build(deps): bump the actions group with 5 updates

[dependabot]

Bumps the actions group with 5 updates:

Package	From	To
CodSpeedHQ/action	4.5.2	4.14.0
astral-sh/setup-uv	8.0.0	8.1.0
actions/upload-artifact	7.0.0	7.0.1
pypa/gh-action-pypi-publish	1.13.0	1.14.0
msys2/setup-msys2	2.31.0	2.31.1

Updates CodSpeedHQ/action from 4.5.2 to 4.14.0

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.14.0

Release Notes

We now collect buildtime and runtime environment data to warn users about differences in their runtime environment when comparing two runs against one another.

This data includes toolchain metadata like version and build options, as well as a list of dynamically loaded linked libraries.

Minimum integration versions

To support the runtime metadata collection, make sure to use at least the following versions:

• pytest-codspeed v4.4.0
• codspeed-rust v4.5.0
• codspeed-cpp v2.2.0
• codspeed-go v1.1.0
• codspeed-node v5.3.0

🚀 Features

• Stop panicking when parsing invalid perf file by @​GuillaumeLagrange in #298
• Make the basic run only 5 rounds to make logs not crash the github page by @​GuillaumeLagrange
• Represent the host OS as a SupportedOs enum with per-executor support gates by @​GuillaumeLagrange
• Bypass systemd-run usage on macos by @​GuillaumeLagrange
• Add aarch64-apple-darwin to the release targets by @​GuillaumeLagrange
• Collect cpu flags in system info by @​GuillaumeLagrange in #281

🐛 Bug Fixes

• Fix instropected_go's behavior on macos by @​GuillaumeLagrange
• Update rust crate git2 to 0.20.4 (#284) by @​xtqqczze in #284

⚙️ Internals

• chore: bump runner version to 4.14.0 by @​github-actions[bot] in CodSpeedHQ/action#203
• Move the config schema check from pre-commit to ci-only check by @​GuillaumeLagrange in #287
• Skip tests that rely on linux behavior by @​GuillaumeLagrange
• Bump instrument-hooks submodule to include stubs improvement by @​GuillaumeLagrange
• Rerun exec harness build if instrument hooks sources change by @​GuillaumeLagrange
• Make update-bindings.sh PWD agnostic by @​GuillaumeLagrange

Install codspeed-runner 4.14.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.14.0/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.14.0

File	Platform	Checksum
codspeed-runner-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum

... (truncated)

Commits

• 658a901 Release v4.14.0 🚀
• 1d42668 chore: bump runner version to 4.14.0
• db35df7 Release v4.13.1 🚀
• bc11107 feat: support action-only releases with explicit version argument
• 12a303d feat: fail release script if version already exists
• 6e1e277 feat: add dry-run mode to release script
• d214727 build(deps)!: update actions to Node.js 24 runtime (#201)
• d872884 Release v4.13.0 🚀
• c179ec8 chore: bump runner version to 4.13.0 (#198)
• 1c8ae48 Release v4.12.1 🚀
• Additional commits viewable in compare view

Updates astral-sh/setup-uv from 8.0.0 to 8.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.1.0 🌈 New input no-project

Changes

This add the a new boolean input no-project. It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

• Add input no-project in combination with activate-environment @​eifinger (#856)

🧰 Maintenance

• fix: grant contents:write to validate-release job @​eifinger (#860)
• Add a release-gate step to the release workflow @​zanieb (#859)
• Draft commitish releases @​eifinger (#858)
• Add action-types.yml to instructions @​eifinger (#857)
• chore: update known checksums for 0.11.7 @github-actions[bot] (#853)
• Refactor version resolving @​eifinger (#852)
• chore: update known checksums for 0.11.6 @github-actions[bot] (#850)
• chore: update known checksums for 0.11.5 @github-actions[bot] (#845)
• chore: update known checksums for 0.11.4 @github-actions[bot] (#843)
• Add a release workflow @​zanieb (#839)
• chore: update known checksums for 0.11.3 @github-actions[bot] (#836)

📚 Documentation

• Update ignore-nothing-to-cache documentation @​eifinger (#833)
• Pin setup-uv docs to v8 @​eifinger (#829)

⬆️ Dependency updates

• chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#855)

Commits

• 0880764 fix: grant contents:write to validate-release job (#860)
• 717d6ab Add a release-gate step to the release workflow (#859)
• 5a911eb Draft commitish releases (#858)
• 080c31e Add action-types.yml to instructions (#857)
• b3e97d2 Add input no-project in combination with activate-environment (#856)
• 7dd591d chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)
• 1541b77 chore: update known checksums for 0.11.7 (#853)
• cdfb2ee Refactor version resolving (#852)
• cb84d12 chore: update known checksums for 0.11.6 (#850)
• 1912cc6 chore: update known checksums for 0.11.5 (#845)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• See full diff in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

• @​him2him2 made their first contribution in #395
• @​whitequark made their first contribution in #397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits

• cef2210 Merge pull request #397 from whitequark/patch-1
• b4595e2 Enable verbose and print-hash by default.
• e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
• 7495c38 docs: fix typos and grammar in README and SECURITY
• 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
• 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
• b5a6e8b deps: bump sigstore and pypi-attestations
• a48a03e remove another experimental mention
• 8087a88 action: remove a lingering mention of PEP 740 being experimental
• 3317ede 🧪 Integrate actionlint via pre-commit framework
• Additional commits viewable in compare view

Updates msys2/setup-msys2 from 2.31.0 to 2.31.1

Release notes

Sourced from msys2/setup-msys2's releases.

v2.31.1

• input: allow empty input for "install" and "pacboy", meaning not packages will be installed [#589]
• input: deprecate the special "RUNNER_TEMP" value for "location" in favor of an empty string
• Update dependencies

Changelog

Sourced from msys2/setup-msys2's changelog.

Changelog

2.31.1

• input: allow empty input for "install" and "pacboy", meaning not packages will be installed [#589]
• input: deprecate the special "RUNNER_TEMP" value for "location" in favor of an empty string
• Update dependencies

2.31.0

• Update base distribution to 20260322. [#597]
• Update dependencies
• Move to node24 from node20

2.30.0

• Update base distribution to 20251213. [#565]
• Remove folder-hash dependency [#555]
• Update dependencies

2.29.0

• Allow installation to C:\msys64 if it doesn't exist already. Like with the new windows-11-arm image, for example. [#542]
• Update base distribution to 20250830. [#548]
• Update dependencies

2.28.0

• Update base distribution to 20250622. [#518]
• Update dependencies

2.27.0

• Update base distribution to 20250221. [#480]
• Update dependencies
• Drop support for CLANG32

2.26.0

• Update base distribution to 20241208. [#444]
• Update dependencies
• Update @​actions/cache to v4 which will be required for the GitHub cache backend migration, which is scheduled for 2025-02, see @actions/cache Package Deprecation Notice. Upgrade to the latest `4.0.0` or higher before February 1st 2025 actions/toolkit#1890 for details. There is no action required for users of this action, but old versions of this action may start to fail after the legacy cache backend is sunset.

2.25.0

... (truncated)

Commits

• e989830 v2.31.1 9b1b97754d6b29a1930613de078be3eb976807fc
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codspeed-hq]

Merging this PR will not alter performance

✅ 48 untouched benchmarks

---

_{Comparing dependabot/github_actions/actions-239994a01b (97237f5) with master (76015ae)}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.55%. Comparing base (76015ae) to head (97237f5).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #1018      +/-   ##
==========================================
- Coverage   99.56%   99.55%   -0.01%     
==========================================
  Files          11       11              
  Lines        1825     1816       -9     
  Branches      289      289              
==========================================
- Hits         1817     1808       -9     
  Partials        8        8              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.