chore(deps): update github-actions (#823)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-go](https://redirect.github.com/actions/setup-go) |
action | minor | `v5.1.0` -> `v5.3.0` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | minor | `v4.4.3` -> `v4.6.0` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v3.27.6` -> `v3.28.1` |
|
[golangci/golangci-lint-action](https://redirect.github.com/golangci/golangci-lint-action)
| action | minor | `v6.1.1` -> `v6.2.0` |

---

### Release Notes

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.3.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.3.0)

[Compare
Source](https://redirect.github.com/actions/setup-go/compare/v5.2.0...v5.3.0)

##### What's Changed

- Use the new cache service: upgrade `@actions/cache` to `^4.0.0` by
[@&#8203;Link-](https://redirect.github.com/Link-) in
[https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531)
- Configure Dependabot settings by
[@&#8203;HarithaVattikuti](https://redirect.github.com/HarithaVattikuti)
in
[https://github.com/actions/setup-go/pull/530](https://redirect.github.com/actions/setup-go/pull/530)
- Document update - permission section by
[@&#8203;HarithaVattikuti](https://redirect.github.com/HarithaVattikuti)
in
[https://github.com/actions/setup-go/pull/533](https://redirect.github.com/actions/setup-go/pull/533)
- Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/actions/setup-go/pull/534](https://redirect.github.com/actions/setup-go/pull/534)

##### New Contributors

- [@&#8203;Link-](https://redirect.github.com/Link-) made their first
contribution in
[https://github.com/actions/setup-go/pull/531](https://redirect.github.com/actions/setup-go/pull/531)

**Full Changelog**:
actions/setup-go@v5...v5.3.0

###
[`v5.2.0`](https://redirect.github.com/actions/setup-go/releases/tag/v5.2.0)

[Compare
Source](https://redirect.github.com/actions/setup-go/compare/v5.1.0...v5.2.0)

#### What's Changed

- Leveraging the raw API to retrieve the version-manifest, as it does
not impose a rate limit and hence facilitates unrestricted consumption
without the need for a token for Github Enterprise Servers by
[@&#8203;Shegox](https://redirect.github.com/Shegox) in
[https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496)

#### New Contributors

- [@&#8203;Shegox](https://redirect.github.com/Shegox) made their first
contribution in
[https://github.com/actions/setup-go/pull/496](https://redirect.github.com/actions/setup-go/pull/496)

**Full Changelog**:
actions/setup-go@v5...v5.2.0

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.6.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.0)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0)

#### What's Changed

- Expose env vars to control concurrency and timeout by
[@&#8203;yacaovsnc](https://redirect.github.com/yacaovsnc) in
[https://github.com/actions/upload-artifact/pull/662](https://redirect.github.com/actions/upload-artifact/pull/662)

**Full Changelog**:
actions/upload-artifact@v4...v4.6.0

###
[`v4.5.0`](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.28.1`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.1)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.28.0...v3.28.1)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

##### 3.28.1 - 10 Jan 2025

- CodeQL Action v2 is now deprecated, and is no longer updated or
supported. For better performance, improved security, and new features,
upgrade to v3. For more information, see [this changelog
post](https://github.blog/changelog/2025-01-10-code-scanning-codeql-action-v2-is-now-deprecated/).
[#&#8203;2677](https://redirect.github.com/github/codeql-action/pull/2677)
- Update default CodeQL bundle version to 2.20.1.
[#&#8203;2678](https://redirect.github.com/github/codeql-action/pull/2678)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.1/CHANGELOG.md)
for more information.

###
[`v3.28.0`](https://redirect.github.com/github/codeql-action/releases/tag/v3.28.0)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.27.9...v3.28.0)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.28.0 - 20 Dec 2024

- Bump the minimum CodeQL bundle version to 2.15.5.
[#&#8203;2655](https://redirect.github.com/github/codeql-action/pull/2655)
- Don't fail in the unusual case that a file is on the search path.
[#&#8203;2660](https://redirect.github.com/github/codeql-action/pull/2660).

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.28.0/CHANGELOG.md)
for more information.

###
[`v3.27.9`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.9)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.27.8...v3.27.9)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.9 - 12 Dec 2024

No user facing changes.

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.9/CHANGELOG.md)
for more information.

###
[`v3.27.8`](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.27.7...v3.27.8)

###
[`v3.27.7`](https://redirect.github.com/github/codeql-action/releases/tag/v3.27.7)

[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v3.27.6...v3.27.7)

##### CodeQL Action Changelog

See the [releases
page](https://redirect.github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.7 - 10 Dec 2024

- We are rolling out a change in December 2024 that will extract the
CodeQL bundle directly to the toolcache to improve performance.
[#&#8203;2631](https://redirect.github.com/github/codeql-action/pull/2631)
- Update default CodeQL bundle version to 2.20.0.
[#&#8203;2636](https://redirect.github.com/github/codeql-action/pull/2636)

See the full
[CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.27.7/CHANGELOG.md)
for more information.

</details>

<details>
<summary>golangci/golangci-lint-action
(golangci/golangci-lint-action)</summary>

###
[`v6.2.0`](https://redirect.github.com/golangci/golangci-lint-action/releases/tag/v6.2.0)

[Compare
Source](https://redirect.github.com/golangci/golangci-lint-action/compare/v6.1.1...v6.2.0)

<!-- Release notes generated using configuration in .github/release.yml
at v6.2.0 -->

#### What's Changed

##### Changes

- chore: use new build tag syntax by
[@&#8203;alexandear](https://redirect.github.com/alexandear) in
[https://github.com/golangci/golangci-lint-action/pull/1133](https://redirect.github.com/golangci/golangci-lint-action/pull/1133)
- feat: support linux arm64 public preview by
[@&#8203;ldez](https://redirect.github.com/ldez) in
[https://github.com/golangci/golangci-lint-action/pull/1144](https://redirect.github.com/golangci/golangci-lint-action/pull/1144)

##### Documentation

- docs: update local development instructions by
[@&#8203;dmitris](https://redirect.github.com/dmitris) in
[https://github.com/golangci/golangci-lint-action/pull/1125](https://redirect.github.com/golangci/golangci-lint-action/pull/1125)

##### Dependencies

- build(deps-dev): bump the dev-dependencies group with 3 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1112](https://redirect.github.com/golangci/golangci-lint-action/pull/1112)
- build(deps): bump the dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1113](https://redirect.github.com/golangci/golangci-lint-action/pull/1113)
- build(deps-dev): bump the dev-dependencies group with 3 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1114](https://redirect.github.com/golangci/golangci-lint-action/pull/1114)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from 22.7.4
to 22.7.5 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1115](https://redirect.github.com/golangci/golangci-lint-action/pull/1115)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1117](https://redirect.github.com/golangci/golangci-lint-action/pull/1117)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from 22.7.5
to 22.7.7 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1118](https://redirect.github.com/golangci/golangci-lint-action/pull/1118)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1119](https://redirect.github.com/golangci/golangci-lint-action/pull/1119)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from 22.7.7
to 22.8.1 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1120](https://redirect.github.com/golangci/golangci-lint-action/pull/1120)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1122](https://redirect.github.com/golangci/golangci-lint-action/pull/1122)
- build(deps): bump the dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1123](https://redirect.github.com/golangci/golangci-lint-action/pull/1123)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1126](https://redirect.github.com/golangci/golangci-lint-action/pull/1126)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from 22.8.7
to 22.9.0 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1127](https://redirect.github.com/golangci/golangci-lint-action/pull/1127)
- build(deps-dev): bump the dev-dependencies group with 3 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1128](https://redirect.github.com/golangci/golangci-lint-action/pull/1128)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from 22.9.0
to 22.9.3 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1130](https://redirect.github.com/golangci/golangci-lint-action/pull/1130)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from 22.9.3
to 22.10.1 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1131](https://redirect.github.com/golangci/golangci-lint-action/pull/1131)
- build(deps-dev): bump the dev-dependencies group across 1 directory
with 4 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1132](https://redirect.github.com/golangci/golangci-lint-action/pull/1132)
- build(deps-dev): bump the dev-dependencies group with 3 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1134](https://redirect.github.com/golangci/golangci-lint-action/pull/1134)
- build(deps): bump
[@&#8203;actions/cache](https://redirect.github.com/actions/cache) from
3.3.0 to 4.0.0 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1135](https://redirect.github.com/golangci/golangci-lint-action/pull/1135)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1136](https://redirect.github.com/golangci/golangci-lint-action/pull/1136)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from
22.10.1 to 22.10.2 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1137](https://redirect.github.com/golangci/golangci-lint-action/pull/1137)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1138](https://redirect.github.com/golangci/golangci-lint-action/pull/1138)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1139](https://redirect.github.com/golangci/golangci-lint-action/pull/1139)
- build(deps-dev): bump the dev-dependencies group with 2 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1141](https://redirect.github.com/golangci/golangci-lint-action/pull/1141)
- build(deps): bump
[@&#8203;types/node](https://redirect.github.com/types/node) from
22.10.2 to 22.10.5 in the dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1142](https://redirect.github.com/golangci/golangci-lint-action/pull/1142)
- build(deps-dev): bump the dev-dependencies group with 3 updates by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/golangci/golangci-lint-action/pull/1143](https://redirect.github.com/golangci/golangci-lint-action/pull/1143)

#### New Contributors

- [@&#8203;dmitris](https://redirect.github.com/dmitris) made their
first contribution in
[https://github.com/golangci/golangci-lint-action/pull/1125](https://redirect.github.com/golangci/golangci-lint-action/pull/1125)
- [@&#8203;alexandear](https://redirect.github.com/alexandear) made
their first contribution in
[https://github.com/golangci/golangci-lint-action/pull/1133](https://redirect.github.com/golangci/golangci-lint-action/pull/1133)

**Full Changelog**:
golangci/golangci-lint-action@v6.1.1...v6.2.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "* 0-3 1 * *" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44NS4wIiwidXBkYXRlZEluVmVyIjoiMzkuMTA3LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

Author: renovate-bot

.github/workflows/codeql-analysis.yml

@@ -44,15 +44,15 @@ jobs:
 
       # TODO(#740): Workaround for go1.21 compatibility. Remove when GHA runners have Go 1.21+.
       - name: setup-go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: "go.mod"
           # not needed but gets rid of warnings
           cache: false
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -63,7 +63,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
       # Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
 
@@ -76,4 +76,4 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1

.github/workflows/pre-submit.actions.yml

@@ -34,7 +34,7 @@ jobs:
           fi
 
       # If index.js was different from expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         if: ${{ failure() && steps.diff.conclusion == 'failure' }}
         with:
           name: dist

.github/workflows/pre-submit.cli.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: setup-go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: "go.mod"
           # not needed but gets rid of warnings
@@ -30,7 +30,7 @@ jobs:
         run: |
           echo "$EVENT_NAME" > ./event_name.txt
 
-      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: event_name
           path: ./event_name.txt

.github/workflows/pre-submit.e2e.yml

@@ -16,7 +16,7 @@ jobs:
           path: __THIS_REPO__
 
       - name: setup-go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: "__THIS_REPO__/go.mod"
           # not needed but gets rid of warnings

.github/workflows/pre-submit.lint.yml

@@ -11,12 +11,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      - uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
         with:
           go-version-file: "go.mod"
           # not needed but gets rid of warnings
           cache: false
-      - uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1
+      - uses: golangci/golangci-lint-action@ec5d18412c0aeab7936cb16880d708ba2a64e1ae # v6.2.0
         name: golangci-lint
         with:
           # Require: The version of golangci-lint to use.

.github/workflows/scorecards.yml

@@ -49,14 +49,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/upload-sarif@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3.28.1
         with:
           sarif_file: results.sarif

.github/workflows/update-actions-dist-post-commit.yml

@@ -57,7 +57,7 @@ jobs:
                   [ -z "$(cat changes.patch)" ] && RESULT=false || RESULT=true
                   echo "patch_not_empty=$RESULT" >> "$GITHUB_OUTPUT"
             - name: upload
-              uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+              uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
               with:
                   name: changes.patch
                   path: changes.patch