build(deps): bump the github-actions group with 4 updates

Bumps the github-actions group with 4 updates: [actions/checkout](https://github.com/actions/checkout), [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance), [actions/attest-sbom](https://github.com/actions/attest-sbom) and [codecov/codecov-action](https://github.com/codecov/codecov-action).


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](actions/checkout@v3...v4)

Updates `actions/attest-build-provenance` from 1 to 2
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@v1...v2)

Updates `actions/attest-sbom` from 1 to 2
- [Release notes](https://github.com/actions/attest-sbom/releases)
- [Changelog](https://github.com/actions/attest-sbom/blob/main/RELEASE.md)
- [Commits](actions/attest-sbom@v1...v2)

Updates `codecov/codecov-action` from 5.0.7 to 5.1.1
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v5.0.7...v5.1.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/attest-sbom
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>

.github/workflows/acpi-validation.yml

@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: set up Python
         uses: actions/setup-python@v5

.github/workflows/image.yml

@@ -100,7 +100,7 @@ jobs:
 
       - name: Generate image attestation
         if: ${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch')}}
-        uses: actions/attest-build-provenance@v1
+        uses: actions/attest-build-provenance@v2
         with:
           subject-name: quay.io/sustainable_computing_io/${{matrix.IMAGE_NAME}}
           subject-digest: ${{ steps.build-push-image.outputs.digest }}
@@ -122,7 +122,7 @@ jobs:
           retention-days: 1
 
       - name: Generate SBOM attestation
-        uses: actions/attest-sbom@v1
+        uses: actions/attest-sbom@v2
         if: ${{ inputs.pushImage }}
         with:
           subject-name: quay.io/sustainable_computing_io/${{matrix.IMAGE_NAME}}

.github/workflows/scorecard.yml

@@ -24,7 +24,7 @@ jobs:
 
     steps:
       - name: Checkout code
-        uses: actions/checkout@2d7d9f7ff5b310f983d059b68785b3c74d8b8edd # v4.1.1
+        uses: actions/checkout@cbb722410c2e876e24abbe8de2cc27693e501dcb # v4.1.1
         with:
           persist-credentials: false
 

.github/workflows/unit_test.yml

@@ -40,7 +40,7 @@ jobs:
 
       - name: Upload coverage reports to Codecov
         if: github.event_name != 'pull_request'
-        uses: codecov/codecov-action@v5.0.7
+        uses: codecov/codecov-action@v5.1.1
         with:
           fail_ci_if_error: false # because codecov updates occasionally fail
           files: coverage.out