chore(deps): update workflows (#529)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
|
[docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action)
| action | digest | `4c0219f` -> `885d146` |
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`46e4421` -> `a996638` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v2.21.4` -> `v2.21.5` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | minor | `v4.3.0` -> `v4.6.0` |
|
[slsa-framework/slsa-github-generator](https://togithub.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.8.0` -> `v1.9.0` |

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

</details>

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v4.6.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.6.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.5.0...v4.6.0)

Reverts the change to `node20` runtime.

**Full Changelog**:
goreleaser/goreleaser-action@v4.5.0...v4.6.0

###
[`v4.5.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.5.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.4.0...v4.5.0)

#### What's Changed

- chore(deps): bump word-wrap from 1.2.3 to 1.2.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/427](https://togithub.com/goreleaser/goreleaser-action/pull/427)
- feat: bump to use node20 runtime, actions/checkout to v4 by
[@&#8203;kbdharun](https://togithub.com/kbdharun) in
[https://github.com/goreleaser/goreleaser-action/pull/430](https://togithub.com/goreleaser/goreleaser-action/pull/430)

#### New Contributors

- [@&#8203;kbdharun](https://togithub.com/kbdharun) made their first
contribution in
[https://github.com/goreleaser/goreleaser-action/pull/430](https://togithub.com/goreleaser/goreleaser-action/pull/430)

**Full Changelog**:
goreleaser/goreleaser-action@v4.4.0...v4.5.0

###
[`v4.4.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v4.4.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.3.0...v4.4.0)

##### What's Changed

- chore(deps): bump semver from 7.5.0 to 7.5.1 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/goreleaser/goreleaser-action/pull/417](https://togithub.com/goreleaser/goreleaser-action/pull/417)
- feat: support oss nightlies by
[@&#8203;caarlos0](https://togithub.com/caarlos0) in
[https://github.com/goreleaser/goreleaser-action/pull/424](https://togithub.com/goreleaser/goreleaser-action/pull/424)

**Full Changelog**:
goreleaser/goreleaser-action@v4.3.0...v4.4.0

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v1.9.0`](https://togithub.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v190)

[Compare
Source](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0)

Release \[v1.9.0] includes bug fixes and new features.

See the [full change
list](https://togithub.com/slsa-framework/slsa-github-generator/compare/v1.8.0...v1.9.0).

##### v1.9.0: BYOB framework (beta)

- **New**: A [new
framework](https://togithub.com/slsa-framework/slsa-github-generator/blob/main/BYOB.md)
to turn GitHub Actions into SLSA compliant builders.

##### v1.9.0: Maven builder (beta)

- **New**: A [Maven
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/maven)
to build Java projects and publish to Maven central.

##### v1.9.0: Gradle builder (beta)

- **New**: A [Gradle
builder](https://togithub.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/gradle)
to build Java projects and publish to Maven central.

##### v1.9.0: JReleaser builder

- **New**: A [JReleaser
builder](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java)
that wraps the official [JReleaser
Action](https://togithub.com/jreleaser/release-action/tree/v1.0.0-java).

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44My4wIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Author: renovate-bot

.github/workflows/codeql-analysis.yml

@@ -44,7 +44,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        uses: github/codeql-action/init@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        uses: github/codeql-action/autobuild@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -69,4 +69,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        uses: github/codeql-action/analyze@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5

.github/workflows/goreleaser.yml

@@ -34,7 +34,7 @@ jobs:
       - name: Run Lints
         uses: ./.github/workflows/lint-action
       - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
-      - uses: docker/setup-buildx-action@4c0219f9ac95b02789c1075625400b2acbff50b1 # v2
+      - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2
       - name: ghcr-login
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
         with:
@@ -43,7 +43,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run GoReleaser
         id: run-goreleaser
-        uses: goreleaser/goreleaser-action@336e29918d653399e599bfca99fadc1d7ffbc9f7 # v4.3.0
+        uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0
         with:
           version: latest
           args: release --rm-dist
@@ -63,7 +63,7 @@ jobs:
       actions: read # To read the workflow path.
       id-token: write # To sign the provenance.
       contents: write # To add assets to a release.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.8.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.9.0
     with:
       base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
       upload-assets: true # upload to a new release

.github/workflows/link-check-on-push.yml

@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
+    - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
       with:
         use-quiet-mode: "yes"
         base-branch: "main"

.github/workflows/link-check.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
+    - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
       with:
         use-quiet-mode: "yes"
 # Documentation available here: https://github.com/marketplace/actions/markdown-link-check

.github/workflows/osv-scanner-reusable-pr.yml

@@ -54,29 +54,29 @@ jobs:
       # format to the repository Actions tab.
       - name: "Upload artifact"
         if: '!cancelled()'
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: final-results.sarif
           retention-days: 5
       - name: "Upload old scan json results"
         if: '!cancelled()'
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: old-json-results
           path: old-results.json
           retention-days: 5
       - name: "Upload new scan json results"
         if: '!cancelled()'
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: new-json-results
           path: new-results.json
           retention-days: 5
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: '!cancelled()'
-        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           sarif_file: final-results.sarif
 

.github/workflows/osv-scanner-reusable-scheduled.yml

@@ -33,15 +33,15 @@ jobs:
       # format to the repository Actions tab.
       - name: "Upload artifact"
         if: '!cancelled()'
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: '!cancelled()'
-        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           sarif_file: results.sarif
 

.github/workflows/scorecards.yml

@@ -59,14 +59,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4
+        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           sarif_file: results.sarif