build: bump the actions group with 2 updates

[dependabot]

Bumps the actions group with 2 updates: CodSpeedHQ/action and release-drafter/release-drafter.

Updates CodSpeedHQ/action from 4.15.1 to 4.17.0

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.17.0

Release Notes

🚀 Features

• Configure samply symbol resolution env vars by @​not-matthias
• Add CODSPEED_WALLTIME_PROFILER override by @​not-matthias
• Make benchmark isolation profiler-driven by @​not-matthias
• Add profile-based auth configuration (#366) by @​art049 in #366
• Bump instrument-hooks to not use stubs on macos (#373) by @​GuillaumeLagrange in #373
• Pin codspeed-go-runner installer downloads with sha256 verification by @​art049 in #362
• Pin downloaded binaries with sha256 verification by @​art049
• Search NixOS debug info path by @​not-matthias in #354
• Inherit process mapping on forks by @​GuillaumeLagrange
• Bundle samply via library crate by @​not-matthias
• Add samply profiler for macOS by @​not-matthias
• Rename CODSPEED_PERF_ENABLED to CODSPEED_PROFILER_ENABLED by @​not-matthias
• Add Profiler trait abstraction by @​not-matthias
• Restore cursor on ctrl c by @​GuillaumeLagrange in #341
• Validate tokens and repository access up front by @​GuillaumeLagrange

🐛 Bug Fixes

• Use introspected env for memory executor by @​GuillaumeLagrange
• Misleading DCE advice in setup-harness (#350) by @​SuperMuel in #350
• Flush rolling buffer when executor errors by @​not-matthias in #352
• Use brew-installed bash for samply on macOS by @​not-matthias in #347
• Keep old name aliases to for deserialization purposes by @​GuillaumeLagrange in #345
• Handle malformed token from backend better by @​GuillaumeLagrange
• Disable PYTHON_PERF_JIT_SUPPORT on macOS by @​not-matthias
• Use mach_absolute_time for FIFO timestamps on macOS by @​not-matthias
• Use O_RDWR to open FIFOs on all Unix platforms by @​not-matthias

💼 Other

• Select profiler via typed CLI arg by @​GuillaumeLagrange in #379
• Bump workspace dependencies (#370) by @​art049 in #370
• Make api_client the single source of truth for the auth token by @​GuillaumeLagrange
• Bump gql_client to partial-data fork by @​GuillaumeLagrange

🏗️ Refactor

• Centralize internal re-exec via InternalCommands::get_command_builder by @​not-matthias in #338
• Rename Benchmark FIFO commands/markers to Profiler/Round by @​not-matthias
• Rename Profiler::wrap to wrap_command by @​not-matthias
• Share Linux profiler sysctl setup by @​not-matthias
• Port PerfRunner to Profiler trait by @​not-matthias
• Rename PerfMetadata to WalltimeMetadata by @​not-matthias
• Move perf module under profiler/ by @​not-matthias
• Rename FifoCommand::PingPerf to PingProfiler by @​not-matthias
• Rename IntegrationMode::Perf to Walltime by @​not-matthias

🧪 Testing

• Update valgrind snapshot tests by @​adriencaccia

... (truncated)

Commits

• 9d332c4 Release v4.17.0 🚀
• 96afee1 chore: bump runner version to 4.17.0
• a55be0f chore: bump runner version to 4.16.2
• See full diff in compare view

Updates release-drafter/release-drafter from 7.3.0 to 7.3.1

Release notes

Sourced from release-drafter/release-drafter's releases.

v7.3.1

What's Changed

Bug Fixes

• fix: output name and tag_name in dry-run mode (#1625) @​cchanche

Maintenance

• chore(deps): update graphql-codegen to 7.0.0 (#1619) @renovate[bot]
• chore(deps): update dependency nock to 14.0.15 (#1609) @renovate[bot]
• chore(deps): update graphql-codegen (#1615) @renovate[bot]
• chore(deps): update dependency typescript to 6.0.3 (#1610) @renovate[bot]
• ci(deps): update actions/download-artifact action to v8.0.1 (#1620) @renovate[bot]
• chore(deps): update dependency @​types/node to 24.12.3 (#1608) @renovate[bot]
• chore(deps): update vitest to 4.1.5 (#1612) @renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.15 (#1607) @renovate[bot]
• chore(deps): update dependency vite to 8.0.11 (#1611) @renovate[bot]
• ci(deps): pin dependencies (#1606) @renovate[bot]

Dependency Updates

• chore(deps): update node.js to v24.15.0 (#1616) @renovate[bot]
• chore(deps): update vite to v8.0.13 and vitest to v4.1.6 (#1624) @​cchanche
• fix(deps): update dependency semver to 7.8.0 (#1622) @renovate[bot]
• chore(deps): update npm tool constraint to 11.14.1 (#1617) @renovate[bot]
• fix(deps): update dependency zod to 4.4.3 (#1618) @renovate[bot]
• fix(deps): update actions (#1613) @renovate[bot]
• chore(deps): update dependency @​biomejs/biome to 2.4.15 (#1607) @renovate[bot]
• fix(deps): update dependency yaml to 2.8.4 (#1614) @renovate[bot]

Full Changelog: release-drafter/release-drafter@v7.3.0...v7.3.1

Commits

• 693d20e chore: release v7.3.1
• 8339e41 docs: update contributing docs for release process
• 62d8da4 fix: output name and tag_name in dry-run mode (#1625)
• 2c6d395 chore(deps): update node.js to v24.15.0 (#1616)
• 3b62240 chore(deps): update vite to v8.0.13 and vitest to v4.1.6 (#1624)
• 446e151 fix(deps): adapt to graphql-codegen 7 type changes
• 4cd06dc chore(deps): update graphql-codegen to 7.0.0
• 8045768 fix(deps): update dependency semver to 7.8.0
• 1cf836b ci(release): use local action for publish step
• 485c120 chore(deps): update npm tool constraint to 11.14.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.07%. Comparing base (2b0c569) to head (c0e18fc).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #236   +/-   ##
=======================================
  Coverage   97.07%   97.07%           
=======================================
  Files           4        4           
  Lines         239      239           
=======================================
  Hits          232      232           
  Misses          7        7           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[codspeed-hq]

Merging this PR will not alter performance

✅ 90 untouched benchmarks
⏩ 13 skipped benchmarks¹

---

_{Comparing dependabot/github_actions/actions-112c5ccbfc (c0e18fc) with main (b3dad9f)²}

Footnotes

1. 13 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

2. No successful run was found on main (2b0c569) during the generation of this report, so b3dad9f was used instead as the comparison base. There might be some changes unrelated to this pull request in this report. ↩