Bump the actions group across 1 directory with 7 updates #29639
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-python](https://github.com/actions/setup-python) | `5.3.0` | `5.4.0` | | [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `2.1.0` | `2.2.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.12.3` | `1.12.4` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.1` | `3.28.9` | | [actions/stale](https://github.com/actions/stale) | `9.0.0` | `9.1.0` | | [Quansight-Labs/setup-python](https://github.com/quansight-labs/setup-python) | `5.3.1` | `5.4.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.1.2` | `5.3.1` | Updates `actions/setup-python` from 5.3.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@0b93645...4237552) Updates `actions/attest-build-provenance` from 2.1.0 to 2.2.0 - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@7668571...520d128) Updates `pypa/gh-action-pypi-publish` from 1.12.3 to 1.12.4 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@67339c7...76f52bc) Updates `github/codeql-action` from 3.28.1 to 3.28.9 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@b6a472f...9e8d078) Updates `actions/stale` from 9.0.0 to 9.1.0 - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@28ca103...5bef64f) Updates `Quansight-Labs/setup-python` from 5.3.1 to 5.4.0 - [Release notes](https://github.com/quansight-labs/setup-python/releases) - [Commits](Quansight-Labs/setup-python@b9ab292...869aeaf) Updates `codecov/codecov-action` from 5.1.2 to 5.3.1 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@1e68e06...13ce06b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: Quansight-Labs/setup-python dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
QuLogic
approved these changes
Feb 19, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the actions group with 7 updates in the / directory:
5.3.05.4.02.1.02.2.01.12.31.12.43.28.13.28.99.0.09.1.05.3.15.4.05.1.25.3.1Updates
actions/setup-pythonfrom 5.3.0 to 5.4.0Release notes
Sourced from actions/setup-python's releases.
Commits
4237552Improve Advanced Usage examples (#645)709bfa5Bump requests from 2.24.0 to 2.32.2 in /tests/data (#1019)ceb20b2Bump@actions/http-clientfrom 2.2.1 to 2.2.3 (#1020)0dc2d2cBump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1014)feb9c6eBump urllib3 from 1.25.9 to 1.26.19 in /tests/data (#895)d0b4fc4Bump undici from 5.28.4 to 5.28.5 (#1012)e3dfaacConfigure Dependabot settings (#1008)b8cf3ebUse the new cache service: upgrade@actions/cacheto^4.0.0(#1007)1928ae6Update README.md (#1009)3fddbeeEnhance Workflows: Add Ubuntu-24, Remove Python 3.8 (#985)Updates
actions/attest-build-provenancefrom 2.1.0 to 2.2.0Release notes
Sourced from actions/attest-build-provenance's releases.
Commits
520d128bump actions/attest from v2.1.0 to v2.2.0 (#449)5d2ced9Add example of upload-artifaction integration (#450)3c016c1bump actions/attest from v2.1.0 to v2.2.0 (#449)e06bbafBump the npm-development group with 3 updates (#447)47c6e87Bump the npm-development group with 4 updates (#444)c083b46Bump the npm-development group with 2 updates (#438)1b4b366Bump typescript-eslint in the npm-development group (#434)963f8a0Bump the npm-development group with 2 updates (#429)4ecada3Bump the npm-development group across 1 directory with 3 updates (#422)f4b7552bump eslint from 8.57.1 to 9.16.0 (#418)Updates
pypa/gh-action-pypi-publishfrom 1.12.3 to 1.12.4Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
Commits
76f52bcMerge pull request #329 from webknjaz/maintenance/runtime-lockfile-24-02-202572de13b📌 Mass-upgrade transitive dependency pins1995f2eMerge pull request #327 from webknjaz/maintenance/twine-6.1-pep63929f40bd📦 Enable metadata 2.4 support in Twine10df67d📦 Enable support for PEP 639 metadatae0449d2🧪 Integrate a unifiedalls-greenGHA statuscebc64f🧪 Bump setuptools in smoke test to v75.8.0da900af🧪 Run smoke tests against Ubuntu 24 and 228cafb5c💰 Sync the funding config916e576Merge pull request #315 from webknjaz/refactoring/attestations-exist-bundleUpdates
github/codeql-actionfrom 3.28.1 to 3.28.9Release notes
Sourced from github/codeql-action's releases.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
9e8d078Merge pull request #2757 from github/update-v3.28.9-24e1c2d3343d9be6Update changelog for v3.28.924e1c2dMerge pull request #2753 from github/update-bundle/codeql-bundle-v2.20.457a08c0Add changelog note52189d2Update default bundle to codeql-bundle-v2.20.408bc0cfMerge pull request #2751 from github/henrymercer/fix-init-post-without-configcf7c687Sendinit-poststatus report in absence of configad42dbdMerge pull request #2750 from github/dependabot/npm_and_yarn/npm-768bd9b555a8f5935Merge pull request #2749 from github/dependabot/github_actions/actions-29d379...9660df3Update checked-in dependenciesUpdates
actions/stalefrom 9.0.0 to 9.1.0Release notes
Sourced from actions/stale's releases.
Commits
5bef64fbuild(deps): bump@actions/cachefrom 3.2.2 to 4.0.0 (#1194)fa77dfdbuild(deps-dev): bump@types/jestfrom 29.5.11 to 29.5.14 (#1193)f04443dbuild(deps): bump@actions/corefrom 1.10.1 to 1.11.1 (#1191)5c715b0build(deps-dev): bump ts-jest from 29.1.1 to 29.2.5 (#1175)f691222build(deps): bump actions/publish-action from 0.2.2 to 0.3.0 (#1147)df990c2build(deps): bump actions/checkout from 3 to 4 (#1091)6e472ceMerge pull request #1179 from actions/Jcambass-patch-1d10ba64Merge pull request #1150 from actions/dependabot/npm_and_yarn/undici-5.28.4bbf3da5resolve check failures6a2e61dAdd workflow file for publishing releases to immutable action packageUpdates
Quansight-Labs/setup-pythonfrom 5.3.1 to 5.4.0Release notes
Sourced from Quansight-Labs/setup-python's releases.
Commits
869aeafFix lint40cc54bAdd freethreaded input and fix handling of prerelease versions6aeccc6Fix desugaring of3.13.1tand add test case.4ff908aAdd free threading to advanced usage documentation536ce35Revert README changes870b55eUpdate README to add examples to install 3.13t6313221Use 'Quansight-Labs' repoffbe519Support free threaded Python versions like '3.13t'4237552Improve Advanced Usage examples (#645)709bfa5Bump requests from 2.24.0 to 2.32.2 in /tests/data (#1019)Updates
codecov/codecov-actionfrom 5.1.2 to 5.3.1Release notes
Sourced from codecov/codecov-action's releases.
Changelog
Sourced from codecov/codecov-action's changelog.
... (truncated)
Commits
13ce06bchore(release): bump to 5.3.13e26040fix: add docs and copy over dist (#1752)0da7aa6chore(release): 5.3.0 (#1751)1ca7ce6chore(release): wrapper -0.1.0 (#1750)65baa5fUpdate README with reqs (#1749)5a605bdchore(release): bump to 5.2.0 (#1748)5825942Fix typo in README (#1747)b1a6383Th/add commands (#1745)6c5b693use correct audience when requesting oidc token (#1744)ad45165build(deps): bump github/codeql-action from 3.27.9 to 3.28.1 (#1742)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions