[CI] Bump the github-actions group across 1 directory with 3 updates (#17259)

Bumps the github-actions group with 3 updates in the / directory:
[actions/setup-python](https://github.com/actions/setup-python),
[actions/attest-build-provenance](https://github.com/actions/attest-build-provenance)
and [ossf/scorecard-action](https://github.com/ossf/scorecard-action).

Updates `actions/setup-python` from 5.0.0 to 5.4.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.4.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements:</h3>
<ul>
<li>Update cache error message by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/968">actions/setup-python#968</a></li>
<li>Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/985">actions/setup-python#985</a></li>
<li>Configure Dependabot settings by <a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1008">actions/setup-python#1008</a></li>
</ul>
<h3>Documentation changes:</h3>
<ul>
<li>Readme update - recommended permissions by <a
href="https://github.com/benwells"><code>@​benwells</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1009">actions/setup-python#1009</a></li>
<li>Improve Advanced Usage examples by <a
href="https://github.com/lrq3000"><code>@​lrq3000</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/645">actions/setup-python#645</a></li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>undici</code> from 5.28.4 to 5.28.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1012">actions/setup-python#1012</a></li>
<li>Upgrade <code>urllib3</code> from 1.25.9 to 1.26.19 in
/<strong>tests</strong>/data by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/895">actions/setup-python#895</a></li>
<li>Upgrade <code>actions/publish-immutable-action</code> from 0.0.3 to
0.0.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1014">actions/setup-python#1014</a></li>
<li>Upgrade <code>@actions/http-client</code> from 2.2.1 to 2.2.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1020">actions/setup-python#1020</a></li>
<li>Upgrade <code>requests</code> from 2.24.0 to 2.32.2 in
/<strong>tests</strong>/data by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1019">actions/setup-python#1019</a></li>
<li>Upgrade <code>@actions/cache</code> to <code>^4.0.0</code> by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1007">actions/setup-python#1007</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/benwells"><code>@​benwells</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1009">actions/setup-python#1009</a></li>
<li><a
href="https://github.com/HarithaVattikuti"><code>@​HarithaVattikuti</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1008">actions/setup-python#1008</a></li>
<li><a href="https://github.com/lrq3000"><code>@​lrq3000</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/645">actions/setup-python#645</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.4.0">https://github.com/actions/setup-python/compare/v5...v5.4.0</a></p>
<h2>v5.3.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add workflow file for publishing releases to immutable action
package by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/941">actions/setup-python#941</a></li>
<li>Upgrade IA publish by <a
href="https://github.com/Jcambass"><code>@​Jcambass</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/943">actions/setup-python#943</a></li>
</ul>
<h3>Bug Fixes:</h3>
<ul>
<li>Normalise Line Endings to Ensure Cross-Platform Consistency by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/938">actions/setup-python#938</a></li>
<li>Revise <code>isGhes</code> logic by <a
href="https://github.com/jww3"><code>@​jww3</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/963">actions/setup-python#963</a></li>
<li>Bump pillow from 7.2 to 10.2.0 by <a
href="https://github.com/aparnajyothi-y"><code>@​aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/956">actions/setup-python#956</a></li>
</ul>
<h3>Enhancements:</h3>
<ul>
<li>Enhance workflows and documentation updates by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/965">actions/setup-python#965</a></li>
<li>Bump default versions to latest by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/905">actions/setup-python#905</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/Jcambass"><code>@​Jcambass</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/941">actions/setup-python#941</a></li>
<li><a href="https://github.com/jww3"><code>@​jww3</code></a> made their
first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/963">actions/setup-python#963</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.3.0">https://github.com/actions/setup-python/compare/v5...v5.3.0</a></p>
<h2>v5.2.0</h2>
<h2>What's Changed</h2>
<h3>Bug fixes:</h3>
<ul>
<li>Add <code>.zip</code> extension to Windows package downloads for
<code>Expand-Archive</code> Compatibility by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/916">actions/setup-python#916</a>
This addresses compatibility issues on Windows self-hosted runners by
ensuring that the filenames for Python and PyPy package downloads
explicitly include the .zip extension, allowing the Expand-Archive
command to function correctly.</li>
<li>Add arch to cache key by <a
href="https://github.com/Zxilly"><code>@​Zxilly</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/896">actions/setup-python#896</a>
This addresses issues with caching by adding the architecture (arch) to
the cache key, ensuring that cache keys are accurate to prevent
conflicts.
Note: This change may break previous cache keys as they will no longer
be compatible with the new format.</li>
</ul>
<h3>Documentation changes:</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/actions/setup-python/compare/v5...v5.4.0">compare
view</a></li>
</ul>
</details>
<br />

Updates `actions/attest-build-provenance` from 2.1.0 to 2.2.2
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/attest-build-provenance/releases">actions/attest-build-provenance's
releases</a>.</em></p>
<blockquote>
<h2>v2.2.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump predicate action from 1.1.4 to 1.1.5 by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/485">actions/attest-build-provenance#485</a>
<ul>
<li>Bump <code>@​actions/attest</code> from 1.5.0 to 1.6.0 by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/484">actions/attest-build-provenance#484</a>
<ul>
<li>Update buildSLSAProvenancePredicate to populate
<code>workflow.ref</code> field from the <code>ref</code> claim in the
OIDC token (<a
href="https://redirect.github.com/actions/toolkit/pull/1969">actions/toolkit#1969</a>)</li>
</ul>
</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/attest-build-provenance/compare/v2.2.1...v2.2.2">https://github.com/actions/attest-build-provenance/compare/v2.2.1...v2.2.2</a></p>
<h2>v2.2.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump undici from 5.28.4 to 5.28.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/457">actions/attest-build-provenance#457</a></li>
<li>Bump <code>@​octokit/request-error</code> from 5.0.1 to 5.1.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/469">actions/attest-build-provenance#469</a></li>
<li>Bump <code>@​octokit/request</code> from 8.2.0 to 8.4.1 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/478">actions/attest-build-provenance#478</a></li>
<li>Bump actions/attest from 2.2.0 to 2.2.1 by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/481">actions/attest-build-provenance#481</a>
<ul>
<li>Includes <code>@actions/attest</code> <a
href="https://github.com/actions/toolkit/blob/main/packages/attest/RELEASES.md#160">v1.6.0</a></li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/attest-build-provenance/compare/v2.2.0...v2.2.1">https://github.com/actions/attest-build-provenance/compare/v2.2.0...v2.2.1</a></p>
<h2>v2.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump actions/attest from v2.1.0 to v2.2.0 by <a
href="https://github.com/bdehamer"><code>@​bdehamer</code></a> in <a
href="https://redirect.github.com/actions/attest-build-provenance/pull/449">actions/attest-build-provenance#449</a>
<ul>
<li>Includes support for now <code>subject-checksums</code> input
parameter</li>
</ul>
</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/attest-build-provenance/compare/v2.1.0...v2.2.0">https://github.com/actions/attest-build-provenance/compare/v2.1.0...v2.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/bd77c077858b8d561b7a36cbe48ef4cc642ca39d"><code>bd77c07</code></a>
bump predicate from 1.1.4 to 1.1.5 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/485">#485</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/1176ef556905f349f669722abf30bce1a6e16e01"><code>1176ef5</code></a>
bump <code>@​actions/attest</code> from 1.5.0 to 1.6.0 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/484">#484</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/f9eaf234fc1c2e333c1eca18177db0f44fa6ba52"><code>f9eaf23</code></a>
Bump actions/attest from 2.2.0 to 2.2.1 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/481">#481</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/f1321eccb7f66405fe3db013137d2d645e6bc45a"><code>f1321ec</code></a>
Bump <code>@​octokit/request</code> from 8.2.0 to 8.4.1 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/478">#478</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/d8181f545adc18f9aedfb731c23660cb00dc737d"><code>d8181f5</code></a>
Bump the npm-development group with 6 updates (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/476">#476</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/1f22f30822a16ae9e0becf164e213808ab322d24"><code>1f22f30</code></a>
Bump <code>@​octokit/request-error</code> from 5.0.1 to 5.1.1 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/469">#469</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/6e5e68c5f71bfc58cbaa918885e585e490479796"><code>6e5e68c</code></a>
Bump the npm-development group with 4 updates (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/471">#471</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/555f5b7e366d4d3179de3d1e8859906f6883b2d4"><code>555f5b7</code></a>
Bump the npm-development group with 6 updates (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/465">#465</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/2d4fa84118ec070aeab0f526278616ad48b05f47"><code>2d4fa84</code></a>
Bump the npm-development group with 2 updates (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/461">#461</a>)</li>
<li><a
href="https://github.com/actions/attest-build-provenance/commit/ccf3390dd421ed6d05e0f1eb4e39c701e20c300b"><code>ccf3390</code></a>
Bump undici from 5.28.4 to 5.28.5 (<a
href="https://redirect.github.com/actions/attest-build-provenance/issues/457">#457</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/attest-build-provenance/compare/7668571508540a607bdfd90a87a560489fe372eb...bd77c077858b8d561b7a36cbe48ef4cc642ca39d">compare
view</a></li>
</ul>
</details>
<br />

Updates `ossf/scorecard-action` from 2.4.0 to 2.4.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ossf/scorecard-action/releases">ossf/scorecard-action's
releases</a>.</em></p>
<blockquote>
<h2>v2.4.1</h2>
<h2>What's Changed</h2>
<ul>
<li>This update bumps the Scorecard version to the v5.1.1 release. For a
complete list of changes, please refer to the <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.0">v5.1.0</a>
and <a
href="https://github.com/ossf/scorecard/releases/tag/v5.1.1">v5.1.1</a>
release notes.</li>
<li>Publishing results now uses half the API quota as before. The exact
savings depends on the repository in question.
<ul>
<li>use Scorecard library entrypoint instead of Cobra hooking by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1423">ossf/scorecard-action#1423</a></li>
</ul>
</li>
<li>Some errors were made into annotations to make them more visible
<ul>
<li>Make default branch error more prominent by <a
href="https://github.com/jsoref"><code>@​jsoref</code></a> in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a></li>
</ul>
</li>
<li>There is now an optional <code>file_mode</code> input which controls
how repository files are fetched from GitHub. The default is
<code>archive</code>, but <code>git</code> produces the most accurate
results for repositories with <code>.gitattributes</code> files at the
cost of analysis speed.
<ul>
<li>add input for specifying <code>--file-mode</code> by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1509">ossf/scorecard-action#1509</a></li>
</ul>
</li>
<li>The underlying container for the action is now <a
href="https://github.com/ossf/scorecard-action/pkgs/container/scorecard-action">hosted
on GitHub Container Registry</a>. There should be no functional changes.
<ul>
<li>:seedling: publish docker images to GitHub Container Registry by <a
href="https://github.com/spencerschrock"><code>@​spencerschrock</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1453">ossf/scorecard-action#1453</a></li>
</ul>
</li>
</ul>
<h3>Docs</h3>
<ul>
<li>Installation docs update by <a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/JeremiahAHoward"><code>@​JeremiahAHoward</code></a>
made their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1416">ossf/scorecard-action#1416</a></li>
<li><a href="https://github.com/jsoref"><code>@​jsoref</code></a> made
their first contribution in <a
href="https://redirect.github.com/ossf/scorecard-action/pull/1459">ossf/scorecard-action#1459</a>
<strong>Full Changelog</strong>: <a
href="https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1">https://github.com/ossf/scorecard-action/compare/v2.4.0...v2.4.1</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ossf/scorecard-action/commit/f49aabe0b5af0936a0987cfb85d86b75731b0186"><code>f49aabe</code></a>
bump docker to ghcr v2.4.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1478">#1478</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/30a595ba8670f7bd5e2d33119dfeeb6ab2f64991"><code>30a595b</code></a>
:seedling: Bump github.com/sigstore/cosign/v2 from 2.4.2 to 2.4.3 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1515">#1515</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/69ae593b7addfd5241b46c43c7ed6abbd7203d55"><code>69ae593</code></a>
omit vcs info from build (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1514">#1514</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/6a62a1cbf28018bd61197d0c2852b94b046fe1a4"><code>6a62a1c</code></a>
add input for specifying <code>--file-mode</code> (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1509">#1509</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/2722664778d49161a69d42f8e82e15ed38fea8d1"><code>2722664</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1510">#1510</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/ae0ef3171a81cb48c3fdaaf34cba323d0c51fefb"><code>ae0ef31</code></a>
:seedling: Bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1512">#1512</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/3676bbc29082184ac34a84d1573c0419f81c4a68"><code>3676bbc</code></a>
:seedling: Bump golang from 1.23.6 to 1.24.0 in the docker-images group
(<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1513">#1513</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/ae7548a0ff1b94dda3a89eeda8f59c031874f035"><code>ae7548a</code></a>
Limit codeQL push trigger to main branch (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1507">#1507</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/9165624e75f0c73d13a9db2d4d920bcc5fc3a801"><code>9165624</code></a>
upgrade scorecard to v5.1.0 (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1508">#1508</a>)</li>
<li><a
href="https://github.com/ossf/scorecard-action/commit/620fd28d6b2ba01c1d70cf63dfb4bdf868e19d6f"><code>620fd28</code></a>
:seedling: Bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/ossf/scorecard-action/issues/1505">#1505</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

.github/workflows/docs.yml

@@ -102,7 +102,7 @@ jobs:
         with:
           fetch-depth: 1
       - name: Setup Python env
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v5.4.0
         with:
           python-version: '3.11'
           cache: 'pip'

.github/workflows/llvm-project-tests.yml

@@ -82,7 +82,7 @@ jobs:
       # lldb.  Using this setup-python action to make 3.10 the default
       # python fixes this.
       - name: Setup Python
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v5.4.0
         with:
           python-version: ${{ inputs.python_version }}
       - name: Install Ninja

.github/workflows/pr-code-format.yml

@@ -65,7 +65,7 @@ jobs:
           clangformat: 19.1.6
 
       - name: Setup Python env
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v5.4.0
         with:
           python-version: '3.11'
           cache: 'pip'

.github/workflows/release-binaries.yml

@@ -65,7 +65,7 @@ jobs:
     steps:
     # It's good practice to use setup-python, but this is also required on macos-14
     # due to https://github.com/actions/runner-images/issues/10385
-    - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f
+    - uses: actions/setup-python@6ca8e8598faa206f7140a65ba31b899bebe16f58
       with:
         python-version: '3.12'
 
@@ -294,7 +294,7 @@ jobs:
 
     - name: Attest Build Provenance
       id: provenance
-      uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
+      uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2
       with:
         subject-path: ${{ needs.prepare.outputs.release-binary-filename }}
 

.github/workflows/release-documentation.yml

@@ -37,7 +37,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Setup Python env
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v5.4.0
         with:
           cache: 'pip'
           cache-dependency-path: './llvm/docs/requirements.txt'

.github/workflows/release-doxygen.yml

@@ -43,7 +43,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Setup Python env
-        uses: actions/setup-python@v5
+        uses: actions/setup-python@v5.4.0
         with:
           cache: 'pip'
           cache-dependency-path: './llvm/docs/requirements.txt'

.github/workflows/release-sources.yml

@@ -92,7 +92,7 @@ jobs:
       - name: Attest Build Provenance
         if: github.event_name != 'pull_request'
         id: provenance
-        uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0
+        uses: actions/attest-build-provenance@bd77c077858b8d561b7a36cbe48ef4cc642ca39d # v2.2.2
         with:
           subject-path: "*.xz"
       - if: github.event_name != 'pull_request'

.github/workflows/scorecard.yml

@@ -36,7 +36,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
+        uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
         with:
           results_file: results.sarif
           results_format: sarif

.github/workflows/ur-precommit.yml

@@ -87,7 +87,7 @@ jobs:
     - name: Checkout LLVM
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-    - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+    - uses: actions/setup-python@6ca8e8598faa206f7140a65ba31b899bebe16f58 # v5.0.0
       with:
         python-version: 3.9
 

.github/workflows/ur-source-checks.yml

@@ -21,7 +21,7 @@ jobs:
     - name: Checkout LLVM
       uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-    - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
+    - uses: actions/setup-python@6ca8e8598faa206f7140a65ba31b899bebe16f58 # v5.0.0
       with:
         python-version: 3.9