chore(deps): update github-actions deps (#6454)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-go](https://github.com/actions/setup-go) |
action | minor | `v5.1.0` -> `v5.2.0` |
|
[actions/upload-artifact](https://github.com/actions/upload-artifact)
| action | minor | `v4.4.0` -> `v4.5.0` |
|
[github/codeql-action](https://github.com/github/codeql-action)
| action | minor | `v3.27.0` -> `v3.28.0` |

---

### Release Notes

<details>
<summary>actions/setup-go (actions/setup-go)</summary>

###
[`v5.2.0`](https://github.com/actions/setup-go/releases/tag/v5.2.0)

[Compare
Source](https://github.com/actions/setup-go/compare/v5.1.0...v5.2.0)

#### What's Changed

- Leveraging the raw API to retrieve the version-manifest, as it does
not impose a rate limit and hence facilitates unrestricted consumption
without the need for a token for Github Enterprise Servers by
[@&#8203;Shegox](https://github.com/Shegox) in
[https://github.com/actions/setup-go/pull/496](https://github.com/actions/setup-go/pull/496)

#### New Contributors

- [@&#8203;Shegox](https://github.com/Shegox) made their first
contribution in
[https://github.com/actions/setup-go/pull/496](https://github.com/actions/setup-go/pull/496)

**Full Changelog**:
actions/setup-go@v5...v5.2.0

</details>

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v4.5.0`](https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0)

###
[`v4.4.3`](https://github.com/actions/upload-artifact/releases/tag/v4.4.3)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3)

##### What's Changed

- Undo indirect dependency updates from
[#&#8203;627](https://github.com/actions/upload-artifact/issues/627)
by [@&#8203;joshmgross](https://github.com/joshmgross) in
[https://github.com/actions/upload-artifact/pull/632](https://github.com/actions/upload-artifact/pull/632)

**Full Changelog**:
actions/upload-artifact@v4.4.2...v4.4.3

###
[`v4.4.2`](https://github.com/actions/upload-artifact/releases/tag/v4.4.2)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2)

##### What's Changed

- Bump `@actions/artifact` to 2.1.11 by
[@&#8203;robherley](https://github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/627](https://github.com/actions/upload-artifact/pull/627)
    -   Includes fix for relative symlinks not resolving properly

**Full Changelog**:
actions/upload-artifact@v4.4.1...v4.4.2

###
[`v4.4.1`](https://github.com/actions/upload-artifact/releases/tag/v4.4.1)

[Compare
Source](https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1)

##### What's Changed

- Add a section about hidden files by
[@&#8203;joshmgross](https://github.com/joshmgross) in
[https://github.com/actions/upload-artifact/pull/607](https://github.com/actions/upload-artifact/pull/607)
- Add workflow file for publishing releases to immutable action package
by [@&#8203;Jcambass](https://github.com/Jcambass) in
[https://github.com/actions/upload-artifact/pull/621](https://github.com/actions/upload-artifact/pull/621)
- Update
[@&#8203;actions/artifact](https://github.com/actions/artifact)
to latest version, includes symlink and timeout fixes by
[@&#8203;robherley](https://github.com/robherley) in
[https://github.com/actions/upload-artifact/pull/625](https://github.com/actions/upload-artifact/pull/625)

##### New Contributors

- [@&#8203;Jcambass](https://github.com/Jcambass) made their
first contribution in
[https://github.com/actions/upload-artifact/pull/621](https://github.com/actions/upload-artifact/pull/621)

**Full Changelog**:
actions/upload-artifact@v4.4.0...v4.4.1

</details>

<details>
<summary>github/codeql-action (github/codeql-action)</summary>

###
[`v3.28.0`](https://github.com/github/codeql-action/releases/tag/v3.28.0)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.9...v3.28.0)

##### CodeQL Action Changelog

See the [releases
page](https://github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.28.0 - 20 Dec 2024

- Bump the minimum CodeQL bundle version to 2.15.5.
[#&#8203;2655](https://github.com/github/codeql-action/pull/2655)
- Don't fail in the unusual case that a file is on the search path.
[#&#8203;2660](https://github.com/github/codeql-action/pull/2660).

See the full
[CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.28.0/CHANGELOG.md)
for more information.

###
[`v3.27.9`](https://github.com/github/codeql-action/releases/tag/v3.27.9)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.8...v3.27.9)

##### CodeQL Action Changelog

See the [releases
page](https://github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.9 - 12 Dec 2024

No user facing changes.

See the full
[CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.27.9/CHANGELOG.md)
for more information.

###
[`v3.27.8`](https://github.com/github/codeql-action/compare/v3.27.7...v3.27.8)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.7...v3.27.8)

###
[`v3.27.7`](https://github.com/github/codeql-action/releases/tag/v3.27.7)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.6...v3.27.7)

##### CodeQL Action Changelog

See the [releases
page](https://github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.7 - 10 Dec 2024

- We are rolling out a change in December 2024 that will extract the
CodeQL bundle directly to the toolcache to improve performance.
[#&#8203;2631](https://github.com/github/codeql-action/pull/2631)
- Update default CodeQL bundle version to 2.20.0.
[#&#8203;2636](https://github.com/github/codeql-action/pull/2636)

See the full
[CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.27.7/CHANGELOG.md)
for more information.

###
[`v3.27.6`](https://github.com/github/codeql-action/compare/v3.27.5...v3.27.6)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.5...v3.27.6)

###
[`v3.27.5`](https://github.com/github/codeql-action/compare/v3.27.4...v3.27.5)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.4...v3.27.5)

###
[`v3.27.4`](https://github.com/github/codeql-action/releases/tag/v3.27.4)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.3...v3.27.4)

##### CodeQL Action Changelog

See the [releases
page](https://github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.4 - 14 Nov 2024

No user facing changes.

See the full
[CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.27.4/CHANGELOG.md)
for more information.

###
[`v3.27.3`](https://github.com/github/codeql-action/releases/tag/v3.27.3)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.2...v3.27.3)

##### CodeQL Action Changelog

See the [releases
page](https://github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.3 - 12 Nov 2024

No user facing changes.

See the full
[CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.27.3/CHANGELOG.md)
for more information.

###
[`v3.27.2`](https://github.com/github/codeql-action/releases/tag/v3.27.2)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.1...v3.27.2)

##### CodeQL Action Changelog

See the [releases
page](https://github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.2 - 12 Nov 2024

- Fixed an issue where setting up the CodeQL tools would sometimes fail
with the message "Invalid value 'undefined' for header 'authorization'".
[#&#8203;2590](https://github.com/github/codeql-action/pull/2590)

See the full
[CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.27.2/CHANGELOG.md)
for more information.

###
[`v3.27.1`](https://github.com/github/codeql-action/releases/tag/v3.27.1)

[Compare
Source](https://github.com/github/codeql-action/compare/v3.27.0...v3.27.1)

##### CodeQL Action Changelog

See the [releases
page](https://github.com/github/codeql-action/releases) for the
relevant changes to the CodeQL CLI and language packs.

Note that the only difference between `v2` and `v3` of the CodeQL Action
is the node version they support, with `v3` running on node 20 while we
continue to release `v2` to support running on node 16. For example
`3.22.11` was the first `v3` release and is functionally identical to
`2.22.11`. This approach ensures an easy way to track exactly which
features are included in different versions, indicated by the minor and
patch version numbers.

##### 3.27.1 - 08 Nov 2024

- The CodeQL Action now downloads bundles compressed using Zstandard on
GitHub Enterprise Server when using Linux or macOS runners. This speeds
up the installation of the CodeQL tools. This feature is already
available to github.com users.
[#&#8203;2573](https://github.com/github/codeql-action/pull/2573)
- Update default CodeQL bundle version to 2.19.3.
[#&#8203;2576](https://github.com/github/codeql-action/pull/2576)

See the full
[CHANGELOG.md](https://github.com/github/codeql-action/blob/v3.27.1/CHANGELOG.md)
for more information.

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "on the first day of the month" (UTC),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/jaegertracing/jaeger).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS44NS4wIiwidXBkYXRlZEluVmVyIjoiMzkuODUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiY2hhbmdlbG9nOmRlcGVuZGVuY2llcyJdfQ==-->

Signed-off-by: Mend Renovate <[email protected]>

.github/actions/setup-go-tip/action.yml

@@ -43,7 +43,7 @@ runs:
     # This requires Go toolchain, so install it first.
     - name: Install Go toolchain
       if: steps.download.outputs.success == 'false'
-      uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-build-binaries.yml

@@ -47,7 +47,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-crossdock.yml

@@ -32,7 +32,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-docker-all-in-one.yml

@@ -35,7 +35,7 @@ jobs:
     - name: Fetch git tags
       run: git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-docker-build.yml

@@ -31,7 +31,7 @@ jobs:
     - name: Fetch git tags
       run: git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-docker-hotrod.yml

@@ -37,7 +37,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-badger.yaml

@@ -26,7 +26,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-cassandra.yml

@@ -39,7 +39,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-elasticsearch.yml

@@ -45,7 +45,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-grpc.yml

@@ -26,7 +26,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-kafka.yml

@@ -28,7 +28,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-memory.yaml

@@ -22,7 +22,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-opensearch.yml

@@ -42,7 +42,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-spm.yml

@@ -41,7 +41,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-e2e-tailsampling-processor.yml

@@ -26,7 +26,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-lint-checks.yaml

@@ -25,7 +25,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 
@@ -81,7 +81,7 @@ jobs:
       with:
         submodules: recursive
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-release.yml

@@ -61,7 +61,7 @@ jobs:
       run: |
         git fetch --prune --unshallow --tags
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
 

.github/workflows/ci-unit-tests.yml

@@ -27,7 +27,7 @@ jobs:
 
     - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-    - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+    - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
       with:
         go-version: 1.23.x
         cache-dependency-path: ./go.sum

.github/workflows/fossa.yml

@@ -27,7 +27,7 @@ jobs:
 
       - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
 
-      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+      - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
         with:
           go-version: 1.23.x
 

.github/workflows/scorecard.yml

@@ -64,14 +64,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif