chore(deps): update maru support dependencies (#119)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.6` -> `v4.1.7` |
|
[actions/create-github-app-token](https://togithub.com/actions/create-github-app-token)
| action | patch | `v1.10.1` -> `v1.10.3` |
|
[actions/download-artifact](https://togithub.com/actions/download-artifact)
| action | patch | `v4.1.7` -> `v4.1.8` |
| [actions/setup-go](https://togithub.com/actions/setup-go) | action |
patch | `v5.0.1` -> `v5.0.2` |
| [actions/setup-node](https://togithub.com/actions/setup-node) | action
| patch | `v4.0.2` -> `v4.0.3` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v4.3.3` -> `v4.3.4` |
| [anchore/sbom-action](https://togithub.com/anchore/sbom-action) |
action | patch | `v0.16.0` -> `v0.16.1` |
| [defenseunicorns/zarf](https://togithub.com/defenseunicorns/zarf) | |
minor | `v0.34.0` -> `v0.35.0` |
|
[docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action)
| action | minor | `v3.3.0` -> `v3.4.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.8` -> `v3.25.11` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.7`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.6...v4.1.7)

- Bump the minor-npm-dependencies group across 1 directory with 4
updates by [@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1739
- Bump actions/checkout from 3 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1697
- Check out other refs/\* by commit by
[@&#8203;orhantoy](https://togithub.com/orhantoy) in
[actions/checkout#1774
- Pin actions/checkout's own workflows to a known, good, stable version.
by [@&#8203;jww3](https://togithub.com/jww3) in
[actions/checkout#1776

</details>

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.10.3`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.3)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.10.2...v1.10.3)

##### Bug Fixes

- **deps:** bump undici from 6.18.2 to 6.19.2 in the
production-dependencies group
([#&#8203;149](https://togithub.com/actions/create-github-app-token/issues/149))
([cc82279](https://togithub.com/actions/create-github-app-token/commit/cc82279e84540c5543078cedc5af4fcfab0a96bb)),
closes
[#&#8203;3337](https://togithub.com/actions/create-github-app-token/issues/3337)
[nodejs/undici#3338](https://togithub.com/nodejs/undici/issues/3338)
[nodejs/undici#3340](https://togithub.com/nodejs/undici/issues/3340)
[nodejs/undici#3332](https://togithub.com/nodejs/undici/issues/3332)
[nodejs/undici#3335](https://togithub.com/nodejs/undici/issues/3335)
[nodejs/undici#3305](https://togithub.com/nodejs/undici/issues/3305)
[nodejs/undici#3303](https://togithub.com/nodejs/undici/issues/3303)
[nodejs/undici#3304](https://togithub.com/nodejs/undici/issues/3304)
[nodejs/undici#3306](https://togithub.com/nodejs/undici/issues/3306)
[nodejs/undici#3309](https://togithub.com/nodejs/undici/issues/3309)
[nodejs/undici#3313](https://togithub.com/nodejs/undici/issues/3313)
[nodejs/undici#3311](https://togithub.com/nodejs/undici/issues/3311)
[nodejs/undici#3107](https://togithub.com/nodejs/undici/issues/3107)
[nodejs/undici#3302](https://togithub.com/nodejs/undici/issues/3302)
[nodejs/undici#3320](https://togithub.com/nodejs/undici/issues/3320)
[nodejs/undici#3321](https://togithub.com/nodejs/undici/issues/3321)
[nodejs/undici#3316](https://togithub.com/nodejs/undici/issues/3316)
[nodejs/undici#3318](https://togithub.com/nodejs/undici/issues/3318)
[nodejs/undici#3326](https://togithub.com/nodejs/undici/issues/3326)
[nodejs/undici#3324](https://togithub.com/nodejs/undici/issues/3324)
[nodejs/undici#3325](https://togithub.com/nodejs/undici/issues/3325)
[nodejs/undici#3316](https://togithub.com/nodejs/undici/issues/3316)
[nodejs/undici#3318](https://togithub.com/nodejs/undici/issues/3318)
[#&#8203;3342](https://togithub.com/actions/create-github-app-token/issues/3342)
[#&#8203;3332](https://togithub.com/actions/create-github-app-token/issues/3332)
[#&#8203;3340](https://togithub.com/actions/create-github-app-token/issues/3340)
[#&#8203;3337](https://togithub.com/actions/create-github-app-token/issues/3337)
[#&#8203;3338](https://togithub.com/actions/create-github-app-token/issues/3338)
[#&#8203;3336](https://togithub.com/actions/create-github-app-token/issues/3336)
[#&#8203;3335](https://togithub.com/actions/create-github-app-token/issues/3335)
[#&#8203;3325](https://togithub.com/actions/create-github-app-token/issues/3325)
[#&#8203;3324](https://togithub.com/actions/create-github-app-token/issues/3324)
[#&#8203;3326](https://togithub.com/actions/create-github-app-token/issues/3326)

###
[`v1.10.2`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.2)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.10.1...v1.10.2)

##### Bug Fixes

- do not revoke token if already expired
([#&#8203;147](https://togithub.com/actions/create-github-app-token/issues/147))
([66a7045](https://togithub.com/actions/create-github-app-token/commit/66a70456860bafc79e37635eea77b8b2a929f6c8)),
closes
[#&#8203;140](https://togithub.com/actions/create-github-app-token/issues/140)
[#&#8203;95](https://togithub.com/actions/create-github-app-token/issues/95)

</details>

<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>

###
[`v4.1.8`](https://togithub.com/actions/download-artifact/releases/tag/v4.1.8)

[Compare
Source](https://togithub.com/actions/download-artifact/compare/v4.1.7...v4.1.8)

##### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@&#8203;robherley](https://togithub.com/robherley) in
[actions/download-artifact#341

**Full Changelog**:
actions/download-artifact@v4...v4.1.8

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.0.2`](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)

[Compare
Source](https://togithub.com/actions/setup-go/compare/v5.0.1...v5.0.2)

</details>

<details>
<summary>actions/setup-node (actions/setup-node)</summary>

###
[`v4.0.3`](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)

[Compare
Source](https://togithub.com/actions/setup-node/compare/v4.0.2...v4.0.3)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.3.4`](https://togithub.com/actions/upload-artifact/releases/tag/v4.3.4)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v4.3.3...v4.3.4)

##### What's Changed

- Update
[@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version, bump dependencies by
[@&#8203;robherley](https://togithub.com/robherley) in
[actions/upload-artifact#584

**Full Changelog**:
actions/upload-artifact@v4.3.3...v4.3.4

</details>

<details>
<summary>anchore/sbom-action (anchore/sbom-action)</summary>

###
[`v0.16.1`](https://togithub.com/anchore/sbom-action/releases/tag/v0.16.1)

[Compare
Source](https://togithub.com/anchore/sbom-action/compare/v0.16.0...v0.16.1)

#### Changes in v0.16.1

- fix: workaround windows install issue
([#&#8203;477](https://togithub.com/anchore/sbom-action/issues/477))
\[[willmurphyscode](https://togithub.com/willmurphyscode)]
- fix: allow users to properly use the file input over the default path
value
([#&#8203;471](https://togithub.com/anchore/sbom-action/issues/471))
\[[komish](https://togithub.com/komish)]
- chore(deps): update Syft to v1.5.0
([#&#8203;470](https://togithub.com/anchore/sbom-action/issues/470))
\[[anchore-actions-token-generator](https://togithub.com/anchore-actions-token-generator)]
- docs: notes for matrix and required permissions
([#&#8203;469](https://togithub.com/anchore/sbom-action/issues/469))
\[[kzantow](https://togithub.com/kzantow)]
- chore(deps): bump actions/checkout from 4.1.5 to 4.1.6
([#&#8203;466](https://togithub.com/anchore/sbom-action/issues/466))
\[[dependabot](https://togithub.com/dependabot)]

</details>

<details>
<summary>defenseunicorns/zarf (defenseunicorns/zarf)</summary>

###
[`v0.35.0`](https://togithub.com/defenseunicorns/zarf/releases/tag/v0.35.0)

[Compare
Source](https://togithub.com/defenseunicorns/zarf/compare/v0.34.0...v0.35.0)

##### What's Changed

- refactor: remove use of k8s info and nodes by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2551
- test: shutdown http test servers by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2559
- feat: adding labels to all resources mutated by the agent by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2557
- test: zarf init state by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2556
- refactor: remove use of k8s deprecations by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2560
- test: remove validate pkg arch e2e test by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2563
- test: remove TestMismatchedVersions e2e test by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2564
- test: delete agent e2e label test by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2568
- fix: add custom error printing for Zarf commands by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2575
- refactor: remove use of k8s dynamic by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2561
- refactor: remove use of k8s namespace by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2550
- fix: cancel Cobra parent context on interrupt by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2567
- refactor: use root ctx in agent by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2578
- chore: deprecate DeprecatedKeys by
[@&#8203;schristoff-du](https://togithub.com/schristoff-du) in
[defenseunicorns/zarf#2581
- test: validate package by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2569
- chore: fix typos by
[@&#8203;beholdenkey](https://togithub.com/beholdenkey) in
[defenseunicorns/zarf#2590
- fix: docker containerd blob error by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2593
- fix(deps): update module github.com/defenseunicorns/pkg/oci to v1 by
[@&#8203;renovate](https://togithub.com/renovate) in
[defenseunicorns/zarf#2511
- fix: change so that second SIGINT signal immediately exits program by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2598
- refactor: add context in packager by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2597
- chore: update go version to 1.22.4 by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2595
- fix: handle errors in version command by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2589
- fix: cosign image pulls by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2599
- refactor: move k8s tunnel to cluster package by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2566
- test: cleanup e2e tests by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2601
- refactor: enable errcheck linter by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2501
- fix: crane option argument parameters by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2609
- feat: remove .metadata.image from schema by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2606
- refactor: remove use of k8s pods by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2553
- fix: pass image reference to syft sbom source object by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2612
- fix: only build a single binary in the init-package make target by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2614
- fix: avoid injector pod name collisions by
[@&#8203;lucasrod16](https://togithub.com/lucasrod16) in
[defenseunicorns/zarf#2620
- fix: no longer remove the agent ignore label from namespaces by
[@&#8203;Racer159](https://togithub.com/Racer159) in
[defenseunicorns/zarf#2623
- refactor: remove use of k8s secret by
[@&#8203;phillebaba](https://togithub.com/phillebaba) in
[defenseunicorns/zarf#2565
- fix: using a new s3 backend for test data by
[@&#8203;AustinAbro321](https://togithub.com/AustinAbro321) in
[defenseunicorns/zarf#2630
- chore(deps): update goreleaser/goreleaser-action action to v6 by
[@&#8203;renovate](https://togithub.com/renovate) in
[defenseunicorns/zarf#2596

**Full Changelog**:
defenseunicorns/zarf@v0.34.0...v0.35.0

</details>

<details>
<summary>docker/setup-buildx-action
(docker/setup-buildx-action)</summary>

###
[`v3.4.0`](https://togithub.com/docker/setup-buildx-action/releases/tag/v3.4.0)

[Compare
Source](https://togithub.com/docker/setup-buildx-action/compare/v3.3.0...v3.4.0)

- Throw error message instead of exit code by
[@&#8203;crazy-max](https://togithub.com/crazy-max) in
[docker/setup-buildx-action#315
- Bump
[@&#8203;docker/actions-toolkit](https://togithub.com/docker/actions-toolkit)
from 0.20.0 to 0.31.0 in
[docker/setup-buildx-action#321
[docker/setup-buildx-action#338
- Bump braces from 3.0.2 to 3.0.3 in
[docker/setup-buildx-action#329
- Bump undici from 5.28.3 to 5.28.4 in
[docker/setup-buildx-action#312
- Bump uuid from 9.0.1 to 10.0.0 in
[docker/setup-buildx-action#326

**Full Changelog**:
docker/setup-buildx-action@v3.3.0...v3.4.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.11`](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.10...v3.25.11)

###
[`v3.25.10`](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.9...v3.25.10)

###
[`v3.25.9`](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.8...v3.25.9)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 12pm every weekday,before 11am
every weekday" in timezone America/New_York, Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/defenseunicorns/maru-runner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zOTMuMCIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJzdXBwb3J0LWRlcHMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Wayne Starr <Racer159@users.noreply.github.com>

.github/actions/golang/action.yaml

@@ -4,6 +4,6 @@ description: "Setup Go binary and caching"
 runs:
   using: composite
   steps:
-    - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
+    - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
       with:
         go-version: 1.21.x

.github/actions/install-tools/action.yaml

@@ -6,9 +6,9 @@ runs:
   steps:
     - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
 
-    - uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
+    - uses: anchore/sbom-action/download-syft@95b086ac308035dc0850b3853be5b7ab108236a8 # v0.16.1
 
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
       shell: bash
 
-    - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+    - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0

.github/actions/save-logs/action.yaml

@@ -4,7 +4,7 @@ description: "Save debug logs"
 runs:
   using: composite
   steps:
-    - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+    - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
       with:
         name: debug-log
         path: /tmp/maru-*.log

.github/actions/zarf/action.yaml

@@ -7,4 +7,4 @@ runs:
     - uses: defenseunicorns/setup-zarf@main
       with:
         # renovate: datasource=github-tags depName=defenseunicorns/zarf
-        version: v0.34.0
+        version: v0.35.0

.github/workflows/commitlint.yaml

@@ -16,12 +16,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
       - name: Setup Node.js
-        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
 
       - name: Install commitlint
         run: npm install --save-dev @commitlint/{config-conventional,cli}

.github/workflows/dependency-review.yaml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Dependency Review
         uses: actions/dependency-review-action@72eb03d02c7872a771aacd928f3123ac62ad6d3a # v4.3.3

.github/workflows/release.yaml

@@ -11,7 +11,7 @@ jobs:
     steps:
       # Checkout the repo and setup the tooling for this job
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
@@ -24,7 +24,7 @@ jobs:
 
       # Upload the contents of the build directory for later stages to use
       - name: Upload build artifacts
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: build-artifacts
           path: build/
@@ -38,12 +38,12 @@ jobs:
     steps:
       # Checkout the repo and setup the tooling for this job
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
       - name: Download build artifacts
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: build-artifacts
           path: build/
@@ -78,7 +78,7 @@ jobs:
       contents: write
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           fetch-depth: 0
 
@@ -89,7 +89,7 @@ jobs:
         uses: ./.github/actions/install-tools
 
       - name: Download build artifacts
-        uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           name: build-artifacts
           path: build/
@@ -104,7 +104,7 @@ jobs:
 
       - name: Get Brew tap repo token
         id: brew-tap-token
-        uses: actions/create-github-app-token@c8f55efbd427e7465d6da1106e7979bc8aaee856 # v1.10.1
+        uses: actions/create-github-app-token@31c86eb3b33c9b601a1f60f98dcbfd1d70f379b4 # v1.10.3
         with:
           app-id: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_ID }}
           private-key: ${{ secrets.HOMEBREW_TAP_WORKFLOW_GITHUB_APP_SECRET }}

.github/workflows/scan-codeql.yaml

@@ -36,7 +36,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup golang
         uses: ./.github/actions/golang
@@ -45,7 +45,7 @@ jobs:
         run: make build-cli-linux-amd
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
+        uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -54,6 +54,6 @@ jobs:
 
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
+        uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/scan-lint.yaml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup golang
         uses: ./.github/actions/golang

.github/workflows/scorecard.yaml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
 
@@ -37,14 +37,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           sarif_file: results.sarif

.github/workflows/test-e2e-pr.yaml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup golang
         uses: ./.github/actions/golang

.github/workflows/test-schema.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup golang
         uses: ./.github/actions/golang

.github/workflows/test-unit-pr.yaml

@@ -22,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Setup golang
         uses: ./.github/actions/golang