chore(deps): pin dependencies

[red-hat-konflux]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-go	action	pinDigest	→ 4a36011
actions/upload-artifact	action	pinDigest	→ 043fb46
aws-actions/configure-aws-credentials	action	pinDigest	→ ec61189
codecov/codecov-action	action	pinDigest	→ 57e3a13
github/codeql-action	action	pinDigest	→ 45cbd0c
golangci/golangci-lint-action	action	pinDigest	→ 1e7e51e

---

Warning

Some dependencies could not be looked up. Check the warning logs for more information.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.46%. Comparing base (1684b05) to head (25fd0e4).

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #889      +/-   ##
==========================================
+ Coverage   68.39%   68.46%   +0.07%     
==========================================
  Files          26       26              
  Lines        2794     2794              
==========================================
+ Hits         1911     1913       +2     
+ Misses        705      704       -1     
+ Partials      178      177       -1     

Flag	Coverage Δ
e2e-tests	30.42% <ø> (ø)
unit-tests	65.13% <ø> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

AI Dependency Impact Analysis

Risk Level: MEDIUM

Summary of Dependency Changes

This PR updates several GitHub Actions by pinning them to specific commit digests. These updates aim to improve build reproducibility and security by ensuring that the exact same versions of the actions are used across builds. This prevents unexpected behavior due to changes in the action code.

Affected Code

These updates affect the GitHub Actions workflows defined in the .github/workflows directory. There are no direct Go imports involved.

Breaking Change Assessment

Pinning to specific commit digests is generally not considered a breaking change in itself. However, the underlying code within the actions might have changed in a way that affects the workflows. Since we do not have specific prior versions or delta between versions it is not possible to assert if a breaking change has been introduced. As these are Github Actions it is unlikely but possible.

Security Assessment

There is no security assessment information provided. However, pinning to specific digests can improve security by mitigating the risk of supply chain attacks, as it ensures that the actions being used are the intended versions and prevents malicious modifications from being introduced.

Recommended Action

Review specific areas: The reviewer should examine the changelogs (if available) for each of the updated GitHub Actions to understand what changes have been made and whether those changes could affect the workflows. The reviewer should also monitor CI after merge.

[github-actions]

Risk Level: MEDIUM

Summary of Dependency Changes

This PR updates several GitHub Actions by pinning them to specific commit digests. These updates aim to improve build reproducibility and security by ensuring that the exact same versions of the actions are used across builds. This prevents unexpected behavior due to changes in the action code.

Affected Code

These updates affect the GitHub Actions workflows defined in the .github/workflows directory. There are no direct Go imports involved.

Breaking Change Assessment

Pinning to specific commit digests is generally not considered a breaking change in itself. However, the underlying code within the actions might have changed in a way that affects the workflows. Since we do not have specific prior versions or delta between versions it is not possible to assert if a breaking change has been introduced. As these are Github Actions it is unlikely but possible.

Security Assessment

There is no security assessment information provided. However, pinning to specific digests can improve security by mitigating the risk of supply chain attacks, as it ensures that the actions being used are the intended versions and prevents malicious modifications from being introduced.

Recommended Action

Review specific areas: The reviewer should examine the changelogs (if available) for each of the updated GitHub Actions to understand what changes have been made and whether those changes could affect the workflows. The reviewer should also monitor CI after merge.