chore(deps): update workflows (major) (#709)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/download-artifact](https://github.com/actions/download-artifact)
| action | major | `v3` -> `v4` |
| [actions/setup-go](https://github.com/actions/setup-go) | action |
major | `v4.1.0` -> `v5.0.0` |
| [actions/setup-go](https://github.com/actions/setup-go) | action |
major | `v4` -> `v5` |
|
[actions/upload-artifact](https://github.com/actions/upload-artifact)
| action | major | `v3.1.3` -> `v4.0.0` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | major | `v2.23.0` -> `v3.23.0` |

---

### Release Notes

<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>

###
[`v4`](https://github.com/actions/download-artifact/compare/v3...v4)

[Compare
Source](https://github.com/actions/download-artifact/compare/v3...v4)

</details>

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.0.0`](https://github.com/actions/setup-go/releases/tag/v5.0.0)

[Compare
Source](https://github.com/actions/setup-go/compare/v4.1.0...v5.0.0)

##### What's Changed

In scope of this release, we change Nodejs runtime from node16 to node20
([https://github.com/actions/setup-go/pull/421](https://github.com/actions/setup-go/pull/421)).
Moreover, we update some dependencies to the latest versions
([https://github.com/actions/setup-go/pull/445](https://github.com/actions/setup-go/pull/445)).

Besides, this release contains such changes as:

- Fix hosted tool cache usage on windows by
[@&#8203;galargh](https://github.com/galargh) in
[https://github.com/actions/setup-go/pull/411](https://github.com/actions/setup-go/pull/411)
- Improve documentation regarding dependencies caching by
[@&#8203;artemgavrilov](https://github.com/artemgavrilov) in
[https://github.com/actions/setup-go/pull/417](https://github.com/actions/setup-go/pull/417)

##### New Contributors

- [@&#8203;galargh](https://github.com/galargh) made their first
contribution in
[https://github.com/actions/setup-go/pull/411](https://github.com/actions/setup-go/pull/411)
- [@&#8203;artemgavrilov](https://github.com/artemgavrilov) made their
first contribution in
[https://github.com/actions/setup-go/pull/417](https://github.com/actions/setup-go/pull/417)
- [@&#8203;chenrui333](https://github.com/chenrui333) made their first
contribution in
[https://github.com/actions/setup-go/pull/421](https://github.com/actions/setup-go/pull/421)

**Full Changelog**:
actions/setup-go@v4...v5.0.0

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.0.0`](https://github.com/actions/upload-artifact/releases/tag/v4.0.0)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v3.1.3...v4.0.0)

#### What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major
changes to the backend architecture of Artifacts. They have numerous
performance and behavioral improvements.

For more information, see the
[@&#8203;actions/artifact](https://github.com/actions/toolkit/tree/main/packages/artifact)
documentation.

#### New Contributors

- [@&#8203;vmjoseph](https://github.com/vmjoseph) made their first
contribution in
[https://github.com/actions/upload-artifact/pull/464](https://github.com/actions/upload-artifact/pull/464)

**Full Changelog**:
actions/upload-artifact@v3...v4.0.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.23.0`](https://github.com/github/codeql-action/compare/v3.22.12...v3.23.0)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.22.12...v3.23.0)

###
[`v3.22.12`](https://github.com/github/codeql-action/compare/v3.22.11...v3.22.12)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.22.11...v3.22.12)

###
[`v3.22.11`](https://github.com/github/codeql-action/compare/v2.22.11...v3.22.11)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.23.0...v3.22.11)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy45My4xIiwidXBkYXRlZEluVmVyIjoiMzcuMTI3LjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=-->

.github/workflows/checks.yml

@@ -46,7 +46,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Set up Go
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: .go-version
           check-latest: true
@@ -65,7 +65,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Set up Go
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: .go-version
           check-latest: true

.github/workflows/codeql-analysis.yml

@@ -43,12 +43,12 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       # Update go to the latest version to support minor go versions is go.mod file
       - name: Install Go
-        uses: actions/setup-go@v4
+        uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
+        uses: github/codeql-action/init@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
+        uses: github/codeql-action/autobuild@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
+        uses: github/codeql-action/analyze@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0

.github/workflows/goreleaser.yml

@@ -28,7 +28,7 @@ jobs:
           fetch-depth: 0
           ref: ${{ inputs.commit }}
       - name: Set up Go
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: .go-version
           check-latest: true

.github/workflows/osv-scanner-reusable-pr.yml

@@ -83,28 +83,28 @@ jobs:
       # format to the repository Actions tab.
       - name: "Upload artifact"
         if: "!cancelled()"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: SARIF file
           path: ${{ inputs.results-file-name }}
           retention-days: 5
       - name: "Upload old scan json results"
         if: "!cancelled()"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: old-json-results
           path: old-results.json
           retention-days: 5
       - name: "Upload new scan json results"
         if: "!cancelled()"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: new-json-results
           path: new-results.json
           retention-days: 5
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: ${{ !cancelled() && inputs.upload-sarif == true }}
-        uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
+        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
         with:
           sarif_file: ${{ inputs.results-file-name }}

.github/workflows/osv-scanner-reusable.yml

@@ -55,7 +55,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Download custom artifact if specified"
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         if: "${{ inputs.download-artifact != '' }}"
         with:
           name: "${{ inputs.download-artifact }}"
@@ -80,14 +80,14 @@ jobs:
       # format to the repository Actions tab.
       - name: "Upload artifact"
         if: "!cancelled()"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: SARIF file
           path: ${{ inputs.results-file-name }}
           retention-days: 5
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: "${{ !cancelled() && inputs.upload-sarif == true }}"
-        uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
+        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
         with:
           sarif_file: ${{ inputs.results-file-name }}

.github/workflows/prerelease-check.yml

@@ -47,7 +47,7 @@ jobs:
           persist-credentials: false
           ref: ${{ inputs.commit }}
       - name: Set up Go
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: .go-version
           check-latest: true
@@ -67,7 +67,7 @@ jobs:
           persist-credentials: false
           ref: ${{ inputs.commit }}
       - name: Set up Go
-        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
+        uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
         with:
           go-version-file: .go-version
           check-latest: true

.github/workflows/scorecards.yml

@@ -59,14 +59,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@8b7fcbfac2aae0e6c24d9f9ebd5830b1290b18e4 # v2.23.0
+        uses: github/codeql-action/upload-sarif@e5f05b81d5b6ff8cfa111c80c22c5fd02a384118 # v3.23.0
         with:
           sarif_file: results.sarif