build(deps): bump the github-actions group across 1 directory with 10 updates

.github/workflows/build.yml

@@ -31,13 +31,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
           persist-credentials: false
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
@@ -58,7 +58,7 @@ jobs:
           fi
 
       - name: Install golangci-lint
-        uses: golangci/golangci-lint-action@v7
+        uses: golangci/golangci-lint-action@v8
         with:
           version: latest
           args: --timeout=5m
@@ -76,12 +76,12 @@ jobs:
     needs: verify
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
@@ -92,7 +92,7 @@ jobs:
           govulncheck ./...
 
       - name: Run dependency scan
-        uses: aquasecurity/trivy-action@0.30.0
+        uses: aquasecurity/trivy-action@0.33.1
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -102,13 +102,13 @@ jobs:
           timeout: "10m"
 
       - name: Upload security scan results
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: "trivy-results.sarif"
 
       - name: Generate SBOM
-        uses: anchore/sbom-action@v0.18.0
+        uses: anchore/sbom-action@v0.20.6
         with:
           format: spdx-json
           output-file: sbom.spdx.json
@@ -127,12 +127,12 @@ jobs:
     needs: verify
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true
@@ -156,12 +156,12 @@ jobs:
     if: github.event_name == 'pull_request' || (github.event_name == 'push' && github.ref != 'refs/heads/main')
     steps:
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           persist-credentials: false
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true

.github/workflows/jekyll-gh-pages.yml

@@ -27,7 +27,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
       - name: Setup Pages
         uses: actions/configure-pages@v5
       - name: Build with Jekyll
@@ -36,7 +36,7 @@ jobs:
           source: ./
           destination: ./_site
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@v4
 
   # Deployment job
   deploy:

.github/workflows/release.yml

@@ -23,12 +23,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ env.GO_VERSION }}
           cache: true

.github/workflows/slash-commands.yml

@@ -17,8 +17,8 @@ jobs:
       - name: Set up GitHub token
         id: generate-token
         run: echo "token=${{ github.token }}" >> $GITHUB_OUTPUT
-      - uses: actions/checkout@v4
-      - uses: dagger/dagger-for-github@8.0.0
+      - uses: actions/checkout@v5
+      - uses: dagger/dagger-for-github@v8.2.0
       - name: slash agent
         if: github.event.issue.pull_request && contains(github.event.comment.body, '/agent')
         run: dagger call pull-request-feedback --github-token GH_TOKEN --issue-id ${{ github.event.issue.number }} --feedback "${{ github.event.comment.body }}"

.github/workflows/test.yml

@@ -10,8 +10,8 @@ jobs:
       - name: Set up GitHub token
         id: generate-token
         run: echo "token=${{ github.token }}" >> $GITHUB_OUTPUT
-      - uses: actions/checkout@v4
-      - uses: dagger/dagger-for-github@8.0.0
+      - uses: actions/checkout@v5
+      - uses: dagger/dagger-for-github@v8.2.0
       - name: Check
         run: dagger call check --github-token GH_TOKEN --model gpt-4.1 --commit $GITHUB_SHA
         env:

.github/workflows/update-homebrew-cast.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout your repo
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Install Homebrew on Linux
         run: |

.github/workflows/update-homebrew.yml

@@ -16,7 +16,7 @@ jobs:
         run: echo "REPO_NAME=$(echo ${{ github.repository }} | cut -d '/' -f 2)" >> $GITHUB_OUTPUT
 
       - name: Trigger homebrew formula update
-        uses: peter-evans/repository-dispatch@v3
+        uses: peter-evans/repository-dispatch@v4
         with:
           token: ${{ secrets.HOMEBREW_TAP_TOKEN }}
           repository: tuannvm/homebrew-mcp

.github/workflows/usage-comments.yml

@@ -7,7 +7,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Add comment to PR
-        uses: peter-evans/create-or-update-comment@v3
+        uses: peter-evans/create-or-update-comment@v5
         with:
           issue-number: ${{ github.event.pull_request.number }}
           body: |