chore(deps): update github-actions deps (#4671)

renovate[bot] · web-flow · commit f31acdf68b1c · 2025-10-06T15:45:09.000Z
> [!NOTE] > Mend has cancelled [the proposed renaming](https://redirect.github.com/renovatebot/renovate/discussions/37842) of the Renovate GitHub app being renamed to `mend[bot]`. > > This notice will be removed on 2025-10-07. <hr> This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/stale](https://redirect.github.com/actions/stale) | action | minor | `v10.0.0` -> `v10.1.0` | | [github/codeql-action](https://redirect.github.com/github/codeql-action) | action | patch | `v3.30.5` -> `v3.30.6` | | [ossf/scorecard-action](https://redirect.github.com/ossf/scorecard-action) | action | patch | `v2.4.2` -> `v2.4.3` | --- ### Release Notes <details> <summary>actions/stale (actions/stale)</summary> ### [`v10.1.0`](https://redirect.github.com/actions/stale/compare/v10.0.0...v10.1.0) [Compare Source](https://redirect.github.com/actions/stale/compare/v10.0.0...v10.1.0) </details> <details> <summary>github/codeql-action (github/codeql-action)</summary> ### [`v3.30.6`](https://redirect.github.com/github/codeql-action/releases/tag/v3.30.6) [Compare Source](https://redirect.github.com/github/codeql-action/compare/v3.30.5...v3.30.6) ##### CodeQL Action Changelog See the [releases page](https://redirect.github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. ##### 3.30.6 - 02 Oct 2025 - Update default CodeQL bundle version to 2.23.2. [#&#8203;3168](https://redirect.github.com/github/codeql-action/pull/3168) See the full [CHANGELOG.md](https://redirect.github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md) for more information. </details> <details> <summary>ossf/scorecard-action (ossf/scorecard-action)</summary> ### [`v2.4.3`](https://redirect.github.com/ossf/scorecard-action/releases/tag/v2.4.3) [Compare Source](https://redirect.github.com/ossf/scorecard-action/compare/v2.4.2...v2.4.3) #### What's Changed This update bumps the Scorecard version to the v5.3.0 release. For a complete list of changes, please refer to the [Scorecard v5.3.0 release notes](https://redirect.github.com/ossf/scorecard/releases/tag/v5.3.0). #### Documentation - docs: clarify `GITHUB_TOKEN` permissions needed for private repos by [@&#8203;pankajtaneja5](https://redirect.github.com/pankajtaneja5) in [#&#8203;1574](https://redirect.github.com/ossf/scorecard-action/pull/1574) - 📖 Fix recommended command to test the image in development by [@&#8203;deivid-rodriguez](https://redirect.github.com/deivid-rodriguez) in [#&#8203;1583](https://redirect.github.com/ossf/scorecard-action/pull/1583) #### Other - add missing top-level token permissions to workflows by [@&#8203;timothyklee](https://redirect.github.com/timothyklee) in [#&#8203;1566](https://redirect.github.com/ossf/scorecard-action/pull/1566) - setup codeowners for requesting reviews by [@&#8203;spencerschrock](https://redirect.github.com/spencerschrock) in [#&#8203;1576](https://redirect.github.com/ossf/scorecard-action/pull/1576) - 🌱 Improve printing options by [@&#8203;deivid-rodriguez](https://redirect.github.com/deivid-rodriguez) in [#&#8203;1584](https://redirect.github.com/ossf/scorecard-action/pull/1584) #### New Contributors - [@&#8203;timothyklee](https://redirect.github.com/timothyklee) made their first contribution in [#&#8203;1566](https://redirect.github.com/ossf/scorecard-action/pull/1566) - [@&#8203;pankajtaneja5](https://redirect.github.com/pankajtaneja5) made their first contribution in [#&#8203;1574](https://redirect.github.com/ossf/scorecard-action/pull/1574) - [@&#8203;deivid-rodriguez](https://redirect.github.com/deivid-rodriguez) made their first contribution in [#&#8203;1584](https://redirect.github.com/ossf/scorecard-action/pull/1584) **Full Changelog**: <ossf/scorecard-action@v2.4.2...v2.4.3> </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 8am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-telemetry/opentelemetry-specification).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
@@ -23,7 +23,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
+      - uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -42,6 +42,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@3599b3baa15b485a2e49ef411a7a4bb2452e7f93 # v3.30.5
+        uses: github/codeql-action/upload-sarif@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/stale-pr.yaml b/.github/workflows/stale-pr.yaml
@@ -12,7 +12,7 @@ jobs:
       pull-requests: write # required for marking and closing stale PRs
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@3a9db7e6a41a89f618792c92c0e97cc736e1b13f # v10.0.0
+      - uses: actions/stale@5f858e3efba33a5ca4407a664cc011ad407f2008 # v10.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           stale-pr-message: 'This PR was marked stale due to lack of activity. It will be closed in 7 days.'
