Bump the ci-dependencies group with 5 updates #25

dependabot · 2024-01-01T20:45:20Z

Bumps the ci-dependencies group with 5 updates:

Package	From	To
actions/dependency-review-action	`3.1.3`	`3.1.4`
actions/setup-python	`4.7.1`	`5.0.0`
actions/upload-artifact	`3.1.3`	`4.0.0`
pypa/gh-action-pypi-publish	`1.8.10`	`1.8.11`
darbiadev/.github	`5.1.0`	`13.0.0`

Updates actions/dependency-review-action from 3.1.3 to 3.1.4

Release notes

Sourced from actions/dependency-review-action's releases.

3.1.4

What's Changed

Fixed a bug with severity filtering when using the allow_ghsas option: actions/dependency-review-action#623.

Updates dependencies:

Bump @types/node from 16.18.61 to 16.18.62 by @dependabot in actions/dependency-review-action#619 action/pull/620

Bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @dependabot in actions/dependency-review-action#625

Bump typescript from 5.2.2 to 5.3.2 by @dependabot in actions/dependency-review-action#624

Full Changelog: actions/dependency-review-action@v3...v3.1.4

Commits

01bc870 bumping version
4b4f0de Merge pull request #623 from actions/fix-advisory-filters
a93fa86 Fixing test name.
550520e Merge pull request #624 from actions/dependabot/npm_and_yarn/typescript-5.3.2
2d0fb60 Merge pull request #625 from actions/dependabot/npm_and_yarn/typescript-eslin...
c07c237 Bump @typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0
4d842d7 Bump typescript from 5.2.2 to 5.3.2
a6d4686 adding dist
4366dba Advisory filters should not drop entire dependencies.
50dafeb Tiny logic refactor.
Additional commits viewable in compare view

Updates actions/setup-python from 4.7.1 to 5.0.0

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py
Besides, the release contains such changes as:

Trim python version when reading from file by @FerranPares in actions/setup-python#628

Use non-deprecated versions in examples by @jeffwidman in actions/setup-python#724

Change deprecation comment to past tense by @jeffwidman in actions/setup-python#723

Bump @babel/traverse from 7.9.0 to 7.23.2 by @dependabot in actions/setup-python#743

advanced-usage.md: Encourage the use actions/checkout@v4 by @cclauss in actions/setup-python#729

Examples now use checkout@v4 by @simonw in actions/setup-python#738

Update actions/checkout to v4 by @dmitry-shibanov in actions/setup-python#761

New Contributors

@FerranPares made their first contribution in actions/setup-python#628

@timfel made their first contribution in actions/setup-python#694

@jeffwidman made their first contribution in actions/setup-python#724

Full Changelog: actions/setup-python@v4...v4.8.0

Commits

0a5c615 Update action to node20 (#772)
0ae5836 Add example of GraalPy to docs (#773)
b64ffca update actions/checkout to v4 (#761)
8d28961 Examples now use checkout@v4 (#738)
7bc6abb advanced-usage.md: Encourage the use actions/checkout@v4 (#729)
e8111ce Bump @babel/traverse from 7.9.0 to 7.23.2 (#743)
a00ea43 add fix for graalpy ci (#741)
8635b1c Change deprecation comment to past tense (#723)
f6cc428 Use non-deprecated versions in examples (#724)
5f2af21 Add GraalPy support (#694)
Additional commits viewable in compare view

Updates actions/upload-artifact from 3.1.3 to 4.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @actions/artifact documentation.

New Contributors

@vmjoseph made their first contribution in actions/upload-artifact#464

Full Changelog: actions/upload-artifact@v3...v4.0.0

Commits

c7d193f Merge pull request #466 from actions/v4-beta
13131bb licensed cache
4a6c273 Merge branch 'main' into v4-beta
f391bb9 Merge pull request #465 from actions/robherley/v4-documentation
9653d03 Apply suggestions from code review
875b630 add limitations section
ecb2146 add compression example
5e7604f trim some repeated info
d6437d0 naming
1b56155 s/v4-beta/v4/g
Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.11

💅 Cosmetic output improvements

@woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.

📝 What's Documented

@di linked the configuration docs for Trusted Publishing in README via pypa/gh-action-pypi-publish#179.

🛠️ Internal dependencies

Cryptography was bumped from 41.0.3 to 41.0.6 @ pypa/gh-action-pypi-publish#194

Pip was bumped from 22.3.1 to 23.3 @ pypa/gh-action-pypi-publish#189

pre-commit linters got autoupdated @ pypa/gh-action-pypi-publish#184

Urllib3 was bumped from 2.0.3 to 2.0.7 @ pypa/gh-action-pypi-publish#183 and pypa/gh-action-pypi-publish#185

💪 New Contributors

@di made their first contribution in pypa/gh-action-pypi-publish#179

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.10...v1.8.11

Commits

2f6f737 Merge commit PR #184 into unstable/v1
2fa448a Merge PRs #190, #184, #185, #189 and #194 into unstable/v1
824ad31 Revert flake8 to v4.0.1 for WPS
41f3f53 Bump cryptography from 41.0.3 to 41.0.6 in /requirements
2319287 twine-upload: ::error, switch nudge order
254a0d4 twine-upload: add a nudge for password auth
70a33ca Bump pip from 22.3.1 to 23.3 in /requirements
102f507 Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
79739dc Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
9a3f9ad [pre-commit.ci] pre-commit autoupdate
Additional commits viewable in compare view

Updates darbiadev/.github from 5.1.0 to 13.0.0

Release notes

Sourced from darbiadev/.github's releases.

v13.0.0

What's Changed

Run mypy in strict mode by @shenanigansd in darbiadev/.github#111

Full Changelog: darbiadev/.github@v12.0.0...v13.0.0

v12.0.0

What's Changed

build(deps): bump the template-workflows group in /workflow-templates with 1 update by @dependabot in darbiadev/.github#109

build(deps): bump the callable-workflows group with 4 updates by @dependabot in darbiadev/.github#108

build(deps): bump the callable-workflows group with 5 updates by @dependabot in darbiadev/.github#110

Full Changelog: darbiadev/.github@v11.0.0...v12.0.0

v11.0.0

What's Changed

Correctly skip third-party uploads if tokens are not present by @shenanigansd in darbiadev/.github#107

Full Changelog: darbiadev/.github@v10.0.0...v11.0.0

v10.0.0

What's Changed

Add mypy to Python linting by @shenanigansd in darbiadev/.github#106

Full Changelog: darbiadev/.github@v9.0.0...v10.0.0

v9.0.0

What's Changed

Disable merge commit creation during checkout for Python tests by @shenanigansd in darbiadev/.github#105

Full Changelog: darbiadev/.github@v8.1.0...v9.0.0

v8.1.0

What's Changed

Add uploading Python test coverage to DeepSource by @shenanigansd in darbiadev/.github#104

Full Changelog: darbiadev/.github@v8.0.0...v8.1.0

v8.0.0

What's Changed

Revert "Reorganize workflows into folders (#101)" by @shenanigansd in darbiadev/.github#103

Full Changelog: darbiadev/.github@v7.0.0...v8.0.0

... (truncated)

Commits

ea97d99 Run mypy in strict mode (#111)
dda0040 build(deps): bump the callable-workflows group with 5 updates (#110)
1fc69f4 build(deps): bump the callable-workflows group with 4 updates (#108)
80e4747 build(deps): bump the template-workflows group (#109)
38577af Correctly skip third-party uploads if tokens are not present (#107)
c1a77ef Add mypy to Python linting (#106)
6a6eb74 Disable merge commit creation during checkout for Python tests (#105)
64b318d Add uploading Python test coverage to DeepSource (#104)
e156abc Revert "Reorganize workflows into folders (#101)" (#103)
54b4274 Delete sphinx-with-pdf workflow (#102)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the ci-dependencies group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `3.1.3` | `3.1.4` | | [actions/setup-python](https://github.com/actions/setup-python) | `4.7.1` | `5.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `3.1.3` | `4.0.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.8.10` | `1.8.11` | | [darbiadev/.github](https://github.com/darbiadev/.github) | `5.1.0` | `13.0.0` | Updates `actions/dependency-review-action` from 3.1.3 to 3.1.4 - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](actions/dependency-review-action@7bbfa03...01bc870) Updates `actions/setup-python` from 4.7.1 to 5.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@65d7f2d...0a5c615) Updates `actions/upload-artifact` from 3.1.3 to 4.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@a8a3f3a...c7d193f) Updates `pypa/gh-action-pypi-publish` from 1.8.10 to 1.8.11 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@b7f401d...2f6f737) Updates `darbiadev/.github` from 5.1.0 to 13.0.0 - [Release notes](https://github.com/darbiadev/.github/releases) - [Commits](darbiadev/.github@b0749d5...ea97d99) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci-dependencies - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-patch dependency-group: ci-dependencies - dependency-name: darbiadev/.github dependency-type: direct:production update-type: version-update:semver-major dependency-group: ci-dependencies ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-02-01T20:17:21Z

Superseded by #26.

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jan 1, 2024

dependabot bot closed this Feb 1, 2024

dependabot bot deleted the dependabot/github_actions/ci-dependencies-bdba070b7b branch February 1, 2024 20:17

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the ci-dependencies group with 5 updates #25

Bump the ci-dependencies group with 5 updates #25

dependabot bot commented on behalf of github Jan 1, 2024 •

edited

Loading

dependabot bot commented on behalf of github Feb 1, 2024

Bump the ci-dependencies group with 5 updates #25

Bump the ci-dependencies group with 5 updates #25

Conversation

dependabot bot commented on behalf of github Jan 1, 2024 • edited Loading

3.1.4

What's Changed

v5.0.0

What's Changed

v4.8.0

What's Changed

New Contributors

v4.0.0

What's Changed

New Contributors

v1.8.11

💅 Cosmetic output improvements

📝 What's Documented

🛠️ Internal dependencies

💪 New Contributors

v13.0.0

What's Changed

v12.0.0

What's Changed

v11.0.0

What's Changed

v10.0.0

What's Changed

v9.0.0

What's Changed

v8.1.0

What's Changed

v8.0.0

What's Changed

dependabot bot commented on behalf of github Feb 1, 2024

dependabot bot commented on behalf of github Jan 1, 2024 •

edited

Loading