ci: apply the action bumps the closed Dependabot PRs proposed

Force-pushing main during the v0.1.0 release left eight Dependabot
PRs (#1-#8) with invalid base refs; Dependabot closed them and
deleted their branches, then on the next scan refused to re-create
them under its "already-proposed-and-closed" dedup rule. The PRs
can't be revived (`gh pr reopen` rejects them because the branch is
gone, and `@dependabot recreate` comments on closed PRs do nothing).

Applying the bumps directly is the rebase outcome the user asked for.
All four target tags verified to exist on disk:

  actions/checkout              v5      -> v6
  actions/upload-artifact       v4      -> v7
  softprops/action-gh-release   v2      -> v3
  azure/trusted-signing-action  v0.5.1  -> v2

YAML validates. CI will run on this commit and confirm the v6/v7
checkout+upload still work; release.yml's signing path won't actually
exercise v2 of trusted-signing-action until repo secrets are
configured, but the version pin is current.

Author: imanimanyara

.github/workflows/ci.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           persist-credentials: false
 
@@ -82,14 +82,14 @@ jobs:
 
       - name: Upload Pester results
         if: always()
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: pester-results
           path: pester-results.xml
           if-no-files-found: warn
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: claude-code-install-manager-unsigned
           path: |

.github/workflows/release.yml

@@ -50,7 +50,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           ref: ${{ github.event.inputs.ref || github.ref }}
           persist-credentials: false
@@ -132,7 +132,7 @@ jobs:
 
       - name: Sign with Azure Trusted Signing
         if: steps.signmode.outputs.mode == 'azure'
-        uses: azure/trusted-signing-action@v0.5.1
+        uses: azure/trusted-signing-action@v2
         with:
           azure-tenant-id:        ${{ secrets.AZURE_TENANT_ID }}
           azure-client-id:        ${{ secrets.AZURE_CLIENT_ID }}
@@ -190,15 +190,15 @@ jobs:
           "name=$name" | Add-Content -Path $env:GITHUB_OUTPUT
 
       - name: Upload artifacts to workflow run
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ steps.zip.outputs.name }}
           path: ${{ steps.zip.outputs.zip }}
           if-no-files-found: error
 
       - name: Create / update GitHub Release
         if: startsWith(github.ref, 'refs/tags/')
-        uses: softprops/action-gh-release@v2
+        uses: softprops/action-gh-release@v3
         with:
           tag_name: ${{ steps.ver.outputs.tag }}
           name:     "Claude Code Install Manager ${{ steps.ver.outputs.version }}"