Upgrade NullAway 0.12.1 -> 0.12.2 #4024

	# Analyzes the code base and GitHub project configuration for adherence to
	# security best practices for open source software. Identified issues are
	# registered with GitHub's code scanning dashboard. When a pull request is
	# analyzed, any offending lines are annotated. See
	# https://securityscorecards.dev for details.
	name: OpenSSF Scorecard update
	on:
	pull_request:
	push:
	branches: [ master ]
	schedule:
	- cron: '0 4 * * 1'
	permissions:
	contents: read
	jobs:
	analyze:
	permissions:
	contents: read
	security-events: write
	id-token: write
	runs-on: ubuntu-24.04
	steps:
	- name: Install Harden-Runner
	uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
	with:
	disable-sudo: true
	egress-policy: block
	allowed-endpoints: >
	api.deps.dev:443
	api.github.com:443
	api.osv.dev:443
	api.scorecard.dev:443
	api.securityscorecards.dev:443
	github.com:443
	index.docker.io:443
	oss-fuzz-build-logs.storage.googleapis.com:443
	repo.maven.apache.org:443
	*.sigstore.dev:443
	www.bestpractices.dev:443
	- name: Check out code
	uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
	with:
	persist-credentials: false
	- name: Run OpenSSF Scorecard analysis
	uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
	with:
	results_file: results.sarif
	results_format: sarif
	publish_results: ${{ github.ref == 'refs/heads/master' }}
	- name: Update GitHub's code scanning dashboard
	uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
	with:
	sarif_file: results.sarif

Provide feedback