Bump CodSpeedHQ/action from 4.17.0 to 4.17.5 in /.github/workflows

[dependabot]

Bumps CodSpeedHQ/action from 4.17.0 to 4.17.5.

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.17.5

Release Notes

This release bundles all runner changes from 4.17.1 through 4.17.5.

🚀 Features

• Add optional mode arg to target setup by @​fargito in #397
• Restore DYLD_INSERT_LIBRARIES from SAMPLY_ alias by @​not-matthias
• Bump valgrind-codspeed to 3.26.0-0codspeed3 by @​adriencaccia

🐛 Bug Fixes

• Purge inherited mappings on execve to fix unknown symbols (#392) by @​GuillaumeLagrange in #392
• Use %p in log file path to avoid multi-process overwrite by @​not-matthias in #381
• Compare codspeed iteration of installed valgrind by @​not-matthias

💼 Other

• Enable set -u to match go.sh by @​not-matthias in #389

🏗️ Refactor

• Parse codspeed iteration from version string by @​not-matthias

⚙️ Internals

• Bump samply by @​not-matthias
• Bump samply to fix sigkill by @​not-matthias in #386
• Log detected valgrind version by @​not-matthias in #390
• Bump samply-codspeed to disable jit classification and add fp-anchoring to unwinding (#382) by @​GuillaumeLagrange in #382

Install codspeed-runner 4.17.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.17.5/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.17.5

File	Platform	Checksum
codspeed-runner-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
codspeed-runner-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum

Full Runner Changelog: https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md

Full Changelog: CodSpeedHQ/action@v4.17.0...v4.17.5

Commits

• c145068 Release v4.17.5 🚀
• 0cb911b chore: bump runner version to 4.17.5
• 1fc8046 chore: bump runner version to 4.17.4
• 4e20691 chore: bump runner version to 4.17.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 618fff7.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

OpenSSF Scorecard

Package	Version	Score	Details
actions/CodSpeedHQ/action	4.17.5	🟢 5	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 1 Found 3/16 approved changesets -- score normalized to 1 Maintained 🟢 10 25 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches SAST 🟢 9 SAST tool is not run on all commits -- score normalized to 9

Scanned Files

• .github/workflows/codspeed.yml

[codspeed-hq]

Merging this PR will not alter performance

✅ 12 untouched benchmarks

---

_{Comparing dependabot/github_actions/dot-github/workflows/CodSpeedHQ/action-4.17.5 (618fff7) with main (97a9694)}