build(deps): bump the github-actions group across 1 directory with 2 …

…updates

Bumps the github-actions group with 2 updates in the / directory: [actions/checkout](https://github.com/actions/checkout) and [github/codeql-action](https://github.com/github/codeql-action).


Updates `actions/checkout` from 4.1.5 to 4.1.6
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@44c2b7a...a5ac7e5)

Updates `github/codeql-action` from 3.25.3 to 3.25.8
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@d39d31e...2e230e8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/auto-merge.yml

@@ -7,7 +7,7 @@ jobs:
  auto-merge:
  runs-on: ubuntu-latest
  steps:
- - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  - uses: ahmadnassri/action-dependabot-auto-merge@v2
  with:
  # auto-merge rules are in /.github/auto-merge.yml

.github/workflows/code-coverage.yml

@@ -12,7 +12,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/compat-test.yml

@@ -14,7 +14,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/dependency-review.yml

@@ -15,6 +15,6 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: 'Checkout Repository'
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  - name: 'Dependency Review'
  uses: actions/dependency-review-action@v4

.github/workflows/endurance-test.yml

@@ -19,7 +19,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/htmlui-tests.yml

@@ -27,7 +27,7 @@ jobs:
  runs-on: macos-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/license-check.yml

@@ -12,7 +12,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/lint.yml

@@ -26,7 +26,7 @@ jobs:
  runs-on: ${{ matrix.os }}
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/make.yml

@@ -40,7 +40,7 @@ jobs:
  continue-on-error: ${{ contains(matrix.os, 'self-hosted') }}
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go
@@ -139,7 +139,7 @@ jobs:
  needs: build
  if: github.event_name != 'pull_request' && github.repository == 'kopia/kopia'
  steps:
- - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  - name: Set up QEMU
  uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0
  - name: Set up Docker Buildx

.github/workflows/ossf-scorecard.yml

@@ -26,7 +26,7 @@ jobs:
  steps:
  -
  name: "Checkout repo"
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  persist-credentials: false
  -
@@ -39,7 +39,7 @@ jobs:
  -
  # Upload the results to GitHub's code scanning dashboard.
  name: "Upload to results to dashboard"
- uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
+ uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8
  with:
  sarif_file: results.sarif
  -

.github/workflows/providers-core.yml

@@ -24,7 +24,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  ref: ${{ github.event.inputs.ref_name || github.ref }}

.github/workflows/providers-extra.yml

@@ -24,7 +24,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  ref: ${{ github.event.inputs.ref_name || github.ref }}

.github/workflows/race-detector.yml

@@ -12,7 +12,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/stress-test.yml

@@ -18,7 +18,7 @@ jobs:
  runs-on: ubuntu-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/tests.yml

@@ -38,7 +38,7 @@ jobs:
  continue-on-error: ${{ contains(matrix.os, 'self-hosted') }}
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go

.github/workflows/volume-shadow-copy-test.yml

@@ -15,7 +15,7 @@ jobs:
  runs-on: windows-latest
  steps:
  - name: Check out repository
- uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
+ uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
  with:
  fetch-depth: 0
  - name: Set up Go