chore(deps): bump the dependencies group with 4 updates

[dependabot]

Bumps the dependencies group with 4 updates: depot/setup-action, depot/build-push-action, CodSpeedHQ/action and anchore/sbom-action.

Updates depot/setup-action from 1.6.0 to 1.7.1

Release notes

Sourced from depot/setup-action's releases.

v1.7.1

What's Changed

• Update release workflow to ubuntu-latest (#19) @​jacobwgillespie

v1.7.0

What's Changed

• chore: update node to v24 (#18) @​WitoDelnat

Commits

• 15c09a5 Merge pull request #19 from depot/jacobwgillespie-patch-1
• 3194a53 Update release workflow to ubuntu-latest
• c0b08c3 Merge pull request #18 from depot/wito/dep-2955-update-our-actions-to-use-nod...
• 23e67eb chore: update action dependencies
• 0886069 chore: update node to v24
• See full diff in compare view

Updates depot/build-push-action from 1.16.2 to 1.17.0

Release notes

Sourced from depot/build-push-action's releases.

v1.17.0

What's Changed

• chore: update node to v24 (#46) @​WitoDelnat
• Fix typo (#45) @​gavrie

Commits

• 5f3b3c2 Merge pull request #46 from depot/wito/dep-2955-update-our-actions-to-use-nod...
• 1c8a5de chore: update actions dependency
• 88deb2d chore: update node to v24
• eb4edcf Merge pull request #45 from gavrie/fix-typo
• b7a09de Fix typo
• See full diff in compare view

Updates CodSpeedHQ/action from 4.5.2 to 4.10.6

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.10.6

Release Notes

🚀 Features

• Use codspeed.io installer for cached and authenticated requests by @​adriencaccia in CodSpeedHQ/action#187
• Force necessary flags for go run in introspected go by @​GuillaumeLagrange in #238
• Bump the stack size for python by @​GuillaumeLagrange
• Make python generate perf maps in exec-harness analysis by @​GuillaumeLagrange
• Harvest python perf maps after parsing perf data by @​GuillaumeLagrange
• Allow memory instrument with exec-harness's integration hook by @​GuillaumeLagrange
• Use the new instrument-hooks bindings rather than codspeed core by @​GuillaumeLagrange

🐛 Bug Fixes

• Panic if integration doesn't support memory profiling by @​not-matthias in #239
• Allow memtrack caching by resetting .cargo permissions by @​not-matthias in #237
• Search build directories in sub-folders by @​not-matthias
• Handle working-directory option by @​not-matthias
• Improve simulation script support and detect subprocesses by @​GuillaumeLagrange

🏗️ Refactor

• Move common perf-map utility outside of valgrind helpers by @​GuillaumeLagrange

⚙️ Internals

• chore: bump runner version to 4.10.6 by @​github-actions[bot] in CodSpeedHQ/action#188
• Bump memtrack version
• Add debug logs for harvested bench pids by @​GuillaumeLagrange
• Update wording in build.rs by @​GuillaumeLagrange in #235
• Use tokio::fs when harvesting perf maps from pids by @​GuillaumeLagrange
• Import instrument-hooks bindings from codspeed-rust by @​GuillaumeLagrange
• Move small snapshot files out of Git LFS by @​art049

Install codspeed-runner 4.10.6

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.10.6/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.10.6

File	Platform	Checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
codspeed-runner-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum

Full Runner Changelog: https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md

Full Changelog: CodSpeedHQ/action@v4.10.5...v4.10.6

... (truncated)

Commits

• 4deb327 Release v4.10.6 🚀
• a4c005a chore: bump runner version to 4.10.6
• f6b352a feat: use codspeed hosted installer script
• 9a74b6b Release v4.10.5 🚀
• d6fbd84 chore: bump runner version to 4.10.5
• fa0c9b1 Release v4.10.4 🚀
• af115ee chore: bump runner version to 4.10.4
• 7bb457d chore: bump runner version to 4.10.3
• 2084259 Release v4.10.2 🚀
• 6bc053f chore: bump runner version to 4.10.2
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.21.1 to 0.22.2

Release notes

Sourced from anchore/sbom-action's releases.

v0.22.2

⬆️ Dependencies

• chore(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 (#581) [@dependabot[bot]]
• chore(deps): update Syft to v1.41.2 (#582) [@anchore-actions-token-generator[bot]]
• chore(deps-dev): bump the dev-dependencies group with 2 updates (#580) [@dependabot[bot]]
• chore(deps): update Syft to v1.41.1 (#579) [@anchore-actions-token-generator[bot]]

v0.22.1

⬆️ Dependencies

• chore(deps): update Syft to v1.41.0 (#576) [@anchore-actions-token-generator[bot]]
• chore(deps): bump lodash from 4.17.21 to 4.17.23 (#573) [@dependabot[bot]]

v0.22.0

Changes in v0.22.0

⬆️ Dependencies

• chore(deps-dev): bump the dev-dependencies group with 19 updates (#566) [@​dependabot]
• chore(deps): bump npm-check-updates from 17.1.3 to 19.3.1 (#567) [@​dependabot]
• chore(deps): update Syft to v1.40.1 (#563) [@​anchore-actions-token-generator[bot]]

Commits

• 28d7154 chore(deps): bump fast-xml-parser from 5.3.3 to 5.3.4 (#581)
• 5e35834 chore(deps): update Syft to v1.41.2 (#582)
• a30a06a chore(deps-dev): bump the dev-dependencies group with 2 updates (#580)
• 750e84c chore(deps): update Syft to v1.41.1 (#579)
• 5620efe chore(deps): bump release-drafter/release-drafter from 6.1.0 to 6.2.0 (#578)
• ec824c7 chore(deps): bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#577)
• deef08a chore(deps): update Syft to v1.41.0 (#576)
• f139ded chore(deps): bump lodash from 4.17.21 to 4.17.23 (#573)
• 1b05262 chore(deps): bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 (#575)
• 1e8f28d chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 (#574)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for inventree-web-pui-preview canceled.

Name	Link
🔨 Latest commit	777075f
🔍 Latest deploy log	https://app.netlify.com/projects/inventree-web-pui-preview/deploys/69936bf341452e000865d46b