deps(github/action): bump all dependencies

.github/workflows/release.yaml

@@ -1,31 +1,24 @@
 name: Publish Policies
-
 on:
   workflow_dispatch:
   push:
     branches: ['main']
-
 jobs:
   publish:
     runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
-
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
-
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Setup updatecli
-        uses: updatecli/updatecli-action@v2
-
+        uses: updatecli/updatecli-action@c87b6e040a27f8a44e60a17a01c08ae9247589d5 # v2
       - name: Log in to the Container registry
         uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
-
       - name: Publish
         run: make release
-

.github/workflows/typos.yaml

@@ -1,14 +1,11 @@
 name: Test Typos
 on: [pull_request]
-
 jobs:
   run:
     name: Spell Check with Typos
     runs-on: ubuntu-latest
     steps:
-    - name: Checkout Actions Repository
-      uses: actions/checkout@v4
-
-    - name: Check spelling of file.txt
-      uses: crate-ci/typos@master
-
+      - name: Checkout Actions Repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - name: Check spelling of file.txt
+        uses: crate-ci/typos@badbd805a3642af4d80951fc1f7b853247c45361 # renovate/stable-1.x

.github/workflows/updatecli.yaml

@@ -15,8 +15,8 @@ jobs:
       - name: "Checkout"
         uses: "actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8" # v5.0.0
       - name: "Setup updatecli"
-        uses: "updatecli/updatecli-action@v2" # v2
-      - uses: actions/create-github-app-token@a8d616148505b5069dccd32f177bb87d7f39123b # v2.1.1
+        uses: "updatecli/updatecli-action@c87b6e040a27f8a44e60a17a01c08ae9247589d5" # v2
+      - uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
         id: generate_token
         if: github.ref == 'refs/heads/main'
         with:

.github/workflows/validate.yaml

@@ -1,38 +1,30 @@
 name: Validate Policies
-
 on:
   workflow_dispatch:
   pull_request:
   push:
-
 jobs:
   validate:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
-
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: Setup updatecli
-        uses: updatecli/updatecli-action@v2
-
+        uses: updatecli/updatecli-action@c87b6e040a27f8a44e60a17a01c08ae9247589d5 # v2
       - name: Setup releasepost
-        uses: updatecli/releasepost-action@v0.1.0
-
+        uses: updatecli/releasepost-action@864390bddae97db06ee881ab4a08d159b4464643 # v0.5.0
       - name: Validate
         run: make test
-
-      - uses: tibdex/github-app-token@v2.1
+      - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
         # Only run e2e tests from the main branch as we need some credentials
         # that we don't want to risk leaking from pullrequest opened by random contributors
         if: github.ref == 'refs/heads/main'
         id: generate_testing_token
         with:
           app_id: ${{ secrets.UPDATECLIBOT_TESTING_APP_ID }}
           private_key: ${{ secrets.UPDATECLIBOT_TESTING_APP_PRIVKEY }}
-
       - name: e2e tests
         # Only run e2e tests from the main branch as we need some credentials
         # that we don't want to risk leaking from pullrequest opened by random contributors