chore(deps): bump the patch group across 1 directory with 3 updates

[dependabot]

Bumps the patch group with 3 updates in the / directory: PyO3/maturin-action, marocchino/sticky-pull-request-comment and anchore/sbom-action.

Updates PyO3/maturin-action from 1.49.3 to 1.49.4

Release notes

Sourced from PyO3/maturin-action's releases.

v1.49.4

What's Changed

• add LD_ to allowed env prefixes by @​jakobhellermann in PyO3/maturin-action#363
• Add recent manylinux images for i686 by @​ZedThree in PyO3/maturin-action#371

New Contributors

• @​jakobhellermann made their first contribution in PyO3/maturin-action#363
• @​ZedThree made their first contribution in PyO3/maturin-action#371

Full Changelog: PyO3/maturin-action@v1.49.3...v1.49.4

Commits

• 86b9d13 Bump version to 1.49.4
• 889b519 rebuild and update readme
• fee15c9 Add recent manylinux images for i686 (#371)
• 49aa0e4 Update versions-manifest.json (#369)
• c5899f4 Update versions-manifest.json (#367)
• 606d659 add LD_ to allowed env prefixes (#363)
• d514c3f Update versions-manifest.json (#362)
• 63301d3 Update versions-manifest.json (#360)
• See full diff in compare view

Updates marocchino/sticky-pull-request-comment from 2.9.3 to 2.9.4

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v2.9.4

What's Changed

• build(deps-dev): Bump @​biomejs/biome from 2.0.0 to 2.0.2 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1554
• build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1561
• build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1562
• build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1563
• build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13 by @​dependabot[bot] in marocchino/sticky-pull-request-comment#1564

Full Changelog: marocchino/sticky-pull-request-comment@v2.9.3...v2.9.4

Commits

• 7737449 📦️ Build
• 8b423c6 Merge pull request #1564 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 3ac8a74 build(deps-dev): Bump @​types/node from 24.0.12 to 24.0.13
• e430cfc Merge pull request #1563 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 99f9378 build(deps-dev): Bump @​types/node from 24.0.11 to 24.0.12
• 2216b3a Merge pull request #1562 from marocchino/dependabot/npm_and_yarn/biomejs/biom...
• 482d7fd build(deps-dev): Bump @​biomejs/biome from 2.0.4 to 2.1.1
• c2da581 Merge pull request #1561 from marocchino/dependabot/npm_and_yarn/types/node-2...
• 76f8462 build(deps-dev): Bump @​types/node from 24.0.3 to 24.0.11
• 246151a ⬆️ Update biome
• Additional commits viewable in compare view

Updates anchore/sbom-action from 0.20.2 to 0.20.6

Release notes

Sourced from anchore/sbom-action's releases.

v0.20.6

Changes in v0.20.6

• chore(deps): update Syft to v1.33.0 (#537) [[anchore-actions-token-generator[bot]](https://github.com/[anchore-actions-token-generator[bot]](https://github.com/apps/anchore-actions-token-generator))]
• chore: update actions library to resolve critical vulnerability (#536) [spiffcs]

v0.20.5

Changes in v0.20.5

• Update Syft to v1.31.0 (#531)

v0.20.4

Changes in v0.20.4

• chore: update Syft to v1.29.0 (#529)

v0.20.3

Changes in v0.20.3

• Fix: Strip emojis from correlator before using github APIs (#527) [AndrewHendry]

Commits

• f8bdd1d chore(deps): update Syft to v1.33.0 (#537)
• c2c9a6d chore: update actions library to resolve critical sec (#536)
• 039eeb2 chore(deps): update Syft to v1.32.0 (#533)
• da167ea chore(deps): bump actions/checkout from 4.2.2 to 5.0.0 (#532)
• 0d72d6e chore(deps): update Syft to v1.31.0 (#531)
• 7b36ad6 chore(deps): update Syft to v1.29.0 (#529)
• 9e07fd7 fix: strip emoji from correlator names (#527)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions