From dd37485fca411acdbee6abc52c0b02220763a289 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Tue, 30 Jul 2024 11:15:33 -0700
Subject: [PATCH] Update github-actions deps (#10742)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | patch | `v3.25.13` -> `v3.25.15` |
| [ossf/scorecard-action](https://togithub.com/ossf/scorecard-action) |
action | minor | `v2.3.3` -> `v2.4.0` |

---

> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.

---

### Release Notes

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.25.15`](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.14...v3.25.15)

###
[`v3.25.14`](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v3.25.13...v3.25.14)

</details>

<details>
<summary>ossf/scorecard-action (ossf/scorecard-action)</summary>

###
[`v2.4.0`](https://togithub.com/ossf/scorecard-action/releases/tag/v2.4.0)

[Compare
Source](https://togithub.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0)

#### What's Changed

This update bumps the Scorecard version to the v5 release. For a
complete list of changes, please refer to the [v5.0.0 release
notes](https://togithub.com/ossf/scorecard/releases/tag/v5.0.0). Of
special note to Scorecard Action is the Maintainer Annotation feature,
which can be used to suppress some Code Scanning false positives. Alerts
will not be generated for any Scorecard Check with an annotation.

- :seedling: Bump github.com/ossf/scorecard/v5 from v5.0.0-rc2 to v5.0.0
by [@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1410](https://togithub.com/ossf/scorecard-action/pull/1410)
- :bug: lower license sarif alert threshold to 9 by
[@&#8203;spencerschrock](https://togithub.com/spencerschrock) in
[https://github.com/ossf/scorecard-action/pull/1411](https://togithub.com/ossf/scorecard-action/pull/1411)

##### Documentation

- docs: dogfooding badge by
[@&#8203;jkowalleck](https://togithub.com/jkowalleck) in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

#### New Contributors

- [@&#8203;jkowalleck](https://togithub.com/jkowalleck) made their first
contribution in
[https://github.com/ossf/scorecard-action/pull/1399](https://togithub.com/ossf/scorecard-action/pull/1399)

**Full Changelog**:
https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on tuesday" (UTC), Automerge - At any
time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job
log](https://developer.mend.io/github/open-telemetry/opentelemetry-collector).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40NDAuNyIsInVwZGF0ZWRJblZlciI6IjM3LjQ0MC43IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiLCJyZW5vdmF0ZWJvdCJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
---
 .github/workflows/codeql-analysis.yml | 6 +++---
 .github/workflows/scorecard.yml       | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 895006c3f3a..ae5031f4c0c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -30,12 +30,12 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/init@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/autobuild@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/analyze@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 9b418a3ec9f..32eaa1fdbe2 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -34,7 +34,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
+        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -64,6 +64,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15
         with:
           sarif_file: results.sarif