From 0c59a975db8dab0c27a988b8e241fd263968adca Mon Sep 17 00:00:00 2001
From: Mend Renovate <bot@renovateapp.com>
Date: Tue, 19 Sep 2023 03:12:47 +0200
Subject: [PATCH] chore(deps): update workflows (major) (#540)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
major | `v3.6.0` -> `v4.0.0` |
| [actions/checkout](https://togithub.com/actions/checkout) | action |
major | `v3` -> `v4` |
| [docker/login-action](https://togithub.com/docker/login-action) |
action | major | `v2` -> `v3` |
|
[docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action)
| action | major | `v2` -> `v3` |
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | major | `v2` -> `v3` |
|
[goreleaser/goreleaser-action](https://togithub.com/goreleaser/goreleaser-action)
| action | major | `v4.6.0` -> `v5.0.0` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v4.0.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v400)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.6.0...v4.0.0)

- [Support fetching without the --progress
option](https://togithub.com/actions/checkout/pull/1067)
-   [Update to node20](https://togithub.com/actions/checkout/pull/1436)

</details>

<details>
<summary>docker/login-action (docker/login-action)</summary>

### [`v3`](https://togithub.com/docker/login-action/compare/v2...v3)

[Compare
Source](https://togithub.com/docker/login-action/compare/v2...v3)

</details>

<details>
<summary>docker/setup-buildx-action
(docker/setup-buildx-action)</summary>

###
[`v3`](https://togithub.com/docker/setup-buildx-action/compare/v2...v3)

[Compare
Source](https://togithub.com/docker/setup-buildx-action/compare/v2...v3)

</details>

<details>
<summary>docker/setup-qemu-action (docker/setup-qemu-action)</summary>

###
[`v3`](https://togithub.com/docker/setup-qemu-action/compare/v2...v3)

[Compare
Source](https://togithub.com/docker/setup-qemu-action/compare/v2...v3)

</details>

<details>
<summary>goreleaser/goreleaser-action
(goreleaser/goreleaser-action)</summary>

###
[`v5.0.0`](https://togithub.com/goreleaser/goreleaser-action/releases/tag/v5.0.0)

[Compare
Source](https://togithub.com/goreleaser/goreleaser-action/compare/v4.6.0...v5.0.0)

##### What's Changed

- feat: node 20 as default runtime (requires [Actions Runner
v2.308.0](https://togithub.com/actions/runner/releases/tag/v2.308.0) or
later) by [@&#8203;crazy-max](https://togithub.com/crazy-max) in
[https://github.com/goreleaser/goreleaser-action/pull/432](https://togithub.com/goreleaser/goreleaser-action/pull/432)
- chore(deps): bump
[@&#8203;actions/core](https://togithub.com/actions/core) from 1.10.0 to
1.10.1 in
[https://github.com/goreleaser/goreleaser-action/pull/434](https://togithub.com/goreleaser/goreleaser-action/pull/434)

**Full Changelog**:
https://github.com/goreleaser/goreleaser-action/compare/v4.6.0...v5.0.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi44My4wIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
---
 .github/workflows/codeql-analysis.yml                |  2 +-
 .github/workflows/goreleaser.yml                     | 10 +++++-----
 .github/workflows/lint.yaml                          |  2 +-
 .github/workflows/osv-scanner-reusable-pr.yml        |  2 +-
 .github/workflows/osv-scanner-reusable-scheduled.yml |  2 +-
 .github/workflows/scorecards.yml                     |  2 +-
 .github/workflows/test.yml                           |  2 +-
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ad843d39e4..fc54fa77a1 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -40,7 +40,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index 8521d83d71..c08220465f 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -21,7 +21,7 @@ jobs:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           fetch-depth: 0
       - name: Set up Go
@@ -33,17 +33,17 @@ jobs:
         uses: ./.github/workflows/test-action
       - name: Run Lints
         uses: ./.github/workflows/lint-action
-      - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2
-      - uses: docker/setup-buildx-action@885d1462b80bc1c1c7f0b00334ad271f09369c55 # v2
+      - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3
+      - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3
       - name: ghcr-login
-        uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run GoReleaser
         id: run-goreleaser
-        uses: goreleaser/goreleaser-action@5fdedb94abba051217030cc86d4523cf3f02243d # v4.6.0
+        uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
         with:
           version: latest
           args: release --rm-dist
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index b511c4d849..a549a86a02 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           persist-credentials: false
           fetch-depth: 0
diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
index 394379a7a0..06a8d8a2a1 100644
--- a/.github/workflows/osv-scanner-reusable-pr.yml
+++ b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -21,7 +21,7 @@ jobs:
   scan-pr:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           # Do persist credentials, as we need it for the git checkout later
diff --git a/.github/workflows/osv-scanner-reusable-scheduled.yml b/.github/workflows/osv-scanner-reusable-scheduled.yml
index 64fd2e19c9..4a1ad269a4 100644
--- a/.github/workflows/osv-scanner-reusable-scheduled.yml
+++ b/.github/workflows/osv-scanner-reusable-scheduled.yml
@@ -21,7 +21,7 @@ jobs:
   scan-scheduled:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: "Run scanner"
         uses: google/osv-scanner/actions/scanner@main
         with:
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index c7a59be514..8a485176d0 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           persist-credentials: false
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index a2eb3ce9cf..2589a3ec67 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
         with:
           persist-credentials: false
           fetch-depth: 0