with:
          results_file: results.sarif
          results_format: sarif
          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
          # - you want to enable the Branch-Protection check on a *public* repository, or
          # - you are installing Scorecard on a *private* repository

private fun Logger.log(
  task: Task,
  queue: TaskQueue,
  message: String,
) {
  fine("${queue.name} ${String.format("%-22s", message)}: ${task.name}")
}

/**
 * Returns a duration in the nearest whole-number units like "999 µs" or "  1 s ". This rounds 0.5
 * units away from 0 and 0.499 towards 0. The smallest unit this returns is "µs"; the largest unit
 * it returns is "s". For values in [-499..499] this returns "  0 µs".
 *

- **Security:**
Java serialization poses security risks, especially related to deserialization vulnerabilities.

- **Version Compatibility:**
With Java serialization, even minor changes to a class (like adding a field) can break compatibility.

- **Cross-Language Compatibility:**
Java serialization is inherently Java-centric and does not support cross-language scenarios well.

- **Type Safety:**

    ```kotlin
    implementation("com.squareup.okhttp3:okhttp-java-net-cookiehandler:5.0.0-alpha.12")
    ```

 *  New: `Cookie.sameSite` determines whether cookies should be sent on cross-site requests. This
    is used by servers to defend against Cross-Site Request Forgery (CSRF) attacks.

 *  New: Log the total time of the HTTP call in `HttpLoggingInterceptor`.

 *  New: `OkHttpClient.Builder` now has APIs that use `kotlin.time.Duration`.

        this.b = b;
        this.off = off;
        this.count = len;
        this.digest = null; /*
                             * otherwise recycled commands
                             * like writeandx will choke if session
                             * closes in between
                             */
    }


    @Override
    protected int writeParameterWordsWireFormat ( byte[] dst, int dstIndex ) {

```

where `3.12` is the `Python` version you wish to update.

Note, since it is still `pip` and `pip-compile` tools used under the hood, so
most of the command line arguments and features supported by those tools will be
acknowledged by the Bazel requirements updater command as well. For example, if
you wish the updater to consider pre-release versions simply pass `--pre`

   * ParametricNullness parametric nullness}. If a type parameter instead ranges over only non-null
   * types (or if the type is a non-variable type, like {@code String}), then code should almost
   * never use this method, preferring instead to call {@code requireNonNull} so as to benefit from
   * its runtime check.
   *

        .suppressing(parentBuilder.getSuppressedTests())
        .withSetUp(parentBuilder.getSetUp())
        .withTearDown(parentBuilder.getTearDown())
        .createTestSuite();
  }

  /** Like using() but overrideable by NavigableMapTestSuiteBuilder. */
  SortedMapTestSuiteBuilder<K, V> newBuilderUsing(
      TestSortedMapGenerator<K, V> delegate, Bound to, Bound from) {

   * ParametricNullness parametric nullness}. If a type parameter instead ranges over only non-null
   * types (or if the type is a non-variable type, like {@code String}), then code should almost
   * never use this method, preferring instead to call {@code requireNonNull} so as to benefit from
   * its runtime check.
   *

The files should be in the subdirectory for the package with the new
API, and should be named after the issue number of the API proposal.
For example, if the directory `6-stdlib/99-minor` is present,
then an `api/next` file with the line

    pkg net/http, function F #12345

should have a corresponding file named `doc/next/6-stdlib/99-minor/net/http/12345.md`.
At a minimum, that file should contain either a full sentence or a TODO,