build(deps): bump the actions group across 1 directory with 5 updates (#1031)

Bumps the actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/setup-go](https://github.com/actions/setup-go) | `6.2.0` |
`6.3.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `6.0.0` | `7.0.0` |
| [docker/login-action](https://github.com/docker/login-action) |
`3.7.0` | `4.0.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) |
`0.22.2` | `0.23.0` |
|
[goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action)
| `6.4.0` | `7.0.0` |


Updates `actions/setup-go` from 6.2.0 to 6.3.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-go/releases">actions/setup-go's
releases</a>.</em></p>
<blockquote>
<h2>v6.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update default Go module caching to use go.mod by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-go/pull/705">actions/setup-go#705</a></li>
<li>Fix golang download url to go.dev by <a
href="https://github.com/178inaba"><code>@​178inaba</code></a> in <a
href="https://redirect.github.com/actions/setup-go/pull/469">actions/setup-go#469</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-go/compare/v6...v6.3.0">https://github.com/actions/setup-go/compare/v6...v6.3.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-go/commit/4b73464bb391d4059bd26b0524d20df3927bd417"><code>4b73464</code></a>
Fix golang download url to go.dev (<a
href="https://redirect.github.com/actions/setup-go/issues/469">#469</a>)</li>
<li><a
href="https://github.com/actions/setup-go/commit/a5f9b05d2d216f63e13859e0d847461041025775"><code>a5f9b05</code></a>
Update default Go module caching to use go.mod (<a
href="https://redirect.github.com/actions/setup-go/issues/705">#705</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-go/compare/7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5...4b73464bb391d4059bd26b0524d20df3927bd417">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/upload-artifact` from 6.0.0 to 7.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>v7 What's new</h2>
<h3>Direct Uploads</h3>
<p>Adds support for uploading single files directly (unzipped). Callers
can set the new <code>archive</code> parameter to <code>false</code> to
skip zipping the file during upload. Right now, we only support single
files. The action will fail if the glob passed resolves to multiple
files. The <code>name</code> parameter is also ignored with this
setting. Instead, the name of the artifact will be the name of the
uploaded file.</p>
<h3>ESM</h3>
<p>To support new versions of the <code>@actions/*</code> packages,
we've upgraded the package to ESM.</p>
<h2>What's Changed</h2>
<ul>
<li>Add proxy integration test by <a
href="https://github.com/Link"><code>@​Link</code></a>- in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
<li>Upgrade the module to ESM and bump dependencies by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li>
<li>Support direct file uploads by <a
href="https://github.com/danwkennedy"><code>@​danwkennedy</code></a> in
<a
href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Link"><code>@​Link</code></a>- made
their first contribution in <a
href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f"><code>bbbca2d</code></a>
Support direct file uploads (<a
href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/589182c5a4cec8920b8c1bce3e2fab1c97a02296"><code>589182c</code></a>
Upgrade the module to ESM and bump dependencies (<a
href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/47309c993abb98030a35d55ef7ff34b7fa1074b5"><code>47309c9</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a>
from actions/Link-/add-proxy-integration-tests</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/02a8460834e70dab0ce194c64360c59dc1475ef0"><code>02a8460</code></a>
Add proxy integration test</li>
<li>See full diff in <a
href="https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f">compare
view</a></li>
</ul>
</details>
<br />

Updates `docker/login-action` from 3.7.0 to 4.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases">docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.0.0</h2>
<ul>
<li>Node 24 as default runtime (requires <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Actions
Runner v2.327.1</a> or later) by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/929">docker/login-action#929</a></li>
<li>Switch to ESM and update config/test wiring by <a
href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/927">docker/login-action#927</a></li>
<li>Bump <code>@​actions/core</code> from 1.11.1 to 3.0.0 in <a
href="https://redirect.github.com/docker/login-action/pull/919">docker/login-action#919</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> from 3.890.0 to 3.1000.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a>
<a
href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li>
<li>Bump <code>@​aws-sdk/client-ecr-public</code> from 3.890.0 to
3.1000.0 in <a
href="https://redirect.github.com/docker/login-action/pull/909">docker/login-action#909</a>
<a
href="https://redirect.github.com/docker/login-action/pull/920">docker/login-action#920</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.63.0 to 0.77.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/910">docker/login-action#910</a>
<a
href="https://redirect.github.com/docker/login-action/pull/928">docker/login-action#928</a></li>
<li>Bump <code>@​isaacs/brace-expansion</code> from 5.0.0 to 5.0.1 in <a
href="https://redirect.github.com/docker/login-action/pull/921">docker/login-action#921</a></li>
<li>Bump js-yaml from 4.1.0 to 4.1.1 in <a
href="https://redirect.github.com/docker/login-action/pull/901">docker/login-action#901</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v3.7.0...v4.0.0">https://github.com/docker/login-action/compare/v3.7.0...v4.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/b45d80f862d83dbcd57f89517bcf500b2ab88fb2"><code>b45d80f</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/929">#929</a>
from crazy-max/node24</li>
<li><a
href="https://github.com/docker/login-action/commit/176cb9c12abea98dfe844071c0999ff6ee9688a7"><code>176cb9c</code></a>
node 24 as default runtime</li>
<li><a
href="https://github.com/docker/login-action/commit/cad89843109a11cb6f69f52fe695c42cf69d57d3"><code>cad8984</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/920">#920</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="https://github.com/docker/login-action/commit/92cbcb231ed341e7dc71693351b21f5ba65f8349"><code>92cbcb2</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/5a2d6a71bd3e0cb4abb6faae33f3dde61ece8e5b"><code>5a2d6a7</code></a>
build(deps): bump the aws-sdk-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/44512b6b2e08b878e82b107b394fcd1af5748e63"><code>44512b6</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/928">#928</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/login-action/commit/28737a5e46bc0c62910ef429b2e55f9cabbbd5df"><code>28737a5</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/dac079354afbd8db4c3b58b8cc6946573479b2a6"><code>dac0793</code></a>
build(deps): bump <code>@​docker/actions-toolkit</code> from 0.76.0 to
0.77.0</li>
<li><a
href="https://github.com/docker/login-action/commit/62029f315d6d05c8646343320e4a1552e5f1c77a"><code>62029f3</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/919">#919</a>
from docker/dependabot/npm_and_yarn/actions/core-3.0.0</li>
<li><a
href="https://github.com/docker/login-action/commit/08c8f064bf22a1c55918ee608a81d87b13cc4461"><code>08c8f06</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2">compare
view</a></li>
</ul>
</details>
<br />

Updates `anchore/sbom-action` from 0.22.2 to 0.23.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/anchore/sbom-action/releases">anchore/sbom-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.23.0</h2>
<ul>
<li>switch to single-file dist build with sub-action flags and update
dependencies (<a
href="https://redirect.github.com/anchore/sbom-action/issues/595">#595</a>)
[<a href="https://github.com/kzantow"><code>@​kzantow</code></a>]</li>
<li>switch to esbuild (<a
href="https://redirect.github.com/anchore/sbom-action/issues/590">#590</a>)
[<a
href="https://github.com/willmurphyscode"><code>@​willmurphyscode</code></a>]</li>
<li>update Syft to v1.42.1 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/599">#599</a>)
[@<a
href="https://github.com/apps/anchore-actions-token-generator">anchore-actions-token-generator[bot]</a>]</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/anchore/sbom-action/commit/17ae1740179002c89186b61233e0f892c3118b11"><code>17ae174</code></a>
chore(deps/test): move to es modules, node:test, single dist file (<a
href="https://redirect.github.com/anchore/sbom-action/issues/595">#595</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/6d473d38434d5fdbb356f61f8d2df69a83a05875"><code>6d473d3</code></a>
chore(deps): update Syft to v1.42.1 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/599">#599</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/60619e70c023b7f4d9b5b8e8421bd5a6390b10cd"><code>60619e7</code></a>
fix tests and bump fast-xml-parser (<a
href="https://redirect.github.com/anchore/sbom-action/issues/598">#598</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/e2bd58a0250647021ea432d64177dfb3b91411e5"><code>e2bd58a</code></a>
chore(deps-dev): bump the dev-dependencies group with 3 updates (<a
href="https://redirect.github.com/anchore/sbom-action/issues/592">#592</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/d032d7d671e9bd9b9f39a6f7eb74024113d76be5"><code>d032d7d</code></a>
ci(syft auto update): npm ci, not npm install (<a
href="https://redirect.github.com/anchore/sbom-action/issues/597">#597</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/2d094306a78d7bde297684f0120dfb41969c38c2"><code>2d09430</code></a>
fix(dev): switch to esbuild (<a
href="https://redirect.github.com/anchore/sbom-action/issues/590">#590</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/74c5ce948d4b9d997ec04b0daae9afc8ceaa006e"><code>74c5ce9</code></a>
chore(deps): update Syft to v1.42.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/589">#589</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/77fae5a5abf373e617afc777eff8ae57f6e1c206"><code>77fae5a</code></a>
chore(deps-dev): bump the dev-dependencies group with 4 updates (<a
href="https://redirect.github.com/anchore/sbom-action/issues/583">#583</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/debc3eeb0fedbe3cc78e9d59d49635632ff37cc0"><code>debc3ee</code></a>
chore(deps): bump npm-check-updates in the non-major group (<a
href="https://redirect.github.com/anchore/sbom-action/issues/584">#584</a>)</li>
<li><a
href="https://github.com/anchore/sbom-action/commit/fff8762a01886c8cd42e10f7296297b2e1f4db59"><code>fff8762</code></a>
chore(deps): bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 (<a
href="https://redirect.github.com/anchore/sbom-action/issues/588">#588</a>)</li>
<li>See full diff in <a
href="https://github.com/anchore/sbom-action/compare/v0.22.2...v0.23.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `goreleaser/goreleaser-action` from 6.4.0 to 7.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/goreleaser/goreleaser-action/releases">goreleaser/goreleaser-action's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat!: node 24, update deps, rm yarn, ESM by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/533">goreleaser/goreleaser-action#533</a></li>
<li>sec: pin github action versions by <a
href="https://github.com/caarlos0"><code>@​caarlos0</code></a> in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/514">goreleaser/goreleaser-action#514</a></li>
<li>docs: Upgrade checkout GitHub Action in README.md by <a
href="https://github.com/dunglas"><code>@​dunglas</code></a> in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/507">goreleaser/goreleaser-action#507</a></li>
<li>chore(deps): bump actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/504">goreleaser/goreleaser-action#504</a></li>
<li>ci(deps): bump the actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/517">goreleaser/goreleaser-action#517</a></li>
<li>ci(deps): bump the actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/523">goreleaser/goreleaser-action#523</a></li>
<li>ci(deps): bump docker/bake-action from 6.9.0 to 6.10.0 in the
actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/526">goreleaser/goreleaser-action#526</a></li>
<li>ci(deps): bump the actions group across 1 directory with 4 updates
by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/532">goreleaser/goreleaser-action#532</a></li>
<li>ci(deps): bump actions/checkout from 6.0.1 to 6.0.2 in the actions
group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/534">goreleaser/goreleaser-action#534</a></li>
<li>chore(deps): bump the npm group across 1 directory with 4 updates by
<a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/536">goreleaser/goreleaser-action#536</a></li>
<li>chore(deps): bump <code>@​actions/http-client</code> from 3.0.2 to
4.0.0 in the npm group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/537">goreleaser/goreleaser-action#537</a></li>
<li>ci(deps): bump docker/setup-buildx-action from 3.10.0 to 3.12.0 in
the actions group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/538">goreleaser/goreleaser-action#538</a></li>
<li>chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/goreleaser/goreleaser-action/pull/539">goreleaser/goreleaser-action#539</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/goreleaser/goreleaser-action/compare/v6...v7.0.0">https://github.com/goreleaser/goreleaser-action/compare/v6...v7.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/ec59f474b9834571250b370d4735c50f8e2d1e29"><code>ec59f47</code></a>
fix: yargs usage</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/752dedee3d734a650f4cc280f78173f420900df9"><code>752dede</code></a>
fix: gitignore</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/1881ae035d414b6146c8228c12290fa3c856f536"><code>1881ae0</code></a>
ci: update dependabot settings</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/fdc5e662bb47216e7262db37c92fc968f3853c65"><code>fdc5e66</code></a>
chore: gitignore provenance.json</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/51b5b35c3c313b84ba90e097d0ad2cf1bce101bc"><code>51b5b35</code></a>
chore(deps): bump semver from 7.7.3 to 7.7.4 in the npm group (<a
href="https://redirect.github.com/goreleaser/goreleaser-action/issues/539">#539</a>)</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/4247c53b304edb39a4e6a0808f415d3eebad450a"><code>4247c53</code></a>
ci(deps): bump docker/setup-buildx-action in the actions group (<a
href="https://redirect.github.com/goreleaser/goreleaser-action/issues/538">#538</a>)</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/c169bfd5ae289fddb2e8b0b28a73a4baa2f55466"><code>c169bfd</code></a>
chore(deps): bump <code>@​actions/http-client</code> from 3.0.2 to 4.0.0
in the npm group (...</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/902ab4a70dd43cbbbe029e9917e939ba355a50dd"><code>902ab4a</code></a>
chore(deps): bump the npm group across 1 directory with 4 updates (<a
href="https://redirect.github.com/goreleaser/goreleaser-action/issues/536">#536</a>)</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/c59a691319d27b75766143e4cd37a08ac6d400f8"><code>c59a691</code></a>
chore: gitignore</li>
<li><a
href="https://github.com/goreleaser/goreleaser-action/commit/56cc8b2737e5dd9a4ebdeaf930b51aa0231efd3d"><code>56cc8b2</code></a>
ci: add job to automate dependabot pre-checkin/vendor</li>
<li>Additional commits viewable in <a
href="https://github.com/goreleaser/goreleaser-action/compare/e435ccd777264be153ace6237001ef4d979d3a7a...ec59f474b9834571250b370d4735c50f8e2d1e29">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/ci.yml

@@ -19,7 +19,7 @@ jobs:
       uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
     - name: Set up Go
-      uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+      uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
       with:
         go-version-file: 'go.mod'
         cache: true
@@ -52,7 +52,7 @@ jobs:
       uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
     - name: Set up Go
-      uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+      uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
       with:
         go-version-file: 'go.mod'
         cache: true
@@ -64,7 +64,7 @@ jobs:
       run: make test-all
 
     - name: Upload coverage artifacts
-      uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f
+      uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f
       with:
         name: coverage-report
         path: |

.github/workflows/deploy-production.yml

@@ -26,7 +26,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Setup Go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
         with:
           go-version-file: 'go.mod'
           cache: true

.github/workflows/deploy-staging.yml

@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Set up Go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -34,7 +34,7 @@ jobs:
         uses: ko-build/setup-ko@v0.9
 
       - name: Log in to Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -73,7 +73,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Setup Go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
         with:
           go-version-file: 'go.mod'
           cache: true

.github/workflows/release.yml

@@ -19,7 +19,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -28,10 +28,10 @@ jobs:
         uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad # v4.0.0
 
       - name: Install Syft
-        uses: anchore/sbom-action/download-syft@v0.22.2
+        uses: anchore/sbom-action/download-syft@v0.23.0
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a
+        uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29
         with:
           distribution: goreleaser
           version: v2.12.0
@@ -48,7 +48,7 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8
 
       - name: Set up Go
-        uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5
+        uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417
         with:
           go-version-file: 'go.mod'
           cache: true
@@ -57,7 +57,7 @@ jobs:
         uses: ko-build/setup-ko@v0.9
 
       - name: Log in to Container Registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2
         with:
           registry: ghcr.io
           username: ${{ github.actor }}