From b3db86e8baadb8dfd69e4c36308b8389df77f918 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 23 Jun 2025 09:12:07 +0000
Subject: [PATCH] ci(deps): bump the github-actions group with 4 updates

Bumps the github-actions group with 4 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment), [crazy-max/ghaction-container-scan](https://github.com/crazy-max/ghaction-container-scan) and [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action).


Updates `step-security/harden-runner` from 2.12.0 to 2.12.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](https://github.com/step-security/harden-runner/compare/v2.12.0...002fdce3c6a235733a90a27c80493a3241e56863)

Updates `marocchino/sticky-pull-request-comment` from 2.9.2 to 2.9.3
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](https://github.com/marocchino/sticky-pull-request-comment/compare/67d0dec7b07ed060a405f9b2a64b8ab319fdd7db...d2ad0de260ae8b0235ce059e63f2949ba9e05943)

Updates `crazy-max/ghaction-container-scan` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/crazy-max/ghaction-container-scan/releases)
- [Commits](https://github.com/crazy-max/ghaction-container-scan/compare/74ce8ef8146e9632a852a8f79744bbcab1a527ee...4d8e0acba576e46016cbd65b9ecfc604e85e3990)

Updates `docker/setup-buildx-action` from 3.10.0 to 3.11.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](https://github.com/docker/setup-buildx-action/compare/b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2...e468171a9de216ec08956ac3ada2f0791b6bd435)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.12.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 2.9.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: crazy-max/ghaction-container-scan
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-version: 3.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/pr-conventional-title.yml | 4 ++--
 .github/workflows/update-dependencies.yml   | 2 +-
 .github/workflows/vulnerability-scan.yml    | 2 +-
 .github/workflows/wc-build-push-test.yml    | 2 +-
 .github/workflows/wc-build-push.yml         | 6 +++---
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/pr-conventional-title.yml b/.github/workflows/pr-conventional-title.yml
index bb4d8102..9470de35 100644
--- a/.github/workflows/pr-conventional-title.yml
+++ b/.github/workflows/pr-conventional-title.yml
@@ -29,7 +29,7 @@ jobs:
             doesn't start with an uppercase character.
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
+      - uses: marocchino/sticky-pull-request-comment@d2ad0de260ae8b0235ce059e63f2949ba9e05943 # v2.9.3
         if: always() && steps.pr-title.outputs.error_message != null
         with:
           header: pr-title-lint-error
@@ -43,7 +43,7 @@ jobs:
             ${{ steps.pr-title.outputs.error_message }}
 
       - if: steps.pr-title.outputs.error_message == null
-        uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
+        uses: marocchino/sticky-pull-request-comment@d2ad0de260ae8b0235ce059e63f2949ba9e05943 # v2.9.3
         with:
           header: pr-title-lint-error
           delete: true
diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
index 77a513ef..d19b11a5 100644
--- a/.github/workflows/update-dependencies.yml
+++ b/.github/workflows/update-dependencies.yml
@@ -21,7 +21,7 @@ jobs:
       contents: write
       pull-requests: write
     steps:
-      - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+      - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
         with:
           egress-policy: audit
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
index 4393dfdd..0af3ae87 100644
--- a/.github/workflows/vulnerability-scan.yml
+++ b/.github/workflows/vulnerability-scan.yml
@@ -20,7 +20,7 @@ jobs:
       - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
         with:
           egress-policy: audit
-      - uses: crazy-max/ghaction-container-scan@74ce8ef8146e9632a852a8f79744bbcab1a527ee # v3.1.0
+      - uses: crazy-max/ghaction-container-scan@4d8e0acba576e46016cbd65b9ecfc604e85e3990 # v3.2.0
         id: scan
         with:
           image: ghcr.io/${{ github.repository }}-${{ matrix.flavor }}:latest
diff --git a/.github/workflows/wc-build-push-test.yml b/.github/workflows/wc-build-push-test.yml
index d247d218..a161c3a1 100644
--- a/.github/workflows/wc-build-push-test.yml
+++ b/.github/workflows/wc-build-push-test.yml
@@ -37,7 +37,7 @@ jobs:
     needs: build-push
     if: github.event_name == 'pull_request'
     steps:
-      - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+      - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
         with:
           egress-policy: audit
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
diff --git a/.github/workflows/wc-build-push.yml b/.github/workflows/wc-build-push.yml
index 52cd2b8b..e861e167 100644
--- a/.github/workflows/wc-build-push.yml
+++ b/.github/workflows/wc-build-push.yml
@@ -34,7 +34,7 @@ jobs:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ${{ env.REGISTRY }}
@@ -108,7 +108,7 @@ jobs:
           path: ${{ runner.temp }}/digests
           pattern: digests-${{ inputs.flavor }}-*
           merge-multiple: true
-      - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+      - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
         with:
           registry: ${{ env.REGISTRY }}
@@ -165,7 +165,7 @@ jobs:
         with:
           from-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:edge
           to-container: ${{ env.REGISTRY }}/${{ github.repository }}-${{ inputs.flavor }}:${{ steps.metadata.outputs.version }}
-      - uses: marocchino/sticky-pull-request-comment@67d0dec7b07ed060a405f9b2a64b8ab319fdd7db # v2.9.2
+      - uses: marocchino/sticky-pull-request-comment@d2ad0de260ae8b0235ce059e63f2949ba9e05943 # v2.9.3
         with:
           header: container-size-diff-${{ inputs.flavor }}
           message: |