From 51bc20a09d9636a6388c96b6192052443b14c0da Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot@renovateapp.com>
Date: Mon, 10 Apr 2023 03:39:45 +0100
Subject: [PATCH] chore(deps): update github-actions (#1940)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.3.0` -> `v3.5.0` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v2.2.9` -> `v2.2.11` |
|
[sigstore/cosign-installer](https://togithub.com/sigstore/cosign-installer)
| action | patch | `v3.0.1` -> `v3.0.2` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/checkout</summary>

###
[`v3.5.0`](https://togithub.com/actions/checkout/releases/tag/v3.5.0)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.4.0...v3.5.0)

#### What's Changed

- Add new public key for known_hosts by
[@&#8203;cdb](https://togithub.com/cdb) in
[https://github.com/actions/checkout/pull/1237](https://togithub.com/actions/checkout/pull/1237)

#### New Contributors

- [@&#8203;cdb](https://togithub.com/cdb) made their first contribution
in
[https://github.com/actions/checkout/pull/1237](https://togithub.com/actions/checkout/pull/1237)

**Full Changelog**:
https://github.com/actions/checkout/compare/v3.4.0...v3.5.0

###
[`v3.4.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v340)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.3.0...v3.4.0)

- [Upgrade codeql actions to
v2](https://togithub.com/actions/checkout/pull/1209)
- [Upgrade
dependencies](https://togithub.com/actions/checkout/pull/1210)
- [Upgrade
@&#8203;actions/io](https://togithub.com/actions/checkout/pull/1225)

</details>

<details>
<summary>github/codeql-action</summary>

###
[`v2.2.11`](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.10...v2.2.11)

###
[`v2.2.10`](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.2.9...v2.2.10)

</details>

<details>
<summary>sigstore/cosign-installer</summary>

###
[`v3.0.2`](https://togithub.com/sigstore/cosign-installer/releases/tag/v3.0.2)

[Compare
Source](https://togithub.com/sigstore/cosign-installer/compare/v3.0.1...v3.0.2)

##### What's Changed

- add --yes to example workflow by
[@&#8203;sebhoss](https://togithub.com/sebhoss) in
[https://github.com/sigstore/cosign-installer/pull/110](https://togithub.com/sigstore/cosign-installer/pull/110)
- Fix aarch64 action run by
[@&#8203;ananos](https://togithub.com/ananos) in
[https://github.com/sigstore/cosign-installer/pull/113](https://togithub.com/sigstore/cosign-installer/pull/113)
- Bump actions/checkout from 3.3.0 to 3.4.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/115](https://togithub.com/sigstore/cosign-installer/pull/115)
- Bump actions/setup-go from 3.5.0 to 4.0.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/114](https://togithub.com/sigstore/cosign-installer/pull/114)
- Bump actions/checkout from 3.4.0 to 3.5.0 by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/sigstore/cosign-installer/pull/116](https://togithub.com/sigstore/cosign-installer/pull/116)
- default cosign to v2.0.1 by
[@&#8203;cpanato](https://togithub.com/cpanato) in
[https://github.com/sigstore/cosign-installer/pull/117](https://togithub.com/sigstore/cosign-installer/pull/117)

##### New Contributors

- [@&#8203;sebhoss](https://togithub.com/sebhoss) made their first
contribution in
[https://github.com/sigstore/cosign-installer/pull/110](https://togithub.com/sigstore/cosign-installer/pull/110)
- [@&#8203;ananos](https://togithub.com/ananos) made their first
contribution in
[https://github.com/sigstore/cosign-installer/pull/113](https://togithub.com/sigstore/cosign-installer/pull/113)

**Full Changelog**:
https://github.com/sigstore/cosign-installer/compare/v3...v3.0.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://app.renovatebot.com/dashboard#github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS4zMS40IiwidXBkYXRlZEluVmVyIjoiMzUuMzEuNCJ9-->

Signed-off-by: Renovate Bot <bot@renovateapp.com>
---
 .github/workflows/codeql-analysis.yml           | 6 +++---
 .github/workflows/generator_container_slsa3.yml | 2 +-
 .github/workflows/pre-submit.base-images.yml    | 2 +-
 .github/workflows/pre-submit.lint.yml           | 2 +-
 .github/workflows/scorecards.yml                | 2 +-
 5 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index cacb251b04..4055bc9df9 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -45,7 +45,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/init@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -58,7 +58,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/autobuild@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
 
       # Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -71,7 +71,7 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/analyze@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
 
   # NOTE: Checks that the matrix job above completes successfully.
   # This is necessary because the matrix strategy generates new jobs with
diff --git a/.github/workflows/generator_container_slsa3.yml b/.github/workflows/generator_container_slsa3.yml
index e27a54dcc5..ae08c82e68 100644
--- a/.github/workflows/generator_container_slsa3.yml
+++ b/.github/workflows/generator_container_slsa3.yml
@@ -146,7 +146,7 @@ jobs:
           service_account: ${{ inputs.gcp-service-account }}
 
       - id: cosign-install
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
+        uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 # v3.0.2
         with:
           cosign-release: v2.0.0
         continue-on-error: true
diff --git a/.github/workflows/pre-submit.base-images.yml b/.github/workflows/pre-submit.base-images.yml
index 6d11c9e219..f115c6898e 100644
--- a/.github/workflows/pre-submit.base-images.yml
+++ b/.github/workflows/pre-submit.base-images.yml
@@ -16,6 +16,6 @@ jobs:
       - name: checkout
         uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
       - name: install cosign
-        uses: sigstore/cosign-installer@c3667d99424e7e6047999fb6246c0da843953c65 # v3.0.1
+        uses: sigstore/cosign-installer@9e9de2292db7abb3f51b7f4808d98f0d347a8919 # v3.0.2
       - name: verify images
         run: ./.github/workflows/scripts/verify-base-images.sh
diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml
index abdb13b38b..66b7b9de92 100644
--- a/.github/workflows/pre-submit.lint.yml
+++ b/.github/workflows/pre-submit.lint.yml
@@ -17,7 +17,7 @@ jobs:
   markdownlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # v3.3.0
+      - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
         with:
           node-version: 16
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index c32b02f04b..0feb0c20e7 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@04df1262e6247151b5ac09cd2c303ac36ad3f62b # v2.2.9
+        uses: github/codeql-action/upload-sarif@d186a2a36cc67bfa1b860e6170d37fb9634742c7 # v2.2.11
         with:
           sarif_file: results.sarif