chore(deps): bump the patch group across 1 directory with 4 updates

[dependabot]

Bumps the patch group with 4 updates in the / directory: svenstaro/upload-release-action, PyO3/maturin-action, marocchino/sticky-pull-request-comment and anchore/sbom-action.

Updates svenstaro/upload-release-action from 2.11.2 to 2.11.3

Release notes

Sourced from svenstaro/upload-release-action's releases.

2.11.3

Post-fix Github errors - releases created as draft when they shouldn't have been - #99

Changelog

Sourced from svenstaro/upload-release-action's changelog.

Changelog

[2.11.3] - 2025-11-20

• Post-fix releases created as draft when they shouldn't have - #99

[2.11.2] - 2025-07-06

• Solved race-condition when matrix builds try to create the same release at the same time - #147

[2.11.1] - 2025-06-30

• Adds a release_id output, and optional input, for uploading files to release - #136 (thanks @​alexis-opolka)

[2.10.0] - 2025-06-21

• Adds the ability to disable duplicate check, for lower Github API usage - #142 (thanks @​colinsullivan)

[2.9.1] - 2025-06-21

• Fixed development + CI, updated dependencies #137

[2.9.0] - 2024-02-22

• Allow setting a release as draft #112 (thanks @​ShonP40)

[2.8.0] - 2024-02-21

• Bump all deps
• Update to node 20

[2.7.0] - 2023-07-28

• Allow setting an explicit target_commitish #46 (thanks @​Spikatrix)

[2.6.1] - 2023-05-31

• Do not overwrite body or name if empty #108 (thanks @​regevbr)

[2.6.0] - 2023-05-23

• Add make_latest input parameter. Can be set to false to prevent the created release from being marked as the latest release for the repository #100 (thanks @​brandonkelly)
• Don't try to upload empty files #102 (thanks @​Loyalsoldier)
• Bump all deps #105
• overwrite option also overwrites name and body #106 (thanks @​regevbr)
• Add promote option to allow prereleases to be promoted #74 (thanks @​regevbr)

[2.5.0] - 2023-02-21

• Add retry to upload release #96 (thanks @​sonphantrung)

[2.4.1] - 2023-02-01

• Modernize octokit usage

[2.4.0] - 2023-01-09

• Update to node 16
• Bump most dependencies

[2.3.0] - 2022-06-05

• Now defaults repo_token to ${{ github.token }} and tag to ${{ github.ref }} #69 (thanks @​leighmcculloch)

... (truncated)

Commits

• 6b7fa9f 2.11.3
• d78c255 Fix releases that are created as drafts (github error) (#151)
• 7027b76 Update README.md - explicated permission error resolution
• See full diff in compare view

Updates PyO3/maturin-action from 1.49.3 to 1.49.4

Release notes

Sourced from PyO3/maturin-action's releases.

v1.49.4

What's Changed

• add LD_ to allowed env prefixes by @​jakobhellermann in PyO3/maturin-action#363
• Add recent manylinux images for i686 by @​ZedThree in PyO3/maturin-action#371

New Contributors

• @​jakobhellermann made their first contribution in PyO3/maturin-action#363
• @​ZedThree made their first contribution in PyO3/maturin-action#371

Full Changelog: PyO3/maturin-action@v1.49.3...v1.49.4

Commits

• 86b9d13 Bump version to 1.49.4
• 889b519 rebuild and update readme
• fee15c9 Add recent manylinux images for i686 (#371)
• 49aa0e4 Update versions-manifest.json (#369)
• c5899f4 Update versions-manifest.json (#367)
• 606d659 add LD_ to allowed env prefixes (#363)
• d514c3f Update versions-manifest.json (#362)
• 63301d3 Update versions-manifest.json (#360)
• See full diff in compare view

Updates marocchino/sticky-pull-request-comment from 2.9.3 to 2.9.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v2.9.4

What's Changed

• build(deps-dev): Bump @​biomejs/biome from 2.0.0 to 2.0.2 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1554
• build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1561
• build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1562
• build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1563
• build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1564

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.3...v2.9.4

Commits

• 7737449 📦️ Build
• 8b423c6 Merge pull request #1564 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 3ac8a74 build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13
• e430cfc Merge pull request #1563 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 99f9378 build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12
• 2216b3a Merge pull request #1562 from marocchino/dependabot/npm_and_yarn/biomejs/biom...
• 482d7fd build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1
• c2da581 Merge pull request #1561 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 76f8462 build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11
• 246151a ⬆️ Update biome
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.20.2 to 0.20.10

Release notes

Sourced from anchore/sbom-action's releases.

v0.20.10

Changes in v0.20.10

• chore(deps): update Syft to v1.38.0 (#548) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.9

Changes in v0.20.9

• chore(deps): update Syft to v1.36.0 (#546) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.8

Changes in v0.20.8

• chore(deps): update Syft to v1.34.2 (#545) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]

v0.20.7

Changes in v0.20.7

• chore(deps): update Syft to v1.34.1 (#544)

v0.20.6

Changes in v0.20.6

• chore(deps): update Syft to v1.33.0 (#537) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]
• chore: update actions library to resolve critical vulnerability (#536) [spiffcs]

v0.20.5

Changes in v0.20.5

• Update Syft to v1.31.0 (#531)

v0.20.4

Changes in v0.20.4

• chore: update Syft to v1.29.0 (#529)

v0.20.3

Changes in v0.20.3

• Fix: Strip emojis from correlator before using github APIs (#527) [AndrewHendry]

Commits

• fbfd9c6 chore(deps): update Syft to v1.38.0 (#548)
• 8e94d75 chore(deps): update Syft to v1.36.0 (#546)
• aa0e114 chore(deps): update Syft to v1.34.2 (#545)
• d8a2c01 chore(deps): update Syft to v1.34.1 (#544)
• c73dd3f Add llms.txt to describe this repo to our AI overlords 🤖 (#534)
• f8bdd1d chore(deps): update Syft to v1.33.0 (#537)
• c2c9a6d chore: update actions library to resolve critical sec (#536)
• 039eeb2 chore(deps): update Syft to v1.32.0 (#533)
• da167ea chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#532)
• 0d72d6e chore(deps): update Syft to v1.31.0 (#531)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions