chore(deps): bump the github-actions group with 4 updates

[dependabot]

Bumps the github-actions group with 4 updates: actions/upload-pages-artifact, j178/prek-action, cargo-bins/cargo-binstall and actions/create-github-app-token.

Updates actions/upload-pages-artifact from 4.0.0 to 5.0.0

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

• Update upload-artifact action to version 7 @​Tom-van-Woudenberg (#139)
• feat: add include-hidden-files input @​jonchurch (#137)

See details of all code changes since previous release.

Commits

• fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
• fe9d4b7 Merge branch 'main' into patch-1
• 0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
• 57f0e84 Update action.yml
• 4a90348 v7 --> hash
• 56f665a Update upload-artifact action to version 7
• f7615f5 Add include-hidden-files input
• See full diff in compare view

Updates j178/prek-action from 2.0.1 to 2.0.2

Release notes

Sourced from j178/prek-action's releases.

v2.0.2

What's Changed

• Reduce missing checksum log noise by @​j178 in j178/prek-action#117
• Update zizmorcore/zizmor-action action to v0.5.2 by @​renovate[bot] in j178/prek-action#118
• Update known versions for prek 0.3.9 by @​j178 in j178/prek-action#119

Full Changelog: j178/prek-action@v2...v2.0.2

Commits

• cbc2f23 Update known versions for prek 0.3.9 (#119)
• 4fd49c1 Update zizmorcore/zizmor-action action to v0.5.2 (#118)
• 380f81e Reduce missing checksum log noise (#117)
• See full diff in compare view

Updates cargo-bins/cargo-binstall from 1.17.9 to 1.18.1

Release notes

Sourced from cargo-bins/cargo-binstall's releases.

v1.18.1

Binstall is a tool to fetch and install Rust-based executables as binaries. It aims to be a drop-in replacement for cargo install in most cases. Install it today with cargo install cargo-binstall, from the binaries below, or if you already have it, upgrade with cargo binstall cargo-binstall.

In this release:

Remove GITHUB_TOKEN and GH_TOKEN when fallback to installing from source using cargo-install (#2533)

This reduces the risk of leaks of tokens for users who pass the GITHUN_TOKEN or GH_TOKEN environment variables to cargo-binstall to avoid GitHub API rate limits.

v1.18.0

Binstall is a tool to fetch and install Rust-based executables as binaries. It aims to be a drop-in replacement for cargo install in most cases. Install it today with cargo install cargo-binstall, from the binaries below, or if you already have it, upgrade with cargo binstall cargo-binstall.

In this release:

• feat: support cargo:token and cargo:token-from-stdout auth for private registries (#2526 #2528)

Other changes:

• Upgrade dependencies

Commits

• dc19f1e release: cargo-binstall v1.18.1 (#2535)
• 94bc68e chore(binstalk): release v0.28.73 (#2534)
• 0d65135 binstalk: Remove GITHUB_TOKEN and GH_TOKEN when installing from source (#2533)
• f8ce4d5 release: cargo-binstall v1.18.0 (#2532)
• 7ef7b56 chore: release (#2524)
• 4d6e1bd dep: Upgrade transitive dependencies (#2529)
• 6ed12bb feat: support cargo:token-from-stdout in private registries (#2528)
• c3664f9 feat: support cargo:token auth for private registries (#2526)
• b6c5417 build(deps): bump the deps group with 2 updates (#2525)
• d882212 dep: Upgrade transitive dependencies (#2523)
• See full diff in compare view

Updates actions/create-github-app-token from 3.0.0 to 3.1.1

Release notes

Sourced from actions/create-github-app-token's releases.

v3.1.1

3.1.1 (2026-04-11)

Bug Fixes

• improve error message when app identifier is empty (#362) (07e2b76), closes #249

v3.1.0

3.1.0 (2026-04-11)

Bug Fixes

• deps: bump p-retry from 7.1.1 to 8.0.0 (#357) (3bbe07d)

Features

• add client-id input and deprecate app-id (#353) (e6bd4e6)
• update permission inputs (#358) (076e948)

Commits

• 1b10c78 build(release): 3.1.1 [skip ci]
• 07e2b76 fix: improve error message when app identifier is empty (#362)
• ea01216 ci: remove publish-immutable-action workflow (#361)
• 7bd0371 build(release): 3.1.0 [skip ci]
• e6bd4e6 feat: add client-id input and deprecate app-id (#353)
• 076e948 feat: update permission inputs (#358)
• 3bbe07d fix(deps): bump p-retry from 7.1.1 to 8.0.0 (#357)
• 28a99e3 build(deps-dev): bump c8 from 10.1.3 to 11.0.0
• 4df5060 build(deps-dev): bump open-cli from 8.0.0 to 9.0.0
• 4843c53 build(deps-dev): bump the development-dependencies group with 3 updates
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions