Bump the ci-dependencies group with 3 updates

[dependabot]

Bumps the ci-dependencies group with 3 updates: darbiadev/.github, hynek/build-and-inspect-python-package and pypa/gh-action-pypi-publish.

Updates darbiadev/.github from 14.1.0 to 15.0.0

Release notes

Sourced from darbiadev/.github's releases.

v15.0.0

What's Changed

• build(deps): bump the callable-workflows group across 1 directory with 11 updates by @​dependabot in darbiadev/.github#150

Full Changelog: darbiadev/.github@v14.1.0...v15.0.0

Commits

• 91dda16 build(deps): bump the callable-workflows group across 1 directory with 11 upd...
• See full diff in compare view

Updates hynek/build-and-inspect-python-package from 2.11.0 to 2.12.0

Release notes

Sourced from hynek/build-and-inspect-python-package's releases.

v2.12.0

This release only updates our dependencies to support packaging metadata v2.4 (as created, for example, by recent Hatchling releases).

[!NOTE] To upload packages with metadata v2.4 (which is required for PEP 639 license metadata) using the official pypi-publish GitHub Action, you must make sure to use its v1.12.4 or later.

Changelog

Sourced from hynek/build-and-inspect-python-package's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

2.12.0

Changed

• This release only updates the tools we use. It's important for being able to handle packaging metadata 2.4, as published by recent versions of Hatchling, though. #161

2.11.0

Added

• New output: package_version is the version of the package that was built. #152

2.10.0

Changed

• Remove .gitignore from the build target directory to avoid silly attestations. #149

2.9.0

Changed

• uv build is now used instead of the build package. Since the actual build of the packages is done by the packaging backend (the one you define in your pyproject.toml under build-system.build-backend -- for example, Setuptools or Hatchling), this should make no difference except for faster runs. #140

2.8.0 - 2024-07-25

Changed

• Use uv's new uv cache prune --ci to only cache downloaded files. This makes the cache smaller and faster to pack/unpack.

... (truncated)

Commits

• b5076c3 v2.12.0
• 651083f Add changelog
• 529b90d Automated dependency upgrades (#161)
• 8793720 Automated dependency upgrades (#159)
• 30d17a1 Fix package_version example in readme to use `https://pypi.org/prokect/<pac...
• 00971cc Start new cycle
• See full diff in compare view

Updates pypa/gh-action-pypi-publish from 1.12.3 to 1.12.4

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.4

✨ What's Changed

The main theme of this patch release that the support for uploading PEP 639 licensing metadata to PyPI has been fixed in #327.

🛠️ Internal Updates

A few smaller updates include the attestation existence being checked earlier in the process now, listing all the violating files together, not just one (PR #315). And the lock file with the software available in runtime has been re-pinned in #329. Additionally, the CI now runs the smoke-tests against both Ubuntu 22.04 and 24.04 explicitly via da900af96347cc027433720ad4f122117645459d.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.3...v1.12.4

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​dnicolodi💰 and @​woodruffw💰 for releasing the license metadata support fix in Twine!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits

• 76f52bc Merge pull request #329 from webknjaz/maintenance/runtime-lockfile-24-02-2025
• 72de13b 📌 Mass-upgrade transitive dependency pins
• 1995f2e Merge pull request #327 from webknjaz/maintenance/twine-6.1-pep639
• 29f40bd 📦 Enable metadata 2.4 support in Twine
• 10df67d 📦 Enable support for PEP 639 metadata
• e0449d2 🧪 Integrate a unified alls-green GHA status
• cebc64f 🧪 Bump setuptools in smoke test to v75.8.0
• da900af 🧪 Run smoke tests against Ubuntu 24 and 22
• 8cafb5c 💰 Sync the funding config
• 916e576 Merge pull request #315 from webknjaz/refactoring/attestations-exist-bundle
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions