Bump actions/setup-java from 4.4.0 to 4.5.0 in /github/workflows (Chr…

…isCarini/github-repo-files-sync/pull/230); Bump gradle/actions from 4.1.0 to 4.2.0 in /github/workflows (ChrisCarini/github-repo-files-sync/pull/232) (#465)

* Bump actions/setup-java from 4.4.0 to 4.5.0 in /github/workflows (ChrisCarini/github-repo-files-sync#230)

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@b36c23c...8df1039)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump gradle/actions from 4.1.0 to 4.2.0 in /github/workflows (ChrisCarini/github-repo-files-sync#232)

Bumps [gradle/actions](https://github.com/gradle/actions) from 4.1.0 to 4.2.0.
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@d156388...473878a)

---
updated-dependencies:
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/scorecards-analysis.yml

@@ -68,6 +68,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@396bb3e45325a47dd9ef434068033c6d5bb0d11a # v3.27.3
+        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
         with:
           sarif_file: results.sarif