chore(ci): bump dorny/paths-filter from 6852f92c20ea7fd3b0c25de3b5112db3a98da050 to d1c1ffe0248fe513906c8e24db8ea791d46f8590

[dependabot]

Bumps dorny/paths-filter from 6852f92c20ea7fd3b0c25de3b5112db3a98da050 to d1c1ffe0248fe513906c8e24db8ea791d46f8590.

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v4.0.0

• Update action runtime to node24

v3.0.3

• Add missing predicate-quantifier

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

... (truncated)

Commits

• See full diff in compare view

[dependabot]

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[Jerry-Xin]

Summary: This PR is relevant to octo-lib because it updates the CI path-filter action used by the repository’s workflow, and I found no blocking issues.

💬 Non-blocking
None.

✅ Highlights

• .github/workflows/ci.yml:50 keeps dorny/paths-filter pinned to an immutable SHA, preserving supply-chain hygiene.
• The new SHA resolves to the v3.0.3/v3 target, so the existing # v3 comment remains accurate.
• Workflow permissions remain scoped to contents: read and pull-requests: read; no new privilege or secret exposure risk.
• No project code behavior changes, so no additional tests are required beyond the normal CI workflow run.

[lml2468]

Verdict: APPROVED

Dependabot bump: dorny/paths-filter SHA update within v3 (v3.0.2 → v3.0.3). CI green (Build/Test/Vet pass).

Verification:

• SHA d1c1ffe0248fe513906c8e24db8ea791d46f8590 verified as v3.0.3 commit (2026-03-12) ✅
• Single occurrence, tag comment stays # v3 ✅
• Patch bump, no breaking changes ✅

LGTM.

[lml2468]

[APPROVE] — reviewer account matches PR author; flagging for a human maintainer to merge.

SHA-to-SHA bump for dorny/paths-filter (still v3). Correct pattern: SHA-pinned with version comment preserved. All CI passing (Build green, Test/Vet green). No blockers.