Update github-actions

.github/workflows/ci.yml

@@ -12,25 +12,25 @@ jobs:
     name: Lint
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10
+      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.github.com:443 github.com:443 proxy.golang.org:443 objects.githubusercontent.com:443 raw.githubusercontent.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@4ab57d7ea2fd0c9948210b2e0784e280674e7144
         with:
           go-version-file: ./go.mod
 
       # Linting
       - name: Linting
-        uses: golangci/golangci-lint-action@d6238b002a20823d52840fda27e2d4891c5952dc
+        uses: golangci/golangci-lint-action@abbeba89402362fd9f4b8d12cf4c2884791671e1
         with:
           version: latest
           args: --config=./.github/.golangci.yml ./...
@@ -44,19 +44,19 @@ jobs:
       matrix:
         go: [ '1.22', '1.21' ]
     steps:
-      - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10
+      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             github.com:443 proxy.golang.org:443 storage.googleapis.com:443 sum.golang.org:443
 
       - name: Checkout repo
-        uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@4ab57d7ea2fd0c9948210b2e0784e280674e7144
         with:
           go-version: ${{ matrix.go }}
 
@@ -68,19 +68,19 @@ jobs:
     name: Analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10
+      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
         with:
           disable-sudo: true
           egress-policy: block
           allowed-endpoints: >
             api.codecov.io:443 api.github.com:443 cli.codecov.io:443 ea6ne4j2sb.execute-api.eu-central-1.amazonaws.com:443 github.com:443 proxy.golang.org:443 objects.githubusercontent.com:443 scanner.sonarcloud.io:443 sonarcloud.io:443 storage.googleapis.com:443
 
       - name: Checkout repo
-        uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         with:
           fetch-depth: 0
       - name: Setup Go
-        uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7
+        uses: actions/setup-go@4ab57d7ea2fd0c9948210b2e0784e280674e7144
         with:
           go-version-file: ./go.mod
 
@@ -90,15 +90,15 @@ jobs:
 
       # Codecov
       - name: Codecov
-        uses: codecov/codecov-action@c852ea6812cbd15cfa9f9daeb08f30391c54eb91
+        uses: codecov/codecov-action@b71af43c1ec8a1fcefe49210d6019eee9f95b0c6
         env:
           CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:
           file: .github/coverage.out
 
       # Sonar
       - name: SonarCloud Scan
-        uses: SonarSource/sonarcloud-github-action@6bbd64e0cb2194e04addb429d669a9ee873eeeef
+        uses: SonarSource/sonarcloud-github-action@19888635fa64d24e533d388efe8264402dfd721b
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}

.github/workflows/codeql.yml

@@ -26,7 +26,7 @@ jobs:
       fail-fast: false
 
     steps:
-      - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10
+      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
         with:
           disable-sudo: true
           egress-policy: block
@@ -38,16 +38,16 @@ jobs:
             sum.golang.org:443
 
       - name: Checkout repository
-        uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51
+        uses: github/codeql-action/init@7fd4900b29c9865d61ace089788ac5c913cb730b
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51
+        uses: github/codeql-action/autobuild@7fd4900b29c9865d61ace089788ac5c913cb730b
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51
+        uses: github/codeql-action/analyze@7fd4900b29c9865d61ace089788ac5c913cb730b

.github/workflows/scorecards.yml

@@ -24,7 +24,7 @@ jobs:
       id-token: write
 
     steps:
-      - uses: step-security/harden-runner@6c3b1c91e8873ae0c705b0709f957c7a6a5eaf10
+      - uses: step-security/harden-runner@9ff9d14760a73102d9fa2f47131624137f50ead8
         with:
           disable-sudo: true
           egress-policy: block
@@ -40,12 +40,12 @@ jobs:
             www.bestpractices.dev:443
 
       - name: "Checkout code"
-        uses: actions/checkout@37b082107ba410260a3aaddf93122e04801ce631
+        uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@665016c9c2c7c34fe934fb13ebf88bff794f9b1d
+        uses: ossf/scorecard-action@6451974fc7c7b0c414afdcbb242e1d6a0f36128c
         with:
           results_file: results.sarif
           results_format: sarif
@@ -60,14 +60,14 @@ jobs:
 
       # Upload the results as artifacts (optional).
       - name: "Upload artifact"
-        uses: actions/upload-artifact@79616d2ded92999fceefea2ca2e4bdf6101fa919
+        uses: actions/upload-artifact@552bf3722c16e81001aea7db72d8cedf64eb5f68
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@dbf2b1706b768069fb1bb2dd2d8552be7a9e2a51
+        uses: github/codeql-action/upload-sarif@7fd4900b29c9865d61ace089788ac5c913cb730b
         with:
           sarif_file: results.sarif

.github/workflows/snyk.yml

@@ -14,9 +14,9 @@ jobs:
     name: Snyk
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089
+      - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b
       - name: Run Snyk to check for vulnerabilities
-        uses: snyk/actions/golang@7968f3f72b7f36280e6380b7c151c6a8d5a61dd0
+        uses: snyk/actions/golang@8349f9043a8b7f0f3ee8885bf28f0b388d2446e8
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
         with: