Bump the dependencies group with 5 updates (#57)

[//]: # (dependabot-start)
⚠️  **Dependabot is rebasing this PR** ⚠️ 

Rebasing might not happen immediately, so don't worry if this takes some
time.

Note: if you make any changes to this PR yourself, they will take
precedence over the rebase.

---

[//]: # (dependabot-end)

Bumps the dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [denoland/setup-deno](https://github.com/denoland/setup-deno) | `1` |
`2` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3`
| `4` |
| [webfactory/ssh-agent](https://github.com/webfactory/ssh-agent) |
`0.9.0` | `0.9.1` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) |
`2.3.1` | `2.4.3` |

Updates `actions/checkout` from 4 to 6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README to include Node.js 24 support details and requirements
by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
in <a
href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li>
<li>Persist creds to a separate file by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li>
<li>v6-beta by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2298">actions/checkout#2298</a></li>
<li>update readme/changelog for v6 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2311">actions/checkout#2311</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5.0.0...v6.0.0">https://github.com/actions/checkout/compare/v5.0.0...v6.0.0</a></p>
<h2>v6-beta</h2>
<h2>What's Changed</h2>
<p>Updated persist-credentials to store the credentials under
<code>$RUNNER_TEMP</code> instead of directly in the local git
config.</p>
<p>This requires a minimum Actions Runner version of <a
href="https://github.com/actions/runner/releases/tag/v2.329.0">v2.329.0</a>
to access the persisted credentials for <a
href="https://docs.github.com/en/actions/tutorials/use-containerized-services/create-a-docker-container-action">Docker
container action</a> scenarios.</p>
<h2>v5.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v5 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v5...v5.0.1">https://github.com/actions/checkout/compare/v5...v5.0.1</a></p>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update actions checkout to use node 24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li>
<li>Prepare v5.0.0 release by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li>
</ul>
<h2>⚠️ Minimum Compatible Runner Version</h2>
<p><strong>v2.327.1</strong><br />
<a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<p>Make sure your runner is updated to this version or newer to use this
release.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p>
<h2>v4.3.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Port v6 cleanup to v4 by <a
href="https://github.com/ericsciple"><code>@​ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v4...v4.3.1">https://github.com/actions/checkout/compare/v4...v4.3.1</a></p>
<h2>v4.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: update README.md by <a
href="https://github.com/motss"><code>@​motss</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li>
<li>Add internal repos for checking out multiple repositories by <a
href="https://github.com/mouismail"><code>@​mouismail</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li>
<li>Documentation update - add recommended permissions to Readme by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a>
Clarify v6 README (<a
href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a>
Add worktree support for persist-credentials includeIf (<a
href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a>
Update all references from v5 and v4 to v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3"><code>1af3b93</code></a>
update readme/changelog for v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2311">#2311</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/71cf2267d89c5cb81562390fa70a37fa40b1305e"><code>71cf226</code></a>
v6-beta (<a
href="https://redirect.github.com/actions/checkout/issues/2298">#2298</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/069c6959146423d11cd0184e6accf28f9d45f06e"><code>069c695</code></a>
Persist creds to a separate file (<a
href="https://redirect.github.com/actions/checkout/issues/2286">#2286</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493"><code>ff7abcd</code></a>
Update README to include Node.js 24 support details and requirements (<a
href="https://redirect.github.com/actions/checkout/issues/2248">#2248</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8"><code>08c6903</code></a>
Prepare v5.0.0 release (<a
href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917"><code>9f26565</code></a>
Update actions checkout to use node 24 (<a
href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/v4...v6">compare
view</a></li>
</ul>
</details>
<br />

Updates `denoland/setup-deno` from 1 to 2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/denoland/setup-deno/releases">denoland/setup-deno's
releases</a>.</em></p>
<blockquote>
<h2>v2.0.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: v2 by <a
href="https://github.com/lucacasonato"><code>@​lucacasonato</code></a>
in <a
href="https://redirect.github.com/denoland/setup-deno/pull/82">denoland/setup-deno#82</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.5.1...v2.0.0">https://github.com/denoland/setup-deno/compare/v1.5.1...v2.0.0</a></p>
<h2>v1.5.2</h2>
<h2>What's Changed</h2>
<ul>
<li>refactor: use GitHub downloads for stable version download by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/91">denoland/setup-deno#91</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.5.1...v1.5.2">https://github.com/denoland/setup-deno/compare/v1.5.1...v1.5.2</a></p>
<h2>v1.5.1</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: use npm install by <a
href="https://github.com/lucacasonato"><code>@​lucacasonato</code></a>
in <a
href="https://redirect.github.com/denoland/setup-deno/pull/77">denoland/setup-deno#77</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.5.0...v1.5.1">https://github.com/denoland/setup-deno/compare/v1.5.0...v1.5.1</a></p>
<h2>v1.5.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: allow specifying binary name by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/71">denoland/setup-deno#71</a></li>
<li>feat: support installing rc versions by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/72">denoland/setup-deno#72</a></li>
<li>chore: migrate code to ESM by <a
href="https://github.com/lucacasonato"><code>@​lucacasonato</code></a>
in <a
href="https://redirect.github.com/denoland/setup-deno/pull/73">denoland/setup-deno#73</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.4.1...v1.5.0">https://github.com/denoland/setup-deno/compare/v1.4.1...v1.5.0</a></p>
<h2>1.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>docs: update readme</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/1.4.0...v1.4.1">https://github.com/denoland/setup-deno/compare/1.4.0...v1.4.1</a></p>
<h2>1.4.0</h2>
<h2>What's Changed</h2>
<ul>
<li>fix: use dl.deno.land for downloading binaries by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/67">denoland/setup-deno#67</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.3.0...1.4.0">https://github.com/denoland/setup-deno/compare/v1.3.0...1.4.0</a></p>
<h2>v1.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add &quot;latest&quot; as possible version by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/65">denoland/setup-deno#65</a></li>
<li>1.3.0 by <a
href="https://github.com/crowlKats"><code>@​crowlKats</code></a> in <a
href="https://redirect.github.com/denoland/setup-deno/pull/66">denoland/setup-deno#66</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/denoland/setup-deno/compare/v1.2.0...v1.3.0">https://github.com/denoland/setup-deno/compare/v1.2.0...v1.3.0</a></p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/denoland/setup-deno/commit/e95548e56dfa95d4e1a28d6f422fafe75c4c26fb"><code>e95548e</code></a>
2.0.3 (<a
href="https://redirect.github.com/denoland/setup-deno/issues/102">#102</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/8273ddd773c0c6d98f36a2090d9a7ee53dbf3fab"><code>8273ddd</code></a>
fix: switch back to package.json as it's necessary for GH actions (<a
href="https://redirect.github.com/denoland/setup-deno/issues/101">#101</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/609c0055983975d562c8554cc38ee754969f9287"><code>609c005</code></a>
feat: include a hash of deno.lock files in the cache key automatically
(<a
href="https://redirect.github.com/denoland/setup-deno/issues/98">#98</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/aa0fea114b8b900f9aee1f5c4558935c601c17ee"><code>aa0fea1</code></a>
feat: add built-in caching via inputs (<a
href="https://redirect.github.com/denoland/setup-deno/issues/89">#89</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/db3496c46ad1f318f963e2c1f2cce55efe67a327"><code>db3496c</code></a>
feat: add &quot;lts&quot; version option (<a
href="https://redirect.github.com/denoland/setup-deno/issues/97">#97</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/d74ee56ed6e07882f5322d77f64db3751d77bf02"><code>d74ee56</code></a>
refactor: convert action to TS and bundle code (<a
href="https://redirect.github.com/denoland/setup-deno/issues/95">#95</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/909cc5acb0fdd60627fb858598759246509fa755"><code>909cc5a</code></a>
2.0.2 (<a
href="https://redirect.github.com/denoland/setup-deno/issues/92">#92</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/003ac2662742b27a6a44b8d1fe4feef6e34287ad"><code>003ac26</code></a>
refactor: use GitHub downloads for stable version download (<a
href="https://redirect.github.com/denoland/setup-deno/issues/91">#91</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/7c6ecb3883604199b7f8ee31d257d6947a6e1be2"><code>7c6ecb3</code></a>
feat: add problem matchers for <code>deno lint</code> (<a
href="https://redirect.github.com/denoland/setup-deno/issues/62">#62</a>)</li>
<li><a
href="https://github.com/denoland/setup-deno/commit/01524fade784327df1a5ad1ead94235d392cd443"><code>01524fa</code></a>
2.0.1 (<a
href="https://redirect.github.com/denoland/setup-deno/issues/86">#86</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/denoland/setup-deno/compare/v1.0.0...v2">compare
view</a></li>
</ul>
</details>
<br />

Updates `github/codeql-action` from 3 to 4
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.31.8</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.8 - 11 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.8. <a
href="https://redirect.github.com/github/codeql-action/pull/3354">#3354</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.8/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.7 - 05 Dec 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.7. <a
href="https://redirect.github.com/github/codeql-action/pull/3343">#3343</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.7/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.6 - 01 Dec 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.6/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.31.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.31.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.31.4 - 18 Nov 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h2>4.31.5 - 24 Nov 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3321">#3321</a></li>
</ul>
<h2>4.31.4 - 18 Nov 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.3 - 13 Nov 2025</h2>
<ul>
<li>CodeQL Action v3 will be deprecated in December 2026. The Action now
logs a warning for customers who are running v3 but could be running v4.
For more information, see <a
href="https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/">Upcoming
deprecation of CodeQL Action v3</a>.</li>
<li>Update default CodeQL bundle version to 2.23.5. <a
href="https://redirect.github.com/github/codeql-action/pull/3288">#3288</a></li>
</ul>
<h2>4.31.2 - 30 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.31.1 - 30 Oct 2025</h2>
<ul>
<li>The <code>add-snippets</code> input has been removed from the
<code>analyze</code> action. This input has been deprecated since CodeQL
Action 3.26.4 in August 2024 when this removal was announced.</li>
</ul>
<h2>4.31.0 - 24 Oct 2025</h2>
<ul>
<li>Bump minimum CodeQL bundle version to 2.17.6. <a
href="https://redirect.github.com/github/codeql-action/pull/3223">#3223</a></li>
<li>When SARIF files are uploaded by the <code>analyze</code> or
<code>upload-sarif</code> actions, the CodeQL Action automatically
performs post-processing steps to prepare the data for the upload.
Previously, these post-processing steps were only performed before an
upload took place. We are now changing this so that the post-processing
steps will always be performed, even when the SARIF files are not
uploaded. This does not change anything for the
<code>upload-sarif</code> action. For <code>analyze</code>, this may
affect Advanced Setup for CodeQL users who specify a value other than
<code>always</code> for the <code>upload</code> input. <a
href="https://redirect.github.com/github/codeql-action/pull/3222">#3222</a></li>
</ul>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/c4efbda2999d6895931c401bf16d97750bd3650e"><code>c4efbda</code></a>
Overlay: Check database metadata for overlayBaseSpecifier</li>
<li><a
href="https://github.com/github/codeql-action/commit/dd8914320f183a2820ffe1a91b9fc453164493e6"><code>dd89143</code></a>
CodeQL: Add resolveDatabase method</li>
<li><a
href="https://github.com/github/codeql-action/commit/78357d3fc9e24912713f993f791b2aef1b04bf6d"><code>78357d3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3341">#3341</a>
from github/mbg/ci/update-cs-config-cli-tests</li>
<li><a
href="https://github.com/github/codeql-action/commit/d61a6fa793c84c98e08555552b4b9c6374665d24"><code>d61a6fa</code></a>
Update CLI config test to account for overlay db changes on PRs</li>
<li><a
href="https://github.com/github/codeql-action/commit/ce27e95f791dfda287706648ff69d9226c4526c2"><code>ce27e95</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/43224eb34e6efd92aee9cf38e9f97e15518511be"><code>43224eb</code></a>
Bump <code>@​eslint/eslintrc</code> from 3.3.1 to 3.3.3 in the npm-minor
group</li>
<li><a
href="https://github.com/github/codeql-action/commit/f0ac9bfbe331b3cc7be1482df79cca2865cb79b6"><code>f0ac9bf</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3337">#3337</a>
from github/mergeback/v4.31.6-to-main-fe4161a2</li>
<li><a
href="https://github.com/github/codeql-action/commit/c1ca379fc0b6429602e9a3f43c60ac0bb355636f"><code>c1ca379</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/c3455c55c1eca92492f511e20f52b4cc9ed44afd"><code>c3455c5</code></a>
Update changelog and version after v4.31.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/fe4161a26a8629af62121b670040955b330f9af2"><code>fe4161a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3336">#3336</a>
from github/update-v4.31.6-ecec1f887</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/v3...v4">compare
view</a></li>
</ul>
</details>
<br />

Updates `webfactory/ssh-agent` from 0.9.0 to 0.9.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/webfactory/ssh-agent/releases">webfactory/ssh-agent's
releases</a>.</em></p>
<blockquote>
<h2>v0.9.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Acknowledge custom command inputs in cleanup.js by <a
href="https://github.com/janopae"><code>@​janopae</code></a> in <a
href="https://redirect.github.com/webfactory/ssh-agent/pull/235">webfactory/ssh-agent#235</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/janopae"><code>@​janopae</code></a> made
their first contribution in <a
href="https://redirect.github.com/webfactory/ssh-agent/pull/235">webfactory/ssh-agent#235</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1">https://github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/webfactory/ssh-agent/blob/master/CHANGELOG.md">webfactory/ssh-agent's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to this project will be documented in this
file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>,
and this project adheres to <a
href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p>
<h2>[Unreleased]</h2>
<h2>v0.9.1 [2024-03-17]</h2>
<h3>Fixed</h3>
<ul>
<li>Fix path used to execute ssh-agent in cleanup.js to respect custom
paths set by input (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/235">#235</a>)</li>
</ul>
<h2>v0.9.0 [2024-02-06]</h2>
<h3>Changed</h3>
<ul>
<li>Update all versions of <code>actions/checkout</code> to v4 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/199">#199</a>)</li>
<li>Update to Node 20 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/201">#201</a>)</li>
</ul>
<h2>v0.8.0 [2023-03-24]</h2>
<h3>Changed</h3>
<ul>
<li>No longer writing GitHub's SSH host keys to <code>known_hosts</code>
(<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/171">#171</a>)</li>
<li>Update to actions/checkout@v3 (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/143">#143</a>)</li>
<li>Allow the user to override the commands for git, ssh-agent, and
ssh-add (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/154">#154</a>)</li>
</ul>
<h2>v0.7.0 [2022-10-19]</h2>
<h3>Added</h3>
<ul>
<li>Add the <code>log-public-key</code> input that can be used to turn
off logging key identities (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/122">#122</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fix path to <code>git</code> binary on Windows, assuming
GitHub-hosted runners (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/136">#136</a>,
<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/137">#137</a>)</li>
<li>Fix a nonsensical log message (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/139">#139</a>)</li>
</ul>
<h2>v0.6.0 [2022-10-19]</h2>
<h3>Changed</h3>
<ul>
<li>Update the version of Node used by the action from 12 to 16 (<a
href="https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/">https://github.blog/changelog/2022-09-22-github-actions-all-actions-will-begin-running-on-node16-instead-of-node12/</a>).</li>
</ul>
<h2>v0.5.4 [2021-11-21]</h2>
<h3>Fixed</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/a6f90b1f127823b31d4d4a8d96047790581349bd"><code>a6f90b1</code></a>
Release v0.9.1</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/72c0bfd31ab22a2e11716951e3f107a9647dc97e"><code>72c0bfd</code></a>
Improve documentation on why we use os.userInfo()</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/e3f1a8e046525bfed3725ef54a31ca91aed399f4"><code>e3f1a8e</code></a>
Acknowledge custom command inputs in cleanup.js (<a
href="https://redirect.github.com/webfactory/ssh-agent/issues/235">#235</a>)</li>
<li><a
href="https://github.com/webfactory/ssh-agent/commit/b504c19775343714e11b8c754e4fe1f02dc7b8e7"><code>b504c19</code></a>
Update CHANGELOG.md</li>
<li>See full diff in <a
href="https://github.com/webfactory/ssh-agent/compare/dc588b651fe13675774614f8e6a936a468676387...a6f90b1f127823b31d4d4a8d96047790581349bd">compare
view</a></li>
</ul>
</details>
<br />

Updates `ossf/scorecard-action` from 2.3.1 to 2.4.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.3</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.3.0 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.3.0">Scorecard
v5.3.0 release notes</a>.</p>
<h2>Documentation</h2>
<ul>
<li>docs: clarify <code>GITHUB_TOKEN</code> permissions needed for
private repos by <a
href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li>:book: Fix recommended command to test the image in development by
<a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1583">ossf/scorecard-action#1583</a></li>
</ul>
<h2>Other</h2>
<ul>
<li>add missing top-level token permissions to workflows by <a
href="https://github.com/timothyklee"><code>@​timothyklee</code></a> in
<a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li>setup codeowners for requesting reviews by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1576">ossf/scorecard-action#1576</a></li>
<li>:seedling: Improve printing options by <a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/timothyklee"><code>@​timothyklee</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1566">ossf/scorecard-action#1566</a></li>
<li><a
href="https://github.com/pankajtaneja5"><code>@​pankajtaneja5</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1574">ossf/scorecard-action#1574</a></li>
<li><a
href="https://github.com/deivid-rodriguez"><code>@​deivid-rodriguez</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1584">ossf/scorecard-action#1584</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3">https://github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3</a></p>
<h2>v2.4.2</h2>
<h2>What's Changed</h2>
<p>This update bumps the Scorecard version to the v5.2.1 release. For a
complete list of changes, please refer to the Scorecard <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.0">v5.2.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.2.1">v5.2.1</a>
release notes.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2">https://github.com/ossf/scorecard-action/compare/v2.4.1...v2.4.2</a></p>
<h2>v2.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>This update bumps the Scorecard version to the v5.1.1 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.0">v5.1.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.1">v5.1.1</a>
release notes.</li>
<li>Publishing results now uses half the API quota as before. The exact
savings depends on the repository in question.
<ul>
<li>use Scorecard library entrypoint instead of Cobra hooking by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1423">ossf/scorecard-action#1423</a></li>
</ul>
</li>
<li>Some errors were made into annotations to make them more visible
<ul>
<li>Make default branch error more prominent by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a></li>
</ul>
</li>
<li>There is now an optional <code>file_mode</code> input which controls
how repository files are fetched from GitHub. The default is
<code>archive</code>, but <code>git</code> produces the most accurate
results for repositories with <code>.gitattributes</code> files at the
cost of analysis speed.
<ul>
<li>add input for specifying <code>--file-mode</code> by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1509">ossf/scorecard-action#1509</a></li>
</ul>
</li>
<li>The underlying container for the action is now <a
href="https://github.com/ossf/scorecard-action/pkgs/container/scorecard-action">hosted
on GitHub Container Registry</a>. There should be no functional changes.
<ul>
<li>:seedling: publish docker images to GitHub Container Registry by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1453">ossf/scorecard-action#1453</a></li>
</ul>
</li>
</ul>
<h3>Docs</h3>
<ul>
<li>Installation docs update by <a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1">https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1</a></li>
</ul>
<h2>v2.4.0</h2>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/4eaacf0543bb3f2c246792bd56e8cdeffafb205a"><code>4eaacf0</code></a>
bump docker to ghcr v2.4.3 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1587">#1587</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/42e3a017b9617c5bbc5f1c692cdbc2cd041bd97a"><code>42e3a01</code></a>
:seedling: Bump the github-actions group with 3 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1585">#1585</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/88c07acb7bc818897f9ea58eba9d81c53b322f15"><code>88c07ac</code></a>
:seedling: Bump github.com/sigstore/cosign/v2 from 2.5.2 to 2.6.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1579">#1579</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6c690f2f38ab31402da4e3f8d698c15405764128"><code>6c690f2</code></a>
Bump github.com/ossf/scorecard/v5 from v5.2.1 to v5.3.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1586">#1586</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/92083b52695004080225eb9301fde390183707cd"><code>92083b5</code></a>
:book: Fix recommended command to test the image in development (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1583">#1583</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/7975ea6064717f16f09a57ad5f8e24017ad4dbd9"><code>7975ea6</code></a>
:seedling: Bump the docker-images group across 1 directory with 2
updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1">#1</a>...</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/0d1a74394f208e63c946c1b5377d3ad15f0265bf"><code>0d1a743</code></a>
:seedling: Bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1575">#1575</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/46e6e0c0ac415287a696b2be6d98071134fd27a7"><code>46e6e0c</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1580">#1580</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/c3f13501596645d3bd6fee6b843bd36b66df4f5d"><code>c3f1350</code></a>
:seedling: Improve printing options (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1584">#1584</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/43e475b79a8bd5217334edc08879005b2229d79a"><code>43e475b</code></a>
:seedling: Bump golang.org/x/net from 0.42.0 to 0.44.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1578">#1578</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/v2.3.1...v2.4.3">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jonathan D.A. Jewell <6759885+hyperpolymath@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/guix-nix-policy.yml

@@ -4,7 +4,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Enforce Guix primary / Nix fallback
         run: |
           # Check for package manager files

.github/workflows/language-policy.yml

@@ -4,7 +4,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Enforce language policies
         run: |
           # Block new Python files (except SaltStack)

.github/workflows/mirror.yml

@@ -19,12 +19,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
       - name: Setup SSH
-        uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.GITLAB_SSH_KEY }}
 
@@ -49,12 +49,12 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
 
       - name: Setup SSH
-        uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
+        uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
         with:
           ssh-private-key: ${{ secrets.BITBUCKET_SSH_KEY }}
 

.github/workflows/quality.yml

@@ -5,7 +5,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Check file permissions
         run: |
@@ -35,7 +35,7 @@ jobs:
   docs:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Check documentation
         run: |
           MISSING=""

.github/workflows/rescript-deno-ci.yml

@@ -5,8 +5,8 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: denoland/setup-deno@v1
+      - uses: actions/checkout@v6
+      - uses: denoland/setup-deno@v2
         with:
           deno-version: v1.x
 
@@ -32,8 +32,8 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: denoland/setup-deno@v1
+      - uses: actions/checkout@v6
+      - uses: denoland/setup-deno@v2
       - name: Check permissions
         run: |
           # Audit for dangerous permissions

.github/workflows/scorecard.yml

@@ -14,17 +14,17 @@ jobs:
       security-events: write
       id-token: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           persist-credentials: false
 
       - name: Run Scorecard
-        uses: ossf/scorecard-action@v2.3.1
+        uses: ossf/scorecard-action@v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
 
       - name: Upload results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: results.sarif

.github/workflows/security-policy.yml

@@ -4,7 +4,7 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Security checks
         run: |
           FAILED=false

.github/workflows/wellknown-enforcement.yml

@@ -17,7 +17,7 @@ jobs:
   validate:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: RFC 9116 security.txt validation
         run: |