Bump the github-workflows group with 7 updates

[dependabot]

Bumps the github-workflows group with 7 updates:

Package	From	To
actions/cache	4.0.0	4.0.1
taiki-e/install-action	2.27.9	2.28.0
dorny/paths-filter	3.0.1	3.0.2
streetsidesoftware/cspell-action	5.4.0	6.0.0
docker/setup-buildx-action	3.0.0	3.1.0
pypa/gh-action-pypi-publish	1.8.11	1.8.12
actions/download-artifact	4.1.2	4.1.4

Updates actions/cache from 4.0.0 to 4.0.1

Release notes

Sourced from actions/cache's releases.

v4.0.1

What's Changed

• Update README.md by @​yacaovsnc in actions/cache#1304
• Update examples by @​yacaovsnc in actions/cache#1305
• Update actions/cache publish flow by @​bethanyj28 in actions/cache#1340
• Update @​actions/cache by @​bethanyj28 in actions/cache#1341

New Contributors

• @​yacaovsnc made their first contribution in actions/cache#1304

Full Changelog: actions/cache@v4...v4.0.1

Changelog

Sourced from actions/cache's changelog.

Releases

4.0.1

• Updated isGhes check

4.0.0

• Updated minimum runner version support from node 12 -> node 20

3.3.3

• Updates @​actions/cache to v3.2.3 to fix accidental mutated path arguments to getCacheVersion actions/toolkit#1378
• Additional audit fixes of npm package(s)

3.3.2

• Fixes bug with Azure SDK causing blob downloads to get stuck.

3.3.1

• Reduced segment size to 128MB and segment timeout to 10 minutes to fail fast in case the cache download is stuck.

3.3.0

• Added option to lookup cache without downloading it.

3.2.6

• Fix zstd not being used after zstd version upgrade to 1.5.4 on hosted runners.

3.2.5

• Added fix to prevent from setting MYSYS environment variable globally.

3.2.4

• Added option to fail job on cache miss.

3.2.3

• Support cross os caching on Windows as an opt-in feature.
• Fix issue with symlink restoration on Windows for cross-os caches.

3.2.2

• Reverted the changes made in 3.2.1 to use gnu tar and zstd by default on windows.

3.2.1

... (truncated)

Commits

• ab5e6d0 Merge pull request #1341 from bethanyj28/main
• 89c7d86 licensed cache
• d2c84da update @​actions/cache
• 37e7d4e Merge pull request #1340 from actions/bethanyj28/update-publish-flow
• a18323f add release action
• a2ed59d Merge pull request #1305 from actions/yacaovsnc/update_examples
• dc88ab5 Update examples
• 1d78355 Merge pull request #1304 from actions/yacaovsnc/update_readme
• c36458f Update README.md
• See full diff in compare view

Updates taiki-e/install-action from 2.27.9 to 2.28.0

Release notes

Sourced from taiki-e/install-action's releases.

2.28.0

• Support wasm-bindgen. (#383, thanks @​Ekleog)

• Support sccache. (#390)

2.27.15

• Support biome on x86_64/aarch64 Linux (musl).

• Support zola on aarch64 macOS. (Previously x86_64 macOS binary is used as fallback.)

2.27.14

• Update syft@latest to 1.0.0.

2.27.13

• Update wasmtime@latest to 18.0.2.

2.27.12

• Update cargo-deny@latest to 0.14.15.

2.27.11

• Update syft@latest to 0.105.1.

2.27.10

• Update cargo-deny@latest to 0.14.14.

Changelog

Sourced from taiki-e/install-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

This project adheres to Semantic Versioning.

[Unreleased]

[2.28.0] - 2024-03-02

• Support wasm-bindgen. (#383, thanks @​Ekleog)

• Support sccache. (#390)

[2.27.15] - 2024-03-02

• Support biome on x86_64/aarch64 Linux (musl).

• Support zola on aarch64 macOS. (Previously x86_64 macOS binary is used as fallback.)

[2.27.14] - 2024-03-01

• Update syft@latest to 1.0.0.

[2.27.13] - 2024-02-29

• Update wasmtime@latest to 18.0.2.

[2.27.12] - 2024-02-28

• Update cargo-deny@latest to 0.14.15.

[2.27.11] - 2024-02-26

• Update syft@latest to 0.105.1.

[2.27.10] - 2024-02-26

• Update cargo-deny@latest to 0.14.14.

[2.27.9] - 2024-02-24

• Update cargo-deny@latest to 0.14.13.

[2.27.8] - 2024-02-23

... (truncated)

Commits

• 28b5a55 Release 2.28.0
• 709aeb3 Update changelog
• 70fd2d4 Add wasm-bindgen (#383)
• 41e81ec codegen: Improve handling of broken versions
• 2e3ebeb Support sccache
• 7c2d35d codegen: Add rust_crate field to cargo-rdme
• e77cabb codegen: Mark go/haskell's static-linked binaries as musl
• c6ffb58 Release 2.27.15
• 38a99ca Reflect recent updates of biome and zola
• ae225ca Handle armv9l from uname -m
• Additional commits viewable in compare view

Updates dorny/paths-filter from 3.0.1 to 3.0.2

Release notes

Sourced from dorny/paths-filter's releases.

v3.0.2

What's Changed

• feat: add config parameter for predicate quantifier by @​petermetz in dorny/paths-filter#224

New Contributors

• @​petermetz made their first contribution in dorny/paths-filter#224

Full Changelog: dorny/paths-filter@v3...v3.0.2

Changelog

Sourced from dorny/paths-filter's changelog.

Changelog

v3.0.2

• Add config parameter for predicate quantifier

v3.0.1

• Compare base and ref when token is empty

v3.0.0

• Update to Node.js 20
• Update all dependencies

v2.11.1

• Update @​actions/core to v1.10.0 - Fixes warning about deprecated set-output
• Document need for pull-requests: read permission
• Updating to actions/checkout@v3

v2.11.0

• Set list-files input parameter as not required
• Update Node.js
• Fix incorrect handling of Unicode characters in exec()
• Use Octokit pagination
• Updates real world links

v2.10.2

• Fix getLocalRef() returns wrong ref

v2.10.1

• Improve robustness of change detection

v2.10.0

• Add ref input parameter
• Fix change detection in PR when pullRequest.changed_files is incorrect

v2.9.3

• Fix change detection when base is a tag

v2.9.2

• Fix fetching git history

v2.9.1

• Fix fetching git history + fallback to unshallow repo

v2.9.0

• Add list-files: csv format

v2.8.0

• Add count output variable
• Fix log grouping of changes

... (truncated)

Commits

• de90cc6 Update dist and CHANGELOG for v3.0.2
• cf89abd Merge pull request #224 from petermetz/feat-filter-predicate-quantifier
• f90d526 feat: add config parameter for predicate quantifier
• See full diff in compare view

Updates streetsidesoftware/cspell-action from 5.4.0 to 6.0.0

Release notes

Sourced from streetsidesoftware/cspell-action's releases.

v6.0.0

6.0.0 (2024-03-03)

⚠ BREAKING CHANGES

• Use locally installed git to determine file changes. (#1596)

Features

• Support config.files filtering. (#1605) (3589070)
• Update CSpell version (8.5.0) (#1610) (377b602)
• Use locally installed git to determine file changes. (#1596) (5d97173)

Updates and Bug Fixes

• Update Dictionaries and Dependencies (#1599) (f10d619)
• Update Octokit/core to v6 (#1595) (0ab9d54)
• Workflow Bot -- Update ALL Dependencies (main) (#1582) (234423e)
• Workflow Bot -- Update ALL Dependencies (main) (#1597) (7962af3)
• Workflow Bot -- Update ALL Dependencies (main) (#1604) (56026f8)

Changelog

Sourced from streetsidesoftware/cspell-action's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

6.0.0 (2024-03-03)

⚠ BREAKING CHANGES

• Use locally installed git to determine file changes. (#1596)

Features

• Support config.files filtering. (#1605) (3589070)
• Update CSpell version (8.5.0) (#1610) (377b602)
• Use locally installed git to determine file changes. (#1596) (5d97173)

Updates and Bug Fixes

• Update Dictionaries and Dependencies (#1599) (f10d619)
• Update Octokit/core to v6 (#1595) (0ab9d54)
• Workflow Bot -- Update ALL Dependencies (main) (#1582) (234423e)
• Workflow Bot -- Update ALL Dependencies (main) (#1597) (7962af3)
• Workflow Bot -- Update ALL Dependencies (main) (#1604) (56026f8)

5.4.0 (2024-02-21)

Features

• Update CSpell version (8.4.0) (#1573) (eadadef)

Updates and Bug Fixes

• Update CSpell version (8.4.1) (#1574) (4d09489)
• Update Dictionaries and Dependencies (#1525) (97f9d38)
• Update Dictionaries and Dependencies (#1543) (a980a6f)
• Update Dictionaries and Dependencies (#1545) (82a6799)
• Update Dictionaries and Dependencies (#1557) (345a536)
• Update Dictionaries and Dependencies (#1561) (f67b75c)
• Update Dictionaries and Dependencies (#1567) (9653b3a)
• Workflow Bot -- Update ALL Dependencies (main) (#1539) (38e968b)
• Workflow Bot -- Update ALL Dependencies (main) (#1549) (356704b)
• Workflow Bot -- Update ALL Dependencies (main) (#1552) (41faf80)
• Workflow Bot -- Update ALL Dependencies (main) (#1562) (3ab9391)
• Workflow Bot -- Update ALL Dependencies (main) (#1576) (435cf43)
• Workflow Bot -- Update ALL Dependencies (main) (#1579) (646fc21)

... (truncated)

Commits

• 214db1e chore(main): release 6.0.0 (#1587)
• 56026f8 fix: Workflow Bot -- Update ALL Dependencies (main) (#1604)
• 3589070 feat: Support config.files filtering. (#1605)
• 377b602 feat: Update CSpell version (8.5.0) (#1610)
• 491994e chore: fix codecov upload (#1602)
• 896ade4 chore: clean up dependencies (#1601)
• 7962af3 fix: Workflow Bot -- Update ALL Dependencies (main) (#1597)
• f10d619 fix: Update Dictionaries and Dependencies (#1599)
• d1131f2 chore: fix build and a bit of clean-up. (#1600)
• 5d97173 feat!: Use locally installed git to determine file changes. (#1596)
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.0.0 to 3.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.1.0

• cache-binary input to enable/disable caching binary to GHA cache backend by @​crazy-max in docker/setup-buildx-action#300
• build(deps): bump @​babel/traverse from 7.17.3 to 7.23.2 in docker/setup-buildx-action#282
• build(deps): bump @​docker/actions-toolkit from 0.12.0 to 0.17.0 in docker/setup-buildx-action#281 docker/setup-buildx-action#284 docker/setup-buildx-action#299
• build(deps): bump uuid from 9.0.0 to 9.0.1 in docker/setup-buildx-action#271
• build(deps): bump undici from 5.26.3 to 5.28.3 in docker/setup-buildx-action#297

Full Changelog: docker/setup-buildx-action@v3.0.0...v3.1.0

Commits

• 0d103c3 Merge pull request #300 from crazy-max/cache-binary
• f19477a chore: update generated content
• a4180f8 cache-binary input to enable/disable caching binary to GHA cache backend
• 5243153 Merge pull request #299 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 3679a54 chore: update generated content
• 37a22a2 build(deps): bump @​docker/actions-toolkit from 0.14.0 to 0.17.0
• 65afe61 Merge pull request #297 from docker/dependabot/npm_and_yarn/undici-5.28.3
• fcb8f72 chore: update generated content
• f62b9a1 Merge pull request #298 from crazy-max/bump-gha
• 74c5b71 bump codecov/codecov-action from 3 to 4
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.12

💅 Cosmetic Output Improvements

@​woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.

📝 What's Documented

@​virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @​xuanzhi33💰 later corrected the markdown syntax there via #216.

🛠️ Internal Dependencies

• pre-commit linters got autoupdated @ #204
• Cryptography was bumped from 41.0.6 to 42.0.4 @ #210, #213 and #214

⚙️ Secret Stuff

@​woodruffw proactively updated the OIDC minting API endpoint used during the exchange via #206. Nothing you should be too concerned about, promise!

💪 New Contributors

• @​virtuald made their first contribution in pypa/gh-action-pypi-publish#186
• @​xuanzhi33 made their first contribution in pypa/gh-action-pypi-publish#216

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.11...v1.8.12

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

Commits

• e53eb8b Clarify the error during OIDC exchange on PRs from forks
• edfa8f3 Merge pull request #216 from xuanzhi33/unstable/v1
• aeff019 docs(fix): Fix a markdown alert
• 24c5d5c Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42...
• c13b4aa build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
• 72a79c8 Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42...
• 751e5b8 build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
• 0580fcb Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42...
• a524841 build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
• 3f824c7 Merge pull request #204 from pypa/pre-commit-ci-update-config
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.1.2 to 4.1.4

Release notes

Sourced from actions/download-artifact's releases.

v4.1.4

What's Changed

• Update @​actions/artifact by @​bethanyj28 in actions/download-artifact#307

Full Changelog: actions/download-artifact@v4...v4.1.4

v4.1.3

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in actions/download-artifact#292
• Update toolkit dependency with updated unzip logic by @​bethanyj28 in actions/download-artifact#299
• Update @​actions/artifact by @​bethanyj28 in actions/download-artifact#303

New Contributors

• @​bethanyj28 made their first contribution in actions/download-artifact#299

Full Changelog: actions/download-artifact@v4...v4.1.3

Commits

• c850b93 Merge pull request #307 from bethanyj28/main
• 6fd111f update @​actions/artifact
• 87c5514 Merge pull request #303 from bethanyj28/main
• 47f9ce6 update @​actions/artifact
• 127824d Merge pull request #299 from bethanyj28/main
• 6dd49bf licensed only artifact
• f71c0e3 Revert "licensed"
• 7c63dfd licensed
• 67d37cd Update toolkit
• 3487549 Update release-new-action-version.yml (#292)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions