Upgrade GitHub Actions to latest versions

[salmanmkc]

Summary

Upgrade GitHub Actions to their latest versions for improved features, bug fixes, and security updates.

Changes

Action	Old Version(s)	New Version	Release	Files
actions/upload-pages-artifact	56afc60	7b1f4a7	Release	docs.yml
anchore/sbom-action	v0	17ae174	Release	release.md
aquasecurity/trivy-action	b6643a2	e368e32	Release	security-scan.yml
docker/build-push-action	v6	10e90e3	Release	release.md
docker/login-action	v3	c94ce9f	Release	release.md
docker/metadata-action	v5	c299e40	Release	release.md
docker/setup-buildx-action	v3	8d2750c	Release	release.md
github/codeql-action/analyze	4248455	bb471cd	Release	codeql.yml
github/codeql-action/init	4248455	bb471cd	Release	codeql.yml
github/codeql-action/upload-sarif	4248455, v3	bb471cd	Release	security-scan.yml, vet.yml
github/stale-repos	v3.0.2	6084a41	Release	stale-repo-identifier.md
safedep/vet-action	v1	e2a7885	Release	vet.yml
super-linter/super-linter	v8.5.0	61abc07	Release	super-linter.md

Why upgrade?

Keeping GitHub Actions up to date ensures:

• Security: Latest security patches and fixes
• Features: Access to new functionality and improvements
• Compatibility: Better support for current GitHub features
• Performance: Optimizations and efficiency improvements

⚠️ Breaking Changes

• github/codeql-action/init (v3 → v4): Major version upgrade — review the release notes for breaking changes
• github/codeql-action/analyze (v3 → v4): Major version upgrade — review the release notes for breaking changes
• actions/upload-pages-artifact (v3 → v4): Major version upgrade — review the release notes for breaking changes
• github/codeql-action/upload-sarif (v3 → v4): Major version upgrade — review the release notes for breaking changes
• github/stale-repos (v3.0.2 → v8.0.4): Major version upgrade — review the release notes for breaking changes

Security Note

🔒 All actions are pinned to commit SHAs for maximum supply-chain security. Each reference includes a version comment (e.g., actions/checkout@abc123 # v6) for easy identification.

Testing

These changes only affect CI/CD workflow configurations and should not impact application functionality. The workflows should be tested by running them on a branch before merging.

[Copilot]

Pull request overview

This PR upgrades multiple GitHub Actions to their latest versions by pinning them to specific commit SHAs for enhanced supply-chain security. The upgrades include security-related actions (CodeQL, Trivy, Gosec scanners), Docker build tools, SBOM generation, documentation deployment, and code quality tools.

Changes:

• Upgraded CodeQL actions from v3 to v4 across multiple workflow files (breaking change)
• Updated Docker build/push/login/metadata actions to latest v6/v3/v5 commit SHAs
• Upgraded security scanning tools (Trivy, vet-action) to latest versions
• Updated documentation deployment and SBOM generation actions

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/workflows/vet.yml	Updated safedep/vet-action and codeql-action/upload-sarif to latest versions
.github/workflows/super-linter.md	Updated super-linter to latest v8 commit SHA
.github/workflows/stale-repo-identifier.md	Updated github/stale-repos from v3.0.2 to v8.0.4
.github/workflows/security-scan.yml	Updated CodeQL upload-sarif actions to v4 and Trivy to 0.34.1
.github/workflows/release.md	Updated Docker build tools and anchore/sbom-action to latest versions
.github/workflows/docs.yml	Updated actions/upload-pages-artifact from v3 to v4
.github/workflows/codeql.yml	Updated CodeQL init and analyze actions from v3 to v4

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.