✨ Migrate to v4

.golangci.yml

@@ -152,4 +152,4 @@ linters-settings:
       - unnecessaryBlock
   wrapcheck:
     ignorePackageGlobs:
-      - github.com/ossf/scorecard/v3/checks/fileparser
+      - github.com/ossf/scorecard/v4/checks/fileparser

Makefile

@@ -98,7 +98,7 @@ build-cron: build-controller build-worker build-cii-worker \
 	build-shuffler build-bq-transfer build-github-server \
 	build-webhook build-add-script build-validate-script build-update-script
 
-build-targets = generate-mocks generate-docs build-proto build-scorecard build-releaser build-cron ko-build-everything dockerbuild
+build-targets = generate-mocks generate-docs build-proto build-scorecard build-cron ko-build-everything dockerbuild
 .PHONY: build $(build-targets)
 build: ## Build all binaries and images in the repo.
 build: $(build-targets)
@@ -202,43 +202,43 @@ scorecard-ko:
 	ko publish -B \
 			   --push=false \
 			   --platform=$(PLATFORM)\
-			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v3
+			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v4
 cron-controller-ko:
 	KO_DATA_DATE_EPOCH=$(SOURCE_DATE_EPOCH) KO_DOCKER_REPO=${KO_PREFIX}/$(IMAGE_NAME)-batch-controller LDFLAGS="$(LDFLAGS)" \
 	ko publish -B \
 			   --push=false \
 			   --platform=$(PLATFORM)\
-			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v3/cron/controller
+			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v4/cron/controller
 cron-worker-ko:
 	KO_DATA_DATE_EPOCH=$(SOURCE_DATE_EPOCH) KO_DOCKER_REPO=${KO_PREFIX}/$(IMAGE_NAME)-batch-worker LDFLAGS="$(LDFLAGS)" \
 	ko publish -B \
 			   --push=false \
 			   --platform=$(PLATFORM)\
-			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v3/cron/worker
+			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v4/cron/worker
 cron-cii-worker-ko:
 	KO_DATA_DATE_EPOCH=$(SOURCE_DATE_EPOCH) KO_DOCKER_REPO=${KO_PREFIX}/$(IMAGE_NAME)-cii-worker LDFLAGS="$(LDFLAGS)" \
 	ko publish -B \
 			   --push=false \
 			   --platform=$(PLATFORM)\
-			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v3/cron/cii
+			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v4/cron/cii
 cron-bq-transfer-ko:
 	KO_DATA_DATE_EPOCH=$(SOURCE_DATE_EPOCH) KO_DOCKER_REPO=${KO_PREFIX}/$(IMAGE_NAME)-bq-transfer LDFLAGS="$(LDFLAGS)" \
 	ko publish -B \
 			   --push=false \
 			   --platform=$(PLATFORM)\
-			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v3/cron/bq
+			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v4/cron/bq
 cron-webhook-ko:
 	KO_DATA_DATE_EPOCH=$(SOURCE_DATE_EPOCH) KO_DOCKER_REPO=${KO_PREFIX}/$(IMAGE_NAME)-cron-webhook LDFLAGS="$(LDFLAGS)" \
 	ko publish -B \
 			   --push=false \
 			   --platform=$(PLATFORM)\
-			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v3/cron/webhook
+			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v4/cron/webhook
 cron-github-server-ko:
 	KO_DATA_DATE_EPOCH=$(SOURCE_DATE_EPOCH) KO_DOCKER_REPO=${KO_PREFIX}/$(IMAGE_NAME)-github-server LDFLAGS="$(LDFLAGS)" \
 	ko publish -B \
 			   --push=false \
 			   --platform=$(PLATFORM)\
-			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v3/clients/githubrepo/roundtripper/tokens/server
+			   --tags latest,$(GIT_VERSION),$(GIT_HASH) github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper/tokens/server
 
 docker-targets = scorecard-docker cron-controller-docker cron-worker-docker cron-cii-worker-docker cron-bq-transfer-docker cron-webhook-docker cron-github-server-docker
 .PHONY: dockerbuild $(docker-targets)

checker/check_request.go

@@ -17,7 +17,7 @@ package checker
 import (
 	"context"
 
-	"github.com/ossf/scorecard/v3/clients"
+	"github.com/ossf/scorecard/v4/clients"
 )
 
 // CheckRequest struct encapsulates all data to be passed into a CheckFn.

checker/check_runner.go

@@ -23,8 +23,8 @@ import (
 	opencensusstats "go.opencensus.io/stats"
 	"go.opencensus.io/tag"
 
-	sce "github.com/ossf/scorecard/v3/errors"
-	"github.com/ossf/scorecard/v3/stats"
+	sce "github.com/ossf/scorecard/v4/errors"
+	"github.com/ossf/scorecard/v4/stats"
 )
 
 const checkRetries = 3

checks/all_checks.go

@@ -15,7 +15,7 @@
 // Package checks defines all Scorecard checks.
 package checks
 
-import "github.com/ossf/scorecard/v3/checker"
+import "github.com/ossf/scorecard/v4/checker"
 
 // AllChecks is the list of all security checks that will be run.
 var AllChecks = checker.CheckNameToFnMap{}

checks/binary_artifact.go

@@ -15,10 +15,10 @@
 package checks
 
 import (
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/evaluation"
-	"github.com/ossf/scorecard/v3/checks/raw"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/evaluation"
+	"github.com/ossf/scorecard/v4/checks/raw"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckBinaryArtifacts is the exported name for Binary-Artifacts check.

checks/branch_protection.go

@@ -15,10 +15,10 @@
 package checks
 
 import (
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/evaluation"
-	"github.com/ossf/scorecard/v3/checks/raw"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/evaluation"
+	"github.com/ossf/scorecard/v4/checks/raw"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/branch_protection_test.go

@@ -19,11 +19,11 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	mockrepo "github.com/ossf/scorecard/v3/clients/mockclients"
-	sce "github.com/ossf/scorecard/v3/errors"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
+	sce "github.com/ossf/scorecard/v4/errors"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func getBranchName(branch *clients.BranchRef) string {

checks/ci_tests.go

@@ -18,9 +18,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/ci_tests_test.go

@@ -20,10 +20,10 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	mockrepo "github.com/ossf/scorecard/v3/clients/mockclients"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func Test_isTest(t *testing.T) {

checks/cii_best_practices.go

@@ -17,9 +17,9 @@ package checks
 import (
 	"fmt"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/cii_best_practices_test.go

@@ -21,11 +21,11 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	mockrepo "github.com/ossf/scorecard/v3/clients/mockclients"
-	sce "github.com/ossf/scorecard/v3/errors"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
+	sce "github.com/ossf/scorecard/v4/errors"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 var errTest = errors.New("test error")

checks/code_review.go

@@ -18,8 +18,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckCodeReview is the registered name for DoesCodeReview.

checks/contributors.go

@@ -18,8 +18,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/contributors_test.go

@@ -20,10 +20,10 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	mockrepo "github.com/ossf/scorecard/v3/clients/mockclients"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 // TestContributors tests the contributors check.

checks/dangerous_workflow.go

@@ -21,9 +21,9 @@ import (
 
 	"github.com/rhysd/actionlint"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckDangerousWorkflow is the exported name for Dangerous-Workflow check.

checks/dangerous_workflow_test.go

@@ -19,8 +19,8 @@ import (
 	"io/ioutil"
 	"testing"
 
-	"github.com/ossf/scorecard/v3/checker"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func TestGithubDangerousWorkflow(t *testing.T) {

checks/dependency_update_tool.go

@@ -15,10 +15,10 @@
 package checks
 
 import (
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/evaluation"
-	"github.com/ossf/scorecard/v3/checks/raw"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/evaluation"
+	"github.com/ossf/scorecard/v4/checks/raw"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckDependencyUpdateTool is the exported name for Automatic-Depdendency-Update.

checks/evaluation/binary_artifacts.go

@@ -15,8 +15,8 @@
 package evaluation
 
 import (
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // BinaryArtifacts applies the score policy for the Binary-Artifacts check.

checks/evaluation/branch_protection.go

@@ -15,8 +15,8 @@
 package evaluation
 
 import (
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/evaluation/branch_protection_test.go

@@ -17,8 +17,8 @@ package evaluation
 import (
 	"testing"
 
-	"github.com/ossf/scorecard/v3/checker"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func testScore(branch *checker.BranchProtectionData, dl checker.DetailLogger) (int, error) {

checks/evaluation/dependency_update_tool.go

@@ -17,8 +17,8 @@ package evaluation
 import (
 	"fmt"
 
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // DependencyUpdateTool applies the score policy for the Dependency-Update-Tool check.

checks/evaluation/security_policy.go

@@ -15,8 +15,8 @@
 package evaluation
 
 import (
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // SecurityPolicy applies the score policy for the Security-Policy check.

checks/fileparser/github_workflow.go

@@ -22,8 +22,8 @@ import (
 
 	"github.com/rhysd/actionlint"
 
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/fileparser/listing.go

@@ -20,9 +20,9 @@ import (
 	"path"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // isMatchingPath uses 'pattern' to shell-match the 'path' and its filename

checks/fuzzing.go

@@ -17,10 +17,10 @@ package checks
 import (
 	"fmt"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckFuzzing is the registered name for Fuzzing.

checks/license.go

@@ -18,8 +18,8 @@ import (
 	"regexp"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
 )
 
 type check func(str string, extCheck []string) bool

checks/license_test.go

@@ -22,10 +22,10 @@ import (
 	"github.com/golang/mock/gomock"
 	"go.uber.org/zap/zapcore"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
-	"github.com/ossf/scorecard/v3/clients/localdir"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
+	"github.com/ossf/scorecard/v4/clients/localdir"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func TestLicenseFileCheck(t *testing.T) {

checks/maintained.go

@@ -18,8 +18,8 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/maintained_test.go

@@ -21,10 +21,10 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	mockrepo "github.com/ossf/scorecard/v3/clients/mockclients"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 // nolint: gocognit

checks/packaging.go

@@ -21,9 +21,9 @@ import (
 
 	"github.com/rhysd/actionlint"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckPackaging is the registered name for Packaging.

checks/packaging_test.go

@@ -21,7 +21,7 @@ import (
 
 	"github.com/rhysd/actionlint"
 
-	scut "github.com/ossf/scorecard/v3/utests"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func TestIsPackagingWorkflow(t *testing.T) {

checks/permissions.go

@@ -20,9 +20,9 @@ import (
 
 	"github.com/rhysd/actionlint"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckTokenPermissions is the exported name for Token-Permissions check.

checks/permissions_test.go

@@ -19,8 +19,8 @@ import (
 	"os"
 	"testing"
 
-	"github.com/ossf/scorecard/v3/checker"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 type file struct {

checks/pinned_dependencies.go

@@ -22,9 +22,9 @@ import (
 	"github.com/moby/buildkit/frontend/dockerfile/parser"
 	"github.com/rhysd/actionlint"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckPinnedDependencies is the registered name for FrozenDeps.

checks/pinned_dependencies_test.go

@@ -20,8 +20,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/ossf/scorecard/v3/checker"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func TestGithubWorkflowPinning(t *testing.T) {

checks/raw/binary_artifact.go

@@ -22,10 +22,10 @@ import (
 	"github.com/h2non/filetype"
 	"github.com/h2non/filetype/types"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // BinaryArtifacts retrieves the raw data for the Binary-Artifacts check.

checks/raw/branch_protection.go

@@ -19,9 +19,9 @@ import (
 	"fmt"
 	"regexp"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 type branchMap map[string]*clients.BranchRef

checks/raw/dependency_update_tool.go

@@ -18,9 +18,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	"github.com/ossf/scorecard/v3/clients"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	"github.com/ossf/scorecard/v4/clients"
 )
 
 // DependencyUpdateTool is the exported name for Depdendency-Update-Tool.

checks/raw/security_policy.go

@@ -21,10 +21,10 @@ import (
 
 	"go.uber.org/zap"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/fileparser"
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/fileparser"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // SecurityPolicy checks for presence of security policy.

checks/sast.go

@@ -17,9 +17,9 @@ package checks
 import (
 	"fmt"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckSAST is the registered name for SAST.

checks/security_policy.go

@@ -15,10 +15,10 @@
 package checks
 
 import (
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks/evaluation"
-	"github.com/ossf/scorecard/v3/checks/raw"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks/evaluation"
+	"github.com/ossf/scorecard/v4/checks/raw"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // CheckSecurityPolicy is the registred name for SecurityPolicy.

checks/shell_download_validate.go

@@ -27,8 +27,8 @@ import (
 
 	"mvdan.cc/sh/v3/syntax"
 
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 var (

checks/shell_download_validate_test.go

@@ -18,7 +18,7 @@ import (
 	"os"
 	"testing"
 
-	scut "github.com/ossf/scorecard/v3/utests"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func TestIsSupportedShellScriptFile(t *testing.T) {

checks/signed_releases.go

@@ -18,8 +18,8 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/signed_releases_test.go

@@ -20,10 +20,10 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	mockrepo "github.com/ossf/scorecard/v3/clients/mockclients"
-	scut "github.com/ossf/scorecard/v3/utests"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
+	scut "github.com/ossf/scorecard/v4/utests"
 )
 
 func TestSignedRelease(t *testing.T) {

checks/vulnerabilities.go

@@ -18,9 +18,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

checks/vulnerabilities_test.go

@@ -20,9 +20,9 @@ import (
 
 	"github.com/golang/mock/gomock"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/clients"
-	mockrepo "github.com/ossf/scorecard/v3/clients/mockclients"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/clients"
+	mockrepo "github.com/ossf/scorecard/v4/clients/mockclients"
 )
 
 func TestVulnerabilities(t *testing.T) {

clients/githubrepo/branches.go

@@ -22,8 +22,8 @@ import (
 	"github.com/google/go-github/v38/github"
 	"github.com/shurcooL/githubv4"
 
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

clients/githubrepo/checkruns.go

@@ -20,8 +20,8 @@ import (
 
 	"github.com/google/go-github/v38/github"
 
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 type checkrunsHandler struct {

clients/githubrepo/client.go

@@ -26,9 +26,9 @@ import (
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 
-	"github.com/ossf/scorecard/v3/clients"
-	"github.com/ossf/scorecard/v3/clients/githubrepo/roundtripper"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	"github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 var errInputRepoType = errors.New("input repo should be of type repoURL")

clients/githubrepo/contributors.go

@@ -21,7 +21,7 @@ import (
 
 	"github.com/google/go-github/v38/github"
 
-	"github.com/ossf/scorecard/v3/clients"
+	"github.com/ossf/scorecard/v4/clients"
 )
 
 type contributorsHandler struct {

clients/githubrepo/graphql.go

@@ -22,8 +22,8 @@ import (
 
 	"github.com/shurcooL/githubv4"
 
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

clients/githubrepo/releases.go

@@ -21,8 +21,8 @@ import (
 
 	"github.com/google/go-github/v38/github"
 
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 type releasesHandler struct {

clients/githubrepo/repo.go

@@ -19,8 +19,8 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

clients/githubrepo/roundtripper/census.go

@@ -22,8 +22,8 @@ import (
 	opencensusstats "go.opencensus.io/stats"
 	"go.opencensus.io/tag"
 
-	sce "github.com/ossf/scorecard/v3/errors"
-	"github.com/ossf/scorecard/v3/stats"
+	sce "github.com/ossf/scorecard/v4/errors"
+	"github.com/ossf/scorecard/v4/stats"
 )
 
 const fromCacheHeader = "X-From-Cache"

clients/githubrepo/roundtripper/rate_limit.go

@@ -22,7 +22,7 @@ import (
 
 	"go.uber.org/zap"
 
-	sce "github.com/ossf/scorecard/v3/errors"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 // MakeRateLimitedTransport returns a RoundTripper which rate limits GitHub requests.

clients/githubrepo/roundtripper/roundtripper.go

@@ -25,7 +25,7 @@ import (
 	"github.com/bradleyfalzon/ghinstallation/v2"
 	"go.uber.org/zap"
 
-	"github.com/ossf/scorecard/v3/clients/githubrepo/roundtripper/tokens"
+	"github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper/tokens"
 )
 
 const (

clients/githubrepo/roundtripper/tokens/server/main.go

@@ -20,7 +20,7 @@ import (
 	"net/http"
 	"net/rpc"
 
-	"github.com/ossf/scorecard/v3/clients/githubrepo/roundtripper/tokens"
+	"github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper/tokens"
 )
 
 func main() {

clients/githubrepo/roundtripper/transport.go

@@ -22,8 +22,8 @@ import (
 	"go.opencensus.io/stats"
 	"go.opencensus.io/tag"
 
-	"github.com/ossf/scorecard/v3/clients/githubrepo/roundtripper/tokens"
-	githubstats "github.com/ossf/scorecard/v3/clients/githubrepo/stats"
+	"github.com/ossf/scorecard/v4/clients/githubrepo/roundtripper/tokens"
+	githubstats "github.com/ossf/scorecard/v4/clients/githubrepo/stats"
 )
 
 // makeGitHubTransport wraps input RoundTripper with GitHub authorization logic.

clients/githubrepo/search.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/google/go-github/v38/github"
 
-	"github.com/ossf/scorecard/v3/clients"
+	"github.com/ossf/scorecard/v4/clients"
 )
 
 var errEmptyQuery = errors.New("search query is empty")

clients/githubrepo/search_test.go

@@ -18,7 +18,7 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/ossf/scorecard/v3/clients"
+	"github.com/ossf/scorecard/v4/clients"
 )
 
 func TestBuildQuery(t *testing.T) {

clients/githubrepo/statuses.go

@@ -20,8 +20,8 @@ import (
 
 	"github.com/google/go-github/v38/github"
 
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 type statusesHandler struct {

clients/githubrepo/tarball.go

@@ -29,7 +29,7 @@ import (
 
 	"github.com/google/go-github/v38/github"
 
-	sce "github.com/ossf/scorecard/v3/errors"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 const (

clients/githubrepo/workflows.go

@@ -20,8 +20,8 @@ import (
 
 	"github.com/google/go-github/v38/github"
 
-	"github.com/ossf/scorecard/v3/clients"
-	sce "github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/clients"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 type workflowsHandler struct {

clients/localdir/client.go

@@ -29,7 +29,7 @@ import (
 
 	"go.uber.org/zap"
 
-	clients "github.com/ossf/scorecard/v3/clients"
+	clients "github.com/ossf/scorecard/v4/clients"
 )
 
 var errInputRepoType = errors.New("input repo should be of type repoLocal")

clients/localdir/client_test.go

@@ -25,7 +25,7 @@ import (
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"go.uber.org/zap/zapcore"
 
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
 )
 
 func TestClient_CreationAndCaching(t *testing.T) {

clients/localdir/repo.go

@@ -23,7 +23,7 @@ import (
 	"path"
 	"strings"
 
-	clients "github.com/ossf/scorecard/v3/clients"
+	clients "github.com/ossf/scorecard/v4/clients"
 )
 
 var (

clients/mockclients/cii_client.go

@@ -24,7 +24,7 @@ import (
 	reflect "reflect"
 
 	gomock "github.com/golang/mock/gomock"
-	clients "github.com/ossf/scorecard/v3/clients"
+	clients "github.com/ossf/scorecard/v4/clients"
 )
 
 // MockCIIBestPracticesClient is a mock of CIIBestPracticesClient interface.

clients/mockclients/repo.go

@@ -23,7 +23,7 @@ import (
 	reflect "reflect"
 
 	gomock "github.com/golang/mock/gomock"
-	clients "github.com/ossf/scorecard/v3/clients"
+	clients "github.com/ossf/scorecard/v4/clients"
 )
 
 // MockRepo is a mock of Repo interface.

clients/mockclients/repo_client.go

@@ -23,7 +23,7 @@ import (
 	reflect "reflect"
 
 	gomock "github.com/golang/mock/gomock"
-	clients "github.com/ossf/scorecard/v3/clients"
+	clients "github.com/ossf/scorecard/v4/clients"
 )
 
 // MockRepoClient is a mock of RepoClient interface.

clients/mockclients/vulnerabilities.go

@@ -24,7 +24,7 @@ import (
 	reflect "reflect"
 
 	gomock "github.com/golang/mock/gomock"
-	clients "github.com/ossf/scorecard/v3/clients"
+	clients "github.com/ossf/scorecard/v4/clients"
 )
 
 // MockVulnerabilitiesClient is a mock of VulnerabilitiesClient interface.

clients/vulnerabilities.go

@@ -20,7 +20,7 @@ import (
 	"encoding/json"
 	"net/http"
 
-	"github.com/ossf/scorecard/v3/errors"
+	"github.com/ossf/scorecard/v4/errors"
 )
 
 const osvQueryEndpoint = "https://api.osv.dev/v1/query"

cmd/root.go

@@ -30,15 +30,15 @@ import (
 	"github.com/spf13/cobra"
 	"go.uber.org/zap"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks"
-	"github.com/ossf/scorecard/v3/clients"
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
-	"github.com/ossf/scorecard/v3/clients/localdir"
-	docs "github.com/ossf/scorecard/v3/docs/checks"
-	sce "github.com/ossf/scorecard/v3/errors"
-	"github.com/ossf/scorecard/v3/pkg"
-	spol "github.com/ossf/scorecard/v3/policy"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks"
+	"github.com/ossf/scorecard/v4/clients"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
+	"github.com/ossf/scorecard/v4/clients/localdir"
+	docs "github.com/ossf/scorecard/v4/docs/checks"
+	sce "github.com/ossf/scorecard/v4/errors"
+	"github.com/ossf/scorecard/v4/pkg"
+	spol "github.com/ossf/scorecard/v4/policy"
 )
 
 var (

cmd/serve.go

@@ -24,10 +24,10 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/ossf/scorecard/v3/checks"
-	"github.com/ossf/scorecard/v3/clients"
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
-	"github.com/ossf/scorecard/v3/pkg"
+	"github.com/ossf/scorecard/v4/checks"
+	"github.com/ossf/scorecard/v4/clients"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
+	"github.com/ossf/scorecard/v4/pkg"
 )
 
 //nolint:gochecknoinits

cmd/version.go

@@ -19,7 +19,7 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/ossf/scorecard/v3/pkg"
+	"github.com/ossf/scorecard/v4/pkg"
 )
 
 //nolint:gochecknoinits

cron/bq/main.go

@@ -27,8 +27,8 @@ import (
 
 	"google.golang.org/protobuf/encoding/protojson"
 
-	"github.com/ossf/scorecard/v3/cron/config"
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/config"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 type shardSummary struct {

cron/cii/main.go

@@ -23,9 +23,9 @@ import (
 	"net/http"
 	"strings"
 
-	"github.com/ossf/scorecard/v3/clients"
-	"github.com/ossf/scorecard/v3/cron/config"
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/clients"
+	"github.com/ossf/scorecard/v4/cron/config"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 const ciiBaseURL = "https://bestpractices.coreinfrastructure.org/projects.json"

cron/controller/main.go

@@ -24,10 +24,10 @@ import (
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/types/known/timestamppb"
 
-	"github.com/ossf/scorecard/v3/cron/config"
-	"github.com/ossf/scorecard/v3/cron/data"
-	"github.com/ossf/scorecard/v3/cron/pubsub"
-	"github.com/ossf/scorecard/v3/pkg"
+	"github.com/ossf/scorecard/v4/cron/config"
+	"github.com/ossf/scorecard/v4/cron/data"
+	"github.com/ossf/scorecard/v4/cron/pubsub"
+	"github.com/ossf/scorecard/v4/pkg"
 )
 
 func publishToRepoRequestTopic(iter data.Iterator, topicPublisher pubsub.Publisher,

cron/data/add/main.go

@@ -20,7 +20,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 // Script to add new project repositories to the projects.csv file:

cron/data/add/main_test.go

@@ -22,7 +22,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 func lessThanURI(x, y data.RepoFormat) bool {

cron/data/blob.go

@@ -27,7 +27,7 @@ import (
 	// Needed to link in GCP drivers.
 	_ "gocloud.dev/blob/gcsblob"
 
-	"github.com/ossf/scorecard/v3/cron/config"
+	"github.com/ossf/scorecard/v4/cron/config"
 )
 
 const (

cron/data/iterator.go

@@ -22,7 +22,7 @@ import (
 
 	"github.com/jszwec/csvutil"
 
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
 )
 
 // Iterator interface is used to iterate through list of input repos for the cron job.

cron/data/iterator_test.go

@@ -21,7 +21,7 @@ import (
 
 	"github.com/google/go-cmp/cmp"
 
-	sce "github.com/ossf/scorecard/v3/errors"
+	sce "github.com/ossf/scorecard/v4/errors"
 )
 
 type outcome struct {

cron/data/update/dependency.go

@@ -29,8 +29,8 @@ import (
 	"github.com/google/go-github/v38/github"
 	"golang.org/x/tools/go/vcs"
 
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 var (

cron/data/update/main.go

@@ -19,7 +19,7 @@ import (
 	"bytes"
 	"os"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 // Adds "project=${PROJECT},dependency=true" to the repositories metadata.

cron/data/validate/main.go

@@ -19,7 +19,7 @@ import (
 	"log"
 	"os"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 // Validates data.Iterator used by production PubSub cron job.

cron/format/json.go

@@ -24,9 +24,9 @@ import (
 
 	"go.uber.org/zap/zapcore"
 
-	docs "github.com/ossf/scorecard/v3/docs/checks"
-	sce "github.com/ossf/scorecard/v3/errors"
-	"github.com/ossf/scorecard/v3/pkg"
+	docs "github.com/ossf/scorecard/v4/docs/checks"
+	sce "github.com/ossf/scorecard/v4/errors"
+	"github.com/ossf/scorecard/v4/pkg"
 )
 
 //nolint

cron/format/json_test.go

@@ -26,8 +26,8 @@ import (
 	"github.com/xeipuuv/gojsonschema"
 	"go.uber.org/zap/zapcore"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/pkg"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/pkg"
 )
 
 func jsonMockDocRead() *mockDoc {

cron/format/mock_doc.go

@@ -17,7 +17,7 @@ package format
 import (
 	"strings"
 
-	docs "github.com/ossf/scorecard/v3/docs/checks"
+	docs "github.com/ossf/scorecard/v4/docs/checks"
 )
 
 type mockCheck struct {

cron/monitoring/exporter.go

@@ -24,7 +24,7 @@ import (
 	"contrib.go.opencensus.io/exporter/stackdriver/monitoredresource/gcp"
 	"go.opencensus.io/stats/view"
 
-	"github.com/ossf/scorecard/v3/cron/config"
+	"github.com/ossf/scorecard/v4/cron/config"
 )
 
 var errorUndefinedExporter = errors.New("unsupported exporterType")

cron/pubsub/publisher.go

@@ -29,7 +29,7 @@ import (
 	_ "gocloud.dev/pubsub/gcppubsub"
 	"google.golang.org/protobuf/encoding/protojson"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 var errorPublish = errors.New("total errors when publishing")

cron/pubsub/publisher_test.go

@@ -21,7 +21,7 @@ import (
 
 	"gocloud.dev/pubsub"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 type mockSucceedTopic struct{}

cron/pubsub/subscriber.go

@@ -21,7 +21,7 @@ import (
 
 	"google.golang.org/protobuf/encoding/protojson"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 // ErrorInParse indicates there was an error while unmarshalling the protocol buffer message.

cron/pubsub/subscriber_gcs.go

@@ -24,7 +24,7 @@ import (
 	pubsub "cloud.google.com/go/pubsub/apiv1"
 	pubsubpb "google.golang.org/genproto/googleapis/pubsub/v1"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 const (

cron/pubsub/subscriber_gocloud.go

@@ -24,7 +24,7 @@ import (
 	// Needed to link in GCP drivers.
 	_ "gocloud.dev/pubsub/gcppubsub"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 type receiver interface {

cron/pubsub/subscriber_gocloud_test.go

@@ -23,7 +23,7 @@ import (
 	"google.golang.org/protobuf/encoding/protojson"
 	"google.golang.org/protobuf/proto"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 var repo1 = "repo1"

cron/shuffle/main.go

@@ -21,7 +21,7 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 func main() {

cron/webhook/main.go

@@ -26,7 +26,7 @@ import (
 	"github.com/google/go-containerregistry/pkg/v1/google"
 	"google.golang.org/protobuf/encoding/protojson"
 
-	"github.com/ossf/scorecard/v3/cron/data"
+	"github.com/ossf/scorecard/v4/cron/data"
 )
 
 const stableTag = "stable"

cron/worker/main.go

@@ -30,20 +30,20 @@ import (
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 
-	"github.com/ossf/scorecard/v3/checker"
-	"github.com/ossf/scorecard/v3/checks"
-	"github.com/ossf/scorecard/v3/clients"
-	"github.com/ossf/scorecard/v3/clients/githubrepo"
-	githubstats "github.com/ossf/scorecard/v3/clients/githubrepo/stats"
-	"github.com/ossf/scorecard/v3/cron/config"
-	"github.com/ossf/scorecard/v3/cron/data"
-	format "github.com/ossf/scorecard/v3/cron/format"
-	"github.com/ossf/scorecard/v3/cron/monitoring"
-	"github.com/ossf/scorecard/v3/cron/pubsub"
-	docs "github.com/ossf/scorecard/v3/docs/checks"
-	sce "github.com/ossf/scorecard/v3/errors"
-	"github.com/ossf/scorecard/v3/pkg"
-	"github.com/ossf/scorecard/v3/stats"
+	"github.com/ossf/scorecard/v4/checker"
+	"github.com/ossf/scorecard/v4/checks"
+	"github.com/ossf/scorecard/v4/clients"
+	"github.com/ossf/scorecard/v4/clients/githubrepo"
+	githubstats "github.com/ossf/scorecard/v4/clients/githubrepo/stats"
+	"github.com/ossf/scorecard/v4/cron/config"
+	"github.com/ossf/scorecard/v4/cron/data"
+	format "github.com/ossf/scorecard/v4/cron/format"
+	"github.com/ossf/scorecard/v4/cron/monitoring"
+	"github.com/ossf/scorecard/v4/cron/pubsub"
+	docs "github.com/ossf/scorecard/v4/docs/checks"
+	sce "github.com/ossf/scorecard/v4/errors"
+	"github.com/ossf/scorecard/v4/pkg"
+	"github.com/ossf/scorecard/v4/stats"
 )
 
 var ignoreRuntimeErrors = flag.Bool("ignoreRuntimeErrors", false, "if set to true any runtime errors will be ignored")