build(deps): bump the github-actions group across 1 directory with 2 updates

Bumps the github-actions group with 2 updates in the / directory: [github/codeql-action](https://github.com/github/codeql-action) and [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer). Updates `github/codeql-action` from 3.30.6 to 4.30.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@64d10c1...16140ae) Updates `sigstore/cosign-installer` from 3.10.0 to 4.0.0 - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](sigstore/cosign-installer@d7543c9...faadad0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.30.9 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: sigstore/cosign-installer dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

Author: dependabot[bot]

.github/workflows/lib-codeql.yaml

@@ -29,11 +29,11 @@ jobs:
  sudo apt-get update
  sudo apt-get install -y libze1 libze-dev
  - name: Initialize CodeQL
- uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+ uses: github/codeql-action/init@16140ae1a102900babc80a33c44059580f687047 # v3
  with:
  languages: 'go'
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+ uses: github/codeql-action/analyze@16140ae1a102900babc80a33c44059580f687047 # v3
  with:
  category: "/language:go"

.github/workflows/lib-publish.yaml

@@ -113,7 +113,7 @@ jobs:
  echo "image_sha=$(docker inspect --format='{{index .RepoDigests 0}}' ${{ inputs.registry }}/${{ matrix.image }}:${{ inputs.image_tag }})" >> $GITHUB_OUTPUT
  - name: Install cosign
  if: ${{ inputs.image_tag != 'devel' }}
- uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 #v3.10.0
+ uses: sigstore/cosign-installer@faadad0cce49287aee09b3a48701e75088a2c6ad #v4.0.0
  - name: Keyless image sign
  if: ${{ inputs.image_tag != 'devel' }}
  run: |

.github/workflows/lib-scorecard.yaml

@@ -26,6 +26,6 @@ jobs:
  results_format: sarif
  publish_results: true
  - name: "Upload results to security"
- uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+ uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3
  with:
  sarif_file: results.sarif

.github/workflows/trivy-periodic.yaml

@@ -31,6 +31,6 @@ jobs:
  format: sarif
  output: trivy-report.sarif
  - name: Upload sarif report to GitHub Security tab
- uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3
+ uses: github/codeql-action/upload-sarif@16140ae1a102900babc80a33c44059580f687047 # v3
  with:
  sarif_file: trivy-report.sarif