Update workflows (#1596)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://togithub.com/actions/checkout) | action |
minor | `v3.5.3` -> `v3.6.0` |
|
[actions/upload-artifact](https://togithub.com/actions/upload-artifact)
| action | patch | `v3.1.2` -> `v3.1.3` |
| gaurav-nelson/github-action-markdown-link-check | action | digest |
`46e4421` -> `a996638` |
| [github/codeql-action](https://togithub.com/github/codeql-action) |
action | minor | `v2.20.1` -> `v2.21.5` |
|
[pypa/gh-action-pypi-publish](https://togithub.com/pypa/gh-action-pypi-publish)
| action | patch | `v1.8.8` -> `v1.8.10` |

---

### Release Notes

<details>
<summary>actions/checkout (actions/checkout)</summary>

###
[`v3.6.0`](https://togithub.com/actions/checkout/blob/HEAD/CHANGELOG.md#v360)

[Compare
Source](https://togithub.com/actions/checkout/compare/v3.5.3...v3.6.0)

- [Fix: Mark test scripts with Bash'isms to be run via
Bash](https://togithub.com/actions/checkout/pull/1377)
- [Add option to fetch tags even if fetch-depth >
0](https://togithub.com/actions/checkout/pull/579)

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v3.1.3`](https://togithub.com/actions/upload-artifact/releases/tag/v3.1.3)

[Compare
Source](https://togithub.com/actions/upload-artifact/compare/v3.1.2...v3.1.3)

#### What's Changed

- chore(github): remove trailing whitespaces by
[@&#8203;ljmf00](https://togithub.com/ljmf00) in
[https://github.com/actions/upload-artifact/pull/313](https://togithub.com/actions/upload-artifact/pull/313)
- Bump [@&#8203;actions/artifact](https://togithub.com/actions/artifact)
version to v1.1.2 by
[@&#8203;bethanyj28](https://togithub.com/bethanyj28) in
[https://github.com/actions/upload-artifact/pull/436](https://togithub.com/actions/upload-artifact/pull/436)

**Full Changelog**:
actions/upload-artifact@v3...v3.1.3

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v2.21.5`](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.4...v2.21.5)

###
[`v2.21.4`](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.3...v2.21.4)

###
[`v2.21.3`](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.2...v2.21.3)

###
[`v2.21.2`](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.1...v2.21.2)

###
[`v2.21.1`](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.21.0...v2.21.1)

###
[`v2.21.0`](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.4...v2.21.0)

###
[`v2.20.4`](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.3...v2.20.4)

###
[`v2.20.3`](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.2...v2.20.3)

###
[`v2.20.2`](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

[Compare
Source](https://togithub.com/github/codeql-action/compare/v2.20.1...v2.20.2)

</details>

<details>
<summary>pypa/gh-action-pypi-publish
(pypa/gh-action-pypi-publish)</summary>

###
[`v1.8.10`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.10)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.9...v1.8.10)

#### 🐛 What's Fixed

[@&#8203;woodruffw](https://togithub.com/woodruffw) fixed decoding OIDC
claims in debug output on failure by applying correct padding to the
encoded payload via
[https://github.com/pypa/gh-action-pypi-publish/pull/177](https://togithub.com/pypa/gh-action-pypi-publish/pull/177).

**Full Diff**:
pypa/gh-action-pypi-publish@v1.8.9...v1.8.10

###
[`v1.8.9`](https://togithub.com/pypa/gh-action-pypi-publish/releases/tag/v1.8.9)

[Compare
Source](https://togithub.com/pypa/gh-action-pypi-publish/compare/v1.8.8...v1.8.9)

#### 💅 Cosmetic output improvements

- [@&#8203;woodruffw](https://togithub.com/woodruffw) added debug output
to the trusted publishing OIDC exchange on failures in
[https://github.com/pypa/gh-action-pypi-publish/pull/174](https://togithub.com/pypa/gh-action-pypi-publish/pull/174)
- [@&#8203;woodruffw](https://togithub.com/woodruffw) implemented
Markdown semantic callouts in README via
[https://github.com/pypa/gh-action-pypi-publish/pull/175](https://togithub.com/pypa/gh-action-pypi-publish/pull/175)

#### 🛠️ Internal dependencies

- Certifi was bumped from 2023.5.7 to 2023.7.22
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/171](https://togithub.com/pypa/gh-action-pypi-publish/pull/171)ll/171
- Cryptography was bumped from 41.0.2 to 41.0.3
@&#[https://github.com/pypa/gh-action-pypi-publish/pull/172](https://togithub.com/pypa/gh-action-pypi-publish/pull/172)ll/172

**Full Diff**:
pypa/gh-action-pypi-publish@v1.8.8...v1.8.9

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "before 6am on wednesday" in timezone
Australia/Sydney, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config help](https://togithub.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/google/osv.dev).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi42OC4xIiwidXBkYXRlZEluVmVyIjoiMzYuODMuMCIsInRhcmdldEJyYW5jaCI6Im1hc3RlciJ9-->

.github/workflows/link-checker-on-push.yml

@@ -9,7 +9,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
+    - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
       with:
         use-quiet-mode: "yes"
         check-modified-files-only: "yes"

.github/workflows/link-checker.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@master
-    - uses: gaurav-nelson/github-action-markdown-link-check@46e442156b8161bfd0913357c7a411e0e610d2ad
+    - uses: gaurav-nelson/github-action-markdown-link-check@a996638015fbc9ef96beef1a41bbad7df8e06154
       with:
         use-quiet-mode: "yes"
 

.github/workflows/publish-to-pypi.yaml

@@ -44,7 +44,7 @@ jobs:
         build
         --sdist --wheel --outdir dist/ .
     - name: Publish distribution to PyPI
-      uses: pypa/gh-action-pypi-publish@f8c70e705ffc13c3b4d1221169b84f12a75d6ca8 # v1.8.8
+      uses: pypa/gh-action-pypi-publish@b7f401de30cb6434a1e19f805ff006643653240e # v1.8.10
       with:
         password: ${{ secrets.PYPI_API_TOKEN }}
         packages_dir: dist/

.github/workflows/scorecards.yml

@@ -22,7 +22,7 @@ jobs:
       id-token: write
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           persist-credentials: false
 
@@ -42,14 +42,14 @@ jobs:
 
       # Upload the results as artifacts (optional).
       - name: "Upload artifact"
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@f6e388ebf0efc915c6c5b165b019ee61a6746a38 # v2.20.1
+        uses: github/codeql-action/upload-sarif@00e563ead9f72a8461b24876bee2d0c2e8bd2ee8 # v2.21.5
         with:
           sarif_file: results.sarif