build(deps): bump the default group with 2 updates

[dependabot]

Bumps the default group with 2 updates: bencherdev/bencher and rust-lang/crates-io-auth-action.

Updates bencherdev/bencher from 0.6.6 to 0.6.7

Release notes

Sourced from bencherdev/bencher's releases.

v0.6.7

• Fix the OCI registry token endpoint for the Docker 29+ containerd image store, which sends multiple scope query parameters and an OAuth2 POST token exchange (Thank you @​travishathaway)
• Add user-scoped API keys (bencher_user_...) that authenticate as the owning user across every endpoint a JWT can reach, including docker login; the one exception is key management: a user API key cannot create more keys and can only see, update, or revoke itself, so a leaked key cannot mint credentials that outlive its own revocation, tamper with the user's other keys, or enumerate them
• Add bencher user key {create,list,view,update,revoke} CLI subcommands and an "API Keys" page in the Console for managing user API keys
• --key/BENCHER_API_KEY now accepts either a project-scoped key (bencher_run_*) or a user-scoped key (bencher_user_*); the --project requirement applies only to project-scoped keys
• DEPRECATED User API tokens are deprecated in favor of user API keys: POST /v0/users/{user}/tokens (bencher token create) now always fails with a 403 Forbidden error; existing API tokens continue to work and can still be listed, viewed, renamed, and revoked
• Replace the Tokens entry in the Console account dropdown with Keys, and hide the "API Tokens" page entirely for accounts created after 15 June 2026
• bencher run --github-actions now always creates a Bencher Report GitHub Check (failing on an active Alert), so it can be used as a required status check in branch protection; the check is created on a best effort basis, so check creation failures are now warnings instead of errors (Thank you @​OmarTawfik)
• Create the GitHub Check on the pull request head commit (pull_request.head.sha or workflow_run.head_sha) instead of GITHUB_SHA, so the check appears on the pull request
• Append the --ci-id ID to the GitHub Check name (ie Bencher Report (<ID>)) so multiple bencher run invocations on the same commit get distinct, stable check names

Commits

• ec56bb6 Release v0.6.7
• 3f022ac Update kernel 6.1.168 -> 6.1.172 (#875)
• 3adde58 Deprecate user API tokens in favor of user API keys (#897)
• 5401fdd Always create a GitHub Check in bencher run --github-actions (#895)
• dac876e Fix cargo-deny advisories: upgrade diesel, ignore proc-macro-error2 (#898)
• cc6c03c Install aws-lc-rs crypto provider in update_sandbox task (#890)
• cc0eec2 Allow --project to not be specified when --image is used (#886)
• f54ce85 Add user scoped API keys (#874)
• 72b9dfa Fix OCI token endpoint for Docker 29 containerd image store (#885)
• f6dd4bd Fix css-inline: bundle Bulma CSS at build time (#887)
• Additional commits viewable in compare view

Updates rust-lang/crates-io-auth-action from 1.0.4 to 1.0.5

Release notes

Sourced from rust-lang/crates-io-auth-action's releases.

v1.0.5

What's Changed

• update to tsdown 0.22 by @​marcoieni in rust-lang/crates-io-auth-action#239 and rust-lang/crates-io-auth-action#254
• update to typescript 6 by @​marcoieni in rust-lang/crates-io-auth-action#256
• other dependency updates

Internal changes

• renovate: rename updateTypes field by @​marcoieni in rust-lang/crates-io-auth-action#219
• renovate: don't raise individual PRs for crates non breaking changes by @​marcoieni in rust-lang/crates-io-auth-action#220
• use rust-lang renovate preset by @​marcoieni in rust-lang/crates-io-auth-action#235
• ci(links): accept 403 as success by @​marcoieni in rust-lang/crates-io-auth-action#263

Full Changelog: rust-lang/crates-io-auth-action@v1.0.4...v1.0.5

Commits

• c6f97d4 Merge pull request #259 from rust-lang/renovate/lock-file-maintenance
• b929a92 package dist
• 9d23f3b chore(deps): lock file maintenance
• 2b6b194 Merge pull request #263 from rust-lang/ci-links-accept-403-as-failure
• 1a7afc2 ci(links): accept 403 as success
• 701b15c Merge pull request #260 from rust-lang/renovate/tsdown-0.x-lockfile
• cf898e1 package dist
• 1a6a621 chore(deps): update dependency tsdown to v0.22.2
• 9f93ac2 Merge pull request #261 from rust-lang/renovate/github-actions
• 5463451 chore(deps): update github actions to v6.0.3
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions