build(deps): Bump sbomify/github-action from 0.4.0 to 0.5.0 in the github-actions group

[dependabot]

Bumps the github-actions group with 1 update: sbomify/github-action.

Updates sbomify/github-action from 0.4.0 to 0.5.0

Release notes

Sourced from sbomify/github-action's releases.

More NTIA checks

• NEW: COMPONENT_NAME environment variable - Direct component name specification that works independently of augmentation settings, supporting both CycloneDX and SPDX formats • NEW: Automatic timestamp generation - Adds UTC timestamps to SBOMs missing them (CycloneDX timestamp, SPDX created) to meet NTIA requirements while preserving existing timestamps • Deprecated OVERRIDE_NAME and SBOM_VERSION - Replaced with COMPONENT_NAME and COMPONENT_VERSION respectively, with deprecation warnings and backward compatibility maintained • Improved logging and user experience - Removed emoji characters from warnings for better CI/CD compatibility, added clearer status messages for component operations • Enhanced documentation - Updated README with comprehensive COMPONENT_NAME examples for GitHub Actions, Bitbucket Pipelines, and Docker usage • Expanded test coverage - Added comprehensive timestamp functionality tests (test_timestamp.py) and enhanced configuration validation tests • Better error handling - Improved component metadata operations with graceful fallbacks and component creation when missing from SBOMs • Updated workflows - GitHub Actions workflow now uses new variable names with conditional tag-based versioning • Full backward compatibility - All deprecated features continue to work while encouraging migration to new variable names

Commits

• 8ea6f28 Cuts 0.5.0
• c933a85 Merge pull request #34 from sbomify/ntia-tweaks
• 4a18578 Add proper timestamp if absent
• 546db30 feat: add COMPONENT_NAME env var and deprecate OVERRIDE_NAME
• ccb1ef6 Adopts new COMPONENT_NAME and fix versioning
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions