Bump the gh-minor group with 10 updates

Bumps the gh-minor group with 10 updates:

| Package | From | To |
| --- | --- | --- |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.0.0` | `3.2.0` |
| [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.3.0` | `3.6.1` |
| [docker/login-action](https://github.com/docker/login-action) | `3.2.0` | `3.3.0` |
| [actions/setup-python](https://github.com/actions/setup-python) | `5.1.0` | `5.2.0` |
| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.3.3` | `2.4.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.3.3` | `4.4.0` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3.25.7` | `3.26.7` |
| [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) | `3.5.0` | `3.6.0` |
| [anchore/sbom-action](https://github.com/anchore/sbom-action) | `0.16.0` | `0.17.2` |
| [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) | `0.22.0` | `0.24.0` |


Updates `docker/setup-qemu-action` from 3.0.0 to 3.2.0
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@6882732...49b3bc8)

Updates `docker/setup-buildx-action` from 3.3.0 to 3.6.1
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](docker/setup-buildx-action@d70bba7...988b5a0)

Updates `docker/login-action` from 3.2.0 to 3.3.0
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](docker/login-action@0d4c9c5...9780b0c)

Updates `actions/setup-python` from 5.1.0 to 5.2.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@82c7e63...f677139)

Updates `ossf/scorecard-action` from 2.3.3 to 2.4.0
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](ossf/scorecard-action@dc50aa9...62b2cac)

Updates `actions/upload-artifact` from 4.3.3 to 4.4.0
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@6546280...5076954)

Updates `github/codeql-action` from 3.25.7 to 3.26.7
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@f079b84...8214744)

Updates `sigstore/cosign-installer` from 3.5.0 to 3.6.0
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](sigstore/cosign-installer@59acb62...4959ce0)

Updates `anchore/sbom-action` from 0.16.0 to 0.17.2
- [Release notes](https://github.com/anchore/sbom-action/releases)
- [Commits](anchore/sbom-action@e8d2a69...61119d4)

Updates `aquasecurity/trivy-action` from 0.22.0 to 0.24.0
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@595be6a...6e7b7d1)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: sigstore/cosign-installer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: anchore/sbom-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gh-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/build-and-publish.yaml

@@ -57,16 +57,16 @@ jobs:
  echo "BUILD_VERSION=${BUILD_VERSION}" >> "$GITHUB_OUTPUT"
  echo "BUILD_SHA=${BUILD_SHA}" >> "$GITHUB_OUTPUT"
  - name: Setup QEMU
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+ uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
  with:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
  with:
  buildkitd-flags: "--debug"
  - name: Login to GitHub Container Registry
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}

.github/workflows/docs.yaml

@@ -18,7 +18,7 @@ jobs:
  contents: write
  steps:
  - uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.0.0
- - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
  with:
  python-version: 3.x
  - name: Install mkdocs

.github/workflows/helm-release.yaml

@@ -19,7 +19,7 @@ jobs:
  with:
  token: ${{ secrets.GITHUB_TOKEN }}
  - name: Login to GitHub Container Registry
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}

.github/workflows/helm-test.yaml

@@ -23,7 +23,7 @@ jobs:
  with:
  version: latest
 
- - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+ - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
  with:
  python-version: "3.10"
 

.github/workflows/ossf.yaml

@@ -25,7 +25,7 @@ jobs:
  persist-credentials: false
 
  - name: "Run analysis"
- uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+ uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
  with:
  results_file: results.sarif
  results_format: sarif
@@ -34,14 +34,14 @@ jobs:
  # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
  # format to the repository Actions tab.
  - name: "Upload artifact"
- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+ uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
  with:
  name: SARIF file
  path: results.sarif
  retention-days: 5
 
  # required for Code scanning alerts
  - name: "Upload SARIF results to code scanning"
- uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+ uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
  with:
  sarif_file: results.sarif

.github/workflows/release-runners.yaml

@@ -31,16 +31,16 @@ jobs:
  - name: Check out
  uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.0.0
  - name: Setup QEMU
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+ uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
  with:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
  with:
  buildkitd-flags: "--debug"
  - name: Login to Docker Registry
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}
@@ -80,16 +80,16 @@ jobs:
  - name: Check out
  uses: actions/checkout@b80ff79f1755d06ba70441c368a6fe801f5f3a62 # v4.0.0
  - name: Setup QEMU
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+ uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
  with:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
  with:
  buildkitd-flags: "--debug"
  - name: Login to Docker Registry
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}

.github/workflows/release.yaml

@@ -34,9 +34,9 @@ jobs:
  - name: Setup Kustomize
  uses: fluxcd/pkg/actions/kustomize@1bfad582060d2d6e464756fbd5d7a2b2fa4f75b9 # main
  - name: Setup Cosign
- uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
+ uses: sigstore/cosign-installer@4959ce089c160fddf62f7b42464195ba1a56d382 # v3.6.0
  - name: Setup Syft
- uses: anchore/sbom-action/download-syft@e8d2a6937ecead383dfe75190d104edd1f9c5751 # v0.16.0
+ uses: anchore/sbom-action/download-syft@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2
  - name: Prepare
  id: prep
  run: |
@@ -47,16 +47,16 @@ jobs:
  echo "BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> "$GITHUB_OUTPUT"
  echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
  - name: Setup QEMU
- uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
+ uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
  with:
  platforms: all
  - name: Setup Docker Buildx
  id: buildx
- uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
+ uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
  with:
  buildkitd-flags: "--debug"
  - name: Login to GitHub Container Registry
- uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0
+ uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
  with:
  registry: ghcr.io
  username: ${{ github.actor }}

.github/workflows/scan.yaml

@@ -39,13 +39,13 @@ jobs:
  **/go.sum
  **/go.mod
  - name: Initialize CodeQL
- uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+ uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
  with:
  languages: go
  - name: Autobuild
- uses: github/codeql-action/autobuild@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+ uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7
+ uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
 
  trivy:
  name: Trivy
@@ -57,7 +57,7 @@ jobs:
  run: |
  make docker-buildx
  - name: Run Trivy vulnerability scanner on controller image
- uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+ uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
  with:
  image-ref: 'ghcr.io/flux-iac/tofu-controller:latest'
  format: 'table'
@@ -66,7 +66,7 @@ jobs:
  vuln-type: 'os,library'
  severity: 'CRITICAL,HIGH'
  - name: Run Trivy vulnerability scanner on runner image
- uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+ uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
  with:
  image-ref: 'ghcr.io/flux-iac/tf-runner:latest'
  format: 'table'
@@ -76,7 +76,7 @@ jobs:
  severity: 'CRITICAL,HIGH'
  skip-files: '/usr/local/bin/terraform' # false positive
  - name: Run Trivy vulnerability scanner on runner image
- uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+ uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
  with:
  image-ref: 'ghcr.io/flux-iac/tf-runner-azure:latest'
  format: 'table'
@@ -86,7 +86,7 @@ jobs:
  severity: 'CRITICAL,HIGH'
  skip-files: '/usr/local/bin/terraform' # false positive
  - name: Run Trivy vulnerability scanner on planner image
- uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # v0.22.0
+ uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
  with:
  image-ref: 'ghcr.io/flux-iac/branch-planner:latest'
  format: 'table'