deps(actions): bump the github-actions group across 1 directory with 6 updates

[dependabot]

Bumps the github-actions group with 6 updates in the / directory:

Package	From	To
actions/checkout	6.0.1	6.0.2
dtolnay/rust-toolchain	f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561	efa25f7f19611383d5b0ccf2d1c8914531636bf9
mozilla-actions/sccache-action	0.0.6	0.0.9
EmbarkStudios/cargo-deny-action	1.6.3	2.0.15
actions/dependency-review-action	4.8.2	4.8.3
actions/stale	10.1.1	10.2.0

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

... (truncated)

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• See full diff in compare view

Updates dtolnay/rust-toolchain from f7ccc83f9ed1e5b9c81d8a67d7ad1a747e22a561 to efa25f7f19611383d5b0ccf2d1c8914531636bf9

Commits

• efa25f7 Add 1.93.1 patch release
• See full diff in compare view

Updates mozilla-actions/sccache-action from 0.0.6 to 0.0.9

Release notes

Sourced from mozilla-actions/sccache-action's releases.

v0.0.9

What's Changed

• prepare release 0.0.9 + force github action 2 by @​sylvestre in Mozilla-Actions/sccache-action#192

Full Changelog: Mozilla-Actions/sccache-action@v0.0.8...v0.0.9

v0.0.8

What's Changed

• adjust the GHA changes and prepare release 0.0.8 by @​sylvestre in Mozilla-Actions/sccache-action#190 Fixes: mozilla/sccache#2351 Please update quickly!

Dependencies

• Bump prettier from 3.3.3 to 3.4.2 by @​dependabot in Mozilla-Actions/sccache-action#174
• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in Mozilla-Actions/sccache-action#176
• Bump eslint-plugin-jest from 28.9.0 to 28.11.0 by @​dependabot in Mozilla-Actions/sccache-action#178
• Bump @​types/node from 22.10.0 to 22.13.0 by @​dependabot in Mozilla-Actions/sccache-action#179
• Bump @​octokit/endpoint from 9.0.5 to 9.0.6 by @​dependabot in Mozilla-Actions/sccache-action#181
• Bump @​octokit/request from 8.4.0 to 8.4.1 by @​dependabot in Mozilla-Actions/sccache-action#182
• Bump @​octokit/request-error from 5.1.0 to 5.1.1 by @​dependabot in Mozilla-Actions/sccache-action#180
• Bump @​octokit/plugin-paginate-rest from 9.2.1 to 9.2.2 by @​dependabot in Mozilla-Actions/sccache-action#184
• Bump eslint-plugin-prettier from 5.2.1 to 5.2.3 by @​dependabot in Mozilla-Actions/sccache-action#188
• Bump @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot in Mozilla-Actions/sccache-action#185
• Bump ts-jest from 29.2.5 to 29.2.6 by @​dependabot in Mozilla-Actions/sccache-action#186

Full Changelog: Mozilla-Actions/sccache-action@v0.0.7...v0.0.8

v0.0.7

What's Changed

• Add arm support by @​jdygert-spok in Mozilla-Actions/sccache-action#159
• add disable_annotations options to disable stats report by @​trim21 in Mozilla-Actions/sccache-action#162
• remove action version from example by @​trim21 in Mozilla-Actions/sccache-action#166
• 0.0.7 by @​sylvestre in Mozilla-Actions/sccache-action#172

Dependencies

• Bump @​types/jest from 29.5.12 to 29.5.14 by @​dependabot in Mozilla-Actions/sccache-action#157
• Bump eslint-plugin-import from 2.29.1 to 2.31.0 by @​dependabot in Mozilla-Actions/sccache-action#154
• Bump eslint-plugin-jest from 28.6.0 to 28.9.0 by @​dependabot in Mozilla-Actions/sccache-action#165
• Bump @​types/node from 20.14.11 to 22.10.0 by @​dependabot in Mozilla-Actions/sccache-action#163
• Bump @​vercel/ncc from 0.38.1 to 0.38.3 by @​dependabot in Mozilla-Actions/sccache-action#167
• Bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in Mozilla-Actions/sccache-action#169
• Bump typescript from 5.6.2 to 5.7.2 by @​dependabot in Mozilla-Actions/sccache-action#170

New Contributors

• @​jdygert-spok made their first contribution in Mozilla-Actions/sccache-action#159
• @​trim21 made their first contribution in Mozilla-Actions/sccache-action#162

... (truncated)

Commits

• 7d986dd Merge pull request #192 from sylvestre/release
• c3f03b4 prepare release 0.0.9
• 213d335 Force version v2 of github action.
• 65101d4 Merge pull request #190 from sylvestre/release
• 784917c readme: improve the wording
• 1220c18 npm run build
• 33f5b94 prepare version 0.0.8
• 8bd7e91 gha: adjust the variable for deprecation
• a2b43af Merge pull request #186 from Mozilla-Actions/dependabot/npm_and_yarn/ts-jest-...
• a675e5f Merge pull request #185 from Mozilla-Actions/dependabot/npm_and_yarn/actions/...
• Additional commits viewable in compare view

Updates EmbarkStudios/cargo-deny-action from 1.6.3 to 2.0.15

Release notes

Sourced from EmbarkStudios/cargo-deny-action's releases.

v2.0.11

[0.18.2] - 2025-03-10

Added

• PR#753 resolved #752 by adding back the advisories.unmaintained config option. See the docs for how it can be used. The default matches the current behavior, which is to error on any unmaintained advisory, but adding unmaintained = "workspace" to the [advisories] table will mean unmaintained advisories will only error if the crate is a direct dependency of your workspace.

[0.18.1] - 2025-02-27

Fixed

• PR#749 updated krates to pull in the fix for EmbarkStudios/krates#100.

v2.0.10

• PR#96 resolved #94 by switching to the directory the manifest path is located in and doing rustup toolchain install if rustup show failed due to any reason

v2.0.8

• PR#93 pins to a hash instead of tag, avoiding future breakage from eg. rustup changes.

Commits

• 3fd3802 Bump to 0.19.0
• 76cd80e Bump to 0.18.6
• f2ba7ab Bump to 0.18.4
• 30f817c Bump to 0.18.3
• 6e6dcaa Add Defguard to "repositories using this action" (#100)
• 34899fc Bump to 0.18.2
• 4de59db Workaround rustup 1.28 (#96)
• d8395c1 Use rustup from base image
• 55a198a Pin to image hash (#93)
• 8d73959 Install active toolchain by default if rust-version is not passed (#92)
• Additional commits viewable in compare view

Updates actions/dependency-review-action from 4.8.2 to 4.8.3

Release notes

Sourced from actions/dependency-review-action's releases.

4.8.3

Dependency Review Action v4.8.3

This is a bugfix release that updates a number of upstream dependencies and includes a fix for the earlier feature that detected oversized summaries and upload them as artifacts, which could occasionally crash the action.

We have also updated the release process to use a long-lived v4 branch for the action, instead of a force-pushed tag, which aligns better with git branching strategies; the change should be transparent to end users.

What's Changed

• GitHub Actions can't push to our protected main by @​dangoor in actions/dependency-review-action#1017
• Bump actions/stale from 9.1.0 to 10.1.0 by @​dependabot[bot] in actions/dependency-review-action#995
• Bump github/codeql-action from 3 to 4 by @​dependabot[bot] in actions/dependency-review-action#1003
• Bump actions/setup-node from 4 to 6 by @​dependabot[bot] in actions/dependency-review-action#1005
• Upgrade glob to address a vulnerability by @​brrygrdn in actions/dependency-review-action#1024
• Bump js-yaml by @​dependabot[bot] in actions/dependency-review-action#1020
• Addressing vulnerabilities by @​Ahmed3lmallah in actions/dependency-review-action#1036
• Bump fast-xml-parser from 5.3.3 to 5.3.5 by @​dependabot[bot] in actions/dependency-review-action#1050
• Bump fast-xml-parser from 5.3.5 to 5.3.6 by @​dependabot[bot] in actions/dependency-review-action#1053
• Properly truncate long summaries and catch errors by @​juxtin in actions/dependency-review-action#1052
• Bump spdx-expression-parse from 3.0.1 to 4.0.0 in the spdx-licenses group across 1 directory by @​dependabot[bot] in actions/dependency-review-action#931
• Changes for Release 4.8.3 by @​ahpook in actions/dependency-review-action#1054

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.8.2..v4.8.3

Commits

• 05fe457 Merge pull request #1054 from actions/ahpook/release-4.8.3
• 3a8496c Update generated package files for v4.8.3
• 0f22a01 Update CONTRIBUTING for new release process
• 58be343 Updating package versions for 4.8.3
• 9284e0c Merge pull request #931 from actions/dependabot/npm_and_yarn/spdx-licenses-20...
• 8b76656 Bump spdx-expression-parse in the spdx-licenses group across 1 directory
• 43f5f02 Merge pull request #1052 from actions/juxtin/fix-long-summaries
• f0033fc Merge pull request #1053 from actions/dependabot/npm_and_yarn/fast-xml-parser...
• b379e2e Bump fast-xml-parser from 5.3.5 to 5.3.6
• 2e1cf54 Properly truncate long summaries and catch errors
• Additional commits viewable in compare view

Updates actions/stale from 10.1.1 to 10.2.0

Release notes

Sourced from actions/stale's releases.

v10.2.0

What's Changed

Bug Fix

• Fix checking state cache (fix #1136) and switch to Octokit helper methods by @​itchyny in actions/stale#1152

Dependency Updates

• Upgrade js-yaml from 4.1.0 to 4.1.1 by @​dependabot in actions/stale#1304
• Upgrade lodash from 4.17.21 to 4.17.23 by @​dependabot in actions/stale#1313
• Upgrade actions/cache from 4.0.3 to 5.0.2 and actions/github from 5.1.1 to 7.0.0 by @​chiranjib-swain in actions/stale#1312

New Contributors

• @​itchyny made their first contribution in actions/stale#1152

Full Changelog: actions/stale@v10...v10.2.0

Commits

• b5d41d4 build(deps-dev): bump lodash from 4.17.21 to 4.17.23 (#1313)
• dcd2b94 Fix punycode and url.parse Deprecation Warnings (#1312)
• d6f8a33 build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1304)
• a21a081 Fix checking state cache (fix #1136), also switch to octokit methods (#1152)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: ci, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.