Update all dependencies

.github/workflows/shared-build-and-publish-docker-image.yml

@@ -89,15 +89,15 @@ jobs:
 
       - name: Set up QEMU
         if: ${{ inputs.build_arm64_image }}
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@v4
         with:
           platforms: 'arm64'
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: Azure login
-        uses: azure/login@v2
+        uses: azure/login@v3
         with:
           client-id: ${{ secrets.azure_client_id }}
           tenant-id: ${{ secrets.azure_tenant_id }}
@@ -114,13 +114,13 @@ jobs:
 
       - name: Download artifacts
         if: ${{ inputs.artifact-id }}
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           artifact-ids: ${{ inputs.artifact-id }}
           path: ${{ inputs.artifact-path }}
 
       - name: Build and push
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@v7
         with:
           tags: |
             ${{ steps.variables.outputs.docker_image }}

.github/workflows/shared-check-renovatebot-config.yml

@@ -27,6 +27,6 @@ jobs:
           submodules: ${{ inputs.checkout_submodules }}
 
       - name: Validate config
-        uses: suzuki-shunsuke/github-action-renovate-config-validator@c22827f47f4f4a5364bdba19e1fe36907ef1318e # v1.1.1
+        uses: suzuki-shunsuke/github-action-renovate-config-validator@ee9f69e1f683ed0d08225086482b34fc9abe9300 # v2.1.0
         with:
           config_file_path: ${{ inputs.config_file_path }}

.github/workflows/shared-run-e2e.yml

@@ -234,7 +234,7 @@ jobs:
           cat ${{ github.workspace }}/durations.out.json
 
       - name: Upload test durations
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: "e2e-test-durations-${{ strategy.job-index }}"
           path: ${{ github.workspace }}/durations.out.json
@@ -250,7 +250,7 @@ jobs:
       - name: Upload test reports as an artifact
         # Should be run especially when tests fail
         if: always()
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: cypress-test-results-${{ strategy.job-index }}
           path: ${{ github.workspace }}/ctrf-report.json
@@ -276,7 +276,7 @@ jobs:
 
       - name: Upload test reports as an artifact
         if: always() && steps.copy_test_reports.outputs.test_reports_exist == 'true'
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: cypress-docker-reports-${{ strategy.job-index }}
           path: ${{ github.workspace }}/test-reports
@@ -316,7 +316,7 @@ jobs:
 
       - name: Upload Docker server logs as an artifact
         if: always() && steps.collect_docker_logs.outputs.test_server_logs_exist == 'true'
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: cypress-server-logs-${{ strategy.job-index }}
           path: ${{ github.workspace }}/docker-logs
@@ -328,14 +328,14 @@ jobs:
       - run_e2e_tests
     steps:
       - name: Download E2E Test Results
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         continue-on-error: true
         with:
           pattern: cypress-test-results-*
           path: ${{ github.workspace }}/ctrf
 
       - name: Publish Test Report
-        uses: ctrf-io/github-test-reporter@024bc4b64d997ca9da86833c6b9548c55c620e40 # v1.0.26
+        uses: ctrf-io/github-test-reporter@0f299074936c32ccaab5be5230511f6b2b9080aa # v1.0.28
         with:
           report-path: "ctrf/*/*.json"
           summary-report: true
@@ -360,7 +360,7 @@ jobs:
           ssh-key: ${{ secrets.jore4_ci_data_repo_ssh_key }}
 
       - name: Download E2E Test Durations
-        uses: actions/download-artifact@v7
+        uses: actions/download-artifact@v8
         with:
           pattern: e2e-test-durations-*
           path: ${{ github.workspace }}/split-durations

.github/workflows/shared-secret-scan.yml

@@ -43,7 +43,7 @@ jobs:
           fetch-depth: 0
 
       - name: Secret Scanning
-        uses: trufflesecurity/trufflehog@ef6e76c3c4023279497fab4721ffa071a722fd05 # v3.92.4
+        uses: trufflesecurity/trufflehog@6bd2d14f7a4bc1e569fa3550efa7ec632a4fa67b # v3.94.2
         with:
           extra_args: --results=verified,unverified,unknown --exclude-detectors=AWS
 
@@ -62,7 +62,7 @@ jobs:
     steps:
       - name: Send ${{ matrix.alert_type }} alert
         if: matrix.enabled
-        uses: dawidd6/action-send-mail@6e71c855c9a091d80a519621b9fd3e8d252ca40c # v7
+        uses: dawidd6/action-send-mail@d38f3f7cd391cdebfe0d38efc3998b935e951c4f # v16
         with:
           server_address: smtp.gmail.com
           server_port: 465

github-actions/setup-e2e-environment/action.yml

@@ -114,7 +114,7 @@ runs:
 
     - name: Download docker-compose bundle from GHA artifact
       if: ${{ inputs.docker_compose_bundle_gha_artifact }}
-      uses: actions/download-artifact@v7
+      uses: actions/download-artifact@v8
       with:
         name: jore4-docker-compose-bundle
         path: ${{ github.workspace }}/docker