Skip to content

Bump the actions group across 1 directory with 6 updates #28

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Bump the actions group across 1 directory with 6 updates #28

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jan 6, 2025
edited
Loading

Bumps the actions group with 6 updates in the / directory:

Package From To
pypa/cibuildwheel 2.21.3 2.22.0
actions/attest-build-provenance 1.4.3 2.1.0
pypa/gh-action-pypi-publish 1.10.3 1.12.3
eps1lon/actions-label-merge-conflict 3.0.2 3.0.3
cygwin/cygwin-install-action 4 5
codecov/codecov-action 4 5

Updates pypa/cibuildwheel from 2.21.3 to 2.22.0

Release notes

Sourced from pypa/cibuildwheel's releases.

Version 2.22.0

  • 🌟 Added a new CIBW_ENABLE/enable feature that replaces CIBW_FREETHREADED_SUPPORT/free-threaded-support and CIBW_PRERELEASE_PYTHONS with a system that supports both. In cibuildwheel 3, this will also include a PyPy setting and the deprecated options will be removed. (#2048)
  • 🌟 Dependency groups are now supported for tests. Use CIBW_TEST_GROUPS/test-groups to specify groups in [dependency-groups] for testing. (#2063)
  • 🌟 Support for the experimental Ubuntu-based ARMv7l manylinux image (#2052)
  • ✨ Show a warning when cibuildwheel is run from Python 3.10 or older; cibuildwheel 3.0 will require Python 3.11 or newer as host (#2050)
  • 🐛 Fix issue with stderr interfering with checking the docker version (#2074)
  • 🛠 Python 3.9 is now used in CIBW_BEFORE_ALL/before-all on linux, replacing 3.8, which is now EoL (#2043)
  • 🛠 Error messages for producing a pure-Python wheel are slightly more informative (#2044)
  • 🛠 Better error when uname -m fails on ARM (#2049)
  • 🛠 Better error when repair fails and docs for abi3audit on Windows (#2058)
  • 🛠 Better error when manylinux-interpreters ensure fails (#2066)
  • 🛠 Update Pyodide to 0.26.4, and adapt to the unbundled pyodide-build (now 0.29) (#2090)
  • 🛠 Now cibuildwheel uses dependency-groups for development dependencies (#2064, #2085)
  • 📚 Docs updates and tidy ups (#2061, #2067, #2072)
Changelog

Sourced from pypa/cibuildwheel's changelog.

title: Changelog

Changelog

v2.22.0

23 November 2024

  • 🌟 Added a new CIBW_ENABLE/enable feature that replaces CIBW_FREETHREADED_SUPPORT/free-threaded-support and CIBW_PRERELEASE_PYTHONS with a system that supports both. In cibuildwheel 3, this will also include a PyPy setting and the deprecated options will be removed. (#2048)
  • 🌟 Dependency groups are now supported for tests. Use CIBW_TEST_GROUPS/test-groups to specify groups in [dependency-groups] for testing. (#2063)
  • 🌟 Support for the experimental Ubuntu-based ARMv7l manylinux image (#2052)
  • ✨ Show a warning when cibuildwheel is run from Python 3.10 or older; cibuildwheel 3.0 will require Python 3.11 or newer as host (#2050)
  • 🐛 Fix issue with stderr interfering with checking the docker version (#2074)
  • 🛠 Python 3.9 is now used in CIBW_BEFORE_ALL/before-all on linux, replacing 3.8, which is now EoL (#2043)
  • 🛠 Error messages for producing a pure-Python wheel are slightly more informative (#2044)
  • 🛠 Better error when uname -m fails on ARM (#2049)
  • 🛠 Better error when repair fails and docs for abi3audit on Windows (#2058)
  • 🛠 Better error when manylinux-interpreters ensure fails (#2066)
  • 🛠 Update Pyodide to 0.26.4, and adapt to the unbundled pyodide-build (now 0.29) (#2090)
  • 🛠 Now cibuildwheel uses dependency-groups for development dependencies (#2064, #2085)
  • 📚 Docs updates and tidy ups (#2061, #2067, #2072)

v2.21.3

9 October 2024

  • 🛠 Update CPython 3.13 to 3.13.0 final release (#2032)
  • 📚 Docs updates and tidy ups (#2035)

v2.21.2

2 October 2024

  • ✨ Adds support for building 32-bit armv7l wheels on musllinux. On a Linux system with emulation set up, set CIBW_ARCHS to armv7l on Linux to try it out if you're interested! (#2017)
  • 🐛 Fix Linux Podman builds on some systems (#2016)
  • ✨ Adds official support for running on Python 3.13 (#2026)
  • 🛠 Update CPython 3.13 to 3.13.0rc3 (#2029)

Note: the default manylinux image is scheduled to change from manylinux2014 to manylinux_2_28 in a cibuildwheel release on or after 6th May 2025 - you can set the value now to avoid getting upgraded if you want. (#1992)

v2.21.1

16 September 2024

  • 🐛 Fix a bug in the Linux build, where files copied to the container would have invalid ownership permissions (#2007)
  • 🐛 Fix a bug on Windows where cibuildwheel would call upon uv to install dependencies for versions of CPython that it does not support (#2005)
  • 🐛 Fix a bug where uv 0.4.10 would not use the right Python when testing on Linux. (#2008)

... (truncated)

Commits

Updates actions/attest-build-provenance from 1.4.3 to 2.1.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v2.1.0

What's Changed

Full Changelog: actions/attest-build-provenance@v2.0.1...v2.1.0

v2.0.1

What's Changed

Full Changelog: actions/attest-build-provenance@v2.0.0...v2.0.1

v2.0.0

The attest-build-provenance action now supports attesting multiple subjects simultaneously. When identifying multiple subjects with the subject-path input a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage.

What's Changed

Full Changelog: actions/attest-build-provenance@v1.4.4...v2.0.0

v1.4.4

What's Changed

Full Changelog: actions/attest-build-provenance@v1.4.3...v1.4.4

Commits
  • 7668571 add attestation-id and attestation-url outputs (#415)
  • 9ad33ff add note about gh plans supporting attestations (#414)
  • f2f0851 Bump the npm-development group with 2 updates (#412)
  • c4fbc64 bump actions/attest from 2.0.0 to 2.0.1 (#406)
  • 619dbb2 bump actions/attest to v2.0.0 (#321)
  • 90d4930 Bump the npm-development group with 3 updates (#329)
  • fb315c1 Bump the npm-development group with 5 updates (#323)
  • a379071 Bump cross-spawn from 7.0.3 to 7.0.6 (#319)
  • dada0c3 Bump the npm-development group across 1 directory with 5 updates (#317)
  • ef24412 bump predicate from 1.1.3 to 1.1.4 (#310)
  • Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.10.3 to 1.12.3

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.3

✨ What's Improved

With the updates by @​woodruffw💰 and @​webknjaz💰 via #309 and #313, it is now possible to publish distribution packages that include core metadata v2.4, like those built using maturin. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP] Please, let us know in the release discussion if anything still remains unclear. TL;DR always call pypi-publish once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use pypi-publish on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call pypi-publish from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @​woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the maturin-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.2...v1.12.3

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​samuelcolvin💰 for nudging me to cut this release sooner and for sponsoring me via @​pydantic💰!

🔌 Shameless Plug: The other day I've made this 🦋 Bluesky 🇺🇦 FOSS Maintainers Starter Pack subscribe to read news from people like me :)

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

v1.12.2

🐛 What's Fixed

The fix for signing legacy zip sdists turned out to be incomplete, so @​woodruffw💰 promptly produced another follow-up that updated pypi-attestations from v0.0.13 to v0.0.15 in #297. This is the only change since the previous release.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.1...v1.12.2

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

v1.12.1

🐛 What's Fixed

Version v1.12.0 hit several rare corner cases we never considered fully supported, and this release fixes a few of those. In #294, @​webknjaz💰 improved the self-hosted runner experience by pre-installing Python if it's not there, and with #293 the ability to use the action on GitHub Enterprise instances has been restored. The latter should've also fixed the ability to invoke pypi-publish from nested in-repo composite actions — another exotic use-case that was never tested in our CI.

... (truncated)

Commits
  • 67339c7 📦 Only keep lower bounds @ input requirements
  • cbd6d01 📝Fix a typo in "privileges" @ README
  • 7252a9a 📝 Outline unsupported scenarios in README
  • a536fa9 📌📦 Include jeepney & secretstorage pins
  • 43caae4 💅📦 Split transitive dep constraints
  • f371c3d Merge pull request #313 from webknjaz/maintenance/metadata-2.4
  • 138a121 📌📦 Pin pkginfo to v1.12 @ runtime deps
  • ff2b051 🧪 Add a Maturin-based package to CI
  • 0a0a6ae 🧪 Allow CI to register multiple distributions
  • e7723a4 Merge pull request #309 from trail-of-forks/ww/bumptwine
  • Additional commits viewable in compare view

Updates eps1lon/actions-label-merge-conflict from 3.0.2 to 3.0.3

Release notes

Sourced from eps1lon/actions-label-merge-conflict's releases.

3.0.3

What's Changed

New Contributors

Full Changelog: eps1lon/actions-label-merge-conflict@v3.0.2...v3.0.3

Commits

Updates cygwin/cygwin-install-action from 4 to 5

Release notes

Sourced from cygwin/cygwin-install-action's releases.

v5

What's Changed

New Contributors

Full Changelog: cygwin/cygwin-install-action@v4...v5

Commits
  • f61179d Compare inputs.allow-test-packages against 'true', not non-empty
  • a53d42c Use current checkout action in example as well
  • 5f89bfc Merge pull request #17 from mlocati/check-setup-hash
  • 2fea0d7 Throw an exception if the downloaded setup is empty
  • a39f501 Update the type of the default values of the action options
  • 7427b3d Show a warning if we can't find the hash of the setup file
  • b26c6b6 Check hash of downloaded setup
  • b93253c Document allow-test-packages parameter
  • 9d87f98 Add allow-test-packages option
  • 2e92635 Drop -g/--upgrade-also from options
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 4 to 5

Release notes

Sourced from codecov/codecov-action's releases.

v5.0.0

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING]
The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

v5 Release

v5 of the Codecov GitHub Action will use the Codecov Wrapper to encapsulate the CLI. This will help ensure that the Action gets updates quicker.

Migration Guide

The v5 release also coincides with the opt-out feature for tokens for public repositories. In the Global Upload Token section of the settings page of an organization in codecov.io, you can set the ability for Codecov to receive a coverage reports from any source. This will allow contributors or other members of a repository to upload without needing access to the Codecov token. For more details see how to upload without a token.

[!WARNING] The following arguments have been changed

  • file (this has been deprecated in favor of files)
  • plugin (this has been deprecated in favor of plugins)

The following arguments have been added:

  • binary
  • gcov_args
  • gcov_executable
  • gcov_ignore
  • gcov_include
  • report_type
  • skip_validation
  • swift_project

You can see their usage in the action.yml file.

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the actions group across 1 directory with 6 updates
192da8e 
Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `2.21.3` | `2.22.0` |
| [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) | `1.4.3` | `2.1.0` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.10.3` | `1.12.3` |
| [eps1lon/actions-label-merge-conflict](https://github.com/eps1lon/actions-label-merge-conflict) | `3.0.2` | `3.0.3` |
| [cygwin/cygwin-install-action](https://github.com/cygwin/cygwin-install-action) | `4` | `5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `4` | `5` |



Updates `pypa/cibuildwheel` from 2.21.3 to 2.22.0
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md)
- [Commits](pypa/cibuildwheel@7940a4c...ee63bf1)

Updates `actions/attest-build-provenance` from 1.4.3 to 2.1.0
- [Release notes](https://github.com/actions/attest-build-provenance/releases)
- [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md)
- [Commits](actions/attest-build-provenance@1c608d1...7668571)

Updates `pypa/gh-action-pypi-publish` from 1.10.3 to 1.12.3
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@f760068...67339c7)

Updates `eps1lon/actions-label-merge-conflict` from 3.0.2 to 3.0.3
- [Release notes](https://github.com/eps1lon/actions-label-merge-conflict/releases)
- [Changelog](https://github.com/eps1lon/actions-label-merge-conflict/blob/main/CHANGELOG.md)
- [Commits](eps1lon/actions-label-merge-conflict@1b1b1fc...1df065e)

Updates `cygwin/cygwin-install-action` from 4 to 5
- [Release notes](https://github.com/cygwin/cygwin-install-action/releases)
- [Commits](cygwin/cygwin-install-action@v4...v5)

Updates `codecov/codecov-action` from 4 to 5
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v4...v5)

---
updated-dependencies:
- dependency-name: pypa/cibuildwheel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: actions/attest-build-provenance
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: eps1lon/actions-label-merge-conflict
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: cygwin/cygwin-install-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jan 6, 2025
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Jan 27, 2025

Superseded by #29.

@dependabot dependabot bot closed this Jan 27, 2025
@dependabot dependabot bot deleted the dependabot/github_actions/actions-93bc613818 branch January 27, 2025 14:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CI: Run cibuildwheel CI: Run cygwin dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants