Skip to content

Bump the actions group across 1 directory with 6 updates #29

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the actions group across 1 directory with 6 updates #29

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 27, 2025

Bumps the actions group with 6 updates in the / directory:

Package From To
pypa/cibuildwheel 2.21.3 2.22.0
actions/attest-build-provenance 1.4.3 2.2.0
pypa/gh-action-pypi-publish 1.10.3 1.12.4
eps1lon/actions-label-merge-conflict 3.0.2 3.0.3
cygwin/cygwin-install-action 4 5
codecov/codecov-action 4 5

Updates pypa/cibuildwheel from 2.21.3 to 2.22.0

Release notes

Sourced from pypa/cibuildwheel's releases.

Version 2.22.0

  • 🌟 Added a new CIBW_ENABLE/enable feature that replaces CIBW_FREETHREADED_SUPPORT/free-threaded-support and CIBW_PRERELEASE_PYTHONS with a system that supports both. In cibuildwheel 3, this will also include a PyPy setting and the deprecated options will be removed. (#2048)
  • 🌟 Dependency groups are now supported for tests. Use CIBW_TEST_GROUPS/test-groups to specify groups in [dependency-groups] for testing. (#2063)
  • 🌟 Support for the experimental Ubuntu-based ARMv7l manylinux image (#2052)
  • ✨ Show a warning when cibuildwheel is run from Python 3.10 or older; cibuildwheel 3.0 will require Python 3.11 or newer as host (#2050)
  • 🐛 Fix issue with stderr interfering with checking the docker version (#2074)
  • 🛠 Python 3.9 is now used in CIBW_BEFORE_ALL/before-all on linux, replacing 3.8, which is now EoL (#2043)
  • 🛠 Error messages for producing a pure-Python wheel are slightly more informative (#2044)
  • 🛠 Better error when uname -m fails on ARM (#2049)
  • 🛠 Better error when repair fails and docs for abi3audit on Windows (#2058)
  • 🛠 Better error when manylinux-interpreters ensure fails (#2066)
  • 🛠 Update Pyodide to 0.26.4, and adapt to the unbundled pyodide-build (now 0.29) (#2090)
  • 🛠 Now cibuildwheel uses dependency-groups for development dependencies (#2064, #2085)
  • 📚 Docs updates and tidy ups (#2061, #2067, #2072)
Changelog

Sourced from pypa/cibuildwheel's changelog.

title: Changelog

Changelog

v2.22.0

23 November 2024

  • 🌟 Added a new CIBW_ENABLE/enable feature that replaces CIBW_FREETHREADED_SUPPORT/free-threaded-support and CIBW_PRERELEASE_PYTHONS with a system that supports both. In cibuildwheel 3, this will also include a PyPy setting and the deprecated options will be removed. (#2048)
  • 🌟 Dependency groups are now supported for tests. Use CIBW_TEST_GROUPS/test-groups to specify groups in [dependency-groups] for testing. (#2063)
  • 🌟 Support for the experimental Ubuntu-based ARMv7l manylinux image (#2052)
  • ✨ Show a warning when cibuildwheel is run from Python 3.10 or older; cibuildwheel 3.0 will require Python 3.11 or newer as host (#2050)
  • 🐛 Fix issue with stderr interfering with checking the docker version (#2074)
  • 🛠 Python 3.9 is now used in CIBW_BEFORE_ALL/before-all on linux, replacing 3.8, which is now EoL (#2043)
  • 🛠 Error messages for producing a pure-Python wheel are slightly more informative (#2044)
  • 🛠 Better error when uname -m fails on ARM (#2049)
  • 🛠 Better error when repair fails and docs for abi3audit on Windows (#2058)
  • 🛠 Better error when manylinux-interpreters ensure fails (#2066)
  • 🛠 Update Pyodide to 0.26.4, and adapt to the unbundled pyodide-build (now 0.29) (#2090)
  • 🛠 Now cibuildwheel uses dependency-groups for development dependencies (#2064, #2085)
  • 📚 Docs updates and tidy ups (#2061, #2067, #2072)

v2.21.3

9 October 2024

  • 🛠 Update CPython 3.13 to 3.13.0 final release (#2032)
  • 📚 Docs updates and tidy ups (#2035)

v2.21.2

2 October 2024

  • ✨ Adds support for building 32-bit armv7l wheels on musllinux. On a Linux system with emulation set up, set CIBW_ARCHS to armv7l on Linux to try it out if you're interested! (#2017)
  • 🐛 Fix Linux Podman builds on some systems (#2016)
  • ✨ Adds official support for running on Python 3.13 (#2026)
  • 🛠 Update CPython 3.13 to 3.13.0rc3 (#2029)

Note: the default manylinux image is scheduled to change from manylinux2014 to manylinux_2_28 in a cibuildwheel release on or after 6th May 2025 - you can set the value now to avoid getting upgraded if you want. (#1992)

v2.21.1

16 September 2024

  • 🐛 Fix a bug in the Linux build, where files copied to the container would have invalid ownership permissions (#2007)
  • 🐛 Fix a bug on Windows where cibuildwheel would call upon uv to install dependencies for versions of CPython that it does not support (#2005)
  • 🐛 Fix a bug where uv 0.4.10 would not use the right Python when testing on Linux. (#2008)

... (truncated)

Commits

Updates actions/attest-build-provenance from 1.4.3 to 2.2.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v2.2.0

What's Changed

Full Changelog: actions/attest-build-provenance@v2.1.0...v2.2.0

v2.1.0

What's Changed

Full Changelog: actions/attest-build-provenance@v2.0.1...v2.1.0

v2.0.1

What's Changed

Full Changelog: actions/attest-build-provenance@v2.0.0...v2.0.1

v2.0.0

The attest-build-provenance action now supports attesting multiple subjects simultaneously. When identifying multiple subjects with the subject-path input a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage.

What's Changed

Full Changelog: actions/attest-build-provenance@v1.4.4...v2.0.0

v1.4.4

What's Changed

Full Changelog: actions/attest-build-provenance@v1.4.3...v1.4.4

Commits
  • 520d128 bump actions/attest from v2.1.0 to v2.2.0 (#449)
  • 5d2ced9 Add example of upload-artifaction integration (#450)
  • 3c016c1 bump actions/attest from v2.1.0 to v2.2.0 (#449)
  • e06bbaf Bump the npm-development group with 3 updates (#447)
  • 47c6e87 Bump the npm-development group with 4 updates (#444)
  • c083b46 Bump the npm-development group with 2 updates (#438)
  • 1b4b366 Bump typescript-eslint in the npm-development group (#434)
  • 963f8a0 Bump the npm-development group with 2 updates (#429)
  • 4ecada3 Bump the npm-development group across 1 directory with 3 updates (#422)
  • f4b7552 bump eslint from 8.57.1 to 9.16.0 (#418)
  • Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.10.3 to 1.12.4

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.4

✨ What's Changed

The main theme of this patch release that the support for uploading PEP 639 licensing metadata to PyPI has been fixed in #327.

🛠️ Internal Updates

A few smaller updates include the attestation existence being checked earlier in the process now, listing all the violating files together, not just one (PR #315). And the lock file with the software available in runtime has been re-pinned in #329. Additionally, the CI now runs the smoke-tests against both Ubuntu 22.04 and 24.04 explicitly via da900af96347cc027433720ad4f122117645459d.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.3...v1.12.4

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​dnicolodi💰 and @​woodruffw💰 for releasing the license metadata support fix in Twine!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

v1.12.3

✨ What's Improved

With the updates by @​woodruffw💰 and @​webknjaz💰 via #309 and #313, it is now possible to publish [distribution packages] that include [core metadata v2.4], like those built using [maturin]. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP] Please, let us know in the release discussion if anything still remains unclear. TL;DR always call [pypi-publish] once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use [pypi-publish] on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call [pypi-publish] from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @​woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the [maturin]-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

... (truncated)

Commits
  • 76f52bc Merge pull request #329 from webknjaz/maintenance/runtime-lockfile-24-02-2025
  • 72de13b 📌 Mass-upgrade transitive dependency pins
  • 1995f2e Merge pull request #327 from webknjaz/maintenance/twine-6.1-pep639
  • 29f40bd 📦 Enable metadata 2.4 support in Twine
  • 10df67d 📦 Enable support for PEP 639 metadata
  • e0449d2 🧪 Integrate a unified alls-green GHA status
  • cebc64f 🧪 Bump setuptools in smoke test to v75.8.0
  • da900af 🧪 Run smoke tests against Ubuntu 24 and 22
  • 8cafb5c 💰 Sync the funding config
  • 916e576 Merge pull request #315 from webknjaz/refactoring/attestations-exist-bundle
  • Additional commits viewable in compare view

Updates eps1lon/actions-label-merge-conflict from 3.0.2 to 3.0.3

Release notes

Sourced from eps1lon/actions-label-merge-conflict's releases.

3.0.3

What's Changed

New Contributors

Full Changelog: eps1lon/actions-label-merge-conflict@v3.0.2...v3.0.3

Commits

Updates cygwin/cygwin-install-action from 4 to 5

Release notes

Sourced from cygwin/cygwin-install-action's releases.

v5

What's Changed

New Contributors

Full Changelog: cygwin/cygwin-install-action@v4...v5

Commits
  • f61179d Compare inputs.allow-test-packages against 'true', not non-empty
  • a53d42c Use current checkout action in example as well
  • 5f89bfc Merge pull request #17 from mlocati/check-setup-hash
  • 2fea0d7 Throw an exception if the downloaded setup is empty
  • a39f501 Update the type of the default values of the action options
  • 7427b3d Show a warning if we can't find the hash of the setup file
  • b26c6b6 Check hash of downloaded setup
  • b93253c Document allow-test-packages parameter
  • 9d87f98 Add allow-test-packages option
  • 2e92635 Drop -g/--upgrade-also from options
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 4 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the actions group across 1 directory with 6 updates
5256d99 
Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `2.21.3` | `2.22.0` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1.4.3` | `2.2.0` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.10.3` | `1.12.4` |
| [eps1lon/actions-label-merge-conflict](https://github.com/eps1lon/actions-label-merge-conflict) | `3.0.2` | `3.0.3` |
| [cygwin/cygwin-install-action](https://github.com/cygwin/cygwin-install-action) | `4` | `5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` |



Updates `pypa/cibuildwheel` from 2.21.3 to 2.22.0
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md)
- [Commits](pypa/cibuildwheel@7940a4c...ee63bf1)

Updates `actions/attest-build-provenance` from 1.4.3 to 2.2.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@1c608d1...520d128)

Updates `pypa/gh-action-pypi-publish` from 1.10.3 to 1.12.4
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@f760068...76f52bc)

Updates `eps1lon/actions-label-merge-conflict` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/eps1lon/actions-label-merge-conflict/releases)
- [Changelog](https://github.com/eps1lon/actions-label-merge-conflict/blob/main/CHANGELOG.md)
- [Commits](eps1lon/actions-label-merge-conflict@1b1b1fc...1df065e)

Updates `cygwin/cygwin-install-action` from 4 to 5
- [Release notes](https://github.com/cygwin/cygwin-install-action/releases)
- [Commits](cygwin/cygwin-install-action@v4...v5)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

---
updated-dependencies:
- dependency-name: pypa/cibuildwheel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: eps1lon/actions-label-merge-conflict
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: cygwin/cygwin-install-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 27, 2025
@dependabot dependabot bot mentioned this pull request Jan 27, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CI: Run cibuildwheel CI: Run cygwin dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants