Bump the github-action-dependencies group with 4 updates

Bumps the github-action-dependencies group with 4 updates: [github/codeql-action](https://github.com/github/codeql-action), [actions/setup-java](https://github.com/actions/setup-java), [gradle/actions](https://github.com/gradle/actions) and [codecov/codecov-action](https://github.com/codecov/codecov-action).


Updates `github/codeql-action` from 3.27.9 to 3.28.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@df409f7...48ab28a)

Updates `actions/setup-java` from 4.5.0 to 4.6.0
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](actions/setup-java@v4.5.0...v4.6.0)

Updates `gradle/actions` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/gradle/actions/releases)
- [Commits](gradle/actions@cc4fc85...0bdd871)

Updates `codecov/codecov-action` from 5.1.1 to 5.1.2
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@7f8b4b4...1e68e06)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-action-dependencies
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-action-dependencies
- dependency-name: gradle/actions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-action-dependencies
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-action-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>

.github/workflows/codeql-analysis.yml

@@ -41,7 +41,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -52,7 +52,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -66,4 +66,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0

.github/workflows/ion-java-performance-regression-detector.yml

@@ -78,7 +78,7 @@ jobs:
 
     steps:
       - name: Set up JDK 17
-        uses: actions/setup-java@v4.5.0
+        uses: actions/setup-java@v4.6.0
         with:
           distribution: 'corretto'
           java-version: 17

.github/workflows/main.yml

@@ -16,16 +16,16 @@ jobs:
         with:
           submodules: recursive
       - name: Setup Java
-        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.3.0
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.3.0
         with:
           distribution: 'corretto'
           java-version: 8
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0
+        uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6
         with:
           validate-wrappers: true
       - run: ./gradlew build
-      - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1
+      - uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2
         with:
           files: build/reports/jacoco/test/jacocoTestReport.xml
       - uses: actions/upload-artifact@1eb3cb2b3e0f29609092a73eb033bb759a334595 # v4.1.0
@@ -46,14 +46,14 @@ jobs:
         with:
           submodules: recursive
       - name: Setup Java
-        uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.3.0
+        uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.3.0
         with:
           distribution: 'corretto'
           java-version: |
             8
             ${{matrix.java}}
       - name: Setup Gradle
-        uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0
+        uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6
         with:
           cache-read-only: true
           validate-wrappers: true

.github/workflows/publish-release-artifacts.yml

@@ -42,15 +42,15 @@ jobs:
           echo "Project Version: $PROJECT_VERSION"
           echo "Release Tag: $RELEASE_TAG"
           [ "$PROJECT_VERSION" = "$RELEASE_TAG" ] || exit 1
-      - uses: actions/setup-java@8df1039502a15bceb9433410b1a100fbe190c53b # v4.3.0
+      - uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.3.0
         with:
           distribution: 'corretto'
           java-version: |
             8
             11
             17
             21
-      - uses: gradle/actions/setup-gradle@cc4fc85e6b35bafd578d5ffbc76a5518407e1af0
+      - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6
         with:
           validate-wrappers: true
       - name: Build Release Artifacts

.github/workflows/scorecard.yml

@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
         with:
           sarif_file: results.sarif