Bump the all-github-actions group across 1 directory with 2 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the all-github-actions group with 2 updates in the / directory: actions/setup-go and aquasecurity/trivy-action.

Updates actions/setup-go from 5 to 6

Release notes

Sourced from actions/setup-go's releases.

v6.0.0

What's Changed

Breaking Changes

• Improve toolchain handling to ensure more reliable and consistent toolchain selection and management by @​matthewhughes934 in actions/setup-go#460
• Upgrade Nodejs runtime from node20 to node 24 by @​salmanmkc in actions/setup-go#624

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Dependency Upgrades

• Upgrade @​types/jest from 29.5.12 to 29.5.14 by @​dependabot[bot] in actions/setup-go#589
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in actions/setup-go#591
• Upgrade @​typescript-eslint/parser from 8.31.1 to 8.35.1 by @​dependabot[bot] in actions/setup-go#590
• Upgrade undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in actions/setup-go#594
• Upgrade typescript from 5.4.2 to 5.8.3 by @​dependabot[bot] in actions/setup-go#538
• Upgrade eslint-plugin-jest from 28.11.0 to 29.0.1 by @​dependabot[bot] in actions/setup-go#603
• Upgrade form-data to bring in fix for critical vulnerability by @​matthewhughes934 in actions/setup-go#618
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-go#631

New Contributors

• @​matthewhughes934 made their first contribution in actions/setup-go#618
• @​salmanmkc made their first contribution in actions/setup-go#624

Full Changelog: actions/setup-go@v5...v6.0.0

v5.5.0

What's Changed

Bug fixes:

• Update self-hosted environment validation by @​priyagupta108 in actions/setup-go#556
• Add manifest validation and improve error handling by @​priyagupta108 in actions/setup-go#586
• Update template link by @​jsoref in actions/setup-go#527

Dependency updates:

• Upgrade @​action/cache from 4.0.2 to 4.0.3 by @​aparnajyothi-y in actions/setup-go#574
• Upgrade @​actions/glob from 0.4.0 to 0.5.0 by @​dependabot in actions/setup-go#573
• Upgrade ts-jest from 29.1.2 to 29.3.2 by @​dependabot in actions/setup-go#582
• Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by @​dependabot in actions/setup-go#537

New Contributors

• @​jsoref made their first contribution in actions/setup-go#527

Full Changelog: actions/setup-go@v5...v5.5.0

v5.4.0

What's Changed

Dependency updates :

• Upgrade semver from 7.6.0 to 7.6.3 by @​dependabot in actions/setup-go#535
• Upgrade eslint-config-prettier from 8.10.0 to 10.0.1 by @​dependabot in actions/setup-go#536
• Upgrade @​action/cache from 4.0.0 to 4.0.2 by @​aparnajyothi-y in actions/setup-go#568
• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in actions/setup-go#541

... (truncated)

Commits

• 4469467 Bump actions/checkout from 4 to 5 (#631)
• e093d1e Node 24 upgrade (#624)
• 1d76b95 Improve toolchain handling (#460)
• e75c3e8 Bump form-data to bring in fix for critical vulnerability (#618)
• 8e57b58 Bump eslint-plugin-jest from 28.11.0 to 29.0.1 (#603)
• 7c0b336 Bump typescript from 5.4.2 to 5.8.3 (#538)
• 6f26dcc Bump undici from 5.28.5 to 5.29.0 (#594)
• 8d4083a Bump @​typescript-eslint/parser from 5.62.0 to 8.32.0 (#590)
• fa96338 Bump @​actions/tool-cache from 2.0.1 to 2.0.2 (#591)
• 4de67c0 Bump @​types/jest from 29.5.12 to 29.5.14 (#589)
• See full diff in compare view

Updates aquasecurity/trivy-action from 0.32.0 to 0.33.1

Release notes

Sourced from aquasecurity/trivy-action's releases.

v0.33.1

What's Changed

• Update setup-trivy action to version v0.2.4 by @​martincostello in aquasecurity/trivy-action#486

Full Changelog: aquasecurity/trivy-action@0.33.0...0.33.1

v0.33.0

What's Changed

• Update dependencies in README by @​ibakshay in aquasecurity/trivy-action#378
• doc: correct sbom fs scan by @​yxtay in aquasecurity/trivy-action#458
• Pin actions/cache by SHA by @​martincostello in aquasecurity/trivy-action#480
• chore(ci): Add oras to correctly setup sync jobs by @​simar7 in aquasecurity/trivy-action#482
• chore(deps): Update trivy to v0.65.0 by @​aqua-bot in aquasecurity/trivy-action#481

New Contributors

• @​ibakshay made their first contribution in aquasecurity/trivy-action#378
• @​yxtay made their first contribution in aquasecurity/trivy-action#458
• @​martincostello made their first contribution in aquasecurity/trivy-action#480

Full Changelog: aquasecurity/trivy-action@0.32.0...0.33.0

Commits

• b6643a2 Update setup-trivy action to version v0.2.4 (#486)
• f9424c1 Merge pull request #481 from aquasecurity/bump-trivy-1755898251
• 85abccb dev: delete fanal.db before tests
• a169870 ci: update golden files on Trivy bump
• 71f6a8f dev: add update-golden goal
• bf330b1 test: update golden files
• 644762e Merge pull request #482 from aquasecurity/fix-gh-actions
• f2e2851 chore(ci): Add oras to correctly setup sync jobs
• 636fd3c fix: update tests
• 7c0244b chore(deps): Update trivy to v0.65.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot rebase.

[benjaminjb]

@dependabot rebase.