ci: bump the patch-minor-dependencies group across 1 directory with 1…

…6 updates

Bumps the patch-minor-dependencies group with 16 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4.1.1` | `4.1.5` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.23.1` | `3.25.4` |
| [actions/setup-java](https://github.com/actions/setup-java) | `4.0.0` | `4.2.1` |
| [taiki-e/install-action](https://github.com/taiki-e/install-action) | `2.26.7` | `2.33.22` |
| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.0.0` | `4.3.2` |
| [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials) | `4.0.1` | `4.0.2` |
| [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) | `3.0.3` | `3.0.5` |
| [gitleaks/gitleaks-action](https://github.com/gitleaks/gitleaks-action) | `2.3.2` | `2.3.4` |
| [anchore/scan-action](https://github.com/anchore/scan-action) | `3.6.1` | `3.6.4` |
| [ncipollo/release-action](https://github.com/ncipollo/release-action) | `1.13.0` | `1.14.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.2.0` | `4.3.3` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.16.1` | `0.20.0` |
| [hashicorp/setup-terraform](https://github.com/hashicorp/setup-terraform) | `3.0.0` | `3.1.1` |
| [actions/cache](https://github.com/actions/cache) | `4.0.0` | `4.0.2` |
| [actions/setup-node](https://github.com/actions/setup-node) | `4.0.1` | `4.0.2` |
| [trunk-io/trunk-action](https://github.com/trunk-io/trunk-action) | `1.1.9` | `1.1.14` |



Updates `actions/checkout` from 4.1.1 to 4.1.5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@b4ffde6...44c2b7a)

Updates `github/codeql-action` from 3.23.1 to 3.25.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@0b21cf2...ccf74c9)

Updates `actions/setup-java` from 4.0.0 to 4.2.1
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@387ac29...99b8673)

Updates `taiki-e/install-action` from 2.26.7 to 2.33.22
- [Release notes](https://github.com/taiki-e/install-action/releases)
- [Changelog](https://github.com/taiki-e/install-action/blob/main/CHANGELOG.md)
- [Commits](taiki-e/install-action@bee85d7...c2927f0)

Updates `actions/dependency-review-action` from 4.0.0 to 4.3.2
- [Release notes](https://github.com/actions/dependency-review-action/releases)
- [Commits](actions/dependency-review-action@4901385...0c155c5)

Updates `aws-actions/configure-aws-credentials` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases)
- [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md)
- [Commits](aws-actions/configure-aws-credentials@010d0da...e3dd6a4)

Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 3.0.3 to 3.0.5
- [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases)
- [Commits](zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328...40e45e7)

Updates `gitleaks/gitleaks-action` from 2.3.2 to 2.3.4
- [Release notes](https://github.com/gitleaks/gitleaks-action/releases)
- [Commits](gitleaks/gitleaks-action@1f2d10f...e6dab24)

Updates `anchore/scan-action` from 3.6.1 to 3.6.4
- [Release notes](https://github.com/anchore/scan-action/releases)
- [Changelog](https://github.com/anchore/scan-action/blob/main/CHANGELOG.md)
- [Commits](anchore/scan-action@c35e932...3343887)

Updates `ncipollo/release-action` from 1.13.0 to 1.14.0
- [Release notes](https://github.com/ncipollo/release-action/releases)
- [Commits](ncipollo/release-action@6c75be8...2c591bc)

Updates `actions/upload-artifact` from 4.2.0 to 4.3.3
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@694cdab...6546280)

Updates `aquasecurity/trivy-action` from 0.16.1 to 0.20.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@d43c1f1...b2933f5)

Updates `hashicorp/setup-terraform` from 3.0.0 to 3.1.1
- [Release notes](https://github.com/hashicorp/setup-terraform/releases)
- [Changelog](https://github.com/hashicorp/setup-terraform/blob/main/CHANGELOG.md)
- [Commits](hashicorp/setup-terraform@a1502cd...651471c)

Updates `actions/cache` from 4.0.0 to 4.0.2
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@13aacd8...0c45773)

Updates `actions/setup-node` from 4.0.1 to 4.0.2
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@b39b52d...60edb5d)

Updates `trunk-io/trunk-action` from 1.1.9 to 1.1.14
- [Release notes](https://github.com/trunk-io/trunk-action/releases)
- [Commits](trunk-io/trunk-action@97ecd21...bd68632)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: taiki-e/install-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: actions/dependency-review-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: aws-actions/configure-aws-credentials
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
- dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
- dependency-name: gitleaks/gitleaks-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
- dependency-name: anchore/scan-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
- dependency-name: ncipollo/release-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: hashicorp/setup-terraform
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: patch-minor-dependencies
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
- dependency-name: trunk-io/trunk-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-minor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/bitbucket-mirror.yaml

@@ -31,7 +31,7 @@ jobs:
     steps:
       - uses: aps831/gh-actions/monitor@master # nosemgrep: yaml.github-actions.security.third-party-action-not-pinned-to-commit-sha.third-party-action-not-pinned-to-commit-sha
 
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
         with:
           fetch-depth: 0
 

.github/workflows/codeql-analysis-go.yaml

@@ -22,18 +22,18 @@ jobs:
         language: ["go"]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           languages: ${{ matrix.language }}
           queries: security-extended
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/codeql-analysis-java.yaml

@@ -22,18 +22,18 @@ jobs:
         language: ["java"]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           languages: ${{ matrix.language }}
           queries: security-extended
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/codeql-analysis-javascript.yaml

@@ -22,18 +22,18 @@ jobs:
         language: ["javascript"]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           languages: ${{ matrix.language }}
           queries: security-extended
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/codeql-analysis-python.yaml

@@ -22,18 +22,18 @@ jobs:
         language: ["python"]
     steps:
       - name: Checkout repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/init@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           languages: ${{ matrix.language }}
           queries: security-extended
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/autobuild@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v2
+        uses: github/codeql-action/analyze@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v2
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/dependency-check-audit.yaml

@@ -35,10 +35,10 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Set up JDK ${{ inputs.java-version }}
-        uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # pin@v3
+        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v3
         with:
           java-version: ${{ inputs.java-version }}
           distribution: "adopt"
@@ -78,7 +78,7 @@ jobs:
           args: >
             --failOnCVSS ${{ env.THRESHOLD }} --enableRetired
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         if: ${{ always() }}
         with:
           tool: sarif-fmt

.github/workflows/dependency-review.yaml

@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
 
       - name: Dependency Review
-        uses: actions/dependency-review-action@4901385134134e04cec5fbe5ddfe3b2c5bd5d976 # pin@v3
+        uses: actions/dependency-review-action@0c155c5e8556a497adf53f2c18edabf945ed8e70 # pin@v3

.github/workflows/driftctl-aws.yaml

@@ -25,10 +25,10 @@ jobs:
       id-token: write
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
 
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # pin@v2
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # pin@v2
         with:
           role-to-assume: ${{ secrets.aws-role-arn }}
           role-session-name: driftctl-session

.github/workflows/driftctl-gcp.yaml

@@ -25,7 +25,7 @@ jobs:
       id-token: write
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
 
       - id: "auth"
         name: "Authenticate to Google Cloud"

.github/workflows/ensure-sha-pinned-actions.yaml

@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Ensure SHA pinned actions
         # yamllint disable-line rule:comments
-        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@ba37328d4ea95eaf8b3bd6c6cef308f709a5f2ec # pin@v3.0.3
+        uses: zgosalvez/github-actions-ensure-sha-pinned-actions@40e45e738b3cad2729f599d8afc6ed02184e1dbd # pin@v3.0.5
         with:
           allowlist: |
             aps831/workflows/.github/workflows

.github/workflows/gitleaks.yaml

@@ -15,11 +15,11 @@ jobs:
     if: (github.triggering_actor != 'dependabot[bot]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v3
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v3
         with:
           fetch-depth: "0"
 
       - name: gitleaks
-        uses: gitleaks/gitleaks-action@1f2d10fb689bc07a5f56f48d6db61f5bbbe772fa # pin@v2
+        uses: gitleaks/gitleaks-action@e6dab246340401bf53eec993b8f05aebe80ac636 # pin@v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/grype-fs-scan.yaml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Disable pom.xml scanning
         run: |
@@ -27,12 +27,12 @@ jobs:
 
       - name: Scan current project
         id: scan
-        uses: anchore/scan-action@c35e932c2a7c572bfdb1c3dbcdadb2d4fc62418d # pin@v3
+        uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # pin@v3
         with:
           path: "."
           output-format: sarif
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         if: ${{ always() }}
         with:
           tool: sarif-fmt

.github/workflows/mdbook.yaml

@@ -83,39 +83,39 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
         with:
           ref: ${{ inputs.build-branch }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook@${{ inputs.mdbook-version }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook-graphviz@${{ inputs.mdbook-graphviz-version }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook-katex@${{ inputs.mdbook-katex-version }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook-linkcheck@${{ inputs.mdbook-linkcheck-version }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook-mermaid@${{ inputs.mdbook-mermaid-version }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook-open-on-gh@${{ inputs.mdbook-open-on-gh-version }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook-plantuml@${{ inputs.mdbook-plantuml-version }}
 
-      - uses: taiki-e/install-action@bee85d7ea77c01f7a403c22ac2c802b431b093df # pin@v2
+      - uses: taiki-e/install-action@c2927f0c5b5adc6a76bc4a7847bc6e0503754bed # pin@v2
         with:
           tool: mdbook-toc@${{ inputs.mdbook-toc-version }}
 
@@ -133,7 +133,7 @@ jobs:
         run: |
           echo "hash=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
 
-      - uses: ncipollo/release-action@6c75be85e571768fa31b40abf38de58ba0397db5 # pin@v1.13.0
+      - uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # pin@v1.14.0
         with:
           artifacts: |
             ${{ inputs.working-directory }}/${{ inputs.book-directory }}.zip

.github/workflows/npm-audit.yaml

@@ -20,7 +20,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Run audit
         working-directory: ${{ inputs.working-directory }}

.github/workflows/reminder.yaml

@@ -28,7 +28,7 @@ jobs:
       contents: read
       issues: write
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Create Github issue
         run: gh issue create --title ${{ inputs.title }} --body ${{ inputs.body }}

.github/workflows/scorecards.yaml

@@ -17,7 +17,7 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
         with:
           persist-credentials: false
 
@@ -29,13 +29,13 @@ jobs:
           publish_results: true
 
       - name: "Upload artifact"
-        uses: actions/upload-artifact@694cdabd8bdb0f10b2cea11669e1bf5453eed0a6 # pin@v4.2.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # pin@v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@0b21cf2492b6b02c465a3e5d7c473717ad7721ba # pin@v3.23.1
+        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # pin@v3.25.4
         with:
           sarif_file: results.sarif

.github/workflows/semgrep.yaml

@@ -17,7 +17,7 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Run semgrep
         run: semgrep ci --text > semgrep.txt

.github/workflows/trivy-config-audit.yaml

@@ -15,10 +15,10 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Run Trivy config scan
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # pin@v0.16.1
+        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # pin@v0.20.0
         with:
           scan-type: "config"
           hide-progress: false

.github/workflows/trivy-fs-audit.yaml

@@ -15,10 +15,10 @@ jobs:
     permissions:
       contents: read
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Run Trivy fs scan
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # pin@v0.16.1
+        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # pin@v0.20.0
         with:
           scan-type: "fs"
           hide-progress: false

.github/workflows/trunk.yaml

@@ -42,19 +42,19 @@ jobs:
     if: (github.triggering_actor != 'dependabot[bot]')
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # pin@v4.1.5
 
       - name: Set up Java
         if: ${{ inputs.java-version != '' }}
-        uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # pin@v3
+        uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # pin@v3
         with:
           java-version: ${{ inputs.java-version }}
           distribution: "adopt"
           cache: "maven"
 
       - name: Install Terraform
         if: ${{ inputs.terraform-version != '' }}
-        uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # pin@v3.0.0
+        uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # pin@v3.1.1
         with:
           terraform_version: ${{ inputs.terraform-version }}
           terraform_wrapper: false
@@ -65,14 +65,14 @@ jobs:
 
       - name: Cache Terraform
         if: ${{ inputs.terraform-version != '' }}
-        uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # pin@v4.0.0
+        uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # pin@v4.0.2
         with:
           path: ${{ env.TF_PLUGIN_CACHE_DIR }}
           key: ${{ runner.os }}-terraform-${{ hashFiles('**/.terraform.lock.hcl') }}
 
       - name: Install Node
         if: ${{ inputs.node-version != '' }}
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # pin@v3
+        uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # pin@v3
         with:
           node-version: ${{ inputs.node-version }}
 
@@ -84,4 +84,4 @@ jobs:
           GITHUB_TOKEN_REF: ${{ secrets.ACCESS_TOKEN && secrets.ACCESS_TOKEN || 'password' }}
 
       - name: Trunk Check
-        uses: trunk-io/trunk-action@97ecd21fe6c743bf7a606791584b683a7995c70e # pin@v1.1.9
+        uses: trunk-io/trunk-action@bd686325615e9cf5a4ef98372ba94a472f9b5238 # pin@v1.1.14