build(deps): bump bencherdev/bencher from 0.6.6 to 0.6.7

[dependabot]

Bumps bencherdev/bencher from 0.6.6 to 0.6.7.

Release notes

Sourced from bencherdev/bencher's releases.

v0.6.7

• Fix the OCI registry token endpoint for the Docker 29+ containerd image store, which sends multiple scope query parameters and an OAuth2 POST token exchange (Thank you @​travishathaway)
• Add user-scoped API keys (bencher_user_...) that authenticate as the owning user across every endpoint a JWT can reach, including docker login; the one exception is key management: a user API key cannot create more keys and can only see, update, or revoke itself, so a leaked key cannot mint credentials that outlive its own revocation, tamper with the user's other keys, or enumerate them
• Add bencher user key {create,list,view,update,revoke} CLI subcommands and an "API Keys" page in the Console for managing user API keys
• --key/BENCHER_API_KEY now accepts either a project-scoped key (bencher_run_*) or a user-scoped key (bencher_user_*); the --project requirement applies only to project-scoped keys
• DEPRECATED User API tokens are deprecated in favor of user API keys: POST /v0/users/{user}/tokens (bencher token create) now always fails with a 403 Forbidden error; existing API tokens continue to work and can still be listed, viewed, renamed, and revoked
• Replace the Tokens entry in the Console account dropdown with Keys, and hide the "API Tokens" page entirely for accounts created after 15 June 2026
• bencher run --github-actions now always creates a Bencher Report GitHub Check (failing on an active Alert), so it can be used as a required status check in branch protection; the check is created on a best effort basis, so check creation failures are now warnings instead of errors (Thank you @​OmarTawfik)
• Create the GitHub Check on the pull request head commit (pull_request.head.sha or workflow_run.head_sha) instead of GITHUB_SHA, so the check appears on the pull request
• Append the --ci-id ID to the GitHub Check name (ie Bencher Report (<ID>)) so multiple bencher run invocations on the same commit get distinct, stable check names

Commits

• ec56bb6 Release v0.6.7
• 3f022ac Update kernel 6.1.168 -> 6.1.172 (#875)
• 3adde58 Deprecate user API tokens in favor of user API keys (#897)
• 5401fdd Always create a GitHub Check in bencher run --github-actions (#895)
• dac876e Fix cargo-deny advisories: upgrade diesel, ignore proc-macro-error2 (#898)
• cc6c03c Install aws-lc-rs crypto provider in update_sandbox task (#890)
• cc0eec2 Allow --project to not be specified when --image is used (#886)
• f54ce85 Add user scoped API keys (#874)
• 72b9dfa Fix OCI token endpoint for Docker 29 containerd image store (#885)
• f6dd4bd Fix css-inline: bundle Bulma CSS at build time (#887)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)