build(deps): bump the actions group across 1 directory with 5 updates

[dependabot]

Bumps the actions group with 5 updates in the / directory:

Package	From	To
cargo-bins/cargo-binstall	1.15.9	1.15.11
astral-sh/setup-uv	7.1.2	7.1.3
rust-lang/crates-io-auth-action	1.0.2	1.0.3
cross-platform-actions/action	0.29.0	0.30.0
docker/setup-qemu-action	3.6.0	3.7.0

Updates cargo-bins/cargo-binstall from 1.15.9 to 1.15.11

Release notes

Sourced from cargo-bins/cargo-binstall's releases.

v1.15.11

Binstall is a tool to fetch and install Rust-based executables as binaries. It aims to be a drop-in replacement for cargo install in most cases. Install it today with cargo install cargo-binstall, from the binaries below, or if you already have it, upgrade with cargo binstall cargo-binstall.

In this release:

• Fix binstalk-downloader cannot decode some zip files on macos (x64 and arm64) platforms (#2049 #2362)
• Fix grammer in HELP.md and --help output (#2357 #2359)
• Update documentation link in Cargo.toml (#2355)

Other changes:

• Upgrade dependencies

v1.15.10

Binstall is a tool to fetch and install Rust-based executables as binaries. It aims to be a drop-in replacement for cargo install in most cases. Install it today with cargo install cargo-binstall, from the binaries below, or if you already have it, upgrade with cargo binstall cargo-binstall.

In this release:

• fix file locking for android and illumos (#2330 #2348 #2350)

Other changes:

• Upgrade dependencies

Commits

• ae04fb5 release: cargo-binstall v1.15.11 (#2364)
• 785915c chore: release (#2361)
• 753990b dep: Upgrade transitive dependencies (#2363)
• 95af154 Update rc-zip-sync version to 4.3.5 (#2362)
• 410af0a docs: grammar (#2359)
• 5d5d94c dep: Upgrade transitive dependencies (#2360)
• 3728a7f chore: release (#2356)
• 504c0e9 Update documentation link in Cargo.toml (#2355)
• b3f755e release: cargo-binstall v1.15.10 (#2354)
• 3f0f0d6 chore: release (#2351)
• Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.1.2 to 7.1.3

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.1.3 🌈 Support act

Changes

This bug fix release adds support for https://github.com/nektos/act It was previously broken because of a too new undici version and TS transpilation target.

Compatibility with act is now automatically tested.

🐛 Bug fixes

• use old undici and ES2022 target for act support @​eifinger (#678)

🧰 Maintenance

• chore: update known checksums for 0.9.8 @github-actions[bot] (#677)
• chore: update known checksums for 0.9.7 @github-actions[bot] (#671)
• chore: update known checksums for 0.9.6 @github-actions[bot] (#670)

📚 Documentation

• Correct description of cache-dependency-glob @​allanlewis (#676)

Commits

• 5a7eac6 use old undici and ES2022 target for act support (#678)
• b49dc9e chore: update known checksums for 0.9.8 (#677)
• 30ce38e Correct description of cache-dependency-glob (#676)
• 0d20755 chore: update known checksums for 0.9.7 (#671)
• 8491d1d chore: update known checksums for 0.9.6 (#670)
• See full diff in compare view

Updates rust-lang/crates-io-auth-action from 1.0.2 to 1.0.3

Release notes

Sourced from rust-lang/crates-io-auth-action's releases.

v1.0.3

What's Changed

• chore(deps): update dependency eslint to v9.38.0 by @​renovate[bot] in rust-lang/crates-io-auth-action#88
• chore(deps): update dependency msw to v2.11.6 by @​renovate[bot] in rust-lang/crates-io-auth-action#89
• chore(deps): update dependency typescript-eslint to v8.46.2 by @​renovate[bot] in rust-lang/crates-io-auth-action#90
• refactor: Migrate from tsup to tsdown by @​kingsword09 in rust-lang/crates-io-auth-action#92
• chore(deps): update dependency typescript-eslint to v8.46.3 by @​renovate[bot] in rust-lang/crates-io-auth-action#97
• chore(deps): update dependency globals to v16.5.0 by @​renovate[bot] in rust-lang/crates-io-auth-action#96
• chore(deps): update dependency msw to v2.12.0 by @​renovate[bot] in rust-lang/crates-io-auth-action#98
• chore(deps): update lycheeverse/lychee-action action to v2.7.0 by @​renovate[bot] in rust-lang/crates-io-auth-action#94
• chore(deps): update dependency eslint to v9.39.1 by @​renovate[bot] in rust-lang/crates-io-auth-action#93
• chore(deps): update dependency vitest to v4 by @​renovate[bot] in rust-lang/crates-io-auth-action#91
• update tsdown to version 0.16 by @​marcoieni in rust-lang/crates-io-auth-action#100
• chore(deps): lock file maintenance by @​renovate[bot] in rust-lang/crates-io-auth-action#95

Full Changelog: rust-lang/crates-io-auth-action@v1.0.2...v1.0.3

Commits

• b7e9a28 Merge pull request #95 from rust-lang/renovate/lock-file-maintenance
• 7ac4f7f chore(deps): lock file maintenance
• eeaaca0 Merge pull request #100 from rust-lang/update-tsdown-to-version-0-16
• 9002361 update tsdown to version 0.16
• a06c97a Merge pull request #91 from rust-lang/renovate/major-vitest-monorepo
• 2d6d193 chore(deps): update dependency vitest to v4
• 5c091fa Merge pull request #93 from rust-lang/renovate/eslint-monorepo
• 14c1413 chore(deps): update dependency eslint to v9.39.1
• 8a0dbdb Merge pull request #94 from rust-lang/renovate/github-actions
• 2c172cf Merge pull request #96 from rust-lang/renovate/globals-16.x-lockfile
• Additional commits viewable in compare view

Updates cross-platform-actions/action from 0.29.0 to 0.30.0

Release notes

Sourced from cross-platform-actions/action's releases.

Cross Platform Action 0.30.0

Added

• Document how to report a security vulnerability
• Add support for OpenBSD 7.8 (#112)

Security

• Fix potential code injection in the GitHub release workflow (#GHSA-928q-63gf-mc2x)

Changelog

Sourced from cross-platform-actions/action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[0.30.0] - 2025-11-04

Added

• Document how to report a security vulnerability
• Add support for OpenBSD 7.8 (#112)

Security

• Fix potential code injection in the GitHub release workflow (#GHSA-928q-63gf-mc2x)

[0.29.0] - 2025-07-22

Added

• Add support for FreeBSD 14.3 (#106, freebsd-builder#9)

Fixed

• Fix file sync on Haiku (#104)

[0.28.0] - 2025-05-19

Added

• Add support for FreeBSD 13.5 (#99)
• Add support for OpenBSD 7.7 (openbsd-builder#21)
• Add support for Haiku (#30)

[0.27.0] - 2025-01-22

Added

• Add support for NetBSD 10.1 (#95)

[0.26.0] - 2024-04-12

Added

• Add support for FreeBSD 13.4
• Add support for OpenBSD 7.6 (openbsd-builder#20)
• Add support for FreeBSD 14.2

[0.25.0] - 2024-07-11

Added

• Add support for NetBSD 9.4
• Add support for FreeBSD 14.1

Deprecated

• Support for macOS runners has been deprecated and will be removed in a future release. The reason for using macOS runners in the past has been because of the support for hardware accelerated nested virtualization using the Hypervisor framework. Since the creation of this action, the Ubuntu runners have been upgraded with better performance and added support for hardware

... (truncated)

Commits

• 46e8d7f CI Pipeline: switch to macOS-15-intel runner
• 5f2e9c3 Release 0.30.0
• 9be9731 Fix #112: Add support for OpenBSD 7.8
• ea726d5 Fix #GHSA-928q-63gf-mc2x: Potential code injection in the GitHub release work...
• bcdb759 [no ci] Document how to report a security vulnerability
• See full diff in compare view

Updates docker/setup-qemu-action from 3.6.0 to 3.7.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.7.0

• Bump @​docker/actions-toolkit from 0.56.0 to 0.67.0 in docker/setup-qemu-action#217 docker/setup-qemu-action#230
• Bump brace-expansion from 1.1.11 to 1.1.12 in docker/setup-qemu-action#220
• Bump form-data from 2.5.1 to 2.5.5 in docker/setup-qemu-action#218
• Bump tmp from 0.2.3 to 0.2.4 in docker/setup-qemu-action#221
• Bump undici from 5.28.4 to 5.29.0 in docker/setup-qemu-action#219

Full Changelog: docker/setup-qemu-action@v3.6.0...v3.7.0

Commits

• c7c5346 Merge pull request #230 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 3a517a1 chore: update generated content
• a5b45ed build(deps): bump @​docker/actions-toolkit from 0.62.1 to 0.67.0
• 3a64278 Merge pull request #220 from docker/dependabot/npm_and_yarn/brace-expansion-1...
• 94906ba chore: update generated content
• 4027abf build(deps): bump brace-expansion from 1.1.11 to 1.1.12
• bee0aaa Merge pull request #221 from docker/dependabot/npm_and_yarn/tmp-0.2.4
• 0d7e257 chore: update generated content
• b869601 build(deps): bump tmp from 0.2.3 to 0.2.4
• 3a043ed Merge pull request #219 from docker/dependabot/npm_and_yarn/undici-5.29.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[2bndy5]

@dependabot rebase

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.53%. Comparing base (b15dcfe) to head (0e84068).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #210   +/-   ##
=======================================
  Coverage   96.53%   96.53%           
=======================================
  Files          14       14           
  Lines        2999     2999           
=======================================
  Hits         2895     2895           
  Misses        104      104           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.