chore(deps): update github-actions (#666)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-go](https://github.com/actions/setup-go) | action |
minor | `v4.0.1` -> `v4.1.0` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | minor | `v2.20.4` -> `v2.21.3` |
|
[slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator)
| action | minor | `v1.7.0` -> `v1.8.0` |

---

### ⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the
Dependency Dashboard for more information.

---

### Release Notes

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v4.1.0`](https://github.com/actions/setup-go/releases/tag/v4.1.0)

[Compare
Source](https://github.com/actions/setup-go/compare/v4.0.1...v4.1.0)

##### What's Changed

In scope of this release, slow installation on Windows was fixed by
[@&#8203;dsame](https://github.com/dsame) in
[https://github.com/actions/setup-go/pull/393](https://github.com/actions/setup-go/pull/393)
and OS version was added to `primaryKey` for Ubuntu runners to avoid
conflicts
([https://github.com/actions/setup-go/pull/383](https://github.com/actions/setup-go/pull/383))

This release also includes the following changes:

- Remove implicit dependencies by
[@&#8203;nikolai-laevskii](https://github.com/nikolai-laevskii) in
[https://github.com/actions/setup-go/pull/378](https://github.com/actions/setup-go/pull/378)
- Update action.yml by [@&#8203;mkelly](https://github.com/mkelly) in
[https://github.com/actions/setup-go/pull/379](https://github.com/actions/setup-go/pull/379)
- Added a description that go-version should be specified as a string
type by [@&#8203;n3xem](https://github.com/n3xem) in
[https://github.com/actions/setup-go/pull/367](https://github.com/actions/setup-go/pull/367)
- Add note about YAML parsing versions by
[@&#8203;dmitry-shibanov](https://github.com/dmitry-shibanov) in
[https://github.com/actions/setup-go/pull/382](https://github.com/actions/setup-go/pull/382)
- Automatic update of configuration files from 05/23/2023 by
[@&#8203;github-actions](https://github.com/github-actions) in
[https://github.com/actions/setup-go/pull/377](https://github.com/actions/setup-go/pull/377)
- Bump tough-cookie and
[@&#8203;azure/ms-rest-js](https://github.com/azure/ms-rest-js) by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/setup-go/pull/392](https://github.com/actions/setup-go/pull/392)
- Bump word-wrap from 1.2.3 to 1.2.4 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/setup-go/pull/397](https://github.com/actions/setup-go/pull/397)
- Bump semver from 6.3.0 to 6.3.1 by
[@&#8203;dependabot](https://github.com/dependabot) in
[https://github.com/actions/setup-go/pull/396](https://github.com/actions/setup-go/pull/396)

##### New Contributors

- [@&#8203;mkelly](https://github.com/mkelly) made their first
contribution in
[https://github.com/actions/setup-go/pull/379](https://github.com/actions/setup-go/pull/379)
- [@&#8203;n3xem](https://github.com/n3xem) made their first
contribution in
[https://github.com/actions/setup-go/pull/367](https://github.com/actions/setup-go/pull/367)

**Full Changelog**:
actions/setup-go@v4...v4.1.0

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.3`](https://github.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.2...v2.21.3)

###
[`v2.21.2`](https://github.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://github.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.21.0...v2.21.1)

###
[`v2.21.0`](https://github.com/github/codeql-action/compare/v2.20.4...v2.21.0)

[Compare
Source](https://github.com/github/codeql-action/compare/v2.20.4...v2.21.0)

</details>

<details>
<summary>slsa-framework/slsa-github-generator
(slsa-framework/slsa-github-generator)</summary>

###
[`v1.8.0`](https://github.com/slsa-framework/slsa-github-generator/blob/HEAD/CHANGELOG.md#v180)

[Compare
Source](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0)

Release \[v1.8.0] includes bug fixes and new features.

See the [full change
list](https://github.com/slsa-framework/slsa-github-generator/compare/v1.7.0...v1.8.0).

##### v1.8.0: Generic Generator

-   **Added**: A new

[`base64-subjects-as-file`](https://github.com/slsa-framework/slsa-github-generator/blob/v1.8.0/internal/builders/generic/README.md#workflow-inputs)
    was added to allow for specifying a large subject list.

##### v1.8.0: Node.js Builder (beta)

-   **Fixed**: Publishing for non-scoped packages was fixed (See

[#&#8203;2359](https://github.com/slsa-framework/slsa-github-generator/issues/2359))
- **Fixed**: Documentation was updated to clarify that the GitHub
Actions
    `deployment` event is not supported.
- **Changed**: The file extension for the generated provenance file was
changed
from `.sigstore` to `.build.slsa` in order to make it easier to identify
    provenance files regardless of file format.
- **Fixed**: The publish action was fixed to address an issue with the
package
    name when using Node 16.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" (UTC), Automerge - At
any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/slsa-framework/slsa-verifier).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4xMS4wIiwidXBkYXRlZEluVmVyIjoiMzYuMjcuMSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Signed-off-by: Mend Renovate <[email protected]>

.github/workflows/codeql-analysis.yml

@@ -44,7 +44,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4
+        uses: github/codeql-action/init@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -55,7 +55,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4
+        uses: github/codeql-action/autobuild@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3
       # Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
 
@@ -68,4 +68,4 @@ jobs:
       #     make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4
+        uses: github/codeql-action/analyze@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3

.github/workflows/pre-submit.cli.yml

@@ -18,7 +18,7 @@ jobs:
         uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
 
       - name: setup-go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: "go.mod"
 

.github/workflows/pre-submit.e2e.yml

@@ -16,7 +16,7 @@ jobs:
           path: __THIS_REPO__
 
       - name: setup-go
-        uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+        uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: "__THIS_REPO__/go.mod"
 

.github/workflows/pre-submit.lint.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1
+      - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
         with:
           go-version-file: "go.mod"
       - env:

.github/workflows/release.yml

@@ -49,7 +49,7 @@ jobs:
       actions: read # For the detection of GitHub Actions environment.
       id-token: write # For signing.
       contents: write # For asset uploads.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.8.0
     with:
       go-version-file: "go.mod"
       config-file: .slsa-goreleaser/${{matrix.os}}-${{matrix.arch}}.yml

.github/workflows/scorecards.yml

@@ -57,6 +57,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4
+        uses: github/codeql-action/upload-sarif@5b6282e01c62d02e720b81eb8a51204f527c3624 # v2.21.3
         with:
           sarif_file: results.sarif