chore(deps): bump the dependencies group with 3 updates

[dependabot]

Bumps the dependencies group with 3 updates: actions/setup-node, CodSpeedHQ/action and dependabot/fetch-metadata.

Updates actions/setup-node from 6.2.0 to 6.4.0

Release notes

Sourced from actions/setup-node's releases.

v6.4.0

What's Changed

Dependency updates:

• Upgrade @​actions dependencies by @​Copilot in actions/setup-node#1525
• Update Node.js versions in versions.yml and bump package to v6.4.0 by @​priya-kinthali in actions/setup-node#1533

New Contributors

• @​Copilot made their first contribution in actions/setup-node#1525

Full Changelog: actions/setup-node@v6...v6.4.0

v6.3.0

What's Changed

Enhancements:

• Support parsing devEngines field by @​susnux in actions/setup-node#1283

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:

• Fix npm audit issues by @​gowridurgad in actions/setup-node#1491
• Replace uuid with crypto.randomUUID() by @​trivikr in actions/setup-node#1378
• Upgrade minimatch from 3.1.2 to 3.1.5 by @​dependabot in actions/setup-node#1498

Bug fixes:

• Remove hardcoded bearer for mirror-url @​marco-ippolito in actions/setup-node#1467
• Scope test lockfiles by package manager and update cache tests by @​gowridurgad in actions/setup-node#1495

New Contributors

• @​susnux made their first contribution in actions/setup-node#1283

Full Changelog: actions/setup-node@v6...v6.3.0

Commits

• 48b55a0 Update Node.js versions in versions.yml and bump package to v6.4.0 (#1533)
• ab72c7e Upgrade @​actions dependencies (#1525)
• 53b8394 Bump minimatch from 3.1.2 to 3.1.5 (#1498)
• 54045ab Scope test lockfiles by package manager and update cache tests (#1495)
• c882bff Replace uuid with crypto.randomUUID() (#1378)
• 774c1d6 feat(node-version-file): support parsing devEngines field (#1283)
• efcb663 fix: remove hardcoded bearer (#1467)
• d02c89d Fix npm audit issues (#1491)
• See full diff in compare view

Updates CodSpeedHQ/action from 4.10.4 to 4.14.0

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.14.0

Release Notes

We now collect buildtime and runtime environment data to warn users about differences in their runtime environment when comparing two runs against one another.

This data includes toolchain metadata like version and build options, as well as a list of dynamically loaded linked libraries.

Minimum integration versions

To support the runtime metadata collection, make sure to use at least the following versions:

• pytest-codspeed v4.4.0
• codspeed-rust v4.5.0
• codspeed-cpp v2.2.0
• codspeed-go v1.1.0
• codspeed-node v5.3.0

🚀 Features

• Stop panicking when parsing invalid perf file by @​GuillaumeLagrange in #298
• Make the basic run only 5 rounds to make logs not crash the github page by @​GuillaumeLagrange
• Represent the host OS as a SupportedOs enum with per-executor support gates by @​GuillaumeLagrange
• Bypass systemd-run usage on macos by @​GuillaumeLagrange
• Add aarch64-apple-darwin to the release targets by @​GuillaumeLagrange
• Collect cpu flags in system info by @​GuillaumeLagrange in #281

🐛 Bug Fixes

• Fix instropected_go's behavior on macos by @​GuillaumeLagrange
• Update rust crate git2 to 0.20.4 (#284) by @​xtqqczze in #284

⚙️ Internals

• chore: bump runner version to 4.14.0 by @​github-actions[bot] in CodSpeedHQ/action#203
• Move the config schema check from pre-commit to ci-only check by @​GuillaumeLagrange in #287
• Skip tests that rely on linux behavior by @​GuillaumeLagrange
• Bump instrument-hooks submodule to include stubs improvement by @​GuillaumeLagrange
• Rerun exec harness build if instrument hooks sources change by @​GuillaumeLagrange
• Make update-bindings.sh PWD agnostic by @​GuillaumeLagrange

Install codspeed-runner 4.14.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.14.0/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.14.0

File	Platform	Checksum
codspeed-runner-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum

... (truncated)

Commits

• 658a901 Release v4.14.0 🚀
• 1d42668 chore: bump runner version to 4.14.0
• db35df7 Release v4.13.1 🚀
• bc11107 feat: support action-only releases with explicit version argument
• 12a303d feat: fail release script if version already exists
• 6e1e277 feat: add dry-run mode to release script
• d214727 build(deps)!: update actions to Node.js 24 runtime (#201)
• d872884 Release v4.13.0 🚀
• c179ec8 chore: bump runner version to 4.13.0 (#198)
• 1c8ae48 Release v4.12.1 🚀
• Additional commits viewable in compare view

Updates dependabot/fetch-metadata from 3.0.0 to 3.1.0

Release notes

Sourced from dependabot/fetch-metadata's releases.

v3.1.0

What's Changed

• Add permissions to all workflows by @​truggeri in dependabot/fetch-metadata#687
• build(deps-dev): bump globals from 16.0.0 to 17.4.0 by @​dependabot[bot] in dependabot/fetch-metadata#690
• build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by @​dependabot[bot] in dependabot/fetch-metadata#693
• build(deps-dev): bump @​hono/node-server from 1.19.10 to 1.19.13 by @​dependabot[bot] in dependabot/fetch-metadata#694
• build(deps-dev): bump hono from 4.12.7 to 4.12.12 by @​dependabot[bot] in dependabot/fetch-metadata#695
• Dynamically update the tracking tag in action by @​truggeri in dependabot/fetch-metadata#696
• fix: handle duplicate dependency names in parseMetadataLinks by @​devantler in dependabot/fetch-metadata#700
• fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by @​devantler in dependabot/fetch-metadata#698
• Updates to README for permissions clarification by @​truggeri in dependabot/fetch-metadata#697
• fix: resolve update-type null for Python, Composer, and Terraform PRs by @​vitorsdcs in dependabot/fetch-metadata#704
• build(deps-dev): bump globals from 17.4.0 to 17.5.0 by @​dependabot[bot] in dependabot/fetch-metadata#703
• build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by @​dependabot[bot] in dependabot/fetch-metadata#701
• build(deps): bump @​actions/github from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by @​dependabot[bot] in dependabot/fetch-metadata#702
• build(deps-dev): bump hono from 4.12.12 to 4.12.14 by @​dependabot[bot] in dependabot/fetch-metadata#705
• v3.1.0 by @​fetch-metadata-action-automation[bot] in dependabot/fetch-metadata#692

New Contributors

• @​devantler made their first contribution in dependabot/fetch-metadata#700
• @​vitorsdcs made their first contribution in dependabot/fetch-metadata#704

Full Changelog: dependabot/fetch-metadata@v3...v3.1.0

Commits

• 25dd0e3 v3.1.0 (#692)
• e073f50 Merge pull request #705 from dependabot/dependabot/npm_and_yarn/hono-4.12.14
• 0670e16 build(deps-dev): bump hono from 4.12.12 to 4.12.14
• 7a7fe10 Merge pull request #702 from dependabot/dependabot/npm_and_yarn/dependencies-...
• 5168191 Updating dist build
• 23882e1 build(deps): bump @​actions/github in the dependencies group
• 1072469 Merge pull request #701 from dependabot/dependabot/github_actions/actions/cre...
• 43f8a00 build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1
• b4d904a Merge pull request #703 from dependabot/dependabot/npm_and_yarn/globals-17.5.0
• c8046bb build(deps-dev): bump globals from 17.4.0 to 17.5.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: d12f04c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codspeed-hq]

Merging this PR will not alter performance

✅ 92 untouched benchmarks

---

_{Comparing dependabot/github_actions/dependencies-ec89a19dc6 (d12f04c) with main (4296012)}