ci(deps): bump the github-actions group with 7 updatesdependabot/github_actions/github-actions-37d761dd54

Bumps the github-actions group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `4` | `6` |
| [actions/github-script](https://github.com/actions/github-script) | `7` | `8` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` |
| [actions/setup-java](https://github.com/actions/setup-java) | `4` | `5` |
| [docker/login-action](https://github.com/docker/login-action) | `3` | `4` |
| [docker/build-push-action](https://github.com/docker/build-push-action) | `6` | `7` |
| [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` |


Updates `actions/checkout` from 4 to 6
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

Updates `actions/github-script` from 7 to 8
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](https://github.com/actions/github-script/compare/v7...v8)

Updates `actions/upload-artifact` from 4 to 7
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v7)

Updates `actions/setup-java` from 4 to 5
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](https://github.com/actions/setup-java/compare/v4...v5)

Updates `docker/login-action` from 3 to 4
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](https://github.com/docker/login-action/compare/v3...v4)

Updates `docker/build-push-action` from 6 to 7
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v6...v7)

Updates `github/codeql-action` from 3 to 4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/github-script
  dependency-version: '8'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-java
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/login-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/build-push-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>

10 files changed, 13 insertions, 13 deletions

diff --git a/.github/workflows/ci-lint.yml b/.github/workflows/ci-lint.yml
index 011e0b8381..6d3ecddeeb 100644
--- a/.github/workflows/ci-lint.yml
+++ b/.github/workflows/ci-lint.yml
@@ -47,7 +47,7 @@ jobs:
         run: npm ci
 
       - name: Lint commit messages
-        uses: actions/github-script@v7
+        uses: actions/github-script@v8
         with:
           script: |
             const lint = require('./ci/github-script/lint-commits.js')
diff --git a/.github/workflows/cmark-fuzz.yml b/.github/workflows/cmark-fuzz.yml
index 10d2b48ac0..2d7fc8fa10 100644
--- a/.github/workflows/cmark-fuzz.yml
+++ b/.github/workflows/cmark-fuzz.yml
@@ -30,7 +30,7 @@ jobs:
           fuzz-seconds: 600
           dry-run: false
       - name: Upload Crash
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: failure() && steps.build.outcome == 'success'
         with:
           name: cmark-fuzz-artifacts
diff --git a/.github/workflows/forgewrapper-build.yml b/.github/workflows/forgewrapper-build.yml
index 5f9f701965..9499373069 100644
--- a/.github/workflows/forgewrapper-build.yml
+++ b/.github/workflows/forgewrapper-build.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: "temurin"
           java-version: "8"
@@ -37,7 +37,7 @@ jobs:
     steps:
       - uses: actions/checkout@v6
       - name: Set up JDK
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@v5
         with:
           distribution: "temurin"
           java-version: "8"
diff --git a/.github/workflows/images4docker-build.yml b/.github/workflows/images4docker-build.yml
index 36778194bc..f6569792be 100644
--- a/.github/workflows/images4docker-build.yml
+++ b/.github/workflows/images4docker-build.yml
@@ -51,7 +51,7 @@ jobs:
       - uses: actions/checkout@v6
 
       - name: Login to GHCR
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
@@ -67,7 +67,7 @@ jobs:
           echo "immutable_tag=${ts}-r${GITHUB_RUN_ID}-a${GITHUB_RUN_ATTEMPT}-${short_sha}" >> "$GITHUB_OUTPUT"
 
       - name: Build and push image
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           context: images4docker
           file: ${{ matrix.dockerfile }}
diff --git a/.github/workflows/json4cpp-flawfinder.yml b/.github/workflows/json4cpp-flawfinder.yml
index ca78ee817a..ff0897ff4e 100644
--- a/.github/workflows/json4cpp-flawfinder.yml
+++ b/.github/workflows/json4cpp-flawfinder.yml
@@ -31,6 +31,6 @@ jobs:
           output: 'flawfinder_results.sarif'
 
       - name: Upload analysis results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4
         with:
           sarif_file: ${{ github.workspace }}/flawfinder_results.sarif
diff --git a/.github/workflows/json4cpp-semgrep.yml b/.github/workflows/json4cpp-semgrep.yml
index 0e728b3830..9596b89051 100644
--- a/.github/workflows/json4cpp-semgrep.yml
+++ b/.github/workflows/json4cpp-semgrep.yml
@@ -29,7 +29,7 @@ jobs:
           generateSarif: "1"
 
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4
         with:
           sarif_file: semgrep.sarif
         if: always()
diff --git a/.github/workflows/neozip-fuzz.yml b/.github/workflows/neozip-fuzz.yml
index 2530386d59..59f2e285d4 100644
--- a/.github/workflows/neozip-fuzz.yml
+++ b/.github/workflows/neozip-fuzz.yml
@@ -31,7 +31,7 @@ jobs:
           dry-run: false
 
       - name: Upload Crash
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         if: failure() && steps.build.outcome == 'success'
         with:
           name: neozip-fuzz-artifacts
diff --git a/.github/workflows/repo-scorecards.yml b/.github/workflows/repo-scorecards.yml
index 2dc2ca7a96..8cafd16cc7 100644
--- a/.github/workflows/repo-scorecards.yml
+++ b/.github/workflows/repo-scorecards.yml
@@ -49,6 +49,6 @@ jobs:
           retention-days: 5
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/tomlplusplus-fuzz.yml b/.github/workflows/tomlplusplus-fuzz.yml
index f326b6301b..dbfe6bf026 100644
--- a/.github/workflows/tomlplusplus-fuzz.yml
+++ b/.github/workflows/tomlplusplus-fuzz.yml
@@ -32,14 +32,14 @@ jobs:
         fuzz-seconds: 800
         output-sarif: true
     - name: Upload Crash
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v7
       if: failure() && steps.build.outcome == 'success'
       with:
         name: tomlplusplus-fuzz-artifacts
         path: ./out/artifacts
     - name: Upload Sarif
       if: always() && steps.build.outcome == 'success'
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: cifuzz-sarif/results.sarif
         checkout_path: cifuzz-sarif
diff --git a/.github/workflows/tomlplusplus-gh-pages.yml b/.github/workflows/tomlplusplus-gh-pages.yml
index 27a34d766b..1a06415cf5 100644
--- a/.github/workflows/tomlplusplus-gh-pages.yml
+++ b/.github/workflows/tomlplusplus-gh-pages.yml
@@ -14,7 +14,7 @@ jobs:
         working-directory: tomlplusplus
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0