chore(deps): update github-actions (#2493)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| actions/setup-java | action | digest | `cd89f46` -> `b943a4e` |
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| minor | `v3.11.0` -> `v3.12.0` |
| [actions/setup-java](https://togithub.com/actions/setup-java) | action
| digest | `5ffc13f` -> `cd89f46` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v2.21.0` -> `v2.21.2` |
|
[gradle/gradle-build-action](https://togithub.com/gradle/gradle-build-action)
| action | minor | `v2.6.1` -> `v2.7.0` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/setup-java (actions/setup-java)</summary>

###
[`v3.12.0`](https://togithub.com/actions/setup-java/releases/tag/v3.12.0)

[Compare
Source](https://togithub.com/actions/setup-java/compare/v3.11.0...v3.12.0)

In scope of this release the following changes were made:

**Bug fixes:**

- Always check postfix "Contents/Home" on macOS by
[@&#8203;erwin1](https://togithub.com/erwin1) in
[actions/setup-java#397
- Fix sbt/scala cache key by
[@&#8203;Dogacel](https://togithub.com/Dogacel) in
[actions/setup-java#478
- Corretto toolcache folder name fix by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[actions/setup-java#480
- Update versions of Oracle JDK and Microsoft Build of OpenJDK by
[@&#8203;anishi1222](https://togithub.com/anishi1222) in
[actions/setup-java#489
- Update Oracle JDK download URL calculation by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-java#507

**Feature implementations:**

- Add versions properties to cache by
[@&#8203;Endi327](https://togithub.com/Endi327) in
[actions/setup-java#280

**Resolving dependencies issues:**

- Remove implicit dependencies by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-java#494
- Update xml2js by
[@&#8203;dmitry-shibanov](https://togithub.com/dmitry-shibanov) in
[actions/setup-java#484
- Update dependencies by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[actions/setup-java#511

**Infrastructure updates:**

- Fix glob bug in package.json scripts section by
[@&#8203;IvanZosimov](https://togithub.com/IvanZosimov) in
[actions/setup-java#475
- Update mocks by
[@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) in
[actions/setup-java#498

**Documentation changes:**

- Instruction to download custom distribution JDK and install by
[@&#8203;ragsmpl](https://togithub.com/ragsmpl) in
[actions/setup-java#500

#### New Contributors

- [@&#8203;erwin1](https://togithub.com/erwin1) made their first
contribution in
[actions/setup-java#397
- [@&#8203;Dogacel](https://togithub.com/Dogacel) made their first
contribution in
[actions/setup-java#478
- [@&#8203;anishi1222](https://togithub.com/anishi1222) made their first
contribution in
[actions/setup-java#489
- [@&#8203;nikolai-laevskii](https://togithub.com/nikolai-laevskii) made
their first contribution in
[actions/setup-java#498
- [@&#8203;ragsmpl](https://togithub.com/ragsmpl) made their first
contribution in
[actions/setup-java#500
- [@&#8203;Endi327](https://togithub.com/Endi327) made their first
contribution in
[actions/setup-java#280

**Full Changelog**:
actions/setup-java@v3...v3.12.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

</details>

<details>
<summary>gradle/gradle-build-action
(gradle/gradle-build-action)</summary>

###
[`v2.7.0`](https://togithub.com/gradle/gradle-build-action/releases/tag/v2.7.0)

[Compare
Source](https://togithub.com/gradle/gradle-build-action/compare/v2.6.1...v2.7.0)

##### GitHub Dependency Graph support

In this release, the GitHub Dependency Graph support is no longer
considered "experimental", and should be considered ready for production
use. You can read more about the Dependency Graph support in [the README
chapter](https://togithub.com/gradle/gradle-build-action#github-dependency-graph-support).

##### Changes

- Update to
[`github-dependency-graph-gradle-plugin@v0.2.0`](https://plugins.gradle.org/plugin/org.gradle.github-dependency-graph-gradle-plugin/0.2.0)
- Dependency graph uses Gradle Settings file as manifest location (if
Settings file exists)
- Adds a `dependency-graph-file` output to any step that generates a
Dependency Graph file

##### Changelog

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-github-generator).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yNC4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjQuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

---------

Signed-off-by: Mend Renovate <bot@renovateapp.com>
Signed-off-by: Ian Lewis <ianlewis@google.com>
Co-authored-by: Ian Lewis <ianlewis@google.com>

.github/workflows/codeql-analysis.yml

@@ -59,7 +59,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
+        uses: github/codeql-action/init@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -72,7 +72,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
+        uses: github/codeql-action/autobuild@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
 
       # Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -85,7 +85,7 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
+        uses: github/codeql-action/analyze@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
 
   # NOTE: Checks that the matrix job above completes successfully.
   # This is necessary because the matrix strategy generates new jobs with

.github/workflows/publish_maven.yml

@@ -51,7 +51,7 @@ jobs:
       - name: Checkout the project repository
         uses: slsa-framework/slsa-github-generator/.github/actions/secure-project-checkout@main
       - name: Set up Java for publishing to Maven Central Repository
-        uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3
+        uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
         env:
           MAVEN_USERNAME: ${{ secrets.maven-username }}
           MAVEN_PASSWORD: ${{ secrets.maven-password }}

.github/workflows/scorecards.yml

@@ -71,6 +71,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1813ca74c3faaa3a2da2070b9b8a0b3e7373a0d8 # v2.21.0
+        uses: github/codeql-action/upload-sarif@0ba4244466797eb048eb91a6cd43d5c03ca8bd05 # v2.21.2
         with:
           sarif_file: results.sarif

actions/gradle/publish/action.yml

@@ -48,7 +48,7 @@ runs:
   steps:
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     - name: Set up JDK
-      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+      uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
       env:
         MAVEN_USERNAME: ${{ inputs.maven-username }}
         MAVEN_PASSWORD: ${{ inputs.maven-password }}

internal/builders/bazel/action.yml

@@ -53,7 +53,7 @@ runs:
 
     - name: Setup Java
       id: java
-      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+      uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
       with:
         distribution: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-distribution }}"
         java-version: "${{ fromJson(inputs.slsa-workflow-inputs).user-java-version }}"

internal/builders/gradle/action.yml

@@ -54,12 +54,12 @@ runs:
   steps:
     - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
     - name: Set up JDK
-      uses: actions/setup-java@5ffc13f4174014e2d4d4572b3d74c3fa61aeb2c2 # v3.11.0
+      uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
       with:
         distribution: temurin
         java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }}
     - name: Setup Gradle
-      uses: gradle/gradle-build-action@915a66c096a03101667f9df2e56c9efef558b165 # v2.6.1
+      uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
       with:
         arguments: build -x test
     - name: Put release artifacts in one directory

internal/builders/maven/action.yml

@@ -54,7 +54,7 @@ runs:
   steps:
     - uses: actions/checkout@96f53100ba2a5449eb71d2e6604bbcd94b9449b5 # v 3.5.2
     - name: Set up JDK
-      uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v 3.11.0
+      uses: actions/setup-java@cd89f46ac9d01407894225f350157564c9c7cee2 # v3.12.0
       with:
         distribution: temurin
         java-version: ${{ fromJson(inputs.slsa-workflow-inputs).jdk-version }}