chore(deps): update github actions (#3)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.2` -> `v4.1.5` |
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.4` -> `v4.1.5` |
| [actions/checkout](https://togithub.com/actions/checkout) | action |
patch | `v4.1.1` -> `v4.1.5` |
|
[actions/create-github-app-token](https://togithub.com/actions/create-github-app-token)
| action | minor | `v1.9.3` -> `v1.10.0` |
|
[amannn/action-semantic-pull-request](https://togithub.com/amannn/action-semantic-pull-request)
| action | minor | `v5.4.0` -> `v5.5.2` |
|
[aquasecurity/trivy-action](https://togithub.com/aquasecurity/trivy-action)
| action | minor | `0.19.0` -> `0.20.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v3.24.10` -> `v3.25.4` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.3` -> `v3.25.4` |
|
[hashicorp/setup-terraform](https://togithub.com/hashicorp/setup-terraform)
| action | minor | `v3.0.0` -> `v3.1.1` |
| rhysd/actionlint | container | minor | `1.6.27` -> `1.7.0` |
|
[streetsidesoftware/cspell-action](https://togithub.com/streetsidesoftware/cspell-action)
| action | minor | `v6.1.0` -> `v6.2.0` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.1.5`](https://togithub.com/actions/checkout/releases/tag/v4.1.5)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.4...v4.1.5)

#### What's Changed

- Update NPM dependencies by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1703
- Bump github/codeql-action from 2 to 3 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1694
- Bump actions/setup-node from 1 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1696
- Bump actions/upload-artifact from 2 to 4 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1695
- README: Suggest `user.email` to be
`41898282+github-actions[bot]@&#8203;users.noreply.github.com` by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1707

**Full Changelog**:
actions/checkout@v4.1.4...v4.1.5

###
[`v4.1.4`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.3...v4.1.4)

- Disable `extensions.worktreeConfig` when disabling `sparse-checkout`
by [@&#8203;jww3](https://togithub.com/jww3) in
[actions/checkout#1692
- Add dependabot config by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1688
- Bump the minor-actions-dependencies group with 2 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1693
- Bump word-wrap from 1.2.3 to 1.2.5 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[actions/checkout#1643

###
[`v4.1.3`](https://togithub.com/actions/checkout/releases/tag/v4.1.3)

[Compare
Source](https://togithub.com/actions/checkout/compare/v4.1.2...v4.1.3)

#### What's Changed

- Update `actions/checkout` version in `update-main-version.yml` by
[@&#8203;jww3](https://togithub.com/jww3) in
[actions/checkout#1650
- Check git version before attempting to disable `sparse-checkout` by
[@&#8203;jww3](https://togithub.com/jww3) in
[actions/checkout#1656
- Add SSH user parameter by
[@&#8203;cory-miller](https://togithub.com/cory-miller) in
[actions/checkout#1685

**Full Changelog**:
actions/checkout@v4.1.2...v4.1.3

</details>

<details>
<summary>actions/create-github-app-token
(actions/create-github-app-token)</summary>

###
[`v1.10.0`](https://togithub.com/actions/create-github-app-token/releases/tag/v1.10.0)

[Compare
Source](https://togithub.com/actions/create-github-app-token/compare/v1.9.3...v1.10.0)

##### Features

- **`private-key`:** escaped newlines will be replaced
([#&#8203;132](https://togithub.com/actions/create-github-app-token/issues/132))
([9d23fb9](https://togithub.com/actions/create-github-app-token/commit/9d23fb93dd620572046d85c7c1032b488c12514f))

</details>

<details>
<summary>amannn/action-semantic-pull-request
(amannn/action-semantic-pull-request)</summary>

###
[`v5.5.2`](https://togithub.com/amannn/action-semantic-pull-request/releases/tag/v5.5.2)

[Compare
Source](https://togithub.com/amannn/action-semantic-pull-request/compare/v5.5.1...v5.5.2)

##### Bug Fixes

- Bump tar from 6.1.11 to 6.2.1
([#&#8203;262](https://togithub.com/amannn/action-semantic-pull-request/issues/262)
by [@&#8203;EelcoLos](https://togithub.com/EelcoLos))
([9a90d5a](https://togithub.com/amannn/action-semantic-pull-request/commit/9a90d5a5ac979326e3bb9272750cdd4f192ce24a))

###
[`v5.5.1`](https://togithub.com/amannn/action-semantic-pull-request/releases/tag/v5.5.1)

[Compare
Source](https://togithub.com/amannn/action-semantic-pull-request/compare/v5.5.0...v5.5.1)

##### Bug Fixes

- Bump ip from 2.0.0 to 2.0.1
([#&#8203;263](https://togithub.com/amannn/action-semantic-pull-request/issues/263)
by [@&#8203;EelcoLos](https://togithub.com/EelcoLos))
([5e7e9ac](https://togithub.com/amannn/action-semantic-pull-request/commit/5e7e9acca3ddc6a9d7b640fe1f905c4fff131f4a))

###
[`v5.5.0`](https://togithub.com/amannn/action-semantic-pull-request/releases/tag/v5.5.0)

[Compare
Source](https://togithub.com/amannn/action-semantic-pull-request/compare/v5.4.0...v5.5.0)

##### Features

- Add outputs for `type`, `scope` and `subject`
([#&#8203;261](https://togithub.com/amannn/action-semantic-pull-request/issues/261)
by [@&#8203;bcaurel](https://togithub.com/bcaurel))
([b05f5f6](https://togithub.com/amannn/action-semantic-pull-request/commit/b05f5f6423ef5cdfc7fdff00c4c10dd9a4f54aff))

</details>

<details>
<summary>aquasecurity/trivy-action (aquasecurity/trivy-action)</summary>

###
[`v0.20.0`](https://togithub.com/aquasecurity/trivy-action/compare/0.19.0...0.20.0)

[Compare
Source](https://togithub.com/aquasecurity/trivy-action/compare/0.19.0...0.20.0)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.4`](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.3...v3.25.4)

###
[`v3.25.3`](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.2...v3.25.3)

###
[`v3.25.2`](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.1...v3.25.2)

###
[`v3.25.1`](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.0...v3.25.1)

###
[`v3.25.0`](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.24.10...v3.25.0)

</details>

<details>
<summary>hashicorp/setup-terraform (hashicorp/setup-terraform)</summary>

###
[`v3.1.1`](https://togithub.com/hashicorp/setup-terraform/releases/tag/v3.1.1)

[Compare
Source](https://togithub.com/hashicorp/setup-terraform/compare/v3.1.0...v3.1.1)

BUG FIXES:

- wrapper: Fix wrapper to output to stdout and stderr immediately when
data is received
([#&#8203;395](https://togithub.com/hashicorp/setup-terraform/issues/395))

###
[`v3.1.0`](https://togithub.com/hashicorp/setup-terraform/releases/tag/v3.1.0)

[Compare
Source](https://togithub.com/hashicorp/setup-terraform/compare/v3.0.0...v3.1.0)

ENHANCEMENTS:

- Automatically fallback to darwin/amd64 for Terraform versions before
1.0.2 as releases for darwin/arm64 are not available
([#&#8203;409](https://togithub.com/hashicorp/setup-terraform/issues/409))

</details>

<details>
<summary>streetsidesoftware/cspell-action
(streetsidesoftware/cspell-action)</summary>

###
[`v6.2.0`](https://togithub.com/streetsidesoftware/cspell-action/releases/tag/v6.2.0)

[Compare
Source](https://togithub.com/streetsidesoftware/cspell-action/compare/v6.1.0...v6.2.0)

##### Features

- Update CSpell version (8.7.0)
([#&#8203;1670](https://togithub.com/streetsidesoftware/cspell-action/issues/1670))
([10f5944](https://togithub.com/streetsidesoftware/cspell-action/commit/10f59442a0216115037e026f2cfeb416482ce4e8))

##### Updates and Bug Fixes

- Workflow Bot -- Update ALL Dependencies (main)
([#&#8203;1649](https://togithub.com/streetsidesoftware/cspell-action/issues/1649))
([b36e1ce](https://togithub.com/streetsidesoftware/cspell-action/commit/b36e1cee35c5cc3c30dcf39d0a6845a6ce0d5b1a))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/Hapag-Lloyd/Workflow-Templates).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zNDAuMTAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4zNTEuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jeSJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

.github/workflows/default_linter_callable.yml

@@ -56,7 +56,7 @@ jobs:
     if: needs.find-changes.outputs.json == 'true'
     needs: find-changes
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Run JSON Lint
         run: bash <(curl -s https://raw.githubusercontent.com/CICDToolbox/json-lint/master/pipeline.sh)
@@ -67,7 +67,7 @@ jobs:
     if: needs.find-changes.outputs.markdown == 'true'
     needs: find-changes
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Validate Markdown file
         run: |
@@ -80,15 +80,15 @@ jobs:
     if: needs.find-changes.outputs.renovate-config == 'true'
     needs: find-changes
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - uses: suzuki-shunsuke/github-action-renovate-config-validator@b54483862375f51910a60c4f498e927d4f3df466 # v1.0.1
 
   lint-shell:
     name: Check shell scripts
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: ShellCheck
         uses: ludeeus/action-shellcheck@00cae500b08a931fb5698e11e79bfbd38e612a38 # 2.0.0
@@ -99,10 +99,10 @@ jobs:
     needs: find-changes
     if: needs.find-changes.outputs.workflow == 'true'
     container:
-      image: rhysd/actionlint:1.6.27@sha256:d84eca815fc24f72546ec1f2f416d9500ad3349ce7db098cf7a52256f5fd4384
+      image: rhysd/actionlint:1.7.0@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244
       options: --cpus 1 --user root
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Validate Github workflows
         run: |
@@ -115,7 +115,7 @@ jobs:
     needs: find-changes
     if: needs.find-changes.outputs.yaml == 'true'
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: yaml-lint
         uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
@@ -132,7 +132,7 @@ jobs:
       matrix:
         file: ${{ fromJson(needs.find-changes.outputs.dockerfile_files) }}
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Lint Dockerfile
         uses: hadolint/hadolint-action@54c9adbab1582c2ef04b2016b760714a4bfde3cf # v3.1.0
         with:

.github/workflows/default_pull_request_callable.yml

@@ -21,12 +21,12 @@ jobs:
     name: Validate PR title
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/create-github-app-token@7bfa3a4717ef143a604ee0a99d859b8886a96d00 # v1.9.3
+      - uses: actions/create-github-app-token@a0de6af83968303c8c955486bf9739a57d23c7f1 # v1.10.0
         id: app-token
         with:
           app-id: ${{ vars.GET_TOKEN_APP_ID }}
           private-key: ${{ secrets.GET_TOKEN_APP_PRIVATE_KEY }}
-      - uses: amannn/action-semantic-pull-request@e9fabac35e210fea40ca5b14c0da95a099eff26f # v5.4.0
+      - uses: amannn/action-semantic-pull-request@cfb60706e18bc85e8aec535e3c577abe8f70378e # v5.5.2
         env:
           GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
         with:

.github/workflows/default_release_callable.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           fetch-depth: 0
 

.github/workflows/default_release_dry_run_callable.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout dry branch
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           ref: release-dry-run
 

.github/workflows/default_slash_ops_command_help_callable.yml

@@ -17,7 +17,7 @@ jobs:
     name: "ChatOps: /help"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Choose maintainer
         id: vars

.github/workflows/default_spelling_callable.yml

@@ -14,8 +14,8 @@ jobs:
   cspell:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
-      - uses: streetsidesoftware/cspell-action@ca4bb065dd09aca9c90c935f7dc9bb625985226c # v6.1.0
+      - uses: streetsidesoftware/cspell-action@807d7d92b7057593a2de102168506f298405339d # v6.2.0
         with:
           config: .config/cspell.json

.github/workflows/docker_dockerhub_release_callable.yml

@@ -37,7 +37,7 @@ jobs:
       IMAGE_NAME: hlag/${{ inputs.image-name }}
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Configure Tags
         uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
         id: meta
@@ -68,13 +68,13 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # 0.19.0
+        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # 0.20.0
         with:
           image-ref: ${{ env.IMAGE_NAME }}:trivy-scan
           format: "sarif"
           output: "trivy-results.sarif"
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.25.3
+        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
         if: ${{ inputs.upload-security-scan-results }}
         with:
           sarif_file: "trivy-results.sarif"

.github/workflows/maven_java_callable.yml

@@ -14,7 +14,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
       - name: Set up JDK 21
         uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
         with:

.github/workflows/maven_release_callable.yml

@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           fetch-depth: 0
 

.github/workflows/maven_release_dry_run_callable.yml

@@ -29,7 +29,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout dry branch
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.4
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
         with:
           ref: release-dry-run
 

.github/workflows/terraform_module_terraform_callable.yml

@@ -31,9 +31,9 @@ jobs:
       run:
         working-directory: ${{ matrix.directories }}
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
-      - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
+      - uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
         with:
           terraform_version: ${{ matrix.terraform }}
 
@@ -46,7 +46,7 @@ jobs:
   tflint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         name: Cache plugin dir

.github/workflows/terraform_module_terraform_tfsec_callable.yml

@@ -23,15 +23,15 @@ jobs:
 
     steps:
       - name: Clone repo
-        uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
 
       - name: Run tfsec
         uses: tfsec/tfsec-sarif-action@21ded20e8ca120cd9d3d6ab04ef746477542a608 # v0.1.4
         with:
           sarif_file: tfsec.sarif
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+        uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: tfsec.sarif