Bump the workflows group in /.github/workflows with 6 updates

[dependabot]

Bumps the workflows group in /.github/workflows with 6 updates:

Package	From	To
dorny/paths-filter	3.0.2	4.0.1
endersonmenezes/free-disk-space	3.1.0	3.2.2
actions/cache	5.0.3	5.0.4
codecov/codecov-action	5.5.2	6.0.0
CodSpeedHQ/action	4.11.0	4.13.0
actions/download-artifact	8.0.0	8.0.1

Updates dorny/paths-filter from 3.0.2 to 4.0.1

Release notes

Sourced from dorny/paths-filter's releases.

v4.0.1

What's Changed

• Support merge queue by @​masaru-iritani in dorny/paths-filter#255

New Contributors

• @​masaru-iritani made their first contribution in dorny/paths-filter#255

Full Changelog: dorny/paths-filter@v4.0.0...v4.0.1

v4.0.0

What's Changed

• feat: update action runtime to node24 by @​saschabratton in dorny/paths-filter#294

New Contributors

• @​saschabratton made their first contribution in dorny/paths-filter#294

Full Changelog: dorny/paths-filter@v3.0.3...v4.0.0

v3.0.3

What's Changed

• Add missing predicate-quantifier by @​wardpeet in dorny/paths-filter#279

New Contributors

• @​wardpeet made their first contribution in dorny/paths-filter#279

Full Changelog: dorny/paths-filter@v3...v3.0.3

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

• Update action runtime to node24

v3.0.3

• Add missing predicate-quantifier

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

• fbd0ab8 feat: add merge_group event support
• efb1da7 feat: add dist/ freshness check to PR workflow
• d8f7b06 Merge pull request #302 from dorny/issue-299
• addbc14 Update README for v4
• 9d7afb8 Update CHANGELOG for v4.0.0
• 782470c Merge branch 'releases/v3'
• d1c1ffe Update CHANGELOG for v3.0.3
• ce10459 Merge pull request #294 from saschabratton/master
• 5f40380 feat: update action runtime to node24
• 668c092 Merge pull request #279 from wardpeet/patch-1
• Additional commits viewable in compare view

Updates endersonmenezes/free-disk-space from 3.1.0 to 3.2.2

Release notes

Sourced from endersonmenezes/free-disk-space's releases.

v3.2.2

Changed:

• 🤖 Enhance release-manager skill with terminal gotchas, tag-first workflow, CHANGELOG-based release notes, and updated agent DO/DON'Ts

v3.2.1

Added:

• 🤖 Add Release Manager skill for managing semantic version releases and updating major version alias

Changed:

• 📝 Update CHANGELOG.md and README.md with recent changes and performance improvements

v3.2.0

Added:

• 🧪 Add support for Ubuntu 22.04 in workflow templates and update README with compatibility badges
• 📝 Create CHANGELOG.md and update README to link to it
• 🤖 Add Copilot instructions and agent documentation
• 🤖 Add Changelog Maintainer skill to automate CHANGELOG.md updates

Changed:

• 📊 Distinguish total free space from recovered space in output — fixes #22
• 🛠️ Update GitHub Actions extension identifier in devcontainer configuration
• 🔧 Update workflow templates and improve cleanup validation
• 🔧 Update disk-space-engineer agent tools for enhanced functionality
• 🔄 Pre-commit autoupdate

Fixed:

• 🐛 Replace bc alias with variable path to prevent breakage when bc is relocated during cleanup
• 🐛 Replace Docker-based shellcheck with Python-based alternative in DevContainer

CI/CD Improvements:

• 🧹 Remove user-reported full cleanup test from workflow jobs
• 🧪 Expand folder removal list in package removal tests for improved cleanup

Special Thanks:

• cuiyf5516 for fixing the bc path issue on Ubuntu 22.04 (#27) — first contribution! 🎉

Changelog

Sourced from endersonmenezes/free-disk-space's changelog.

Changelog

All notable changes to Free Disk Space Action are documented here.

Format follows Keep a Changelog.
Versioning follows Semantic Versioning.

---

[Unreleased]

---

[v3.2.2] — 2026-03-03 — Commit: 5eabf23

Changed:

• 🤖 Enhance release-manager skill with terminal gotchas, tag-first workflow, CHANGELOG-based release notes, and updated agent DO/DON'Ts (5eabf23)

---

[v3.2.1] — 2026-03-03 — Commit: 9cf1114

Added:

• 🤖 Add Release Manager skill for managing semantic version releases and updating major version alias (9cf1114)

Changed:

• 📝 Update CHANGELOG.md and README.md with recent changes and performance improvements (dcf58cd)

---

[v3.2.0] — 2026-03-03 — Commit: f63fea6

Added:

• 🧪 Add support for Ubuntu 22.04 in workflow templates and update README with compatibility badges (2c1f01a)
• 📝 Create CHANGELOG.md and update README to link to it (19c7ae6)
• 🤖 Add Copilot instructions and agent documentation (403e664)
• 🤖 Add Changelog Maintainer skill to automate CHANGELOG.md updates (c7496bb)

Changed:

• 📊 Distinguish total free space from recovered space in output — fixes #22 (a89b4e5)
• 🛠️ Update GitHub Actions extension identifier in devcontainer configuration (a9a4807)
• 🔧 Update workflow templates and improve cleanup validation (225faab)
• 🔧 Update disk-space-engineer agent tools for enhanced functionality (4ef9f03)
• 🔄 Pre-commit autoupdate (17f6375)

Fixed:

• 🐛 Replace bc alias with variable path to prevent breakage when bc is relocated during cleanup (0d73123)
• 🐛 Replace Docker-based shellcheck with Python-based alternative in DevContainer (eebb38f)

CI/CD Improvements:

... (truncated)

Commits

• 7901478 docs: update CHANGELOG.md with v3.2.2 entry
• 5eabf23 feat: enhance terminal command guidelines and git usage instructions in SKILL.md
• e7b3f00 docs: update CHANGELOG.md with v3.2.1 entry
• 9cf1114 feat: add release-manager skill for managing semantic version releases and up...
• dcf58cd feat: update CHANGELOG.md and README.md with recent changes and performance i...
• f63fea6 feat: expand folder removal list in package removal tests for improved cleanup
• 4ef9f03 feat: update disk-space-engineer agent tools for enhanced functionality and V...
• 2c1f01a feat: add support for Ubuntu 22.04 in workflow templates and update README wi...
• 225faab feat: update workflow templates and improve cleanup validation
• c7496bb feat: add Changelog Maintainer skill to automate CHANGELOG.md updates
• Additional commits viewable in compare view

Updates actions/cache from 5.0.3 to 5.0.4

Release notes

Sourced from actions/cache's releases.

v5.0.4

What's Changed

• Add release instructions and update maintainer docs by @​Link- in actions/cache#1696
• Potential fix for code scanning alert no. 52: Workflow does not contain permissions by @​Link- in actions/cache#1697
• Fix workflow permissions and cleanup workflow names / formatting by @​Link- in actions/cache#1699
• docs: Update examples to use the latest version by @​XZTDean in actions/cache#1690
• Fix proxy integration tests by @​Link- in actions/cache#1701
• Fix cache key in examples.md for bun.lock by @​RyPeck in actions/cache#1722
• Update dependencies & patch security vulnerabilities by @​Link- in actions/cache#1738

New Contributors

• @​XZTDean made their first contribution in actions/cache#1690
• @​RyPeck made their first contribution in actions/cache#1722

Full Changelog: actions/cache@v5...v5.0.4

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE]
Relevant for maintainers with write access only.

1. Switch to a new branch from main.
2. Run npm test to ensure all tests are passing.
3. Update the version in https://github.com/actions/cache/blob/main/package.json.
4. Run npm run build to update the compiled files.
5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
6. Run licensed cache to update the license report.
7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
8. Commit your changes and push your branch upstream.
9. Open a pull request against main and get it reviewed and merged.
10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

5.0.4

• Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
• Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
• Bump fast-xml-parser to v5.5.6

5.0.3

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

5.0.2

• Bump @actions/cache to v5.0.3 #1692

5.0.1

• Update @azure/storage-blob to ^12.29.1 via @actions/cache@5.0.1 #1685

5.0.0

[!IMPORTANT] actions/cache@v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1.

... (truncated)

Commits

• 6682284 Merge pull request #1738 from actions/prepare-v5.0.4
• e340396 Update RELEASES
• 8a67110 Add licenses
• 1865903 Update dependencies & patch security vulnerabilities
• 5656298 Merge pull request #1722 from RyPeck/patch-1
• 4e380d1 Fix cache key in examples.md for bun.lock
• b7e8d49 Merge pull request #1701 from actions/Link-/fix-proxy-integration-tests
• 984a21b Add traffic sanity check step
• acf2f1f Fix resolution
• 95a07c5 Add wait for proxy
• Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

• Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @​thomasrockhu-codecov in codecov/codecov-action#1929
• Th/6.0.0 by @​thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in codecov/codecov-action#1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in codecov/codecov-action#1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in codecov/codecov-action#1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

• fix: overwrite pr number on fork by @​thomasrockhu-codecov in codecov/codecov-action#1871
• build(deps): bump actions/checkout from 4.2.2 to 5.0.0 by @​app/dependabot in codecov/codecov-action#1868
• build(deps): bump github/codeql-action from 3.29.9 to 3.29.11 by @​app/dependabot in codecov/codecov-action#1867
• fix: update to use local app/ dir by @​thomasrockhu-codecov in codecov/codecov-action#1872
• docs: fix typo in README by @​datalater in codecov/codecov-action#1866
• Document a codecov-cli version reference example by @​webknjaz in codecov/codecov-action#1774
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.9 by @​app/dependabot in codecov/codecov-action#1861
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​app/dependabot in codecov/codecov-action#1833

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

• feat: upgrade wrapper to 0.2.4 by @​jviall in codecov/codecov-action#1864
• Pin actions/github-script by Git SHA by @​martincostello in codecov/codecov-action#1859
• fix: check reqs exist by @​joseph-sentry in codecov/codecov-action#1835
• fix: Typo in README by @​spalmurray in codecov/codecov-action#1838
• docs: Refine OIDC docs by @​spalmurray in codecov/codecov-action#1837
• build(deps): bump github/codeql-action from 3.28.17 to 3.28.18 by @​app/dependabot in codecov/codecov-action#1829

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

• build(deps): bump github/codeql-action from 3.28.13 to 3.28.17 by @​app/dependabot in codecov/codecov-action#1822
• fix: OIDC on forks by @​joseph-sentry in codecov/codecov-action#1823

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

• 57e3a13 Th/6.0.0 (#1928)
• f67d33d Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0""...
• 75cd116 chore(release): 5.5.4 (#1927)
• 87d39f4 Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" (#1926)
• 1af5884 chore(release): bump to 5.5.3 (#1922)
• c143300 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#1874)
• See full diff in compare view

Updates CodSpeedHQ/action from 4.11.0 to 4.13.0

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.13.0

Release Notes

We added support for a new experimental flag --experimental-fair-sched to have valgrind use the --fair-sched argument.

Usage in the action:

      - name: Run the benchmarks
        uses: CodSpeedHQ/action@v4
        env:
          CODSPEED_EXPERIMENTAL_FAIR_SCHED: "true"
        with:
          run: cargo codspeed run # Replace with your command
          mode: simulation

Full Runner Changelog: https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md

v4.12.1

Release Notes

In this release, we've focused on improving the local user experience.
We've revamped the output of the cli to provide tailed logs while the benchmarks are being executed, and polished a bit the display of results after your run.

We also added support to run multiple modes in a single command invocation, both for local and CI runs!
For instance, that means you can now do codspeed run --mode simulation --mode memory --mode walltime -- cargo codspeed run

Last but not least, you can now define entrypoints in your project config

# codspeed.yml
# List of commands that are run when running `codspeed run` without further arguments
benchmarks:
  - name: My ls command
    # Mutually exclusive with entrypoint
    # Expects a command that will run a benchmark for an arbitrary command
    exec: ls -al /usr/bin

name: My pytest-codspeed benchmark
Mutually exclusive with exec
Expects a command that will run a benchmark program that is using a codspeed integration
entrypoint: pytest --codspeed src

Fix a bug where memory profiling with codspeed exec for binaries that use statically-linked allocators (e.g. jemalloc in Rust). Previously, we reported incorrect memory usage because it didn't attach to the statically linked allocators.

Details

... (truncated)

Commits

• d872884 Release v4.13.0 🚀
• c179ec8 chore: bump runner version to 4.13.0 (#198)
• 1c8ae48 Release v4.12.1 🚀
• 2140cd8 chore: bump runner version to 4.12.1 (#196)
• 3772632 fix: remove commas from cache key
• 6c668ff docs: add documentation about multiple modes in a single run
• f06cb96 chore: bump runner version to 4.12.0
• 281164b Release v4.11.1 🚀
• c61f6b6 feat: split install and run into two different steps
• f748d0c fix: stop using curl --fail-with-body and jq to maximize compatibility
• Additional commits viewable in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[codspeed-hq]

Merging this PR will not alter performance

✅ 5 untouched benchmarks

---

_{Comparing dependabot/github_actions/dot-github/workflows/workflows-b12f7bc3d9 (4660a6b) with main (a48dfaf)}