ci: bump the github-actions group with 2 updates

Bumps the github-actions group with 2 updates: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) and [creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml](https://github.com/creatornader/oss-security-scan).


Updates `dependabot/fetch-metadata` from 2 to 3
- [Release notes](https://github.com/dependabot/fetch-metadata/releases)
- [Commits](dependabot/fetch-metadata@v2...v3)

Updates `creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml` from 0.1.0 to 0.1.1
- [Changelog](https://github.com/creatornader/oss-security-scan/blob/main/CHANGELOG.md)
- [Commits](creatornader/oss-security-scan@v0.1.0...v0.1.1)

---
updated-dependencies:
- dependency-name: dependabot/fetch-metadata
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml
  dependency-version: 0.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>

Author: dependabot[bot]

.github/workflows/dependabot-auto-merge.yml

@@ -34,7 +34,7 @@ jobs:
     steps:
       - name: Get Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@v2
+        uses: dependabot/fetch-metadata@v3
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 

.github/workflows/security-scan.yml

@@ -23,7 +23,7 @@ permissions:
 
 jobs:
   scan:
-    uses: creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml@v0.1.0
+    uses: creatornader/oss-security-scan/.github/workflows/oss-security-scan.yml@v0.1.1
     with:
       run-osv-scanner: ${{ github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' }}