ci(deps): bump the actions group with 2 updates

[dependabot]

Bumps the actions group with 2 updates: google/osv-scanner-action and trufflesecurity/trufflehog.

Updates google/osv-scanner-action from 2.3.5 to 2.3.8

Release notes

Sourced from google/osv-scanner-action's releases.

v2.3.8

What's Changed

This updates OSV-Scanner to v2.3.8.

Full Changelog: google/osv-scanner-action@v2.3.5...v2.3.8

Commits

• 9a49870 Update unified workflow example to point to v2.3.8 reusable workflows
• 3adb4b1 Update reusable workflows to point to v2.3.8 actions
• 8dc0919 "Update actions to use v2.3.8 osv-scanner image"
• 43f380b Merge pull request #125 from google/update-to-v2.3.6
• dcf4ddd Update unified workflow example to point to v2.3.6 reusable workflows
• b9dbb7e Update reusable workflows to point to v2.3.6 actions
• fe54858 "Update actions to use v2.3.6 osv-scanner image"
• eb5b619 Merge pull request #100 from thomasleplus/main
• 9517144 feat: output results in reusable workflow
• f17cd09 Merge branch 'main' into main
• Additional commits viewable in compare view

Updates trufflesecurity/trufflehog from 3.95.2 to 3.95.3

Release notes

Sourced from trufflesecurity/trufflehog's releases.

v3.95.3

What's Changed

• Renamed AnypointOAuth2 detector's AnalysisInfo keys to make it consistent with its Analyzer by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4906
• Rename AnalysisInfo field to SecretParts on detectors.Result by @​mcastorina in trufflesecurity/trufflehog#4911
• Document SecretParts contract in detector-authoring docs by @​mcastorina in trufflesecurity/trufflehog#4912
• Add a static check for detectors that don't set SecretParts by @​mcastorina in trufflesecurity/trufflehog#4913
• Populate SecretParts on all detectors by @​mcastorina in trufflesecurity/trufflehog#4919
• Make checksecretparts required in CI by @​mcastorina in trufflesecurity/trufflehog#4921
• Deduplicate concurrent credential verification requests via singleflight by @​kashifkhan0771 in trufflesecurity/trufflehog#4314
• log non-critical chunk errors at V(2).Info instead of Error by @​johnelliott in trufflesecurity/trufflehog#4928
• [INS-320] Cloudinary detector by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4747
• ci: bump JS actions to Node 24 majors (incl. CodeQL v4 + WIF auth v3) by @​bryanbeverly in trufflesecurity/trufflehog#4933
• chore: bump golangci-lint-action v7 → v9 (Node 24) by @​bryanbeverly in trufflesecurity/trufflehog#4936
• Add default Content-Type: application/json header for custom detector verification request by @​MuneebUllahKhan222 in trufflesecurity/trufflehog#4947
• Make detector Result.SecretParts initialization stricter by @​mcastorina in trufflesecurity/trufflehog#4948
• Add Pinecone API key detector by @​dylanTruffle in trufflesecurity/trufflehog#4917
• adding customizable successRanges and rotatedRanges to customDetector by @​jordanTunstill in trufflesecurity/trufflehog#4892

Full Changelog: trufflesecurity/trufflehog@v3.95.2...v3.95.3

Commits

• 37b7700 adding customizable successRanges and rotatedRanges to customDetector (#4892)
• ba0a524 Add Pinecone API key detector (#4917)
• ab5dd03 Make detector Result.SecretParts initialization stricter (#4948)
• 90ca685 Add default Content-Type: application/json header for custom detector verific...
• 5f47aad chore: bump golangci-lint-action v7 → v9 (Node 24) (#4936)
• a4e3016 ci: bump JS actions to Node 24 majors (checkout v6, setup-go v6, codeql v4, a...
• 8a12e8e [INS-320] Cloudinary detector (#4747)
• cf31c26 Log non-critical chunk errors at V(2).Info instead of Error (#4928)
• 99dc7bd Deduplicate concurrent credential verification requests via singleflight (#4314)
• 3fc0c2a Make checksecretparts required in CI (#4921)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

E2E Coverage (chromium)

Totals
Statements:	46.5% ( 1241 / 2669 )
Lines:	46.5% ( 1241 / 2669 )

[github-actions]

E2E Coverage (firefox)

Totals
Statements:	46.5% ( 1241 / 2669 )
Lines:	46.5% ( 1241 / 2669 )

[github-actions]

E2E Coverage (webkit)

Totals
Statements:	46.5% ( 1241 / 2669 )
Lines:	46.5% ( 1241 / 2669 )

[github-actions]

E2E Coverage (webkit - iPhone 15)

Totals
Statements:	46.5% ( 1241 / 2669 )
Lines:	46.5% ( 1241 / 2669 )

[github-actions]

E2E Coverage (webkit - iPad Pro 11)

Totals
Statements:	46.5% ( 1241 / 2669 )
Lines:	46.5% ( 1241 / 2669 )