Bump the github-actions-all group with 3 updates (opensearch-project#1752)

Bumps the github-actions-all group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [actions/download-artifact](https://github.com/actions/download-artifact) and [anchore/sbom-action](https://github.com/anchore/sbom-action).


Updates `actions/checkout` from 4 to 5
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v5)

Updates `actions/download-artifact` from 4 to 5
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v4...v5)

Updates `anchore/sbom-action` from 0.20.2 to 0.20.4
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Changelog](https://github.com/anchore/sbom-action/blob/main/RELEASE.md)
- [Commits](anchore/sbom-action@v0.20.2...v0.20.4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-all
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-all
- dependency-name: anchore/sbom-action
  dependency-version: 0.20.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-all
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/CI.yml

@@ -22,7 +22,7 @@ jobs:
     outputs:
       docker_cache_key: ${{ steps.generate_docker_cache_key.outputs.key }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: Generate Docker Cache Key
         id: generate_docker_cache_key
         run: |
@@ -61,7 +61,7 @@ jobs:
           - spotlessCheck
           - publishToMavenLocal
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - name: Run Gradle Build
         run: gradle ${{matrix.tasks}}
@@ -71,7 +71,7 @@ jobs:
   python-lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - name: Install dependencies
         run: |
@@ -97,7 +97,7 @@ jobs:
       run:
         working-directory: ${{ env.WORKING_DIR }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - run: |
           python3 -m pip install --upgrade pipenv
@@ -140,7 +140,7 @@ jobs:
       matrix:
         index: ${{ fromJson(needs.generate-test-matrix.outputs.matrix) }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - name: Restore Docker Cache
         uses: AndreKurait/[email protected]
@@ -198,13 +198,13 @@ jobs:
     needs: [ gradle-tests ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - name: Create clean .exec directory
         run: rm -rf build/jacocoMerged && mkdir -p build/jacocoMerged
 
       - name: Download all JaCoCo .exec files into directory expected by jacocoAggregateReport
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           path: build/jacocoMerged
           pattern: coverage-exec-artifacts-gradle-tests-*
@@ -226,7 +226,7 @@ jobs:
     needs: [ generate-cache-key ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - name: Cache Docker Images
         uses: AndreKurait/[email protected]
@@ -279,7 +279,7 @@ jobs:
       run:
         working-directory: ${{ matrix.npm-project }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - name: Install NPM dependencies
         run: npm ci
@@ -290,7 +290,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - name: lychee Link Checker
         id: lychee
         uses: lycheeverse/lychee-action@v2

.github/workflows/codecov-publish.yml

@@ -18,7 +18,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download Workflow Info
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           # Needed for cross run downloading
           github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -34,7 +34,7 @@ jobs:
             echo "workflow-info_$key=$value" >> $GITHUB_ENV
           done
       - name: Download Coverage Artifacts
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v5
         with:
           # Needed for cross run downloading
           github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/codeql.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3

.github/workflows/release-drafter.yml

@@ -22,7 +22,7 @@ jobs:
     outputs:
       dockerhub-password: ${{ steps.retrieve-values.outputs.dockerhub-password }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
       - uses: ./.github/actions/setup-env
       - id: get_data
         run: |
@@ -45,27 +45,27 @@ jobs:
         run: |
           ./deployment/cdk/opensearch-service-migration/buildDockerImages.sh -Dbuild.snapshot=false -Dbuild.version=0.${{ steps.get_data.outputs.version }}
       - name: Generate SBOM for migration_console
-        uses: anchore/[email protected].2
+        uses: anchore/[email protected].4
         with:
           image: migrations/migration_console:latest
           output-file: opensearch-migrations-console-sbom.spdx.json
       - name: Generate SBOM for traffic_replayer
-        uses: anchore/[email protected].2
+        uses: anchore/[email protected].4
         with:
           image: migrations/traffic_replayer:latest
           output-file: opensearch-migrations-traffic-replayer-sbom.spdx.json
       - name: Generate SBOM for capture_proxy
-        uses: anchore/[email protected].2
+        uses: anchore/[email protected].4
         with:
           image: migrations/capture_proxy:latest
           output-file: opensearch-migrations-traffic-capture-proxy-sbom.spdx.json
       - name: Generate SBOM for reindex_from_snapshot
-        uses: anchore/[email protected].2
+        uses: anchore/[email protected].4
         with:
           image: migrations/reindex_from_snapshot:latest
           output-file: opensearch-migrations-reindex-from-snapshot-sbom.spdx.json
       - name: Generate SBOM for artifacts
-        uses: anchore/[email protected].2
+        uses: anchore/[email protected].4
         with:
           file: artifacts.tar.gz
           output-file: artifacts-sbom.spdx.json

.github/workflows/require-approval.yml

@@ -13,7 +13,7 @@ jobs:
     outputs:
       output-is-require-approval: ${{ steps.step-is-require-approval.outputs.is-require-approval }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
         with:
           ref: ${{ github.event.pull_request.base.sha }}
       - name: Get CodeOwner List

.github/workflows/sonar-qube.yml

@@ -27,7 +27,7 @@ jobs:
           SONAR_ES_BOOTSTRAP_CHECKS_DISABLE: "true"
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v5
     - uses: ./.github/actions/setup-env
     - name: Cache SonarQube Scanner
       uses: actions/cache@v4