chore(deps): update all dependencies (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
actions/attest-build-provenance	action	major	v1 → v4
actions/checkout	action	major	v4 → v6
actions/download-artifact	action	major	v4 → v8
actions/upload-artifact	action	major	v4 → v7
codecov/codecov-action	action	major	v4 → v6
vergen	build-dependencies	major	8.2.6 → 9.0.0

---

Release Notes

actions/attest-build-provenance (actions/attest-build-provenance)

v4.1.0

Compare Source

[!NOTE]
As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Update RELEASE.md docs by @​bdehamer in #​836
• Bump actions/attest from 4.0.0 to 4.1.0 by @​bdehamer in #​838
  • Bump @actions/attest from 3.0.0 to 3.1.0 by @​bdehamer in actions/attest#362
  • Bump @actions/attest from 3.1.0 to 3.2.0 by @​bdehamer in actions/attest#365
  • Add new subject-version input for inclusion in storage record by @​bdehamer in actions/attest#364
  • Add storage record content to README by @​bdehamer in actions/attest#366

Full Changelog: actions/attest-build-provenance@v4.0.0...v4.1.0

v4.0.0

Compare Source

[!NOTE]
As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Prepare v4 release by @​bdehamer in #​835

Full Changelog: actions/attest-build-provenance@v3.2.0...v4.0.0

v4

Compare Source

v3.2.0

Compare Source

What's Changed

• Bump @​actions/core from 1.11.1 to 2.0.1 by @​dependabot[bot] in #​776
• Add more documentation on Artifact Metadata Storage Records by @​malancas in #​797
• Update actions/attest to latest version v3.2.0 by @​malancas in #​812

Full Changelog: actions/attest-build-provenance@v3.1.0...v3.2.0

v3.1.0

Compare Source

What's Changed

• Prepare v3 release by @​bdehamer in #​697
• Bump js-yaml from 3.14.1 to 3.14.2 by @​dependabot[bot] in #​749
• Bump tar from 7.5.1 to 7.5.2 by @​dependabot[bot] in #​753
• Bump glob from 10.4.5 to 10.5.0 by @​dependabot[bot] in #​754
• Bump @​types/node from 24.10.1 to 25.0.2 by @​dependabot[bot] in #​774
• Bump @​actions/attest from 1.6.0 to 2.0.0 by @​dependabot[bot] in #​736
• Bump @​actions/attest from 2.0.0 to 2.1.0 by @​dependabot[bot] in #​775
• Add support for creating artifact metadata storage records by @​malancas in #​779

New Contributors

• @​malancas made their first contribution in #​779

Full Changelog: actions/attest-build-provenance@v3...v3.1.0

v3

Compare Source

v3.0.0

Compare Source

What's Changed

• Adjust node max-http-header-size setting by @​bdehamer in #​687
• Bump actions/attest from v2.4.0 to v3.0.0 by @​bdehamer in #​691
  • Bump to node24 runtime
  • Improved checksum parsing
• Bump attest-build-provenance/predicate to v2.0.0 by @​bdehamer in #​693
  • Bump to node24 runtime by @​bdehamer in #​692

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/attest-build-provenance@v2.4.0...v3.0.0

v2.4.0

Compare Source

What's Changed

• Bump undici from 5.28.5 to 5.29.0 by @​dependabot in #​633
• Bump actions/attest from 2.3.0 to 2.4.0 by @​bdehamer in #​654
  • Includes support for the new well-known summary file which will accumulate paths to all attestations generated in a given workflow run

Full Changelog: actions/attest-build-provenance@v2.3.0...v2.4.0

v2.3.0

Compare Source

What's Changed

• Bump actions/attest from 2.2.1 to 2.3.0 by @​bdehamer in #​615
  • Updates @sigstore/oci from 0.4.0 to 0.5.0

Full Changelog: actions/attest-build-provenance@v2.2.3...v2.3.0

v2.2.3

Compare Source

What's Changed

• Pin actions/attest reference by commit SHA by @​bdehamer in #​493

Full Changelog: actions/attest-build-provenance@v2.2.2...v2.2.3

v2.2.2

Compare Source

What's Changed

• Bump predicate action from 1.1.4 to 1.1.5 by @​bdehamer in #​485
  • Bump @​actions/attest from 1.5.0 to 1.6.0 by @​bdehamer in #​484
    • Update buildSLSAProvenancePredicate to populate workflow.ref field from the ref claim in the OIDC token (actions/toolkit#1969)

Full Changelog: actions/attest-build-provenance@v2.2.1...v2.2.2

v2.2.1

Compare Source

What's Changed

• Bump undici from 5.28.4 to 5.28.5 by @​dependabot in #​457
• Bump @​octokit/request-error from 5.0.1 to 5.1.1 by @​dependabot in #​469
• Bump @​octokit/request from 8.2.0 to 8.4.1 by @​dependabot in #​478
• Bump actions/attest from 2.2.0 to 2.2.1 by @​bdehamer in #​481
  • Includes @actions/attest v1.6.0

Full Changelog: actions/attest-build-provenance@v2.2.0...v2.2.1

v2.2.0

Compare Source

What's Changed

• Bump actions/attest from v2.1.0 to v2.2.0 by @​bdehamer in #​449
  • Includes support for now subject-checksums input parameter

Full Changelog: actions/attest-build-provenance@v2.1.0...v2.2.0

v2.1.0

Compare Source

What's Changed

• Update README w/ note about GH plans supporting attestations by @​bdehamer in #​414
• Add attestation-id and attestation-url outputs by @​bdehamer in #​415

Full Changelog: actions/attest-build-provenance@v2.0.1...v2.1.0

v2.0.1

Compare Source

What's Changed

• Bump actions/attest from 2.0.0 to 2.0.1 by @​bdehamer in #​406
  • Deduplicate subjects before adding to in-toto statement

Full Changelog: actions/attest-build-provenance@v2.0.0...v2.0.1

v2.0.0

Compare Source

The attest-build-provenance action now supports attesting multiple subjects simultaneously. When identifying multiple subjects with the subject-path input a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage.

What's Changed

• Bump cross-spawn from 7.0.3 to 7.0.6 by @​dependabot in #​319
• Prepare v2.0.0 release by @​bdehamer in #​321
  • Bump actions/attest from 1.4.1 to 2.0.0 (w/ multi-subject attestation support)

Full Changelog: actions/attest-build-provenance@v1.4.4...v2.0.0

v2

Compare Source

v1.4.4

Compare Source

What's Changed

• Bump predicate action from 1.1.3 to 1.1.4 by @​bdehamer in #​310
  • Bump @​actions/core from 1.10.1 to 1.11.1 by @​dependabot in #​275
  • Bump @​actions/attest from 1.4.2 to 1.5.0 by @​bdehamer in #​309
    • Fix SLSA provenance bug related to workflow_ref OIDC token claims containing the "@​" symbol in the tag name (actions/toolkit#1863)

Full Changelog: actions/attest-build-provenance@v1.4.3...v1.4.4

v1.4.3

Compare Source

What's Changed

• Bump predicate from 1.1.2 to 1.1.3 by @​bdehamer in #​226
  • Bump @​actions/attest from 1.3.1 to 1.4.1 by @​dependabot in #​212
  • Bump @​actions/attest from 1.4.1 to 1.4.2 by @​bdehamer in #​225
  • Fix bug w/ customized OIDC issuer URL for enterprise accounts (#​222)

Full Changelog: actions/attest-build-provenance@v1.4.2...v1.4.3

v1.4.2

Compare Source

What's Changed

• Bump actions/attest from 1.4.0 to 1.4.1 by @​bdehamer in #​209
  • Includes bug fix for issue with authenticated proxies (actions/toolkit#1798)

Full Changelog: actions/attest-build-provenance@v1.4.1...v1.4.2

v1.4.1

Compare Source

What's Changed

• Update predicate action to 1.1.2 by @​bdehamer in #​197
  • Dynamic construction of oidc issuer by @​bdehamer in #​195

Full Changelog: actions/attest-build-provenance@v1.4.0...v1.4.1

v1.4.0

Compare Source

What's Changed

• Bump predicate action from 1.1.0 to 1.1.1 by @​bdehamer in #​182
  • Fix for JWKS proxy bug
• Bump actions/attest from 1.3.3 to 1.4.0 by @​bdehamer in #​183
  • Add show-summary input
  • Format summary output as list

Full Changelog: actions/attest-build-provenance@v1.3.3...v1.4.0

v1.3.3

Compare Source

What's Changed

• Bump actions/attest from 1.3.2 to 1.3.3 by @​bdehamer in #​152
  • Bugfix for properly handling glob exclusion patterns in subject-path input

Full Changelog: actions/attest-build-provenance@v1.3.2...v1.3.3

v1.3.2

Compare Source

What's Changed

• Bump actions/attest from 1.3.1 to 1.3.2 by @​bdehamer in #​123
  • Increase timeout for OCI operations

Full Changelog: actions/attest-build-provenance@v1.3.1...v1.3.2

v1.3.1

Compare Source

What's Changed

• Bump actions/attest from 1.3.0 to 1.3.1 by @​bdehamer in #​117
  • Bugfix when detecting support for the referrers API with OCI registries

Full Changelog: actions/attest-build-provenance@v1.3.0...v1.3.1

v1.3.0

Compare Source

What's Changed

• Bump actions/attest-build-provenance/predicate from 1.0.0 to 1.1.0 by @​bdehamer in #​116
  • Switch to new GH provenance build type
• Bump actions/attest from 1.2.0 to 1.3.0 by @​bdehamer in #​116
  • Dynamic construction of GitHub API URLs based on GITHUB_SERVER_URL
  • Improved handling of Rekor 409 responses
  • Bugfix - detection of registries with support for the OCI referrers API

Full Changelog: actions/attest-build-provenance@v1.2.0...v1.3.0

v1.2.0

Compare Source

What's Changed

• Bump actions/attest from 1.1.2 to 1.2.0 by @​bdehamer in #​101
  • Batch processing w/ exponential backoff
  • Bugfix when pushing attestation to OCI registry

Full Changelog: actions/attest-build-provenance@v1.1.2...v1.2.0

v1.1.2

Compare Source

What's Changed

• Bump actions/attest from 1.1.1 to 1.1.2 by @​bdehamer in #​79
  • Downcase subject name for OCI images
  • Fix accept header when retrieving image manifest
  • Support variants of the Docker Hub registry name

Full Changelog: actions/attest-build-provenance@v1.1.1...v1.1.2

v1.1.1

Compare Source

What's Changed

• Bump actions/attest from v1.1.0 to v1.1.1 by @​bdehamer in #​67
  • Bump @​sigstore/sign from 2.3.0 to 2.3.1
  • Bump @​sigstore/oci from 0.3.0 to 0.3.2
  • Include more detail in error logging
  • Send API errors to GHA debug log
  • Fix bug preventing failed API requests from being retried

Full Changelog: actions/attest-build-provenance@v1.1.0...v1.1.1

v1.1.0

Compare Source

What's Changed

• Bump actions/attest to v1.1.0 by @​bdehamer in #​65
  • adds list support for subjectPath input
  • limit attestation subject count
  • ensure subject globs match only files

Full Changelog: actions/attest-build-provenance@v1.0.0...v1.1.0

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

v5.0.1

Compare Source

What's Changed

• Port v6 cleanup to v5 by @​ericsciple in #​2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

Compare Source

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in #​2226
• Prepare v5.0.0 release by @​salmanmkc in #​2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v5

Compare Source

v4.3.1

Compare Source

What's Changed

• Port v6 cleanup to v4 by @​ericsciple in #​2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

Compare Source

What's Changed

• docs: update README.md by @​motss in #​1971
• Add internal repos for checking out multiple repositories by @​mouismail in #​1977
• Documentation update - add recommended permissions to Readme by @​benwells in #​2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in #​2044
• Update README.md by @​nebuk89 in #​2194
• Update CODEOWNERS for actions by @​TingluoHuang in #​2224
• Update package dependencies by @​salmanmkc in #​2236
• Prepare release v4.3.0 by @​salmanmkc in #​2237

New Contributors

• @​motss made their first contribution in #​1971
• @​mouismail made their first contribution in #​1977
• @​benwells made their first contribution in #​2043
• @​nebuk89 made their first contribution in #​2194
• @​salmanmkc made their first contribution in #​2236

Full Changelog: actions/checkout@v4...v4.3.0

v4.2.2

Compare Source

• url-helper.ts now leverages well-known environment variables by @​jww3 in #​1941
• Expand unit test coverage for isGhes by @​jww3 in #​1946

v4.2.1

Compare Source

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in #​1924

v4.2.0

Compare Source

• Add Ref and Commit outputs by @​lucacome in #​1180
• Dependency updates by @​dependabot- #​1777, #​1872

v4.1.7

Compare Source

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in #​1739
• Bump actions/checkout from 3 to 4 by @​dependabot in #​1697
• Check out other refs/* by commit by @​orhantoy in #​1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in #​1776

v4.1.6

Compare Source

• Check platform to set archive extension appropriately by @​cory-miller in #​1732

v4.1.5

Compare Source

• Update NPM dependencies by @​cory-miller in #​1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in #​1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in #​1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in #​1695
• README: Suggest user.email to be 41898282+github-actions[bot]@​users.noreply.github.com by @​cory-miller in #​1707

v4.1.4

Compare Source

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in #​1692
• Add dependabot config by @​cory-miller in #​1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in #​1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in #​1643

v4.1.3

Compare Source

• Check git version before attempting to disable sparse-checkout by @​jww3 in #​1656
• Add SSH user parameter by @​cory-miller in #​1685
• Update actions/checkout version in update-main-version.yml by @​jww3 in #​1650

v4.1.2

Compare Source

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in #​1598

v4.1.1

Compare Source

• Correct link to GitHub Docs by @​peterbe in #​1511
• Link to release page from what's new section by @​cory-miller in #​1514

v4.1.0

Compare Source

• Add support for partial checkout filters

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in #​471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in #​472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

Compare Source

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in #​460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in #​461

Full Changelog: actions/download-artifact@v7...v8.0.0

v8

Compare Source

v7

Compare Source

v7.0.0

Compare Source

v7 - What's new

[!IMPORTANT]
actions/download-artifact@​v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in #​440
• Download Artifact Node24 support by @​salmanmkc in #​415
• fix: update @​actions/artifact to fix Node.js 24 punycode deprecation by @​salmanmkc in #​451
• prepare release v7.0.0 for Node.js 24 support by @​salmanmkc in #​452

New Contributors

• @​patrikpolyak made their first contribution in #​440
• @​salmanmkc made their first contribution in #​415

Full Changelog: actions/download-artifact@v6.0.0...v7.0.0

v6

Compare Source

v6.0.0

Compare Source

What's Changed

BREAKING CHANGE: this update supports Node v24.x. This is not a breaking change per-se but we're treating it as such.

• Update README for download-artifact v5 changes by @​yacaovsnc in #​417
• Update README with artifact extraction details by @​yacaovsnc in #​424
• Readme: spell out the first use of GHES by @​danwkennedy in #​431
• Bump @actions/artifact to v4.0.0
• Prepare v6.0.0 by @​danwkennedy in #​438

New Contributors

• @​danwkennedy made their first contribution in #​431

Full Changelog: actions/download-artifact@v5...v6.0.0

v5

Compare Source

v5.0.0

Compare Source

What's Changed

• Update README.md by @​nebuk89 in #​407
• BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @​GrantBirki in #​416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

• By name: name: my-artifact → extracted to path/ (direct)
• By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

• By name: name: my-artifact → extracted to path/ (unchanged)
• By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

• You download artifacts by name
• You download multiple artifacts by ID
• You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist

### Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

- uses: actions/download-artifact@v5
  with:
    artifact-ids: 12345
    path: dist/my-artifact  # Explicitly specify the nested path

New Contributors

• @​nebuk89 made their first contribution in #​407

Full Changelog: actions/download-artifact@v4...v5.0.0

v4.3.0

Compare Source

What's Changed

• feat: implement new artifact-ids input by @​GrantBirki in #​401
• Fix workflow example for downloading by artifact ID by @​joshmgross in #​402
• Prep for v4.3.0 release by @​robherley in #​404

New Contributors

• @​GrantBirki made their first contribution in #​401

Full Changelog: actions/download-artifact@v4.2.1...v4.3.0

v4.2.1

Compare Source

What's Changed

• Add unit tests by @​GhadimiR in #​392
• Fix bug introduced in 4.2.0 by @​GhadimiR in #​391

Full Changelog: actions/download-artifact@v4.2.0...v4.2.1

v4.2.0

Compare Source

What's Changed

• Update README.md by @​lkfortuna in #​384
• Bump artifact version, do digest check by @​GhadimiR in #​383

New Contributors

• @​lkfortuna made their first contribution in #​384
• @​GhadimiR made their first contribution in #​383

Full Changelog: actions/download-artifact@v4.1.9...v4.2.0

v4.1.9

Compare Source

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in #​354
• docs: small migration fix by @​froblesmartin in #​370
• Update MIGRATION.md by @​andyfeller in #​372
• Update artifact package to 2.2.2 by @​yacaovsnc in #​380

New Contributors

• @​Jcambass made their first contribution in #​354
• @​froblesmartin made their first contribution in #​370
• @​andyfeller made their first contribution in #​372
• @​yacaovsnc made their first contribution in #​380

Full Changelog: actions/download-artifact@v4.1.8...v4.1.9

v4.1.8

Compare Source

What's Changed

• Update @​actions/artifact version, bump dependencies by @​robherley in #​341

Full Changelog: actions/download-artifact@v4.1.7...v4.1.8

v4.1.7

Compare Source

What's Changed

• Update @​actions/artifact dependency by @​bethanyj28 in #​325

Full Changelog: actions/download-artifact@v4.1.6...v4.1.7

v4.1.6

Compare Source

What's Changed

• updating @actions/artifact dependency to v2.1.6 by @​eggyhead in #​324

Full Changelog: actions/download-artifact@v4.1.5...v4.1.6

v4.1.5

Compare Source

What's Changed

• Update readme with v3/v2/v1 deprecation notice by @​robherley in #​322
• Update dependencies @actions/core to v1.10.1 and @actions/artifact to v2.1.5

Full Changelog: actions/download-artifact@v4.1.4...v4.1.5

v4.1.4

Compare Source

What's Changed

• Update @​actions/artifact by @​bethanyj28 in #​307

Full Changelog: actions/download-artifact@v4...v4.1.4

v4.1.3

Compare Source

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in #​292
• Update toolkit dependency with updated unzip logic by @​bethanyj28 in #​299
• Update @​actions/artifact by @​bethanyj28 in #​303

New Contributors

• @​bethanyj28 made their first contribution in #​299

Full Changelog: actions/download-artifact@v4...v4.1.3

v4.1.2

Compare Source

• Bump @​actions/artifacts to latest version to include updated GHES host check

v4.1.1

Compare Source

• Fix transient request timeouts #​249
• Bump @actions/artifacts to latest version

v4.1.0

Compare Source

What's Changed

• Some cleanup by @​robherley in #​247
• Fix default for run-id by @​stchr in #​252
• Support pattern matching to filter artifacts & merge to same directory by @​robherley in #​259

New Contributors

• @​stchr made their first contribution in #​252

Full Changelog: actions/download-artifact@v4...v4.1.0

actions/upload-artifact (actions/upload-artifact)

v7.0.1

Compare Source

What's Changed

• Update the readme with direct upload details by [@​danwkennedy](https://redirec

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path Cargo.toml --workspace
    Updating crates.io index
error: failed to select a version for `vergen`.
    ... required by package `famedly-sync v0.11.1 (/tmp/renovate/repos/github/famedly/famedly-sync)`
versions that meet the requirements `^9.0.0` are: 9.1.0, 9.0.6, 9.0.4, 9.0.3, 9.0.2, 9.0.1, 9.0.0

package `famedly-sync` depends on `vergen` with feature `git` but `vergen` does not have that feature.
 package `vergen` does have feature `si`


failed to select a version for `vergen` which could resolve this conflict

[linearb]

✨ PR Review

LGTM

Generated by LinearB AI and added by gitStream.
_{AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how}