dependabot[bot]
35e7e659f6
Bump actions/setup-python from 5.6.0 to 6.0.0 ( #18890 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-09 15:49:22 +01:00
dependabot[bot]
499f947c67
Bump actions/checkout from 4.3.0 to 5.0.0 ( #18834 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-27 07:47:19 +01:00
dependabot[bot]
073ce74464
Bump actions/checkout from 4.2.2 to 4.3.0 ( #18800 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-12 14:55:01 +01:00
dependabot[bot]
078cefd014
Bump actions/setup-python from 5.5.0 to 5.6.0 ( #18398 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python )
from 5.5.0 to 5.6.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases ">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.6.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Workflow updates related to Ubuntu 20.04 by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1065 ">actions/setup-python#1065</a></li>
<li>Fix for Candidate Not Iterable Error by <a
href="https://github.com/aparnajyothi-y "><code>@aparnajyothi-y</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1082 ">actions/setup-python#1082</a></li>
<li>Upgrade semver and <code>@types/semver</code> by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1091 ">actions/setup-python#1091</a></li>
<li>Upgrade prettier from 2.8.8 to 3.5.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1046 ">actions/setup-python#1046</a></li>
<li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1081 ">actions/setup-python#1081</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.6.0 ">https://github.com/actions/setup-python/compare/v5...v5.6.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a26af69be9https://redirect.github.com/actions/setup-python/issues/1081 ">#1081</a>)</li>
<li><a
href="30eafe9548https://redirect.github.com/actions/setup-python/issues/1046 ">#1046</a>)</li>
<li><a
href="5d95bc16d4https://redirect.github.com/actions/setup-python/issues/1091 ">#1091</a>)</li>
<li><a
href="6ed2c67c8ahttps://redirect.github.com/actions/setup-python/issues/1082 ">#1082</a>)</li>
<li><a
href="e348410e00https://redirect.github.com/actions/setup-python/issues/1065 ">#1065</a>)</li>
<li>See full diff in <a
href="8d9ed9ac5c...a26af69be9https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5.5.0&new-version=5.6.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-05-19 09:51:08 +01:00
dependabot[bot]
cf02b8fea5
Bump actions/setup-python from 5.4.0 to 5.5.0 ( #18298 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python )
from 5.4.0 to 5.5.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases ">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.5.0</h2>
<h2>What's Changed</h2>
<h3>Enhancements:</h3>
<ul>
<li>Support free threaded Python versions like '3.13t' by <a
href="https://github.com/colesbury "><code>@colesbury</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/973 ">actions/setup-python#973</a></li>
<li>Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for
free threaded and Upgrade <code>@action/cache</code> from 4.0.0 to
4.0.3 by <a
href="https://github.com/priya-kinthali "><code>@priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1056 ">actions/setup-python#1056</a></li>
<li>Add support for .tool-versions file in setup-python by <a
href="https://github.com/mahabaleshwars "><code>@mahabaleshwars</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/1043 ">actions/setup-python#1043</a></li>
</ul>
<h3>Bug fixes:</h3>
<ul>
<li>Fix architecture for pypy on Linux ARM64 by <a
href="https://github.com/mayeut "><code>@mayeut</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1011 ">actions/setup-python#1011</a>
This update maps arm64 to aarch64 for Linux ARM64 PyPy
installations.</li>
</ul>
<h3>Dependency updates:</h3>
<ul>
<li>Upgrade <code>@vercel/ncc</code> from 0.38.1 to 0.38.3 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1016 ">actions/setup-python#1016</a></li>
<li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/1015 ">actions/setup-python#1015</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/colesbury "><code>@colesbury</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/973 ">actions/setup-python#973</a></li>
<li><a
href="https://github.com/mahabaleshwars "><code>@mahabaleshwars</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/1043 ">actions/setup-python#1043</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v5...v5.5.0 ">https://github.com/actions/setup-python/compare/v5...v5.5.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="8d9ed9ac5c19e4675e06https://redirect.github.com/actions/setup-python/issues/1043 ">#1043</a>)</li>
<li><a
href="6fd11e170ahttps://redirect.github.com/actions/setup-python/issues/1015 ">#1015</a>)</li>
<li><a
href="9e62be81b2https://redirect.github.com/actions/setup-python/issues/973 ">#973</a>)</li>
<li><a
href="6ca8e8598fhttps://redirect.github.com/actions/setup-python/issues/1016 ">#1016</a>)</li>
<li><a
href="8039c45ed9https://redirect.github.com/actions/setup-python/issues/1011 ">#1011</a>)</li>
<li>See full diff in <a
href="42375524e2...8d9ed9ac5chttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=5.4.0&new-version=5.5.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-04-01 12:31:59 +00:00
Andrew Morgan
51deadec41
Pin our GitHub Actions dependencies ( #18255 )
...
After the [recent supply chain attack](https://www.wiz.io/blog/new-github-action-supply-chain-attack-reviewdog-action-setup )
in `tj-actions/changed-files` and actions based on it, it's become clear
that relying on git tags to pin our dependencies is not enough (as tags
can simply be replaced). Therefore we need to switch to hashes.
Dependabot should continue to update these dependencies for us.
Best reviewed commit-by-commit. Though if CI passes, we're *probably*
fine.
2025-03-19 14:16:04 +00:00
dependabot[bot]
7550f4d445
Bump actions/setup-python from 4 to 5 ( #16748 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-12-12 09:59:10 +00:00
dependabot[bot]
139a24de9e
Bump actions/checkout from 3 to 4 ( #16250 )
...
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-09-25 11:39:54 -04:00
reivilibre
c0bf4c3cb4
Add check to ensure locked dependencies have source distributions available. ( #14742 )
2023-02-13 18:15:38 +00:00
