Bump the github-actions group with 2 updates

Closes #60829

GitOrigin-RevId: 121f57b
Change-Id: I576203e1007ee9e4a32a04185ef430f6b5583bb7
Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/432160
Reviewed-by: Kevin Moore <[email protected]>
Commit-Queue: Kevin Moore <[email protected]>

Author: dependabot[bot]

.github/workflows/scorecards-analysis.yml

@@ -29,7 +29,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186
+        uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde
         with:
           results_file: results.sarif
           results_format: sarif
@@ -52,6 +52,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387
+        uses: github/codeql-action/upload-sarif@ff0a06e83cb2de871e5a09832bc6a81e7276941f
         with:
           sarif_file: results.sarif