deps: Update dependencies for github (major)

.github/workflows/codeql.yml

@@ -42,26 +42,26 @@ jobs:
 
  steps:
  - name: Checkout repository
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
  - name: Setup Go
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+ uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
  with:
  go-version: "1.25"
  if: ${{ matrix.language == 'go' }}
 
  # Initializes the CodeQL tools for scanning.
  - name: Initialize CodeQL
- uses: github/codeql-action/init@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
+ uses: github/codeql-action/init@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
  with:
  languages: ${{ matrix.language }}
 
  # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java).
  # If this step fails, then you should remove it and run the build manually
  - name: Autobuild
- uses: github/codeql-action/autobuild@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
+ uses: github/codeql-action/autobuild@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
+ uses: github/codeql-action/analyze@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
  with:
  category: "/language:${{matrix.language}}"

.github/workflows/cover.yaml

@@ -24,12 +24,12 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Setup Go
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+ uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
  with:
  go-version: "1.25"
 
  - name: Checkout base branch
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  with:
  ref: ${{ github.base_ref }}
  - name: Calculate base code coverage
@@ -39,7 +39,7 @@ jobs:
  echo "CUR_COVER=$CUR_COVER" >> $GITHUB_ENV
 
  - name: Checkout PR branch
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  with:
  ref: ${{ github.event.pull_request.head.sha }}
  repository: ${{ github.event.pull_request.head.repo.full_name }}

.github/workflows/govulncheck.yaml

@@ -31,9 +31,9 @@ jobs:
  name: Run govulncheck
  steps:
  - name: Checkout code
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  - name: Setup Go
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+ uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
  with:
  go-version: "1.25"
  check-latest: true

.github/workflows/labels.yaml

@@ -28,7 +28,7 @@ jobs:
  issues: write
  pull-requests: write
  steps:
- - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  - uses: micnncim/action-label-syncer@3abd5ab72fda571e69fffd97bd4e0033dd5f495c # v1.3.0
  env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/lint.yaml

@@ -28,9 +28,9 @@ jobs:
  pull-requests: write
  steps:
  - name: Checkout code
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  - name: Setup Go
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+ uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
  with:
  go-version: "1.25"
  - name: lint

.github/workflows/scorecard.yml

@@ -35,7 +35,7 @@ jobs:
 
  steps:
  - name: "Checkout code"
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  with:
  persist-credentials: false
 
@@ -57,14 +57,14 @@ jobs:
  # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
  # format to the repository Actions tab.
  - name: "Upload artifact"
- uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+ uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
  with:
  name: SARIF file
  path: results.sarif
  retention-days: 5
 
  # Upload the results to GitHub's code scanning dashboard.
  - name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@42213152a85ae7569bdb6bec7bcd74cd691bfe41 # v3.30.9
+ uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9
  with:
  sarif_file: resultsFiltered.sarif

.github/workflows/tests.yaml

@@ -44,24 +44,24 @@ jobs:
  pull-requests: write
  steps:
  - name: Checkout code
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
  - name: Setup Go
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+ uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
  with:
  go-version: "1.25"
 
  - id: auth
  name: Authenticate to Google Cloud
- uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2.1.13
+ uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
  with:
  workload_identity_provider: ${{ vars.PROVIDER_NAME }}
  service_account: ${{ vars.SERVICE_ACCOUNT }}
  access_token_lifetime: 600s
 
  - id: secrets
  name: Get secrets
- uses: google-github-actions/get-secretmanager-secrets@2b5f97c5a4b9c105e64646762ad4fc3f5128e6f5 # v2.2.5
+ uses: google-github-actions/get-secretmanager-secrets@bc9c54b29fdffb8a47776820a7d26e77b379d262 # v3.0.0
  with:
  secrets: |-
  MYSQL_CONNECTION_NAME:${{ vars.GOOGLE_CLOUD_PROJECT }}/MYSQL_CONNECTION_NAME
@@ -166,16 +166,16 @@ jobs:
  GOARCH: ${{ matrix.goarch }}
  steps:
  - name: Checkout code
- uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
+ uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
  - name: Setup Go ${{ matrix.go-version }}
- uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+ uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0
  with:
  go-version: ${{ matrix.go-version }}
  - id: auth
  name: Authenticate to Google Cloud
  # only needed for Flakybot on periodic (schedule) and continuous (push) events
  if: ${{ github.event_name == 'schedule' || github.event_name == 'push' }}
- uses: google-github-actions/auth@c200f3691d83b41bf9bbd8638997a462592937ed # v2.1.13
+ uses: google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093 # v3.0.0
  with:
  workload_identity_provider: ${{ vars.PROVIDER_NAME }}
  service_account: ${{ vars.SERVICE_ACCOUNT }}