chore(deps): update workflows (#835)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/download-artifact](https://github.com/actions/download-artifact)
| action | patch | `v4.1.1` -> `v4.1.4` |
| [github/codeql-action](https://github.com/github/codeql-action) |
action | patch | `v3.24.5` -> `v3.24.6` |

---

### Release Notes

<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>

###
[`v4.1.4`](https://github.com/actions/download-artifact/releases/tag/v4.1.4)

[Compare
Source](https://github.com/actions/download-artifact/compare/v4.1.3...v4.1.4)

##### What's Changed

- Update
[@&#8203;actions/artifact](https://github.com/actions/artifact) by
[@&#8203;bethanyj28](https://github.com/bethanyj28) in
[https://github.com/actions/download-artifact/pull/307](https://github.com/actions/download-artifact/pull/307)

**Full Changelog**:
actions/download-artifact@v4...v4.1.4

###
[`v4.1.3`](https://github.com/actions/download-artifact/releases/tag/v4.1.3)

[Compare
Source](https://github.com/actions/download-artifact/compare/v4.1.2...v4.1.3)

##### What's Changed

- Update release-new-action-version.yml by
[@&#8203;konradpabjan](https://github.com/konradpabjan) in
[https://github.com/actions/download-artifact/pull/292](https://github.com/actions/download-artifact/pull/292)
- Update toolkit dependency with updated unzip logic by
[@&#8203;bethanyj28](https://github.com/bethanyj28) in
[https://github.com/actions/download-artifact/pull/299](https://github.com/actions/download-artifact/pull/299)
- Update
[@&#8203;actions/artifact](https://github.com/actions/artifact) by
[@&#8203;bethanyj28](https://github.com/bethanyj28) in
[https://github.com/actions/download-artifact/pull/303](https://github.com/actions/download-artifact/pull/303)

##### New Contributors

- [@&#8203;bethanyj28](https://github.com/bethanyj28) made their first
contribution in
[https://github.com/actions/download-artifact/pull/299](https://github.com/actions/download-artifact/pull/299)

**Full Changelog**:
actions/download-artifact@v4...v4.1.3

###
[`v4.1.2`](https://github.com/actions/download-artifact/releases/tag/v4.1.2)

[Compare
Source](https://github.com/actions/download-artifact/compare/v4.1.1...v4.1.2)

- Bump
[@&#8203;actions/artifacts](https://github.com/actions/artifacts) to
latest version to include [updated GHES host
check](https://github.com/actions/toolkit/pull/1648)

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.24.6`](https://github.com/github/codeql-action/compare/v3.24.5...v3.24.6)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.24.5...v3.24.6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on monday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv-scanner).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4yMjAuMiIsInVwZGF0ZWRJblZlciI6IjM3LjIyMC4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->

Author: renovate-bot

.github/workflows/codeql-analysis.yml

@@ -48,7 +48,7 @@ jobs:
           go-version-file: go.mod
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -59,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6

.github/workflows/osv-scanner-reusable-pr.yml

@@ -105,6 +105,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: ${{ !cancelled() && inputs.upload-sarif == true }}
-        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
         with:
           sarif_file: ${{ inputs.results-file-name }}

.github/workflows/osv-scanner-reusable.yml

@@ -55,7 +55,7 @@ jobs:
         with:
           persist-credentials: false
       - name: "Download custom artifact if specified"
-        uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1
+        uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
         if: "${{ inputs.download-artifact != '' }}"
         with:
           name: "${{ inputs.download-artifact }}"
@@ -88,6 +88,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
         if: "${{ !cancelled() && inputs.upload-sarif == true }}"
-        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
         with:
           sarif_file: ${{ inputs.results-file-name }}

.github/workflows/scorecards.yml

@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
+        uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6
         with:
           sarif_file: results.sarif