chore(deps): update actions/checkout action to v4.1.3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	v4.1.1 -> v4.1.3

---

Release Notes

actions/checkout (actions/checkout)

v4.1.3

Compare Source

What's Changed

• Update actions/checkout version in update-main-version.yml by @​jww3 in https://github.com/actions/checkout/pull/1650
• Check git version before attempting to disable sparse-checkout by @​jww3 in https://github.com/actions/checkout/pull/1656
• Add SSH user parameter by @​cory-miller in https://github.com/actions/checkout/pull/1685

Full Changelog: actions/checkout@v4.1.2...v4.1.3

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in https://github.com/actions/checkout/pull/1598

---

Configuration

📅 Schedule: Branch creation - "* 0-4 * * 3" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[github-actions]

[puLL-Merge] - actions/checkout@v4.1.1..v4.1.3

Description

This PR makes several changes to the actions/checkout codebase, including:

• Adding support to disable sparse checkout when the sparse-checkout input is not present
• Adding a new ssh-user input to specify the SSH user to login as
• Bumping the minimum required Git version for sparse checkout from 2.25 to 2.28
• Adding a new test-ubuntu-git Docker image for testing actions/checkout in CI/CD
• Updating the README and CHANGELOG
• Bumping the package version to 4.1.3

The main motivation seems to be to improve support for sparse checkout and add more configurability around SSH.

Changes

Changes

• .github/workflows/test.yml - Adds tests for disabling sparse checkout and updates the test container image to test-ubuntu-git
• .github/workflows/update-main-version.yml - Pins actions/checkout to a specific version in the update workflow
• .github/workflows/update-test-ubuntu-git.yml - New workflow to publish the test-ubuntu-git container image
• CHANGELOG.md - Adds entries for v4.1.1 and v4.1.2 changes
• README.md - Documents the new ssh-user input
• __test__/git-version.test.ts - Adds tests for the new minimum Git version required for sparse checkout
• action.yml - Defines the new ssh-user input
• src/git-command-manager.ts - Implements disabling sparse checkout, bumps min version to 2.28
• src/git-source-provider.ts - Disables sparse checkout if not configured
• src/git-source-settings.ts, src/input-helper.ts - Handles the new ssh-user input
• src/url-helper.ts - Uses ssh-user when building SSH URLs
• images/ - Adds Dockerfile and docs for new test-ubuntu-git image
• package.json - Bumps version to 4.1.3

Security Hotspots

1. The new ssh-user input could allow specifying an arbitrary user for SSH authentication. This input should be validated to prevent command injection. The risk is relatively low since this just changes the remote URL.

2. The test-ubuntu-git image is rebuilt without pinning specific versions of Ubuntu and Git. To prevent introducing vulnerabilities over time, consider pinning these versions explicitly in the Dockerfile. However, since this image is only used for testing, the risk is low.

3. Bumping the minimum Git version could break existing workflows relying on older Git versions with sparse checkout enabled. The fix is to disable sparse checkout for older Git versions, which this PR implements. So the breaking change risk is mitigated.

Overall this PR looks good from a security perspective with no major risks. The improved sparse checkout support and SSH configurability are useful enhancements. Suggest moving forward after considering pinning versions in the test container image.

[rillian]

Keep ci scripts up to date