
+  CC_COMMAND="${CC_CLI_TYPE}"
 else
   if [ -n "$CC_OS" ];
   then
@@ -116,7 +110,7 @@ then
     chmod +x "$CC_COMMAND"
   fi
 else
-  echo "$(curl -s https://keybase.io/codecovsecops/pgp_keys.asc)" | \
+  echo "$(curl -s https://keybase.io/codecovsecurity/pgp_keys.asc)" | \
     gpg --no-default-keyring --import
   # One-time step
   say "$g==>$x Verifying GPG signature integrity"

src/version

@@ -1 +1 @@
-7.0.0
+5.5.1