ci(deps): update github actions (main)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/attest-build-provenance	action	major	v3.2.0 → v4.1.0
actions/download-artifact	action	major	v7.0.0 → v8.0.0
actions/upload-artifact	action	major	v6.0.0 → v7.0.0

---

Release Notes

actions/attest-build-provenance (actions/attest-build-provenance)

v4.1.0

Compare Source

[!NOTE]
As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Update RELEASE.md docs by @​bdehamer in #​836
• Bump actions/attest from 4.0.0 to 4.1.0 by @​bdehamer in #​838
  • Bump @actions/attest from 3.0.0 to 3.1.0 by @​bdehamer in actions/attest#362
  • Bump @actions/attest from 3.1.0 to 3.2.0 by @​bdehamer in actions/attest#365
  • Add new subject-version input for inclusion in storage record by @​bdehamer in actions/attest#364
  • Add storage record content to README by @​bdehamer in actions/attest#366

Full Changelog: actions/attest-build-provenance@v4.0.0...v4.1.0

v4.0.0

Compare Source

[!NOTE]
As of version 4, actions/attest-build-provenance is simply a wrapper on top of actions/attest.

Existing applications may continue to use the attest-build-provenance action, but new implementations should use actions/attest instead.

What's Changed

• Bump tar from 7.5.2 to 7.5.6 by @​dependabot[bot] in #​809
• Bump @​actions/attest from 2.1.0 to 2.2.0 by @​dependabot[bot] in #​800
• Bump @​actions/core from 2.0.1 to 2.0.3 in the npm-production group by @​dependabot[bot] in #​799
• Bump tar from 7.5.6 to 7.5.7 by @​dependabot[bot] in #​816
• Prepare v4 release by @​bdehamer in #​835

Full Changelog: actions/attest-build-provenance@v3.2.0...v4.0.0

actions/download-artifact (actions/download-artifact)

v8.0.0

Compare Source

v8 - What's new

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to false.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @​actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in #​460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in #​461

Full Changelog: actions/download-artifact@v7...v8.0.0

actions/upload-artifact (actions/upload-artifact)

v7.0.0

Compare Source

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in #​754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in #​762
• Support direct file uploads by @​danwkennedy in #​764

New Contributors

• @​Link- made their first contribution in #​754

Full Changelog: actions/upload-artifact@v6...v7.0.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[overlap-benchmarks]

C++ benchmark results

Benchmark	Reference (cb7cf3d)	Current (dc7e188)
hex_overlap_volume[AABB]	7.21 ns	7.79 ns: 1.08x slower
hex_overlap_volume[hex-in-sphere]	18.5 ns	17.6 ns: 1.05x faster
hex_overlap_volume[random]	1.01 us	1.04 us: 1.04x slower
hex_overlap_volume[sphere-in-hex]	610 ns	712 ns: 1.17x slower
normal_newell	117 ns	51.2 ns: 2.29x faster
regularized_wedge	59.3 ns	60.4 ns: 1.02x slower
tet_overlap_volume[AABB]	5.84 ns	5.02 ns: 1.16x faster
tet_overlap_volume[hex-in-sphere]	10.3 ns	10.1 ns: 1.02x faster
tet_overlap_volume[sphere-in-hex]	1.39 us	1.51 us: 1.09x slower
Geometric mean	(ref)	1.08x faster

Python benchmark results

Benchmark	Reference	Current
hex_overlap_volume[random]	9.55 us	9.69 us: 1.01x slower
hex_overlap_volume[sphere-in-hex]	2.35 us	2.39 us: 1.02x slower
hex_overlap_volume[hex-in-sphere]	1.68 us	1.73 us: 1.03x slower
hex_overlap_volume[AABB]	1.63 us	1.71 us: 1.04x slower
tet_overlap_volume[tet-in-sphere]	291 ns	300 ns: 1.03x slower
Geometric mean	(ref)	1.02x slower

Benchmark hidden because not significant (2): tet_overlap_volume[sphere-in-tet], tet_overlap_volume[AABB]