build(deps): bump the ci group with 2 updates

[dependabot]

Bumps the ci group with 2 updates: actions/checkout and slsa-framework/slsa-github-generator.

Updates actions/checkout from 3.5.3 to 3.6.0

Release notes

Sourced from actions/checkout's releases.

v3.6.0

What's Changed

• Mark test scripts with Bash'isms to be run via Bash by @​dscho in actions/checkout#1377
• Add option to fetch tags even if fetch-depth > 0 by @​RobertWieczoreck in actions/checkout#579
• Release 3.6.0 by @​luketomlinson in actions/checkout#1437

New Contributors

• @​RobertWieczoreck made their first contribution in actions/checkout#579
• @​luketomlinson made their first contribution in actions/checkout#1437

Full Changelog: actions/checkout@v3.5.3...v3.6.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• [Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2
• Upgrading version to 3.2.0

v3.1.0

• Use @​actions/core saveState and getState
• Add github-server-url input

v3.0.2

• Add input set-safe-directory

v3.0.1

• Fixed an issue where checkout failed to run in container jobs due to the new git setting safe.directory
• Bumped various npm package versions

v3.0.0

... (truncated)

Commits

• f43a0e5 Release 3.6.0 (#1437)
• 7739b9b Add option to fetch tags even if fetch-depth > 0 (#579)
• 96f5310 Mark test scripts with Bash'isms to be run via Bash (#1377)
• See full diff in compare view

Updates slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0

Release notes

Sourced from slsa-framework/slsa-github-generator's releases.

v1.9.0

See the CHANGELOG for details.

v1.9.0-rc.0

This is an un-finalized pre-release.

See the CHANGELOG for details.

Changelog

Sourced from slsa-framework/slsa-github-generator's changelog.

v1.9.0

Release [v1.9.0] includes bug fixes and new features.

See the full change list.

v1.9.0: BYOB framework (beta)

• New: A new framework to turn GitHub Actions into SLSA compliant builders.

v1.9.0: Maven builder (beta)

• New: A Maven builder to build Java projects and publish to Maven central.

v1.9.0: Gradle builder (beta)

• New: A Gradle builder to build Java projects and publish to Maven central.

v1.9.0: JReleaser builder

• New: A JReleaser builder that wraps the official JReleaser Action.

Commits

• 07e64b6 chore: v1.9.0 ref updates (#2673)
• 9bc0d59 chore: v1.9.0-rc.0 (#2669)
• 72aeffd fix: typo in maven builder (#2668)
• b6d7cbf chore: make build dirs of java builders unique (#2665)
• 7e31fad docs: v1.9.0-rc.0 changelogs (#2648)
• 5952cf4 docs: Update BYOB versions in docs (#2647)
• da5bdc7 chore: fix wrong output in gradle builder (#2646)
• 180a89c chore: fix nits in Gradle builder (#2645)
• f89a0f4 feat: update Gradle builder to accomodate for e2e test (#2636)
• 324ff12 feat: Add directory input to Maven builder (#2538)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[fluxcdbot]

Successfully created backport PR for release/v2.1.x:

• [release/v2.1.x] build(deps): bump the ci group with 2 updates #4196