build(github-actions): 📦 digest github-actions (#96)

> [!NOTE]
> Mend has cancelled [the proposed
renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842)
of the Renovate GitHub app being renamed to `mend[bot]`.
> 
> This notice will be removed on 2025-10-07.

<hr>

This PR contains the following updates:

| Package | Type | Update | Change | OpenSSF |
|---|---|---|---|---|
| [actions/cache](https://redirect.github.com/actions/cache) | action |
digest | `1bd1e32` -> `0057852` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/actions/cache/badge)](https://securityscorecards.dev/viewer/?uri=github.com/actions/cache)
|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | digest | `11bd719` -> `08eba0b` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/actions/checkout/badge)](https://securityscorecards.dev/viewer/?uri=github.com/actions/checkout)
|
| [actions/stale](https://redirect.github.com/actions/stale) | action |
digest | `28ca103` -> `5bef64f` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/actions/stale/badge)](https://securityscorecards.dev/viewer/?uri=github.com/actions/stale)
|
|
[akhilmhdh/contributors-readme-action](https://redirect.github.com/akhilmhdh/contributors-readme-action)
| action | patch | `v2.3.10` -> `v2.3.11` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/akhilmhdh/contributors-readme-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/akhilmhdh/contributors-readme-action)
|
|
[amannn/action-semantic-pull-request](https://redirect.github.com/amannn/action-semantic-pull-request)
| action | digest | `0723387` -> `e32d7e6` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/amannn/action-semantic-pull-request/badge)](https://securityscorecards.dev/viewer/?uri=github.com/amannn/action-semantic-pull-request)
|
|
[codecov/codecov-action](https://redirect.github.com/codecov/codecov-action)
| action | minor | `v5.1.2` -> `v5.5.1` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/codecov/codecov-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/codecov/codecov-action)
|
| [docker/login-action](https://redirect.github.com/docker/login-action)
| action | digest | `9780b0c` -> `5e57cd1` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/docker/login-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/docker/login-action)
|
| elgohr/go-vulncheck-action | action | digest | `2325fac` -> `f5bc61d`
| |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | digest | `b6a472f` -> `64d10c1` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/github/codeql-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/github/codeql-action)
|
|
[magefile/mage-action](https://redirect.github.com/magefile/mage-action)
| action | digest | `6a5dcb5` -> `6f50bbb` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/magefile/mage-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/magefile/mage-action)
|
|
[trunk-io/trunk-action](https://redirect.github.com/trunk-io/trunk-action)
| action | minor | `v1.1.19` -> `v1.2.4` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/trunk-io/trunk-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/trunk-io/trunk-action)
|
|
[trunk-io/trunk-action](https://redirect.github.com/trunk-io/trunk-action)
| action | digest | `4d5ecc8` -> `75699af` | [![OpenSSF
Scorecard](https://api.securityscorecards.dev/projects/github.com/trunk-io/trunk-action/badge)](https://securityscorecards.dev/viewer/?uri=github.com/trunk-io/trunk-action)
|

---

### Release Notes

<details>
<summary>akhilmhdh/contributors-readme-action
(akhilmhdh/contributors-readme-action)</summary>

###
[`v2.3.11`](https://redirect.github.com/akhilmhdh/contributors-readme-action/releases/tag/v2.3.11):
Contributors-Readme-Action v2.3.11

[Compare
Source](https://redirect.github.com/akhilmhdh/contributors-readme-action/compare/v2.3.10...v2.3.11)

#### What's Changed

- Fixed the bug that the tbody tag was not closed by
[@&#8203;zjkal](https://redirect.github.com/zjkal) in
[#&#8203;85](https://redirect.github.com/akhilmhdh/contributors-readme-action/pull/85)

#### New Contributors

- [@&#8203;zjkal](https://redirect.github.com/zjkal) made their first
contribution in
[#&#8203;85](https://redirect.github.com/akhilmhdh/contributors-readme-action/pull/85)

**Full Changelog**:
<akhilmhdh/contributors-readme-action@v2.3.10...v2.3.11>

</details>

<details>
<summary>codecov/codecov-action (codecov/codecov-action)</summary>

###
[`v5.5.1`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v551)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.5.0...v5.5.1)

##### What's Changed

- fix: overwrite pr number on fork by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[#&#8203;1871](https://redirect.github.com/codecov/codecov-action/pull/1871)
- build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1868](https://redirect.github.com/codecov/codecov-action/pull/1868)
- build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1867](https://redirect.github.com/codecov/codecov-action/pull/1867)
- fix: update to use local app/ dir by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[#&#8203;1872](https://redirect.github.com/codecov/codecov-action/pull/1872)
- docs: fix typo in README by
[@&#8203;datalater](https://redirect.github.com/datalater) in
[#&#8203;1866](https://redirect.github.com/codecov/codecov-action/pull/1866)
- Document a `codecov-cli` version reference example by
[@&#8203;webknjaz](https://redirect.github.com/webknjaz) in
[#&#8203;1774](https://redirect.github.com/codecov/codecov-action/pull/1774)
- build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1861](https://redirect.github.com/codecov/codecov-action/pull/1861)
- build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1833](https://redirect.github.com/codecov/codecov-action/pull/1833)

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1>

###
[`v5.5.0`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v550)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.4.3...v5.5.0)

##### What's Changed

- feat: upgrade wrapper to 0.2.4 by
[@&#8203;jviall](https://redirect.github.com/jviall) in
[#&#8203;1864](https://redirect.github.com/codecov/codecov-action/pull/1864)
- Pin actions/github-script by Git SHA by
[@&#8203;martincostello](https://redirect.github.com/martincostello) in
[#&#8203;1859](https://redirect.github.com/codecov/codecov-action/pull/1859)
- fix: check reqs exist by
[@&#8203;joseph-sentry](https://redirect.github.com/joseph-sentry) in
[#&#8203;1835](https://redirect.github.com/codecov/codecov-action/pull/1835)
- fix: Typo in README by
[@&#8203;spalmurray](https://redirect.github.com/spalmurray) in
[#&#8203;1838](https://redirect.github.com/codecov/codecov-action/pull/1838)
- docs: Refine OIDC docs by
[@&#8203;spalmurray](https://redirect.github.com/spalmurray) in
[#&#8203;1837](https://redirect.github.com/codecov/codecov-action/pull/1837)
- build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1829](https://redirect.github.com/codecov/codecov-action/pull/1829)

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0>

###
[`v5.4.3`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v543)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.4.2...v5.4.3)

##### What's Changed

- build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1822](https://redirect.github.com/codecov/codecov-action/pull/1822)
- fix: OIDC on forks by
[@&#8203;joseph-sentry](https://redirect.github.com/joseph-sentry) in
[#&#8203;1823](https://redirect.github.com/codecov/codecov-action/pull/1823)

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3>

###
[`v5.4.2`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v542)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.4.1...v5.4.2)

##### What's Changed

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.4.1..v5.4.2>

###
[`v5.4.1`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v541)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.4.0...v5.4.1)

##### What's Changed

- fix: use the github core methods by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[#&#8203;1807](https://redirect.github.com/codecov/codecov-action/pull/1807)
- build(deps): bump github/codeql-action from 3.28.12 to 3.28.13 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1803](https://redirect.github.com/codecov/codecov-action/pull/1803)
- build(deps): bump github/codeql-action from 3.28.11 to 3.28.12 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1797](https://redirect.github.com/codecov/codecov-action/pull/1797)
- build(deps): bump actions/upload-artifact from 4.6.1 to 4.6.2 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1798](https://redirect.github.com/codecov/codecov-action/pull/1798)
- chore(release): wrapper -0.2.1 by
[@&#8203;app/codecov-releaser-app](https://redirect.github.com/app/codecov-releaser-app)
in
[#&#8203;1788](https://redirect.github.com/codecov/codecov-action/pull/1788)
- build(deps): bump github/codeql-action from 3.28.10 to 3.28.11 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1786](https://redirect.github.com/codecov/codecov-action/pull/1786)

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.4.0..v5.4.1>

###
[`v5.4.0`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v540)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.3.1...v5.4.0)

##### What's Changed

- update wrapper submodule to 0.2.0, add recurse\_submodules arg by
[@&#8203;matt-codecov](https://redirect.github.com/matt-codecov) in
[#&#8203;1780](https://redirect.github.com/codecov/codecov-action/pull/1780)
- build(deps): bump actions/upload-artifact from 4.6.0 to 4.6.1 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1775](https://redirect.github.com/codecov/codecov-action/pull/1775)
- build(deps): bump ossf/scorecard-action from 2.4.0 to 2.4.1 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1776](https://redirect.github.com/codecov/codecov-action/pull/1776)
- build(deps): bump github/codeql-action from 3.28.9 to 3.28.10 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1777](https://redirect.github.com/codecov/codecov-action/pull/1777)
- Clarify in README that `use_pypi` bypasses integrity checks too by
[@&#8203;webknjaz](https://redirect.github.com/webknjaz) in
[#&#8203;1773](https://redirect.github.com/codecov/codecov-action/pull/1773)
- Fix use of safe.directory inside containers by
[@&#8203;Flamefire](https://redirect.github.com/Flamefire) in
[#&#8203;1768](https://redirect.github.com/codecov/codecov-action/pull/1768)
- Fix description for report\_type input by
[@&#8203;craigscott-crascit](https://redirect.github.com/craigscott-crascit)
in
[#&#8203;1770](https://redirect.github.com/codecov/codecov-action/pull/1770)
- build(deps): bump github/codeql-action from 3.28.8 to 3.28.9 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1765](https://redirect.github.com/codecov/codecov-action/pull/1765)
- Fix a typo in the example by
[@&#8203;miranska](https://redirect.github.com/miranska) in
[#&#8203;1758](https://redirect.github.com/codecov/codecov-action/pull/1758)
- build(deps): bump github/codeql-action from 3.28.5 to 3.28.8 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1757](https://redirect.github.com/codecov/codecov-action/pull/1757)
- build(deps): bump github/codeql-action from 3.28.1 to 3.28.5 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1753](https://redirect.github.com/codecov/codecov-action/pull/1753)

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.3.1..v5.4.0>

###
[`v5.3.1`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v531)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.3.0...v5.3.1)

##### What's Changed

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.3.0..v5.3.1>

###
[`v5.3.0`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v530)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.2.0...v5.3.0)

##### What's Changed

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.2.0..v5.3.0>

###
[`v5.2.0`](https://redirect.github.com/codecov/codecov-action/blob/HEAD/CHANGELOG.md#v520)

[Compare
Source](https://redirect.github.com/codecov/codecov-action/compare/v5.1.2...v5.2.0)

##### What's Changed

- Fix typo in README by
[@&#8203;tserg](https://redirect.github.com/tserg) in
[#&#8203;1747](https://redirect.github.com/codecov/codecov-action/pull/1747)
- Th/add commands by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[#&#8203;1745](https://redirect.github.com/codecov/codecov-action/pull/1745)
- use correct audience when requesting oidc token by
[@&#8203;juho9000](https://redirect.github.com/juho9000) in
[#&#8203;1744](https://redirect.github.com/codecov/codecov-action/pull/1744)
- build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1742](https://redirect.github.com/codecov/codecov-action/pull/1742)
- build(deps): bump actions/upload-artifact from 4.4.3 to 4.6.0 by
[@&#8203;app/dependabot](https://redirect.github.com/app/dependabot) in
[#&#8203;1743](https://redirect.github.com/codecov/codecov-action/pull/1743)
- chore(deps): bump wrapper to 0.0.32 by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[#&#8203;1740](https://redirect.github.com/codecov/codecov-action/pull/1740)
- feat: add disable-telem feature by
[@&#8203;thomasrockhu-codecov](https://redirect.github.com/thomasrockhu-codecov)
in
[#&#8203;1739](https://redirect.github.com/codecov/codecov-action/pull/1739)
- fix: remove erroneous linebreak in readme by
[@&#8203;Vampire](https://redirect.github.com/Vampire) in
[#&#8203;1734](https://redirect.github.com/codecov/codecov-action/pull/1734)

**Full Changelog**:
<https://github.com/codecov/codecov-action/compare/v5.1.2..v5.2.0>

</details>

<details>
<summary>trunk-io/trunk-action (trunk-io/trunk-action)</summary>

###
[`v1.2.4`](https://redirect.github.com/trunk-io/trunk-action/releases/tag/v1.2.4)

[Compare
Source](https://redirect.github.com/trunk-io/trunk-action/compare/v1.2.3...v1.2.4)

##### What's Changed

- Add `sign-commits` input to allow commit signing
([#&#8203;263](https://redirect.github.com/trunk-io/trunk-action/issues/263))

**Full Changelog**:
<trunk-io/trunk-action@v1.2.3...v1.2.4>

###
[`v1.2.3`](https://redirect.github.com/trunk-io/trunk-action/releases/tag/v1.2.3)

[Compare
Source](https://redirect.github.com/trunk-io/trunk-action/compare/v1.2.2...v1.2.3)

##### What's Changed

- Update deprecation comment copy
([#&#8203;280](https://redirect.github.com/trunk-io/trunk-action/issues/280))

For more information, see the [migration
guide](https://docs.trunk.io/code-quality/setup-and-installation/prevent-new-issues/migration-guide).

**Full Changelog**:
<trunk-io/trunk-action@v1.2.2...v1.2.3>

###
[`v1.2.2`](https://redirect.github.com/trunk-io/trunk-action/releases/tag/v1.2.2)

[Compare
Source](https://redirect.github.com/trunk-io/trunk-action/compare/v1.2.1...v1.2.2)

##### What's Changed

- Only posts deprecation comment when checking PRs
([#&#8203;279](https://redirect.github.com/trunk-io/trunk-action/issues/279))

For more information, see the [migration
guide](https://docs.trunk.io/code-quality/setup-and-installation/prevent-new-issues/migration-guide).

**Full Changelog**:
<trunk-io/trunk-action@v1.2.1...v1.2.2>

###
[`v1.2.1`](https://redirect.github.com/trunk-io/trunk-action/releases/tag/v1.2.1)

[Compare
Source](https://redirect.github.com/trunk-io/trunk-action/compare/v1.2.0...v1.2.1)

##### What's Changed

- Fixes token issue when posting deprecation comment
([#&#8203;278](https://redirect.github.com/trunk-io/trunk-action/issues/278))

For more information, see the [migration
guide](https://docs.trunk.io/code-quality/setup-and-installation/prevent-new-issues/migration-guide).

**Full Changelog**:
<trunk-io/trunk-action@v1.2.0...v1.2.1>

###
[`v1.2.0`](https://redirect.github.com/trunk-io/trunk-action/releases/tag/v1.2.0)

[Compare
Source](https://redirect.github.com/trunk-io/trunk-action/compare/v1.1.19...v1.2.0)

##### What's Changed

- Add deprecation notice for check uploads
([#&#8203;276](https://redirect.github.com/trunk-io/trunk-action/issues/276))
- Add deprecation notice for check on PRs
([#&#8203;277](https://redirect.github.com/trunk-io/trunk-action/issues/277))

For more information, see the [migration
guide](https://docs.trunk.io/code-quality/setup-and-installation/prevent-new-issues/migration-guide).

**Full Changelog**:
<trunk-io/trunk-action@v1.1.19...v1.2.0>

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "after 10pm,before 3am" in timezone
America/Chicago, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/DelineaXPM/github-workflows).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xMzEuOSIsInVwZGF0ZWRJblZlciI6IjQxLjEzMS45IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Author: renovate[bot]

.github/workflows/auto-update-contributors.yml

@@ -18,7 +18,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
       - name: Check for existing open contributors pull request
         id: check_pr
@@ -39,7 +39,7 @@ jobs:
 
       - name: Contribute List
         if: env.OpenContributorRequestAlreadyExists == 'false'
-        uses: akhilmhdh/contributors-readme-action@1ff4c56187458b34cd602aee93e897344ce34bfc # v2.3.10
+        uses: akhilmhdh/contributors-readme-action@83ea0b4f1ac928fbfe88b9e8460a932a528eb79f # v2.3.11
         with:
           pr_title_on_protected: 'docs(contributor): contributors readme action update'
           commit_message: 'docs(contributor): contributors readme action update'

.github/workflows/cache-trunk.yml

@@ -20,8 +20,8 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
       - name: Trunk Check
-        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1
+        uses: trunk-io/trunk-action@75699af9e26881e564e9d832ef7dc3af25ec031b # v1
         with:
           check-mode: populate_cache_only

.github/workflows/changie-trigger-release.yml

@@ -27,7 +27,7 @@ jobs:
     name: dependency-release
     steps:
       - name: checkout-repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
         with:
           fetch-depth: 0 # Ensures a full checkout
       - name: configure-default-git-committer

.github/workflows/conventional-pr.yml

@@ -19,7 +19,7 @@ jobs:
     permissions:
       pull-requests: read
     steps:
-      - uses: amannn/action-semantic-pull-request@0723387faaf9b38adef4775cd42cfd5155ed6017 # v5
+      - uses: amannn/action-semantic-pull-request@e32d7e603df1aa1ba07e981f2a23455dee596825 # v5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.github/workflows/lint-post-annotations.yml

@@ -14,9 +14,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
       - name: Trunk Check
-        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
+        uses: trunk-io/trunk-action@75699af9e26881e564e9d832ef7dc3af25ec031b # v1.2.4
         with:
           post-annotations: true # only for fork PRs

.github/workflows/lint.yml

@@ -23,7 +23,7 @@ jobs:
       contents: read # For repo checkout
     steps:
       - name: checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
       - name: set-aqua-policy-if-file-exists
         run: |
           if [[ -f aqua-policy.yaml ]]; then
@@ -41,7 +41,7 @@ jobs:
           AQUA_LOG_LEVEL: debug
           AQUA_OPTS: ''
       - name: trunk-check
-        uses: trunk-io/trunk-action@4d5ecc89b2691705fd08c747c78652d2fc806a94 # v1.1.19
+        uses: trunk-io/trunk-action@75699af9e26881e564e9d832ef7dc3af25ec031b # v1.2.4
         with:
           arguments: --github-annotate-new-only=true
 
@@ -56,7 +56,7 @@ jobs:
       GH_TOKEN: ${{ github.token }}
       GITHUB_REF_BRANCH: ${{ github.ref }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
         with:
           fetch-depth: 0
           ref: ${{ env.GITHUB_REF_BRANCH }}

.github/workflows/release.yml

@@ -16,7 +16,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
       # https://github.com/magnetikonline/action-golang-cache
       - name: Setup Golang with cache
@@ -40,17 +40,17 @@ jobs:
           AQUA_LOG_LEVEL: debug
 
       - name: mage-tidy
-        uses: magefile/mage-action@6a5dcb5fe61f43d7c08a98bc3cf9bc63c308c08e # v3
+        uses: magefile/mage-action@6f50bbb8ea47d56e62dee92392788acbc8192d0b # v3
         with:
           version: latest
           args: init
       - name: docker-login
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
         with:
           username: ${{ secrets.DSV_DOCKER_USERNAME }}
           password: ${{ secrets.DSV_DOCKER_PASSWORD }}
       - name: mage-release
-        uses: magefile/mage-action@6a5dcb5fe61f43d7c08a98bc3cf9bc63c308c08e # v3
+        uses: magefile/mage-action@6f50bbb8ea47d56e62dee92392788acbc8192d0b # v3
         with:
           version: latest
           args: release

.github/workflows/scan.yml

@@ -21,7 +21,7 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
       - name: set-aqua-policy-if-file-exists
         run: |
           if [ -f aqua-policy.yaml ]; then
@@ -42,7 +42,7 @@ jobs:
           echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
       # no pinning of github managed action
       - name: Setup Golang caches
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: |
             ${HOME}/.cache/go-build
@@ -53,7 +53,7 @@ jobs:
       # This should be informational, and not block as it's experimental and no exclusion logic at this time that I've found.
       # https://go.dev/security/vuln/#feedback
       - name: govuln-scan
-        uses: elgohr/go-vulncheck-action@2325facbb97c96a945c48e644308c756e1af2cba # renovate tag=v1
+        uses: elgohr/go-vulncheck-action@f5bc61dd7cd964fd4b76b9f38ea6db3adea62896 # renovate tag=v1
         continue-on-error: true
       # - name: mage-vulcheck
       #   run: |
@@ -72,11 +72,11 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3
+        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -89,7 +89,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3
+        uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -101,6 +101,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b6a472f63d85b9c78a3ac5e89422239fc15e9b3c # v3
+        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
         with:
           category: '/language:${{matrix.language}}'

.github/workflows/stale.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Config Options: https://github.com/actions/stale#list-of-input-options
-      - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9
+      - uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9
         with:
           days-before-stale: 14
           days-before-close: 5

.github/workflows/test.yml

@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4
       - name: set-aqua-policy-if-file-exists
         run: |
           if [[ -f aqua-policy.yaml ]]; then
@@ -57,7 +57,7 @@ jobs:
           echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
       # no pinning of github managed action
       - name: Setup Golang caches
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
         with:
           path: |
             ${HOME}/.cache/go-build
@@ -83,6 +83,6 @@ jobs:
           GOTEST_DISABLE_RACE: 1
           # GOTEST_FLAGS: '${{ inputs.gotestflags }}'
 
-      - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
+      - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
         with:
           fail_ci_if_error: false