Skip to content

Bump the actions group with 3 updates #29981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 9, 2024
Merged

Bump the actions group with 3 updates #29981

merged 1 commit into from
Oct 9, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 1, 2024

Bumps the actions group with 3 updates: pypa/cibuildwheel, pypa/gh-action-pypi-publish and peter-evans/create-pull-request.

Updates pypa/cibuildwheel from 2.20.0 to 2.21.1

Release notes

Sourced from pypa/cibuildwheel's releases.

Version 2.21.1

  • 🐛 Fix a bug in the Linux build, where files copied to the container would have invalid ownership permissions (#2007)
  • 🐛 Fix a bug on Windows where cibuildwheel would call upon uv to install dependencies for versions of CPython that it does not support (#2005)
  • 🐛 Fix a bug where uv 0.4.10 would not use the right Python when testing on Linux. (#2008)
  • 🛠 Bump our documentation pins, fixes an issue with a missing package (#2011)

Version 2.21.0

  • ⚠️ Update CPython 3.12 to 3.12.6, which changes the macOS minimum deployment target on CPython 3.12 from macOS 10.9 to macOS 10.13 (#1998)
  • 🛠 Changes the behaviour when inheriting config-settings in TOML overrides - rather than extending each key, which is rarely useful, individual keys will override previously set values. (#1803)
  • 🛠 Update CPython 3.13 to 3.13.0rc2 (#1998)
  • ✨ Adds support for multiarch OCI images (#1961)
  • 🐛 Fixes some bugs building Linux wheels on macOS. (#1961)
  • ⚠️ Changes the minimum version of Docker/Podman to Docker API version 1.43, Podman API version 3. The only mainstream runner this should affect is Travis Graviton2 runners - if so you can upgrade your version of Docker. (#1961)
Changelog

Sourced from pypa/cibuildwheel's changelog.

v2.21.1

16 September 2024

  • 🐛 Fix a bug in the Linux build, where files copied to the container would have invalid ownership permissions (#2007)
  • 🐛 Fix a bug on Windows where cibuildwheel would call upon uv to install dependencies for versions of CPython that it does not support (#2005)
  • 🐛 Fix a bug where uv 0.4.10 would not use the right Python when testing on Linux. (#2008)
  • 🛠 Bump our documentation pins, fixes an issue with a missing package (#2011)

v2.21.0

13 September 2024

  • ⚠️ Update CPython 3.12 to 3.12.6, which changes the macOS minimum deployment target on CPython 3.12 from macOS 10.9 to macOS 10.13 (#1998)
  • 🛠 Changes the behaviour when inheriting config-settings in TOML overrides - rather than extending each key, which is rarely useful, individual keys will override previously set values. (#1803)
  • 🛠 Update CPython 3.13 to 3.13.0rc2 (#1998)
  • ✨ Adds support for multiarch OCI images (#1961)
  • 🐛 Fixes some bugs building Linux wheels on macOS. (#1961)
  • ⚠️ Changes the minimum version of Docker/Podman to Docker API version 1.43, Podman API version 3. The only mainstream runner this should affect is Travis Graviton2 runners - if so you can upgrade your version of Docker. (#1961)
Commits
  • d4a2945 Bump version: v2.21.1
  • 9913c03 [pre-commit.ci] pre-commit autoupdate (#2013)
  • c0e28d3 fix: support uv 0.4.10+ on Linux and update dependencies (#2008)
  • 8c42e79 fix: file ownership of files copied into the container (#2007)
  • 01ecd4e docs: bump pinned versions (#2011)
  • 33da1f7 fix: do not use uv to setup python on windows when conditions are not met (...
  • 79b0dd3 Bump version: v2.21.0
  • 0787a44 fix: enforce minimum version of docker/podman (#1961)
  • fd11286 [Bot] Update dependencies (#1998)
  • 22dc864 [pre-commit.ci] pre-commit autoupdate (#2000)
  • Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.10.0 to 1.10.2

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.10.2

💅 Cosmetic Output Improvements

In #250 and #258, @​facutuesca💰 added a nudge message with a magic link to pre-fill the creation of new Trusted Publishers configurations on PyPI. The users are now suggested to configure tokenless publishing by clicking a link printed in the job summary when it's detected that they publish to PyPI or TestPyPI. Just like magic! 🦄

🛠️ Internal Dependencies

@​woodruffw💰 bumped pypi-attestations to v0.0.12 in #262, hopefully fixing #263. 🤞 Nah.. that wasn't it.

[!TIP] Please keep in mind that reusable workflows are not yet supported, even though they sometimes work, mostly by accident.

💪 New Contributors

@​facutuesca made their first contribution in pypa/gh-action-pypi-publish#258

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.10.1...v1.10.2

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​henryiii💰 for promptly pointing up possible fixes for #263.

v1.10.1

🚑🔏 Oopsie... We missed a tiny bug in the attestations feature the other day

The problem was that the distribution file validity check was failing on any valid distribution being present and ready to be signed. What a silly mistake! It's now been fixed via pypa/gh-action-pypi-publish@0ab0b79, though. So everything's good!

-- @​webknjaz💰

[!IMPORTANT] ✨ Despite this minor hiccup, we invite you to still opt into trying this feature out early. It can be enabled like this:

  with:
    attestations: true

Leave feedback in the v1.10.0 release discussion or the PR.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.10.0...v1.10.1

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​hugovk💰 for promptly validating the bug fix, mere minutes after I pushed it — I even haven't finished writing this text by then!

Commits
  • 897895f Merge pull request #262 from trail-of-forks/ww/bump-attestations-req
  • ce32325 requirements: bump pypi-attestations to 0.0.12
  • 3697819 Add nudge message with magic link to create new Trusted Publisher
  • 4f8925c Merge pull request #258 from facutuesca/patch-1
  • a58e550 Remove redundant Path.absolute() call
  • 0ab0b79 🚑 Invert the dists-to-attest validity check
  • See full diff in compare view

Updates peter-evans/create-pull-request from 6 to 7

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v7.0.0

✨ Now supports commit signing with bot-generated tokens! See "What's new" below. ✍️🤖

Behaviour changes

  • Action input git-token has been renamed branch-token, to be more clear about its purpose. The branch-token is the token that the action will use to create and update the branch.
  • The action now handles requests that have been rate-limited by GitHub. Requests hitting a primary rate limit will retry twice, for a total of three attempts. Requests hitting a secondary rate limit will not be retried.
  • The pull-request-operation output now returns none when no operation was executed.
  • Removed deprecated output environment variable PULL_REQUEST_NUMBER. Please use the pull-request-number action output instead.

What's new

  • The action can now sign commits as github-actions[bot] when using GITHUB_TOKEN, or your own bot when using GitHub App tokens. See commit signing for details.
  • Action input draft now accepts a new value always-true. This will set the pull request to draft status when the pull request is updated, as well as on creation.
  • A new action input maintainer-can-modify indicates whether maintainers can modify the pull request. The default is true, which retains the existing behaviour of the action.
  • A new output pull-request-commits-verified returns true or false, indicating whether GitHub considers the signature of the branch's commits to be verified.

What's Changed

New Contributors

Full Changelog: peter-evans/create-pull-request@v6.1.0...v7.0.0

Create Pull Request v6.1.0

✨ Adds pull-request-branch as an action output.

What's Changed

... (truncated)

Commits
  • 5e91468 fix: support symlinks when commit signing (#3359)
  • 2f38cd2 fix: support submodules when commit signing (#3354)
  • 7a8aeac build(deps-dev): bump eslint from 8.57.0 to 8.57.1 (#3344)
  • d39d596 build(deps-dev): bump @​types/jest from 29.5.12 to 29.5.13 (#3343)
  • f6f978f docs: correct suggestion for bot setup (#3342)
  • 6cd32fd fix: disable abbreviated commit shas in diff (#3337)
  • d121e62 fix: disable diff detection for renames and copies (#3330)
  • f4d66f4 build(deps-dev): bump typescript from 5.5.4 to 5.6.2 (#3319)
  • 488c869 build(deps-dev): bump @​types/node from 18.19.48 to 18.19.50 (#3320)
  • 5354f85 docs: update readme
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the actions group with 3 updates
abed256 
Bumps the actions group with 3 updates: [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel), [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) and [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request).


Updates `pypa/cibuildwheel` from 2.20.0 to 2.21.1
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md)
- [Commits](pypa/cibuildwheel@v2.20.0...v2.21.1)

Updates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.2
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@8a08d61...897895f)

Updates `peter-evans/create-pull-request` from 6 to 7
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@v6...v7)

---
updated-dependencies:
- dependency-name: pypa/cibuildwheel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added Build / CI dependencies Pull requests that update a dependency file labels Oct 1, 2024
@dependabot dependabot bot requested a review from a team October 1, 2024 14:41
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 1, 2024

✔️ Linting Passed

All linting checks passed. Your pull request is in excellent shape! ☀️

Generated for commit: abed256. Link to the linter CI: here

@betatim
Copy link
Member

betatim commented Oct 2, 2024

This looks reasonable to me. The version bumps are "small" and from reading through the changelog it seems like we don't need to make additional changes and can directly upgrade.

@glemaitre glemaitre merged commit a263ff8 into main Oct 9, 2024
41 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/actions-79f70e653d branch October 9, 2024 17:11
BenJourdan pushed a commit to gregoryschwartzman/scikit-learn that referenced this pull request Oct 11, 2024
@dependabot @BenJourdan
Bump the actions group with 3 updates (scikit-learn#29981)
ed48b2e 
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@betatim betatim betatim approved these changes

Assignees
No one assigned
Labels
Build / CI dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@betatim @glemaitre