build(deps): bump bencherdev/bencher from 0.6.4 to 0.6.8

[dependabot]

Bumps bencherdev/bencher from 0.6.4 to 0.6.8.

Release notes

Sourced from bencherdev/bencher's releases.

v0.6.8

• BREAKING CHANGE Change the default self-hosted API server port from 61016 to the newly IANA-registered 6610. Deployments relying on the default now serve the API on 6610. Update clients, reverse proxies, and --host/BENCHER_HOST references (Docker Compose, devcontainer, and docs are updated to match). To stay on 61016, set server.bind_address to 0.0.0.0:61016 (or run bencher up --api-port 61016).
• Mark the remaining user API token REST endpoints (list, view, update, and revoke) as deprecated in the OpenAPI spec and API docs; they continue to work for existing tokens

v0.6.7

• Fix the OCI registry token endpoint for the Docker 29+ containerd image store, which sends multiple scope query parameters and an OAuth2 POST token exchange (Thank you @​travishathaway)
• Add user-scoped API keys (bencher_user_...) that authenticate as the owning user across every endpoint a JWT can reach, including docker login; the one exception is key management: a user API key cannot create more keys and can only see, update, or revoke itself, so a leaked key cannot mint credentials that outlive its own revocation, tamper with the user's other keys, or enumerate them
• Add bencher user key {create,list,view,update,revoke} CLI subcommands and an "API Keys" page in the Console for managing user API keys
• --key/BENCHER_API_KEY now accepts either a project-scoped key (bencher_run_*) or a user-scoped key (bencher_user_*); the --project requirement applies only to project-scoped keys
• DEPRECATED User API tokens are deprecated in favor of user API keys: POST /v0/users/{user}/tokens (bencher token create) now always fails with a 403 Forbidden error; existing API tokens continue to work and can still be listed, viewed, renamed, and revoked
• Replace the Tokens entry in the Console account dropdown with Keys, and hide the "API Tokens" page entirely for accounts created after 15 June 2026
• bencher run --github-actions now always creates a Bencher Report GitHub Check (failing on an active Alert), so it can be used as a required status check in branch protection; the check is created on a best effort basis, so check creation failures are now warnings instead of errors (Thank you @​OmarTawfik)
• Create the GitHub Check on the pull request head commit (pull_request.head.sha or workflow_run.head_sha) instead of GITHUB_SHA, so the check appears on the pull request
• Append the --ci-id ID to the GitHub Check name (ie Bencher Report (<ID>)) so multiple bencher run invocations on the same commit get distinct, stable check names

v0.6.6

• Show context-aware auth hints in API 404 errors: routes that accept project API keys now mention both API tokens and project keys, while token-only routes mention only API tokens
• BREAKING CHANGE Rename usage to metrics in the organization usage API response and add runner_minutes field for bare metal runner minutes usage
• Add --max-retry-after CLI option to cap exponential backoff between retries (default 30s) and increase default --attempts from 10 to 35 for ~15 minutes of retry coverage

v0.6.5

• Add project scoped API keys
• Add build time and file size tracking support for bare metal runs
• Fix bencher run hanging on stdin when no command is provided, including for --image remote bare metal runs (Thank you @​sophie-h)

Commits

• 5f9d4cf Release v0.6.8
• deb634d Add a Continue Unlicensed button to Self-Hosted onboarding
• 8deb121 Change default API server port from 61016 to 6610 (#905)
• eef36e7 Move over to Pro plan (#907)
• f553ea0 Resolve plan tier by base-fee presence instead of the Stripe product name (#911)
• 42cbda5 Add Console design guide (#910)
• fc3e1e6 Add Pro plan metered usage and split out a Bencher Metrics product (#909)
• 131f62b Add Pro plan backend: billing credits, sweep, plan PATCH, CLI (#906)
• 7331a55 Publish Bare Metal Runner documentation (#908)
• c7fa7b1 Update kernel 6.1.172 -> 6.1.174 (#904)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)