chore(deps): pin trusted workflows based on HashiCorp TSCCR (#3700)

Bumping GitHub Actions version to latest TSCCR release.

* changes in `.github/workflows/docker.yml`
- bump `docker/setup-buildx-action` from `v3.5.0` to `v3.6.1` ([release
notes](https://github.com/docker/setup-buildx-action/releases/tag/v3.6.1))
* changes in `.github/workflows/integration.yml`
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))
* changes in `.github/workflows/provider-integration.yml`
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))
* changes in `.github/workflows/release.yml`
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))
* changes in `.github/workflows/release_next.yml`
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))
* changes in `.github/workflows/yarn-upgrade.yml`
- bump `actions/upload-artifact` from `v4.3.4` to `v4.3.5` ([release
notes](https://github.com/actions/upload-artifact/releases/tag/v4.3.5))

_This PR was auto-generated by
[security-tsccr/actions/runs/10346725273](https://github.com/hashicorp/security-tsccr/actions/runs/10346725273)_

_You can alter the configuration of this automation via the hcl config
in
[security-tsccr/automation](https://github.com/hashicorp/security-tsccr/tree/main/automation)_

_This PR can be regenerated by dispatching the GitHub workflow [Pin
Action
Refs](https://github.com/hashicorp/security-tsccr/actions/workflows/pin-workflows.yml).
Please reach out to #team-prodsec if you have any questions._
[](hashicorp/security-tsccr#193)

Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>

.github/workflows/docker.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0
+        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
       - name: Cache Docker layers
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
         with:

.github/workflows/integration.yml

@@ -68,13 +68,13 @@ jobs:
           SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
           GOCACHE: ${{ steps.global-cache-dir-path.outputs.go }}
       - name: Upload dist
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         if: ${{ !inputs.skip_setup }}
         with:
           name: dist
           path: dist
       - name: Upload edge-provider bindings
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         if: ${{ !inputs.skip_setup }}
         with:
           name: edge-provider-bindings

.github/workflows/provider-integration.yml

@@ -73,7 +73,7 @@ jobs:
           cd test && yarn
       - name: Upload dist
         if: ${{ !inputs.skip_setup }}
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: dist
           path: dist

.github/workflows/release.yml

@@ -68,12 +68,12 @@ jobs:
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }}
       - name: Upload artifact
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: dist
           path: dist
       - name: Upload edge-provider bindings
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         if: ${{ !inputs.skip_setup }}
         with:
           name: edge-provider-bindings

.github/workflows/release_next.yml

@@ -74,12 +74,12 @@ jobs:
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_TOKEN }}
       - name: Upload artifact
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: dist
           path: dist
       - name: Upload edge-provider bindings
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         if: ${{ !inputs.skip_setup }}
         with:
           name: edge-provider-bindings

.github/workflows/yarn-upgrade.yml

@@ -63,7 +63,7 @@ jobs:
           git add .
           git diff --patch --staged > ./upgrade.patch
       - name: Upload Patch
-        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
+        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
         with:
           name: upgrade.patch
           path: ./upgrade.patch