Bump GH actions (trivy, codeql, upload-artifact)

.github/workflows/generate-code-coverage.yaml

@@ -41,7 +41,7 @@ jobs:
           cat base-coverage.tmp | grep -v "mock_" > base-coverage.out
 
       - name: Upload report
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: base-coverage
           path: base-coverage.out
@@ -64,7 +64,7 @@ jobs:
           cat pr-coverage.tmp | grep -v "mock_" > pr-coverage.out
 
       - name: Upload report
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: pr-coverage
           path: pr-coverage.out

.github/workflows/trivy-containers.yaml

@@ -68,7 +68,7 @@ jobs:
         run: docker pull ${{ matrix.image }}
 
       - name: Scan container image
-        uses: aquasecurity/trivy-action@0.16.1
+        uses: aquasecurity/trivy-action@0.26.0
         with:
           image-ref: '${{ matrix.image }}'
           output: 'results.sarif'
@@ -77,6 +77,6 @@ jobs:
           severity: 'HIGH,CRITICAL'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'results.sarif'

.github/workflows/trivy.yaml

@@ -32,7 +32,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.24.0
+        uses: aquasecurity/trivy-action@0.26.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -41,6 +41,6 @@ jobs:
           severity: 'HIGH,CRITICAL'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'results.sarif'