Upgrade GitHub Actions versions for workflows dependencies:

- `actions/checkout` to v6
- `actions/setup-java` to v5
- `aquasecurity/trivy-action` to v0.33.1
- `github/codeql-action/upload-sarif` to v4
- `docker/login-action` to v3.6.0

Author: jreynard-code

.github/workflows/build_test_package.yml

@@ -22,10 +22,10 @@ jobs:
     if: github.event_name != 'pull_request_target'
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'
@@ -85,10 +85,10 @@ jobs:
     name: controller_tests - ${{ matrix.service.testPrefix }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'
@@ -116,10 +116,10 @@ jobs:
     if: github.event_name != 'pull_request_target'
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'
@@ -165,10 +165,10 @@ jobs:
     name: integration_tests - ${{ matrix.service.testPrefix }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'
@@ -205,13 +205,13 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           # Fetch all tags since Gradle project version is built upon SCM
           fetch-depth: 0
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: "temurin"
           java-version: "23"
@@ -233,7 +233,7 @@ jobs:
             -Djib.to.image=com.cosmotech/cosmotech-api:${{ github.sha }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@0.30.0
+        uses: aquasecurity/trivy-action@0.33.1
         id: scan
         # Add TRIVY_DB_REPOSITORY due to ratelimit issue
         # https://github.com/aquasecurity/trivy-action/issues/389
@@ -252,7 +252,7 @@ jobs:
           output: "trivy-results.sarif"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: "trivy-results.sarif"
 
@@ -265,7 +265,7 @@ jobs:
           retention-days: 3
 
       - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3.4.0
+        uses: docker/login-action@v3.6.0
         if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
         with:
           registry: ghcr.io

.github/workflows/doc.yml

@@ -17,13 +17,13 @@ jobs:
   generate_and_push_doc_for_openapi:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           # Fetch all tags since Gradle project version is built upon SCM
           fetch-depth: 0
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'

.github/workflows/lint.yml

@@ -21,10 +21,10 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@v6
 
     - name: Set up JDK
-      uses: actions/setup-java@v4
+      uses: actions/setup-java@v5
       with:
         distribution: 'temurin'
         java-version: '23'
@@ -49,10 +49,10 @@ jobs:
       categories: ${{ steps.report-list.outputs.categories }}
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'
@@ -93,13 +93,13 @@ jobs:
 
     steps:
       - name: Retrieve reports
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v6
         with:
           name: sarif-reports
           path: sarif
 
       - name: Upload SARIF reports to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: 'sarif/cosmotech-${{ matrix.category }}-detekt.sarif'
           category: ${{ matrix.category }}

.github/workflows/openapi.yml

@@ -32,10 +32,10 @@ jobs:
           - run-api
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Set up Java
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'

.github/workflows/openapi_clients.yml

@@ -32,13 +32,13 @@ jobs:
       cancel-in-progress: false
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           # Fetch all tags since Gradle project version is built upon SCM
           fetch-depth: 0
 
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'

.github/workflows/track_dependencies.yml

@@ -10,9 +10,9 @@ jobs:
   dependency_track:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: 'temurin'
           java-version: '23'