Bump the ci_dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the ci_dependencies group with 7 updates in the / directory:

Package	From	To
actions/create-github-app-token	1	2
lycheeverse/lychee-action	2.3.0	2.4.1
Swatinem/rust-cache	2.7.7	2.7.8
actions-rust-lang/setup-rust-toolchain	1.11.0	1.12.0
aws-actions/configure-aws-credentials	4.1.0	4.2.1
actions/attest-build-provenance	2.2.3	2.3.0
paritytech/review-bot	2.7.0	2.7.1

Updates actions/create-github-app-token from 1 to 2

Release notes

Sourced from actions/create-github-app-token's releases.

v2.0.0

2.0.0 (2025-04-03)

• feat!: remove deprecated inputs (#213) (5cc811b)

BREAKING CHANGES

• Removed deprecated inputs (app_id, private_key, skip_token_revoke) and made app-id and private-key required in the action configuration.

v1.12.0

1.12.0 (2025-03-27)

Features

• permissions (#168) (0e0aa99)

v1.11.7

1.11.7 (2025-03-20)

Bug Fixes

• deps: bump undici from 5.28.4 to 7.5.0 (#214) (a24b46a)

v1.11.6

1.11.6 (2025-03-03)

Bug Fixes

• deps: bump the production-dependencies group with 2 updates (#210) (1ff1dea)

v1.11.5

1.11.5 (2025-02-15)

Bug Fixes

... (truncated)

Commits

• df432ce build(release): 2.0.6 [skip ci]
• 3336784 fix: replace - with _ (#246)
• db3cdf4 build(release): 2.0.5 [skip ci]
• d64d7d7 fix(deps): bump the production-dependencies group with 3 updates (#240)
• 1b6f53e build(deps-dev): bump the development-dependencies group across 1 directory w...
• 061a84d build(deps-dev): bump @​octokit/openapi from 18.2.0 to 19.0.0 (#242)
• c8f34a6 build(deps): bump stefanzweifel/git-auto-commit-action from 5.1.0 to 5.2.0 in...
• 4821f52 build(release): 2.0.4 [skip ci]
• 2950cbc fix: permission input handling (#243)
• 30bf625 build(release): 2.0.3 [skip ci]
• Additional commits viewable in compare view

Updates lycheeverse/lychee-action from 2.3.0 to 2.4.1

Release notes

Sourced from lycheeverse/lychee-action's releases.

Version 2.4.1

What's Changed

• Added Update Default Lychee version workflow by @​Arteiii in lycheeverse/lychee-action#284
• Use temporary directory for lychee installation by @​mre in lycheeverse/lychee-action#287
• Fix lychee version check by @​mondeja in lycheeverse/lychee-action#288

Full Changelog: lycheeverse/lychee-action@v2...v2.4.1

Version 2.4.0

What's Changed

• lychee now has a new task output, which allows to track which links got fixed more easily. It looks like this:

  [test.html]:

  • [404] https://en.wikipedia.org/wiki/foo | Network error: Not Found
  • [404] https://en.wikipedia.org/wiki/bar | Network error: Not Found
  • [ERROR] https://example.com/baz | Network error: error sending request for url (https://example.com/baz) Maybe a certificate error?

  Each broken link has a checkbox that can be ticked off once fixed. Credit goes to @​Arteiii for the idea and the implementation. See #274 for more information.

• Update To latest lychee Release by @​Arteiii in lycheeverse/lychee-action#279

• Add workingDirectory argument by @​mre in lycheeverse/lychee-action#283

New Contributors

• @​Arteiii made their first contribution in lycheeverse/lychee-action#279

Full Changelog: lycheeverse/lychee-action@v2...v2.4.0

Commits

• 82202e5 Fix lychee version check (#288)
• 52af768 Use temporary directory for lychee installation (#287)
• 6f793a7 Added Update Default Lychee version workflow (#284)
• 1d97d84 Add workingDirectory argument (#283)
• a99389a Update To latest Release and add Checkbox Option (fixes #274) (#279)
• See full diff in compare view

Updates Swatinem/rust-cache from 2.7.7 to 2.7.8

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.7.8

What's Changed

• Include CPU arch in the cache key for arm64 Linux runners by @​rhysd in Swatinem/rust-cache#228

Full Changelog: Swatinem/rust-cache@v2.7.7...v2.7.8

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.7.8

• Include CPU arch in the cache key

2.7.7

• Also cache cargo install metadata

2.7.6

• Allow opting out of caching $CARGO_HOME/bin
• Add runner OS in cache key
• Adds an option to do lookup-only of the cache

2.7.5

• Support Cargo.lock format cargo-lock v4
• Only run macOsWorkaround() on macOS

2.7.3

• Work around upstream problem that causes cache saving to hang for minutes.

2.7.2

• Only key by Cargo.toml and Cargo.lock files of workspace members.

2.7.1

• Update toml parser to fix parsing errors.

2.7.0

• Properly cache trybuild tests.

2.6.2

• Fix toml parsing.

2.6.1

• Fix hash contributions of Cargo.lock/Cargo.toml files.

2.6.0

• Add "buildjet" as a second cache-provider backend.
• Clean up sparse registry index.
• Do not clean up src of -sys crates.

... (truncated)

Commits

• 9d47c6a 2.7.8
• 27b8ea9 Include CPU arch in the cache key (#228)
• See full diff in compare view

Updates actions-rust-lang/setup-rust-toolchain from 1.11.0 to 1.12.0

Release notes

Sourced from actions-rust-lang/setup-rust-toolchain's releases.

v1.12.0

What's Changed

• Support rustup installation for Windows by @​maennchen in actions-rust-lang/setup-rust-toolchain#58

New Contributors

• @​maennchen made their first contribution in actions-rust-lang/setup-rust-toolchain#58

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1...v1.12.0

Changelog

Sourced from actions-rust-lang/setup-rust-toolchain's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.12.0] - 2025-04-23

• Add support for installing rustup on Windows (#58 by @​maennchen) This adds support for using Rust on the GitHub provided Windows ARM runners.

[1.11.0] - 2025-02-24

• Add new parameter cache-bin that is propagated to Swatinem/rust-cache as cache-bin (#51 by @​enkhjile)
• Add new parameter cache-shared-key that is propagated to Swatinem/rust-cache as shared-key (#52 by @​skanehira)

[1.10.1] - 2024-10-01

• Fix problem matcher for rustfmt output. The format has changed since rust-lang/rustfmt#5971 and now follows the form "filename:line". Thanks to @​0xcypher02 for pointing out the problem.

[1.10.0] - 2024-09-23

• Add new parameter cache-directories that is propagated to Swatinem/rust-cache (#44 by @​pranc1ngpegasus)
• Add new parameter cache-key that is propagated to Swatinem/rust-cache as key (#41 by @​iainlane)
• Make rustup toolchain installation more robust in light of planned changes rust-lang/rustup#3635 and rust-lang/rustup#3985
• Allow installing multiple Rust toolchains by specifying multiple versions in the toolchain input parameter.
• Configure the rustup override behavior via the new override input. (#38)

[1.9.0] - 2024-06-08

• Add extra argument cache-on-failure and forward it to Swatinem/rust-cache. (#39 by @​samuelhnrq)
  Set the default the value to true. This will result in more caching than previously. This helps when large dependencies are compiled only for testing to fail.

[1.8.0] - 2024-01-13

• Allow specifying subdirectories for cache.
• Fix toolchain file overriding.

[1.7.0] - 2024-01-11

• Allow overriding the toolchain file with explicit toolchain input. (#26)

[1.6.0] - 2023-12-04

... (truncated)

Commits

• 9d7e65c Update changelog for windows support
• 9988a3d Update the dependency section to mark the new windows rustup support
• 0ddce9f Merge pull request #58 from maennchen/jm/windows-arm
• d9c91b2 Support rustup installation for Windows
• See full diff in compare view

Updates aws-actions/configure-aws-credentials from 4.1.0 to 4.2.1

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v4.2.1

4.2.1 (2025-05-14)

Bug Fixes

• ensure explicit inputs take precedence over environment variables (e56e6c4)
• prioritize explicit inputs over environment variables (df9c8fe)

v4.2.0

4.2.0 (2025-05-06)

Features

• add Expiration field to Outputs (a4f3267)
• Document role-duration-seconds range (5a0cf01)
• support action inputs as environment variables (#1338) (2c168ad)

Bug Fixes

• make sure action builds, also fix dependabot autoapprove (c401b8a)
• role chaning on mulitple runs (#1340) (9e38641)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

4.2.1 (2025-05-14)

Bug Fixes

• ensure explicit inputs take precedence over environment variables (e56e6c4)
• prioritize explicit inputs over environment variables (df9c8fe)

4.2.0 (2025-05-06)

Features

• add Expiration field to Outputs (a4f3267)
• Document role-duration-seconds range (5a0cf01)
• support action inputs as environment variables (#1338) (2c168ad)

Bug Fixes

• make sure action builds, also fix dependabot autoapprove (c401b8a)
• role chaning on mulitple runs (#1340) (9e38641)

4.1.0 (2025-02-08)

Features

• idempotent fetch (#1289) (eb70354)

Bug Fixes

• build failure due to tests (#1283) (134d71e)
• Dependabot autoapprove (#1284) (b9ee51d)
• Dependabot autoapprove id-token write permission (#1285) (f0af89b)
• typo (#1281) (39fd91c)

4.0.3 (2025-01-27)

Features

• added release-please action config (0f88004)

... (truncated)

Commits

• b475783 chore(main): release 4.2.1 (#1356)
• e56e6c4 Merge pull request #1355 from hozzer/main
• c0573b2 update dist
• df9c8fe fix: prioritize explicit inputs over environment variables
• e7aeb52 chore: Update dist
• 5188626 chore(deps): bump @​aws-sdk/client-sts from 3.803.0 to 3.808.0 (#1353)
• a7d7b78 chore: Update dist
• e10de4c chore(deps-dev): bump @​aws-sdk/credential-provider-env (#1352)
• 85f7c4c chore(deps-dev): bump @​types/node from 22.15.11 to 22.15.17 (#1351)
• f24d719 Merge pull request #1331 from aws-actions/release-please--branches--main--com...
• Additional commits viewable in compare view

Updates actions/attest-build-provenance from 2.2.3 to 2.3.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v2.3.0

What's Changed

• Bump actions/attest from 2.2.1 to 2.3.0 by @​bdehamer in actions/attest-build-provenance#615
  • Updates @sigstore/oci from 0.4.0 to 0.5.0

Full Changelog: actions/attest-build-provenance@v2.2.3...v2.3.0

Commits

• db473fd bump actions/attest from 2.2.1 to 2.3.0 (#615)
• d3b713a Bump the actions-minor group with 2 updates (#566)
• e042adb Bump the npm-development group with 4 updates (#567)
• 9d3beef Bump the npm-development group with 4 updates (#554)
• 877f50d Bump typescript-eslint in the npm-development group (#516)
• b7ab740 Bump the npm-development group across 1 directory with 6 updates (#506)
• See full diff in compare view

Updates paritytech/review-bot from 2.7.0 to 2.7.1

Release notes

Sourced from paritytech/review-bot's releases.

v2.7.1

What's Changed

• Mainenance update by @​mutantcornholio in paritytech/review-bot#144

Full Changelog: paritytech/review-bot@v2.7.0...v2.7.1

Commits

• 3428eb0 Mainenance update (#144)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions