From 00e89216b92d18832e0df813d7c7dbd8672e3536 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 6 Mar 2026 09:25:17 +0000 Subject: [PATCH] ci: bump the all-actions group across 1 directory with 11 updates Bumps the all-actions group with 11 updates in the / directory: | Package | From | To | | --- | --- | --- | | [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) | `2.3.0` | `2.5.0` | | [actions/checkout](https://github.com/actions/checkout) | `4` | `6` | | [VCTLabs/bandit-report-artifacts](https://github.com/vctlabs/bandit-report-artifacts) | `0.0.3` | `0.3.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `7` | | [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `2.9.1` | `2.9.4` | | [ad-m/github-push-action](https://github.com/ad-m/github-push-action) | `0.8.0` | `1.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `8` | | [sarnold/gitchangelog-action](https://github.com/sarnold/gitchangelog-action) | `1.1.1` | `1.1.2` | | [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `2.2.1` | `2.5.0` | | [JamesIves/github-pages-deploy-action](https://github.com/jamesives/github-pages-deploy-action) | `4.7.3` | `4.8.0` | Updates `dependabot/fetch-metadata` from 2.3.0 to 2.5.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](https://github.com/dependabot/fetch-metadata/compare/d7267f607e9d3fb96fc2fbe83e0af444713e90b7...21025c705c08248db411dc16f3619e6b5f9ea21a) Updates `actions/checkout` from 4 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v6) Updates `VCTLabs/bandit-report-artifacts` from 0.0.3 to 0.3.0 - [Commits](https://github.com/vctlabs/bandit-report-artifacts/compare/b0679c4dff0c2ed69000132fabf6a9e1b7dcfd5c...edaffcb8ce8618e97d6838d7a0535331927e6d77) Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `actions/upload-artifact` from 4 to 7 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v4...v7) Updates `marocchino/sticky-pull-request-comment` from 2.9.1 to 2.9.4 - [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases) - [Commits](https://github.com/marocchino/sticky-pull-request-comment/compare/52423e01640425a022ef5fd42c6fb5f633a02728...773744901bac0e8cbb5a0dc842800d45e9b2b405) Updates `ad-m/github-push-action` from 0.8.0 to 1.0.0 - [Release notes](https://github.com/ad-m/github-push-action/releases) - [Commits](https://github.com/ad-m/github-push-action/compare/d91a481090679876dfc4178fef17f286781251df...77c5b412c50b723d2a4fbc6d71fb5723bcd439aa) Updates `actions/download-artifact` from 4 to 8 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v8) Updates `sarnold/gitchangelog-action` from 1.1.1 to 1.1.2 - [Release notes](https://github.com/sarnold/gitchangelog-action/releases) - [Changelog](https://github.com/sarnold/gitchangelog-action/blob/master/CHANGES.rst) - [Commits](https://github.com/sarnold/gitchangelog-action/compare/915234f151ceffb7a8c4f76de77e4ae321087b8f...bc7e885ba8cf71258fca7810835ee72cdde7382c) Updates `softprops/action-gh-release` from 2.2.1 to 2.5.0 - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda...a06a81a03ee405af7f2048a818ed3f03bbf83c7b) Updates `JamesIves/github-pages-deploy-action` from 4.7.3 to 4.8.0 - [Release notes](https://github.com/jamesives/github-pages-deploy-action/releases) - [Commits](https://github.com/jamesives/github-pages-deploy-action/compare/6c2d9db40f9296374acc17b90404b6e8864128c8...d92aa235d04922e8f08b40ce78cc5442fcfbfa2f) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: VCTLabs/bandit-report-artifacts dependency-version: 0.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: marocchino/sticky-pull-request-comment dependency-version: 2.9.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: ad-m/github-push-action dependency-version: 1.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions - dependency-name: sarnold/gitchangelog-action dependency-version: 1.1.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: all-actions - dependency-name: softprops/action-gh-release dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions - dependency-name: JamesIves/github-pages-deploy-action dependency-version: 4.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-actions ... Signed-off-by: dependabot[bot] --- .github/workflows/autobot.yml | 2 +- .github/workflows/bandit.yml | 4 ++-- .github/workflows/ci.yml | 4 ++-- .github/workflows/coverage.yml | 20 ++++++++++---------- .github/workflows/pylint.yml | 8 ++++---- .github/workflows/release.yml | 22 +++++++++++----------- .github/workflows/sphinx.yml | 8 ++++---- .github/workflows/wheels.yml | 6 +++--- 8 files changed, 37 insertions(+), 37 deletions(-) diff --git a/.github/workflows/autobot.yml b/.github/workflows/autobot.yml index 81d554f..d9b1a08 100644 --- a/.github/workflows/autobot.yml +++ b/.github/workflows/autobot.yml @@ -21,7 +21,7 @@ jobs: - name: Fetch Dependabot metadata id: metadata if: ${{ github.event_name == 'pull_request' && github.actor == 'dependabot[bot]' }} - uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 # v2.3.0 + uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0 with: github-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 6e0bf21..1d44367 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -17,10 +17,10 @@ jobs: actions: read # only on private (maybe?) required to get the Action run status steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Run bandit - uses: VCTLabs/bandit-report-artifacts@b0679c4dff0c2ed69000132fabf6a9e1b7dcfd5c # v0.0.3 + uses: VCTLabs/bandit-report-artifacts@edaffcb8ce8618e97d6838d7a0535331927e6d77 # v3 with: project_path: src ignore_failure: false diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5771c93..67d70da 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -31,12 +31,12 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 8ed2779..1c783b1 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Checkout Project - uses: actions/checkout@v4 + uses: actions/checkout@v6 with: # We need to fetch with a depth of 2 for pull_request so we can do HEAD^2 fetch-depth: 2 @@ -70,7 +70,7 @@ jobs: base_cov: ${{ steps.get_base.outputs.base_cov }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: badges path: badges @@ -143,11 +143,11 @@ jobs: PIP_DOWNLOAD_CACHE: ${{ github.workspace }}/../.pip_download_cache steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: ${{ env.PYTHON }} @@ -157,7 +157,7 @@ jobs: pip install tox - name: Setup old python for test - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: 3.8 @@ -173,7 +173,7 @@ jobs: filename: coverage.xml output: 'both' - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: src_coverage_rpts path: | @@ -200,7 +200,7 @@ jobs: output: 'both' - name: Add Coverage PR Comment - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1 + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 if: github.event_name == 'pull_request' && (github.event.pull_request.author_association == 'MEMBER' || github.actor == github.repository_owner) with: header: coverage @@ -296,7 +296,7 @@ jobs: fi - name: Comment PR with test coverage delta - uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728 # v2.9.1 + uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4 if: env.HAVE_BASE_COVERAGE == 'true' && (github.event.pull_request.author_association == 'MEMBER' || github.actor == github.repository_owner) with: header: delta @@ -326,7 +326,7 @@ jobs: markdown: ${{ steps.url.outputs.markdown }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: badges path: badges @@ -368,7 +368,7 @@ jobs: git commit -m "Add/Update badge" || true - name: Push badge commit - uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0 + uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # v1.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: badges diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml index 328a593..8d4d2ac 100644 --- a/.github/workflows/pylint.yml +++ b/.github/workflows/pylint.yml @@ -21,7 +21,7 @@ jobs: path: ${{ steps.analyze.outputs.path }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 @@ -41,7 +41,7 @@ jobs: echo "branch=${EXPORT_VALUE}" >> $GITHUB_OUTPUT - name: Set up Python 3.10 - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: '3.10' @@ -84,7 +84,7 @@ jobs: if: ${{ github.event_name == 'push' }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: ref: badges path: badges @@ -114,7 +114,7 @@ jobs: git commit -m "Add/Update badge" || true - name: Push badge commit - uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # v0.8.0 + uses: ad-m/github-push-action@77c5b412c50b723d2a4fbc6d71fb5723bcd439aa # v1.0.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} branch: badges diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 07dc0c8..5280da5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -29,12 +29,12 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} @@ -49,7 +49,7 @@ jobs: - name: Upload artifacts if: matrix.python-version == 3.9 && runner.os == 'Linux' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: packages path: dist @@ -68,25 +68,25 @@ jobs: echo "VERSION=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV echo ${{ env.VERSION }} - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 # download all artifacts to project dir - - uses: actions/download-artifact@v4 + - uses: actions/download-artifact@v8 - name: check artifacts run: | ls -l packages/ - name: Generate changes file - uses: sarnold/gitchangelog-action@915234f151ceffb7a8c4f76de77e4ae321087b8f # v1.1.1 + uses: sarnold/gitchangelog-action@bc7e885ba8cf71258fca7810835ee72cdde7382c # v1.1.2 with: github_token: ${{ secrets.GITHUB_TOKEN}} - name: Create release id: create_release - uses: softprops/action-gh-release@c95fe1489396fe8a9eb87c0abf8aa5b2ef267fda # v2.2.1 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2.5.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -107,11 +107,11 @@ jobs: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: '3.9' @@ -125,7 +125,7 @@ jobs: tox -e ldocs tox -e docs - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: ApiDocsHTML path: "docs/_build/html/" @@ -136,7 +136,7 @@ jobs: - name: Deploy docs to gh-pages if: ${{ github.event_name == 'push' }} - uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3 + uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0 with: token: ${{ secrets.GITHUB_TOKEN }} branch: gh-pages diff --git a/.github/workflows/sphinx.yml b/.github/workflows/sphinx.yml index b4884cc..21a51de 100644 --- a/.github/workflows/sphinx.yml +++ b/.github/workflows/sphinx.yml @@ -13,11 +13,11 @@ jobs: contents: write steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: python-version: '3.9' @@ -31,7 +31,7 @@ jobs: #tox -e docs-lint tox -e docs - - uses: actions/upload-artifact@v4 + - uses: actions/upload-artifact@v7 with: name: ApiDocsHTML path: "docs/_build/html/" @@ -42,7 +42,7 @@ jobs: - name: Deploy docs to gh-pages if: ${{ github.event_name == 'push' }} - uses: JamesIves/github-pages-deploy-action@6c2d9db40f9296374acc17b90404b6e8864128c8 # v4.7.3 + uses: JamesIves/github-pages-deploy-action@d92aa235d04922e8f08b40ce78cc5442fcfbfa2f # v4.8.0 with: token: ${{ secrets.GITHUB_TOKEN }} branch: gh-pages diff --git a/.github/workflows/wheels.yml b/.github/workflows/wheels.yml index d9eb532..f11228c 100644 --- a/.github/workflows/wheels.yml +++ b/.github/workflows/wheels.yml @@ -31,12 +31,12 @@ jobs: git config --global core.autocrlf false git config --global core.eol lf - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 + uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} @@ -51,7 +51,7 @@ jobs: - name: Upload artifacts if: matrix.python-version == 3.9 && runner.os == 'Linux' - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: wheels path: ./dist/*.whl