build(dependencies): bump the github-actions group across 1 directory…

… with 8 updates (#15)

Bumps the github-actions group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.8.1` | `2.9.1` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.4` | `4.3.6` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.1.0` | `3.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.4.0` | `3.6.1` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6.3.0` | `6.6.1` |
| [bridgecrewio/checkov-action](https://github.com/bridgecrewio/checkov-action) | `12.2823.0` | `12.2845.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.12` | `3.26.0` |
| [docker/login-action](https://github.com/docker/login-action) | `3.2.0` | `3.3.0` |



Updates `step-security/harden-runner` from 2.8.1 to 2.9.1
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](step-security/harden-runner@17d0e2b...5c7944e)

Updates `actions/upload-artifact` from 4.3.4 to 4.3.6
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@0b2256b...834a144)

Updates `docker/setup-qemu-action` from 3.1.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@5927c83...49b3bc8)

Updates `docker/setup-buildx-action` from 3.4.0 to 3.6.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@4fd8129...988b5a0)

Updates `docker/build-push-action` from 6.3.0 to 6.6.1
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](docker/build-push-action@1a16264...16ebe77)

Updates `bridgecrewio/checkov-action` from 12.2823.0 to 12.2845.0
- [Release notes](https://github.com/bridgecrewio/checkov-action/releases)
- [Commits](bridgecrewio/checkov-action@4bb6746...d26020a)

Updates `github/codeql-action` from 3.25.12 to 3.26.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4fa2a79...eb055d7)

Updates `docker/login-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@0d4c9c5...9780b0c)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: bridgecrewio/checkov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/ci-generic.yml

@@ -51,7 +51,7 @@ jobs:
     permissions:
       contents: read    
     steps:
-    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+    - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
       with:
         disable-sudo: true
         egress-policy: audit
@@ -68,7 +68,7 @@ jobs:
         version: ${{ inputs.version }}
 
     - name: Upload Instance BuildInfo.properties
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #4.3.4
+      uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a #4.3.6
       with:
         name: pre-build-instance-buildinfo
         path: ./*/main/resources/BuildInfo.properties

.github/workflows/ci.yml

@@ -10,7 +10,7 @@ jobs:
   actionlinter:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit
 

.github/workflows/docker-ci-generic.yml

@@ -61,7 +61,7 @@ jobs:
       image-digest: ${{ steps.build.outputs.digest }}
       image-metadata: ${{ steps.build.outputs.metadata }}
     steps:
-    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+    - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
       with:
         disable-sudo: true
         egress-policy: audit
@@ -102,14 +102,14 @@ jobs:
           latest=false
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee #3.1.0
+      uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #3.2.0
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 #3.4.0
+      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db #3.6.1
 
     - name: Build and export Docker image
       id: build
-      uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c #6.3.0
+      uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 #6.6.1
       with:
         context: .
         platforms: linux/amd64
@@ -121,7 +121,7 @@ jobs:
         cache-to: type=gha,mode=max
 
     - name: "Upload Docker tar"
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #4.3.4
+      uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a #4.3.6
       with:
         name: build-docker-image
         path: ./image.tar
@@ -133,7 +133,7 @@ jobs:
       contents: read 
     if: inputs.chekov-linter-enabled
     steps:
-    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+    - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
       with:
         disable-sudo: true
         egress-policy: audit
@@ -146,7 +146,7 @@ jobs:
 
     - name: Lint Dockerfile with Checkov
       id: checkov
-      uses: bridgecrewio/checkov-action@4bb67465e1497251e876269c248f3f8efda3bce5 #12.2823.0
+      uses: bridgecrewio/checkov-action@d26020ae0b8dfdddfab43acf7fdcf3b1f7298246 #12.2845.0
       with:
         directory: .
         framework: dockerfile
@@ -158,13 +158,13 @@ jobs:
         output_file_path: reports/checkov-results.sarif
 
     - name: Upload Sarif report as artifact
-      uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #4.3.4
+      uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a #4.3.6
       with:
         name: checkov-results
         path: reports/checkov-results.sarif
 
     - name: Upload to GitHub Security
-      uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f #3.25.12
+      uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa #3.26.0
       if: ${{ inputs.upload-sarif-to-security }}
       with:
         sarif_file: 'reports/checkov-results.sarif'
@@ -201,7 +201,7 @@ jobs:
   #       hide-progress: false
   #   - 
   #     name: "Upload Sarif report as artifact"
-  #     uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b #4.3.4
+  #     uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a #4.3.6
   #     with:
   #       name: trivy-results
   #       path: trivy-results.sarif
@@ -219,7 +219,7 @@ jobs:
     if: inputs.run-frank-till-healthy-enabled
     needs: build
     steps:
-    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+    - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
       with:
         disable-sudo: true
         egress-policy: audit

.github/workflows/docker-release-generic.yml

@@ -48,7 +48,7 @@ jobs:
       image-digest: ${{ steps.build.outputs.digest }}
       image-metadata: ${{ steps.build.outputs.metadata }}
     steps:
-    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+    - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
       with:
         egress-policy: audit
 
@@ -82,20 +82,20 @@ jobs:
           latest=false
 
     - name: Set up QEMU
-      uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee #3.1.0
+      uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf #3.2.0
 
     - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 #3.4.0
+      uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db #3.6.1
 
     - name: Login to Container Registry
-      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # 3.3.0
       with:
         username: ${{ secrets.dockerhub-username }}
         password: ${{ secrets.dockerhub-token }}
 
     - name: Build and export Docker image
       id: build
-      uses: docker/build-push-action@1a162644f9a7e87d8f4b053101d1d9a712edc18c #6.3.0
+      uses: docker/build-push-action@16ebe778df0e7752d2cfcbd924afdbbd89c1a755 #6.6.1
       with:
         context: .
         platforms: linux/amd64, linux/arm64

.github/workflows/docusaurus-release.yml

@@ -30,7 +30,7 @@ jobs:
       pages: write
       id-token: write
     steps:
-      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit
 

.github/workflows/ff-version-auto-bumper.yml

@@ -86,7 +86,7 @@ jobs:
         fetch-depth: 0
 
     - name: Login to Container Registry
-      uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # 3.2.0
+      uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # 3.3.0
       with:
         username: ${{ secrets.dockerhub-username }}
         password: ${{ secrets.dockerhub-token }}

.github/workflows/release.yml

@@ -9,7 +9,7 @@ jobs:
   actionlinter:
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit
 
@@ -27,7 +27,7 @@ jobs:
     needs: 
       - actionlinter
     steps:
-      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      - uses: step-security/harden-runner@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde # v2.9.1
         with:
           egress-policy: audit