deps(actions): bump the github-actions group across 1 directory with 6 updates

[dependabot]

Bumps the github-actions group with 6 updates in the / directory:

Package	From	To
dtolnay/rust-toolchain	efa25f7f19611383d5b0ccf2d1c8914531636bf9	3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
mozilla-actions/sccache-action	0.0.9	0.0.10
Swatinem/rust-cache	2.8.2	2.9.1
EmbarkStudios/cargo-deny-action	2.0.15	2.0.19
actions/dependency-review-action	4.8.3	5.0.0
actions/stale	10.2.0	10.3.0

Updates dtolnay/rust-toolchain from efa25f7f19611383d5b0ccf2d1c8914531636bf9 to 3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9

Commits

• 3c5f7ea Add 1.94.1 patch release
• See full diff in compare view

Updates mozilla-actions/sccache-action from 0.0.9 to 0.0.10

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.10

What's Changed

• Use tar on all platforms by @​brianmichel in Mozilla-Actions/sccache-action#193
• Bump eslint-plugin-prettier from 5.2.3 to 5.2.5 by @​dependabot[bot] in Mozilla-Actions/sccache-action#196
• Bump typescript from 5.7.2 to 5.8.2 by @​dependabot[bot] in Mozilla-Actions/sccache-action#195
• Bump @​types/node from 22.13.0 to 22.13.17 by @​dependabot[bot] in Mozilla-Actions/sccache-action#194
• Bump undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in Mozilla-Actions/sccache-action#204
• Bump eslint-config-prettier from 9.1.0 to 10.1.2 by @​dependabot[bot] in Mozilla-Actions/sccache-action#201
• Bump ts-jest from 29.2.6 to 29.3.2 by @​dependabot[bot] in Mozilla-Actions/sccache-action#200
• Bump eslint-plugin-prettier from 5.2.5 to 5.5.4 by @​dependabot[bot] in Mozilla-Actions/sccache-action#221
• Bump eslint-config-prettier from 10.1.2 to 10.1.8 by @​dependabot[bot] in Mozilla-Actions/sccache-action#214
• Bump the github-actions group across 1 directory with 2 updates by @​dependabot[bot] in Mozilla-Actions/sccache-action#220
• Add job id to annotation title by @​wetheredge in Mozilla-Actions/sccache-action#212
• Bump @​actions/io from 1.1.3 to 2.0.0 by @​dependabot[bot] in Mozilla-Actions/sccache-action#228
• Bump eslint-plugin-import from 2.31.0 to 2.32.0 by @​dependabot[bot] in Mozilla-Actions/sccache-action#227
• Bump actions/setup-node from 5 to 6 in the github-actions group by @​dependabot[bot] in Mozilla-Actions/sccache-action#226
• Bump @​actions/github from 6.0.0 to 6.0.1 by @​dependabot[bot] in Mozilla-Actions/sccache-action#233
• Bump minimatch by @​dependabot[bot] in Mozilla-Actions/sccache-action#239
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in Mozilla-Actions/sccache-action#232
• Bump ts-jest from 29.3.2 to 29.4.6 by @​dependabot[bot] in Mozilla-Actions/sccache-action#240
• Bump to node24 by @​cakebaker in Mozilla-Actions/sccache-action#245
• Bump flatted from 3.3.1 to 3.4.2 by @​dependabot[bot] in Mozilla-Actions/sccache-action#248
• Bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in Mozilla-Actions/sccache-action#249
• Bump handlebars from 4.7.8 to 4.7.9 by @​dependabot[bot] in Mozilla-Actions/sccache-action#250
• Fix code block formatting in README.md by @​baseplate-admin in Mozilla-Actions/sccache-action#246
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in Mozilla-Actions/sccache-action#231
• prepare version 0.0.10 by @​sylvestre in Mozilla-Actions/sccache-action#251

New Contributors

• @​brianmichel made their first contribution in Mozilla-Actions/sccache-action#193
• @​wetheredge made their first contribution in Mozilla-Actions/sccache-action#212
• @​baseplate-admin made their first contribution in Mozilla-Actions/sccache-action#246

Full Changelog: Mozilla-Actions/sccache-action@v0.0.9...v0.0.10

Commits

• 9e7fa8a Merge pull request #251 from sylvestre/ver
• 3ca012d prepare version 0.0.10
• 7cf1643 Merge pull request #231 from Mozilla-Actions/dependabot/npm_and_yarn/js-yaml-...
• b2be802 Merge pull request #246 from baseplate-admin/patch-1
• 84812a5 Merge pull request #250 from Mozilla-Actions/dependabot/npm_and_yarn/handleba...
• 4e28318 Merge pull request #249 from Mozilla-Actions/dependabot/npm_and_yarn/picomatc...
• cfa813e Merge pull request #248 from Mozilla-Actions/dependabot/npm_and_yarn/flatted-...
• ef3762b Merge pull request #245 from cakebaker/bump_to_node24
• 919bfb6 Bump handlebars from 4.7.8 to 4.7.9
• 167904b Bump picomatch from 2.3.1 to 2.3.2
• Additional commits viewable in compare view

Updates Swatinem/rust-cache from 2.8.2 to 2.9.1

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.9.1

Fix regression in hash calculation

Full Changelog: Swatinem/rust-cache@v2.9.0...v2.9.1

v2.9.0

What's Changed

• Add support for running rust-cache commands from within a Nix shell by @​marc0246 in Swatinem/rust-cache#290
• Bump taiki-e/install-action from 2.62.57 to 2.62.60 in the actions group by @​dependabot[bot] in Swatinem/rust-cache#291
• Bump the actions group across 1 directory with 5 updates by @​dependabot[bot] in Swatinem/rust-cache#296
• Bump the prd-major group with 3 updates by @​dependabot[bot] in Swatinem/rust-cache#294
• Bump @​types/node from 24.10.1 to 25.0.2 in the dev-major group by @​dependabot[bot] in Swatinem/rust-cache#295
• Consider all installed toolchains in cache key by @​tamird in Swatinem/rust-cache#293
• Compare case-insenitively for full cache key match by @​kbriggs in Swatinem/rust-cache#303
• Migrate to node24 runner by @​rhysd in Swatinem/rust-cache#314
• Bump the actions group across 1 directory with 7 updates by @​dependabot[bot] in Swatinem/rust-cache#312
• Bump the prd-minor group across 1 directory with 2 updates by @​dependabot[bot] in Swatinem/rust-cache#307
• Bump @​types/node from 25.0.2 to 25.2.2 in the dev-minor group by @​dependabot[bot] in Swatinem/rust-cache#309

New Contributors

• @​marc0246 made their first contribution in Swatinem/rust-cache#290
• @​tamird made their first contribution in Swatinem/rust-cache#293
• @​kbriggs made their first contribution in Swatinem/rust-cache#303

Full Changelog: Swatinem/rust-cache@v2.8.2...v2.9.0

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.9.1

• Fix regression in hash calculation

2.9.0

• Update to node24
• Support running from within a nix shell
• Consider all installed toolchains for cache key
• Use case-insensitive comparison to determine exact cache hit

2.8.2

• Don't overwrite env for cargo-metadata call

2.8.1

• Set empty CARGO_ENCODED_RUSTFLAGS when retrieving metadata
• Various dependency updates

2.8.0

• Add support for warpbuild cache provider
• Add new cache-workspace-crates feature

2.7.8

• Include CPU arch in the cache key

2.7.7

• Also cache cargo install metadata

2.7.6

• Allow opting out of caching $CARGO_HOME/bin
• Add runner OS in cache key
• Adds an option to do lookup-only of the cache

2.7.5

• Support Cargo.lock format cargo-lock v4
• Only run macOsWorkaround() on macOS

2.7.3

• Work around upstream problem that causes cache saving to hang for minutes.

... (truncated)

Commits

• c193711 2.9.1
• 781e8d9 try reverting pipeline change
• 3d1fa46 add changelog
• c676846 2.9.0
• bf71d02 bump dependencies and rebuild
• 8a02ed5 Bump @​types/node from 25.0.2 to 25.2.2 in the dev-minor group (#309)
• 390157d Bump the prd-minor group across 1 directory with 2 updates (#307)
• 68500c1 Bump the actions group across 1 directory with 7 updates (#312)
• 1a83841 Migrate to node24 runner (#314)
• 11da852 Compare case-insenitively for full cache key match (#303)
• Additional commits viewable in compare view

Updates EmbarkStudios/cargo-deny-action from 2.0.15 to 2.0.19

Commits

• a531616 Bump to 0.19.7
• 6c8f9fa Bump to 0.19.5
• f28dad7 Remove mergify
• e4d1338 Add xray to the list of repositories using this action (#105)
• 91bf2b6 Bump to 0.19.2
• 175dc7f Bump to 0.19.1
• See full diff in compare view

Updates actions/dependency-review-action from 4.8.3 to 5.0.0

Release notes

Sourced from actions/dependency-review-action's releases.

5.0.0

This is a new major version of the Dependency Review Action which updates the runtime to node24. This requires a minimum Actions Runner version v2.327.1 to run.

What's Changed

• Add .github/copilot-instructions.md for Copilot coding agent by @​ahpook in actions/dependency-review-action#1067
• Update Node.js runtime from 20 to 24 by @​scottschreckengaust in actions/dependency-review-action#1084
• Bump spdx-license-ids from 3.0.20 to 3.0.23 by @​mongolyy in actions/dependency-review-action#1091
• docs: bump actions/checkout from v4 to v6 in workflow examples by @​Marukome0743 in actions/dependency-review-action#1077
• fix: patched version display for advisories with non-strict semver ranges (e.g. Maven beta versions) by @​tspascoal in actions/dependency-review-action#1076
• Resolve security findings by @​AshelyTC in actions/dependency-review-action#1094
• v5.0.0 release branch by @​ahpook in actions/dependency-review-action#1098

New Contributors

• @​scottschreckengaust made their first contribution in actions/dependency-review-action#1084
• @​mongolyy made their first contribution in actions/dependency-review-action#1091
• @​Marukome0743 made their first contribution in actions/dependency-review-action#1077

Full Changelog: actions/dependency-review-action@v4.9.0...v5.0.0

Dependency Review Action 4.9.0

This feature release contains a couple of notable changes:

• There is a new configuration option show_patched_versions which will add a column to the output, showing the fix version of each vulnerable dependency. Thanks @​felickz!
• Runs which do not display OpenSSF scorecards no longer fetch scorecard information; previously it was fetched regardless of whether or not it was displayed, causing unneccessary slowness. Great catch @​jantiebot!
• There are a couple of fixes to purl parsing which should improve match accuracy for allow-package-dependency lists, including case (in)sensitivity and url-encoded namespaces Thanks @​juxtin!

What's Changed

• Compare normalized purls to account for encoding quirks by @​juxtin in actions/dependency-review-action#1056
• Make purl comparisons case insensitive by @​juxtin in actions/dependency-review-action#1057
• Feat: Add Patched Version to Vulnerabilities summary by @​felickz in actions/dependency-review-action#1045
• fix: only get scorecard levels if user wants to see the OpenSSF scorecard by @​jantiebot in actions/dependency-review-action#1060
• Bump actions/stale from 10.1.0 to 10.2.0 by @​dependabot[bot] in actions/dependency-review-action#1058
• Bump actions/checkout from 4 to 6 by @​dependabot[bot] in actions/dependency-review-action#1021
• Updates for release 4.9.0 by @​ahpook in actions/dependency-review-action#1064

New Contributors

• @​jantiebot made their first contribution in actions/dependency-review-action#1060

Full Changelog: actions/dependency-review-action@v4.8.3...v4.9.0

Commits

• a1d282b Merge pull request #1098 from actions/ahpook/v5-release
• eb6c199 update examples to show @​v5
• 3943c2c v5.0.0 release branch
• 454943c Merge pull request #1094 from actions/ashelytc/security-findings
• 6d92a12 revert @​typescript-eslint/parser update
• a8e5a7e Merge pull request #1076 from tspascoal/fix-version-matching-for-non-string-s...
• b6b7079 update @​typescript-eslint/parser to 8.40.0
• 821a21d update more dependencies
• 05aaaae run npm audit fix
• 55d3e75 Merge pull request #1077 from Marukome0743/docs/checkout
• Additional commits viewable in compare view

Updates actions/stale from 10.2.0 to 10.3.0

Release notes

Sourced from actions/stale's releases.

v10.3.0

What's Changed

Bug Fix

• Enhancement: ignore stale labeling events by @​shamoon in actions/stale#1311

Dependency Updates

• Upgrade dependencies (@​actions/core, @​octokit/plugin-retry, @​typescript-eslint) by @​Copilot in actions/stale#1335

New Contributors

• @​shamoon made their first contribution in actions/stale#1311

Full Changelog: actions/stale@v10...v10.3.0

Commits

• eb5cf3a chore: upgrade dependencies and bump version to 10.3.0 (#1335)
• db5d06a Enhancement: ignore stale labeling events (#1311)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.