build: bump the github-actions group with 2 updates

[dependabot[bot]]

Bumps the github-actions group with 2 updates: gradle/actions and actions/attest-build-provenance.

Updates gradle/actions from 3.3.2 to 3.4.1

Release notes

Sourced from gradle/actions's releases.

v3.4.1

This patch release fixes a bug introduced in v3.4.0, that prevents build scan publication to Develocity. The bug results in the removal of the DEVELOCITY_ACCESS_KEY variable being removed, so that Gradle cannot authenticate with the Develocity server.

What's Changed

• Don't clear access key when access token cannot be obtained by @​cdsap in gradle/actions#258
• Simplify requesting short-lived Develocity access tokens by @​bigdaz in gradle/actions#259

Full Changelog: https://github.com/gradle/actions/compare/v3.4.0...v3.4.1

v3.4.0

This release improves the integration with Gradle Develocity®, as well as updating a number of key dependencies.

• The new develocity-access-key input parameter allows the action to generate a short-lived access token for subsequent communication with Develocity. This reduces the risk of the full (long-lived) access key being compromised, either accidentally or by a malicious action.
• New input parameters are available to configure Develocity injection. Previously Develocity injection could only be enabled by setting environment variables.
• Checksums for Gradle 8.8 are now included, so that no network request is required for wrapper-validation with Gradle 8.8 wrappers.

What's Changed

• Add support for short-lived tokens by @​alextu in gradle/actions#224
• Update known wrapper checksums by @​github-actions in gradle/actions#240
• Update to Gradle 8.8 by @​bigdaz in gradle/actions#251
• Adding Develocity input actions by @​cdsap in gradle/actions#244
• Fail on invalid boolean for Develocity inputs by @​bigdaz in gradle/actions#252

New Contributors

• @​serieznyi made their first contribution in gradle/actions#216
• @​lokalpage-safe made their first contribution in gradle/actions#205
• @​alextu made their first contribution in gradle/actions#224
• @​bot-githubaction made their first contribution in gradle/actions#227
• @​antonmos made their first contribution in gradle/actions#234
• @​cdsap made their first contribution in gradle/actions#244

Full Changelog: https://github.com/gradle/actions/compare/v3.3.2...v3.4.0

Commits

• 31ae356 [bot] Update dist directory
• 719985d Simplify requesting short-lived Develocity access tokens (#259)
• b532389 [bot] Update dist directory
• 5f1c582 handle missing access token
• d9336da [bot] Update dist directory
• 8dbe9a3 Update DV access key regex to be more selective
• 9c34307 [bot] Update dist directory
• 30c82f0 Fail on invalid boolean for Develocity inputs
• e3bc05f Run CodeQL on PRs
• 485ea10 Run CodeQL on dev/* branches
• Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.2.0 to 1.3.1

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.3.1

What's Changed

• Bump actions/attest from 1.3.0 to 1.3.1 by @​bdehamer in actions/attest-build-provenance#117
  • Bugfix when detecting support for the referrers API with OCI registries

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v1.3.0...v1.3.1

v1.3.0

What's Changed

• Bump actions/attest-build-provenance/predicate from 1.0.0 to 1.1.0 by @​bdehamer in actions/attest-build-provenance#116
  • Switch to new GH provenance build type
• Bump actions/attest from 1.2.0 to 1.3.0 by @​bdehamer in actions/attest-build-provenance#116
  • Dynamic construction of GitHub API URLs based on GITHUB_SERVER_URL
  • Improved handling of Rekor 409 responses
  • Bugfix - detection of registries with support for the OCI referrers API

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v1.2.0...v1.3.0

Commits

• 534b352 bump actions/attest from 1.3.0 to 1.3.1 (#117)
• 3119152 bump predicate and actions/attest (#116)
• 52bfabd Bump braces from 3.0.2 to 3.0.3 (#115)
• 46e4ff8 bump @​actions/attest from 1.2.1 to 1.3.0 (#114)
• 3161db1 Bump eslint-plugin-github from 4.10.2 to 5.0.1 (#107)
• 3471ca2 Bump the npm-development group with 6 updates (#106)
• 8f1fc17 Revert "disable github action linting (#54)" (#102)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions