build(deps): bump the ci_dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the ci_dependencies group with 10 updates in the / directory:

Package	From	To
actions/checkout	6.0.2	6.0.3
actions/create-github-app-token	3.1.1	3.2.0
benchmark-action/github-action-benchmark	1.22.0	1.22.1
docker/build-push-action	7.1.0	7.2.0
docker/login-action	4.1.0	4.2.0
actions-rust-lang/setup-rust-toolchain	1.16.0	1.16.1
korthout/backport-action	4.4.0	4.5.2
aws-actions/configure-aws-credentials	6.1.0	6.2.0
paritytech/revive-differential-tests	b12369430ec8184e62cc5fdcae8a140a8f1fadbd	33c3bab21179023f2c06b4f4664077221deedac0
codecov/codecov-action	6.0.0	7.0.0

Updates actions/checkout from 6.0.2 to 6.0.3

Release notes

Sourced from actions/checkout's releases.

v6.0.3

What's Changed

• Update changelog by @​ericsciple in actions/checkout#2357
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414
• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• Update changelog for v6.0.3 by @​yaananth in actions/checkout#2446

New Contributors

• @​yaananth made their first contribution in actions/checkout#2414

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v6.0.3

• Fix checkout init for SHA-256 repositories by @​yaananth in actions/checkout#2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in actions/checkout#2414

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

v6.0.1

• Add worktree support for persist-credentials includeIf by @​ericsciple in actions/checkout#2327

v6.0.0

• Persist creds to a separate file by @​ericsciple in actions/checkout#2286
• Update README to include Node.js 24 support details and requirements by @​salmanmkc in actions/checkout#2248

v5.0.1

• Port v6 cleanup to v5 by @​ericsciple in actions/checkout#2301

v5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

v4.3.1

• Port v6 cleanup to v4 by @​ericsciple in actions/checkout#2305

v4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774

... (truncated)

Commits

• df4cb1c Update changelog for v6.0.3 (#2446)
• 1cce339 Fix checkout init for SHA-256 repositories (#2439)
• 900f221 fix: expand merge commit SHA regex and add SHA-256 test cases (#2414)
• 0c366fd Update changelog (#2357)
• See full diff in compare view

Updates actions/create-github-app-token from 3.1.1 to 3.2.0

Release notes

Sourced from actions/create-github-app-token's releases.

v3.2.0

3.2.0 (2026-05-12)

Features

• add support for enterprise-level GitHub Apps (#263) (952a2a7)
• support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
• validate private-key input (#376) (f24bbd8)

Changelog

Sourced from actions/create-github-app-token's changelog.

Changelog

3.2.0 (2026-05-12)

Features

• add support for enterprise-level GitHub Apps (#263) (952a2a7)
• support full repository names in repositories input (#372) (85eb8dd)

Bug Fixes

• deps: bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependencies group (#364) (43e5c34)
• validate private-key input (#376) (f24bbd8)

Commits

• bcd2ba4 chore(main): release 3.2.0 (#370)
• f24bbd8 fix: validate private-key input (#376)
• 363531b docs: capitalize Git as a proper noun in README (#374)
• fd28011 docs: update procedure to configure Git (#287)
• 85eb8dd feat: support full repository names in repositories input (#372)
• c9aabb8 build(deps-dev): bump yaml from 2.8.3 to 2.8.4 in the development-dependencie...
• e02e816 build(deps-dev): bump undici from 7.24.6 to 8.2.0 (#366)
• 8d835bf build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 in the development-depend...
• 952a2a7 feat: add support for enterprise-level GitHub Apps (#263)
• 43e5c34 fix(deps): bump @​actions/core from 3.0.0 to 3.0.1 in the production-dependenc...
• Additional commits viewable in compare view

Updates benchmark-action/github-action-benchmark from 1.22.0 to 1.22.1

Release notes

Sourced from benchmark-action/github-action-benchmark's releases.

v1.22.1

• fix scope tsconfig.build.json to src/ for reproducibility (#352)
• chore bump minimatch from 3.1.2 to 3.1.5 (#347)
• chore bump uuid and @​actions/core (#350)
• chore bump flatted from 3.2.4 to 3.4.2 (#346)
• chore bump js-yaml (#344)
• chore bump picomatch from 2.3.0 to 2.3.2 (#342)

Full Changelog: benchmark-action/github-action-benchmark@v1.22.0...v1.22.1

Changelog

Sourced from benchmark-action/github-action-benchmark's changelog.

Unreleased

v1.22.1 - 6 May 2026

• fix scope tsconfig.build.json to src/ for reproducibility (#352)
• chore bump minimatch from 3.1.2 to 3.1.5 (#347)
• chore bump uuid and @​actions/core (#350)
• chore bump flatted from 3.2.4 to 3.4.2 (#346)
• chore bump js-yaml (#344)
• chore bump picomatch from 2.3.0 to 2.3.2 (#342)

v1.22.0 - 31 Mar 2026

• chore bump node to 24 (#339)

v1.21.0 - 02 Mar 2026

• fix include package name for duplicate bench names (#330)
• fix avoid duplicate package suffix in Go benchmarks (#337)

v1.20.7 - 06 Sep 2025

• fix improve parsing for custom benchmarks (#323)

v1.20.5 - 02 Sep 2025

• feat allow to parse generic cargo bench/criterion units (#280)
• fix add summary even when failure threshold is surpassed (#285)
• fix time units are not normalized (#318)

v1.20.4 - 23 Oct 2024

• feat add typings and validation workflow (#257)

v1.20.3 - 19 May 2024

• fix Catch2 v.3.5.0 changed output format (#247)

v1.20.2 - 19 May 2024

• fix Support sub-nanosecond precision on Cargo benchmarks (#246)

v1.20.1 - 02 Apr 2024

• fix release script

v1.20.0 - 02 Apr 2024

• fix Rust benchmarks not comparing to baseline (#235)
• feat Comment on PR and auto update comment (#223)

... (truncated)

Commits

• 52576c9 release v1.22.1
• See full diff in compare view

Updates docker/build-push-action from 7.1.0 to 7.2.0

Release notes

Sourced from docker/build-push-action's releases.

v7.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/build-push-action#1525
• Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0 in docker/build-push-action#1517
• Bump brace-expansion from 2.0.2 to 5.0.6 in docker/build-push-action#1534
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/build-push-action#1529
• Bump fast-xml-parser from 5.5.7 to 5.8.0 in docker/build-push-action#1521
• Bump postcss from 8.5.6 to 8.5.10 in docker/build-push-action#1526
• Bump tar from 6.2.1 to 7.5.15 in docker/build-push-action#1533

Full Changelog: docker/build-push-action@v7.1.0...v7.2.0

Commits

• f9f3042 Merge pull request #1517 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 812d5fd chore: update generated content
• b6f6693 chore(deps): Bump @​docker/actions-toolkit from 0.87.0 to 0.90.0
• c1c626e Merge pull request #1525 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 51bb284 chore: update generated content
• 5f7884d chore(deps): Bump @​actions/core from 3.0.0 to 3.0.1
• e01deff Merge pull request #1521 from docker/dependabot/npm_and_yarn/fast-xml-parser-...
• 3804d49 chore: update generated content
• 71e8947 chore(deps): Bump fast-xml-parser from 5.5.7 to 5.8.0
• 4925ad2 Merge pull request #1526 from docker/dependabot/npm_and_yarn/postcss-8.5.10
• Additional commits viewable in compare view

Updates docker/login-action from 4.1.0 to 4.2.0

Release notes

Sourced from docker/login-action's releases.

v4.2.0

• Bump @​actions/core from 3.0.0 to 3.0.1 in docker/login-action#976
• Bump @​aws-sdk/client-ecr and @​aws-sdk/client-ecr-public to 3.1050.0 in docker/login-action#960
• Bump @​docker/actions-toolkit from 0.86.0 to 0.90.0 in docker/login-action#970
• Bump brace-expansion from 2.0.1 to 5.0.6 in docker/login-action#993
• Bump fast-xml-builder from 1.1.4 to 1.2.0 in docker/login-action#985
• Bump fast-xml-parser from 5.3.6 to 5.8.0 in docker/login-action#963
• Bump http-proxy-agent and https-proxy-agent to 9.0.0 in docker/login-action#961
• Bump postcss from 8.5.6 to 8.5.10 in docker/login-action#979
• Bump tar from 6.2.1 to 7.5.15 in docker/login-action#991
• Bump vite from 7.3.1 to 7.3.3 in docker/login-action#986

Full Changelog: docker/login-action@v4.1.0...v4.2.0

Commits

• 650006c Merge pull request #960 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
• 99df1a3 chore: update generated content
• 3ab375f build(deps): bump the aws-sdk-dependencies group across 1 directory with 2 up...
• 39d8580 Merge pull request #970 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 4eefcd3 chore: update generated content
• 56d092c build(deps): bump @​docker/actions-toolkit from 0.86.0 to 0.90.0
• e2e31ca Merge pull request #976 from docker/dependabot/npm_and_yarn/actions/core-3.0.1
• 0bced94 chore: update generated content
• 3e75a0f build(deps): bump @​actions/core from 3.0.0 to 3.0.1
• 365bebd Merge pull request #984 from docker/dependabot/github_actions/aws-actions/con...
• Additional commits viewable in compare view

Updates actions-rust-lang/setup-rust-toolchain from 1.16.0 to 1.16.1

Release notes

Sourced from actions-rust-lang/setup-rust-toolchain's releases.

v1.16.1

What's Changed

• Rename local variables to avoid conflicts with global variables by @​jonasbb in actions-rust-lang/setup-rust-toolchain#92

Full Changelog: actions-rust-lang/setup-rust-toolchain@v1.16.0...v1.16.1

Changelog

Sourced from actions-rust-lang/setup-rust-toolchain's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[1.16.1] - 2026-05-08

• Renamed internally used variable to avoid clashes with globally existing variables. This fixes the interference of the TOOLCHAIN variable as reported in #91.

[1.16.0] - 2026-04-13

• Add new parameter cache-save-if that is propagated to Swatinem/rust-cache as save-if (#90 by @​ChanTsune)

[1.15.4] - 2026-03-15

• Bump Swatinem/rust-cache from 2.8.2 to 2.9.1 (#87 by @​hyperfinitism) This gets rid of the warnings about Node.js 20.

[1.15.3] - 2026-03-01

• Bump Swatinem/rust-cache from 2.8.1 to 2.8.2

[1.15.2] - 2025-10-04

• Fix: Run the version detection steps in the selected rust-src-dir directory. This should enable the version selection even without a default toolchain installed. Fixes #74.

[1.15.1] - 2025-09-23

• Update Swatinem/rust-cache to v2.8.1

[1.15.0] - 2025-09-14

• Add support for non-root source directory. Accept source code and rust-toolchain.toml file in subdirectories of the repository. Adds a new parameter rust-src-dir that controls the lookup for toolchain files and sets a default value for the cache-workspace input. (#69 by @​Kubaryt)

[1.14.1] - 2025-08-28

• Pin Swatinem/rust-cache action to a full commit SHA (#68 by @​JohnTitor)

[1.14.0] - 2025-08-23

• Add new parameters cache-all-crates and cache-workspace-crates that are propagated to Swatinem/rust-cache as cache-all-crates and cache-workspace-crates

... (truncated)

Commits

• 46268bd Merge pull request #92 from actions-rust-lang/rename-local-variables
• 826365c Update changelog
• 4f937ac Rename local variables to avoid conflicts with global variables
• See full diff in compare view

Updates korthout/backport-action from 4.4.0 to 4.5.2

Release notes

Sourced from korthout/backport-action's releases.

Backport-action v4.5.2

What's Changed

Bug fix for [Summary comment incorrectly reports success when no target branches are found #629](korthout/backport-action#629). When the action runs but finds no targets (no matching labels and no target_branches input), the summary comment now explicitly states this instead of the misleading "backported this pull request". The comment also hints at filtering the trigger at the workflow level so the action runs only when there's work to do, and the README usage example now demonstrates that pattern with a label-prefix filter.

• Report no-targets outcome and recommend a workflow filter by @​korthout in korthout/backport-action#636

Documentation

The README grew a new section on computing target_branches dynamically at workflow runtime. You may need this when targets come from a config file, an API call, or a parsed /backport <branch> comment rather than labels. We also made some further improvements to the README examples. We collapsed the signing example into a <details> block, tightened the comment-trigger example, and bumped the actions/checkout to v6 across examples.

• Document dynamic target_branches and refresh README examples by @​korthout in korthout/backport-action#641

Updated dependencies

• Update korthout/backport-action action to v4.5.1 by @​renovate[bot] in korthout/backport-action#635
• Update dependency @​types/node to v24.12.3 by @​renovate[bot] in korthout/backport-action#638
• Lock file maintenance by @​renovate[bot] in korthout/backport-action#639

Full Changelog: korthout/backport-action@v4.5.1...v4.5.2

Backport-action v4.5.1

What's Changed

Bug fix for [comment_style: summary drops conflict-resolution instructions #633](korthout/backport-action#633)

• Post resolve-conflicts comment on draft PR in summary mode by @​korthout in korthout/backport-action#634

Updated dependencies

• Update korthout/backport-action action to v4.5.0 by @​renovate[bot] in korthout/backport-action#627
• Lock file maintenance by @​renovate[bot] in korthout/backport-action#632

Maintenance changes

• Enable summary comment style for our own backport workflow by @​korthout in korthout/backport-action#628

Full Changelog: korthout/backport-action@v4.5.0...v4.5.1

Backport-action v4.5.0

What's Changed

This release introduces a new comment_style input with two options:

• legacy (default): one comment per target branch. This is the same behavior as you know from previous versions.
• summary: a single comment per workflow run that updates progressively as each target is processed. It links back to the workflow run, shows a status table for every target, and includes recovery hints for known failure modes (e.g. push permission denied, cherry-pick conflicts).

Here's what a summary comment looks like mid-run:

Backport-action is backporting this pull request in workflow run 15439584062.

Target	Status
stable/8.7	✅ Created #612
stable/8.6	⚠️ Drafted with conflicts #613
stable/8.5	❌ Failed

... (truncated)

Commits

• 6606540 dist: release 4.5.2
• 413d257 Merge pull request #641 from korthout/docs/629-dynamic-target-branches-readme
• dbf3d7e Bump actions/checkout to v6 in README examples
• 0035616 Tighten signing section prose
• c3f172c Collapse signing example into a details block
• fae10fd Document computing target_branches dynamically at workflow runtime
• 6152bfa Drop obsolete bot-id filter from README workflow example
• 299312a Clarify target_branches works standalone or with labels
• 0356078 Document README/action.yml input-doc sync rule in CLAUDE.md
• 20acf50 Merge pull request #639 from korthout/renovate/lock-file-maintenance
• Additional commits viewable in compare view

Updates aws-actions/configure-aws-credentials from 6.1.0 to 6.2.0

Release notes

Sourced from aws-actions/configure-aws-credentials's releases.

v6.2.0

6.2.0 (2026-06-01)

Features

• add additional session tags by default (#1775) (e0ba768)
• add more retry logic and better logging (#1764) (540d0c1)
• add regex validation to role-session-name (#1765) (e354499)
• Allow custom session tags to be passed when assuming a role (#1759) (61f50f6)
• expose run id in STS client user-agent (#1774) (29d1be3)
• support custom STS endpoints (#1762) (8d52d05)

Bug Fixes

• skip credential check on output-env-credentials: false (#1778) (58e7c47)
• assumeRole failing from session tag size too large (#1808) (d6f5dc3)

v6.1.3

6.1.3 (2026-05-27)

Bug Fixes

• fix: allow kubelet token symlink in aws-actions/configure-aws-credentials#1805

v6.1.2

6.1.2 (2026-05-26)

Bug Fixes

• additional filesystem checks (#1799) (c39f282)

v6.1.1

What's Changed

• chore(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1722
• chore(deps-dev): bump @​types/node from 25.5.0 to 25.5.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1723
• chore(deps-dev): bump @​smithy/property-provider from 4.2.12 to 4.2.13 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1724
• chore(deps): bump proxy-agent from 8.0.0 to 8.0.1 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1726
• chore(deps): bump @​smithy/node-http-handler from 4.5.1 to 4.5.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1725
• chore(deps): bump @​aws-sdk/client-sts from 3.1020.0 to 3.1025.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1727
• chore(deps): bump basic-ftp from 5.2.0 to 5.2.1 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1728
• chore(deps): bump basic-ftp from 5.2.1 to 5.2.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1729
• chore(deps-dev): bump @​types/node from 25.5.2 to 25.6.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1730
• chore(deps-dev): bump @​aws-sdk/credential-provider-env from 3.972.24 to 3.972.25 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1733
• chore(deps): bump @​aws-sdk/client-sts from 3.1025.0 to 3.1030.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1732
• chore(deps-dev): bump @​biomejs/biome from 2.4.10 to 2.4.11 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1734
• chore(deps): bump basic-ftp from 5.2.2 to 5.3.0 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1736
• chore(deps-dev): bump memfs from 4.57.1 to 4.57.2 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1737
• chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1740
• chore(deps-dev): bump @​smithy/property-provider from 4.2.13 to 4.2.14 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1741
• chore(deps-dev): bump @​aws-sdk/credential-provider-env from 3.972.25 to 3.972.28 by @​dependabot[bot] in aws-actions/configure-aws-credentials#1742

... (truncated)

Changelog

Sourced from aws-actions/configure-aws-credentials's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.2.0 (2026-06-01)

Features

• add additional session tags by default (#1775) (e0ba768)
• add more retry logic and better logging (#1764) (540d0c1)
• add regex validation to role-session-name (#1765) (e354499)
• Allow custom session tags to be passed when assuming a role (#1759) (61f50f6)
• expose run id in STS client user-agent (#1774) (29d1be3)
• support custom STS endpoints (#1762) (8d52d05)

Bug Fixes

• skip credential check on output-env-credentials: false (#1778) (58e7c47)
• assumeRole failing from session tag size too large (#1808) (d6f5dc3)

6.1.3 (2026-05-28)

Bug Fixes

• fix: allow kubelet token symlink in #1805

6.1.2 (2026-05-26)

Bug Fixes

• additional filesystem checks (#1799) (c39f282)

6.1.1 (2026-05-05)

Miscellaneous Chores

• various dependency updates

6.1.0 (2026-04-06)

Features

• add skip cleanup option (#1716) (11b1c58), closes #1545
• Support usage of AWS Profiles (#1696) (a7f0c82)

6.0.0 (2026-02-04)

... (truncated)

Commits

• e7f100c chore(main): release 6.2.0 (#1806)
• bbbffea chore: Update dist
• d6f5dc3 fix: assumeRole failing from session tag size too large (#1808)
• 12014c0 docs: fix typo in README.md (#1809)
• 4ab3589 chore: replay 6.2 devel changes onto main (#1807)
• 99214aa chore: Update dist
• 217d179 fix: allow kubelet token symlink (#1805)
• 5548f34 chore: Update dist
• 77cd089 chore: document container credentials provider support (and delete transitive...
• dbacf31 chore: bump release version (#1801)
• Additional commits viewable in compare view

Updates paritytech/revive-differential-tests from b12369430ec8184e62cc5fdcae8a140a8f1fadbd to 33c3bab21179023f2c06b4f4664077221deedac0

Commits

• 33c3bab Support variable name composition and add w3s workload (#287)
• 5090df6 Invalidate compiler cache for different builds (#300)
• 70e8a92 Add block wait logic for benchmarks (#299)
• 4327ab0 Use buf writer for writing the report (#298)
• f45a270 Conditionally build polkadot-sdk packages in run-differential-tests action (#...
• 0ff2c83 Fix the gas estimation errors (#296)
• d352230 Fix revive-dev-node receipts issue (#295)
• d0c73a6 add rust toolchain config (#294)
• e544a18 Make concurrency settings configurable in GH action (#292)
• c0094e6 Update cache key in run-differential-tests action (#291)
• Additional commits viewable in compare view

Updates codecov/codecov-action from 6.0.0 to 7.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity accoun...

Description has been truncated