chore(deps): update workflows (#1145)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [docker/login-action](https://togithub.com/docker/login-action) |
action | digest | `0d4c9c5` -> `9780b0c` |
|
[docker/setup-buildx-action](https://togithub.com/docker/setup-buildx-action)
| action | digest | `4fd8129` -> `aa33708` |
|
[docker/setup-qemu-action](https://togithub.com/docker/setup-qemu-action)
| action | digest | `5927c83` -> `49b3bc8` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.13` -> `v3.25.15` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |
| [ruby/setup-ruby](https://togithub.com/ruby/setup-ruby) | action |
minor | `v1.187.0` -> `v1.190.0` |

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

</details>

<details>
<summary>ruby/setup-ruby (ruby/setup-ruby)</summary>

###
[`v1.190.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.190.0)

[Compare
Source](https://togithub.com/ruby/setup-ruby/compare/v1.189.0...v1.190.0)

##### What's Changed

- Update CRuby releases on Windows by
[@&#8203;ruby-builder-bot](https://togithub.com/ruby-builder-bot) in
[https://github.com/ruby/setup-ruby/pull/628](https://togithub.com/ruby/setup-ruby/pull/628)

**Full Changelog**:
ruby/setup-ruby@v1.189.0...v1.190.0

###
[`v1.189.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.189.0)

[Compare
Source](https://togithub.com/ruby/setup-ruby/compare/v1.188.0...v1.189.0)

#### What's Changed

- docs: update ruby-version comment by
[@&#8203;chenrui333](https://togithub.com/chenrui333) in
[https://github.com/ruby/setup-ruby/pull/626](https://togithub.com/ruby/setup-ruby/pull/626)
- Add ruby-3.2.5 by
[@&#8203;ruby-builder-bot](https://togithub.com/ruby-builder-bot) in
[https://github.com/ruby/setup-ruby/pull/627](https://togithub.com/ruby/setup-ruby/pull/627)

#### New Contributors

- [@&#8203;chenrui333](https://togithub.com/chenrui333) made their first
contribution in
[https://github.com/ruby/setup-ruby/pull/626](https://togithub.com/ruby/setup-ruby/pull/626)

**Full Changelog**:
ruby/setup-ruby@v1.188.0...v1.189.0

###
[`v1.188.0`](https://togithub.com/ruby/setup-ruby/releases/tag/v1.188.0)

[Compare
Source](https://togithub.com/ruby/setup-ruby/compare/v1.187.0...v1.188.0)

##### What's Changed

- Add truffleruby-24.0.2,truffleruby+graalvm-24.0.2 by
[@&#8203;ruby-builder-bot](https://togithub.com/ruby-builder-bot) in
[https://github.com/ruby/setup-ruby/pull/625](https://togithub.com/ruby/setup-ruby/pull/625)

**Full Changelog**:
ruby/setup-ruby@v1.187.0...v1.188.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Author: renovate-bot

.github/workflows/codeql-analysis.yml

@@ -50,7 +50,7 @@ jobs:
           go-version-file: go.mod
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -61,7 +61,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -75,4 +75,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15

.github/workflows/goreleaser.yml

@@ -31,10 +31,10 @@ jobs:
         with:
           go-version-file: .go-version
           check-latest: true
-      - uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3
-      - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3
+      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3
+      - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3
       - name: ghcr-login
-        uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}

.github/workflows/osv-scanner-reusable-pr.yml

@@ -108,6 +108,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: ${{ !cancelled() && inputs.upload-sarif == true }}
-        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: ${{ inputs.results-file-name }}

.github/workflows/osv-scanner-reusable.yml

@@ -91,6 +91,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: "${{ !cancelled() && inputs.upload-sarif == true }}"
-        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: ${{ inputs.results-file-name }}

.github/workflows/scorecards.yml

@@ -38,7 +38,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -68,6 +68,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: results.sarif

.github/workflows/semantic.yml

@@ -106,7 +106,7 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
         with:
           persist-credentials: false
-      - uses: ruby/setup-ruby@161cd54b698f1fb3ea539faab2e036d409550e3c # v1.187.0
+      - uses: ruby/setup-ruby@a6e6f86333f0a2523ece813039b8b4be04560854 # v1.190.0
         with:
           ruby-version: "3.1"
       - name: setup dependencies