chore(deps): Update github-actions (#15)

Co-authored-by: Erez Rokah <[email protected]>

Author: cq-bot

.github/workflows/build.yml

@@ -133,7 +133,7 @@ jobs:
           tree -nh ./bin
       -
         name: Upload artifacts
-        uses: actions/upload-artifact@v4.1.0
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: registry
           path: ./bin/*

.github/workflows/codeql-analysis.yml

@@ -45,12 +45,12 @@ jobs:
           git checkout HEAD^2
       -
         name: Initialize CodeQL
-        uses: github/codeql-action/init@v3.22.12
+        uses: github/codeql-action/init@v3.30.3
         with:
           languages: ${{ matrix.language }}
       -
         name: Autobuild
-        uses: github/codeql-action/autobuild@v3.22.12
+        uses: github/codeql-action/autobuild@v3.30.3
       -
         name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3.22.12
+        uses: github/codeql-action/analyze@v3.30.3

.github/workflows/conformance.yml

@@ -37,7 +37,7 @@ jobs:
           docker run --rm -p 5000:5000 -e REGISTRY_STORAGE_DELETE_ENABLED=true -idt "registry:local"
       -
         name: Run OCI Distribution Spec conformance tests
-        uses: opencontainers/distribution-spec@v1.0.1
+        uses: opencontainers/distribution-spec@v1.1.1
         env:
           OCI_ROOT_URL: ${{ env.OCI_ROOT_URL }}
           OCI_NAMESPACE: oci-conformance/distribution-test
@@ -51,7 +51,7 @@ jobs:
         run: mkdir -p .out/ && mv {report.html,junit.xml} .out/
       -
         name: Upload test results
-        uses: actions/upload-artifact@v4.1.0
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: oci-test-results-${{ github.sha }}
           path: .out/

.github/workflows/scorecards.yml

@@ -22,12 +22,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # tag=v4.1.1
+        uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
         with:
           results_file: results.sarif
           results_format: sarif
@@ -46,15 +46,15 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # tag=v4.1.0
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1500a131381b66de0c52ac28abb13cd79f4b7ecc # tag=v2.22.12
+        uses: github/codeql-action/upload-sarif@b8d3b6e8af63cde30bdc382c0bc28114f4346c88 # v2.28.1
         with:
           sarif_file: results.sarif