Commit 412c17c
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
chore: bump the github-actions group with 5 updates (#67)
Bumps the github-actions group with 5 updates:
| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.0` |
`6.0.1` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.1.4`
| `7.1.6` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact)
| `5.0.0` | `6.0.0` |
|
[actions/download-artifact](https://github.com/actions/download-artifact)
| `6.0.0` | `7.0.0` |
|
[sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python)
| `3.1.0` | `3.2.0` |
Updates `actions/checkout` from 6.0.0 to 6.0.1
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/checkout/releases">actions/checkout's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Update all references from v5 and v4 to v6 by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2314">actions/checkout#2314</a></li>
<li>Add worktree support for persist-credentials includeIf by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li>
<li>Clarify v6 README by <a
href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a
href="https://redirect.github.com/actions/checkout/pull/2328">actions/checkout#2328</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/checkout/compare/v6...v6.0.1">https://github.com/actions/checkout/compare/v6...v6.0.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/checkout/commit/8e8c483db84b4bee98b60c0593521ed34d9990e8"><code>8e8c483</code></a>
Clarify v6 README (<a
href="https://redirect.github.com/actions/checkout/issues/2328">#2328</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/033fa0dc0b82693d8986f1016a0ec2c5e7d9cbb1"><code>033fa0d</code></a>
Add worktree support for persist-credentials includeIf (<a
href="https://redirect.github.com/actions/checkout/issues/2327">#2327</a>)</li>
<li><a
href="https://github.com/actions/checkout/commit/c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5"><code>c2d88d3</code></a>
Update all references from v5 and v4 to v6 (<a
href="https://redirect.github.com/actions/checkout/issues/2314">#2314</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/checkout/compare/1af3b93b6815bc44a9784bd300feb67ff0d1eeb3...8e8c483db84b4bee98b60c0593521ed34d9990e8">compare
view</a></li>
</ul>
</details>
<br />
Updates `astral-sh/setup-uv` from 7.1.4 to 7.1.6
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's
releases</a>.</em></p>
<blockquote>
<h2>v7.1.6 🌈 add OS version to cache key to prevent binary
incompatibility</h2>
<h2>Changes</h2>
<p>This release will invalidate your cache existing keys!</p>
<p>The os version e.g. <code>ubuntu-22.04</code> is now part of the
cache key. This prevents failing builds when a cache got populated with
wheels built with different tools (e.g. glibc) than are present on the
runner where the cache got restored.</p>
<h2>🐛 Bug fixes</h2>
<ul>
<li>feat: add OS version to cache key to prevent binary incompatibility
<a href="https://github.com/eifinger"><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/716">#716</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>chore: update known checksums for 0.9.17 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/714">#714</a>)</li>
</ul>
<h2>⬆️ Dependency updates</h2>
<ul>
<li>Bump actions/checkout from 5.0.0 to 6.0.1 @<a
href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/712">#712</a>)</li>
<li>Bump actions/setup-node from 6.0.0 to 6.1.0 @<a
href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/715">#715</a>)</li>
</ul>
<h2>v7.1.5 🌈 allow setting <code>cache-local-path</code> without
<code>enable-cache: true</code></h2>
<h2>Changes</h2>
<p><a
href="https://redirect.github.com/astral-sh/setup-uv/pull/612">astral-sh/setup-uv#612</a>
fixed a faulty behavior where this action set <code>UV_CACHE_DIR</code>
even though <code>enable-cache</code> was <code>false</code>. It also
fixed the cases were the cache dir is already configured in a settings
file like <code>pyproject.toml</code> or <code>UV_CACHE_DIR</code> was
already set. Here the action shouldn't overwrite or set
<code>UV_CACHE_DIR</code>.</p>
<p>These fixes introduced an unwanted behavior: You can still set
<code>cache-local-path</code> but this action didn't do anything. This
release fixes that.</p>
<p>You can now use <code>cache-local-path</code> to automatically set
<code>UV_CACHE_DIR</code> even when <code>enable-cache</code> is
<code>false</code> (or gets set to false by default e.g. on self-hosted
runners)</p>
<pre lang="yaml"><code>- name: This is now possible
uses: astral-sh/setup-uv@v7
with:
enable-cache: false
cache-local-path: "/path/to/cache"
</code></pre>
<h2>🐛 Bug fixes</h2>
<ul>
<li>allow cache-local-path w/o enable-cache <a
href="https://github.com/eifinger"><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/707">#707</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>set biome files.maxSize to 2MiB <a
href="https://github.com/eifinger"><code>@eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/708">#708</a>)</li>
<li>chore: update known checksums for 0.9.16 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/706">#706</a>)</li>
<li>chore: update known checksums for 0.9.15 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/704">#704</a>)</li>
<li>chore: use <code>npm ci --ignore-scripts</code> everywhere <a
href="https://github.com/woodruffw"><code>@woodruffw</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/699">#699</a>)</li>
<li>chore: update known checksums for 0.9.14 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/700">#700</a>)</li>
<li>chore: update known checksums for 0.9.13 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/694">#694</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/681c641aba71e4a1c380be3ab5e12ad51f415867"><code>681c641</code></a>
Bump actions/checkout from 5.0.0 to 6.0.1 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/712">#712</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/2e85713bb0ad1bd68b79183f00fe093dccd19930"><code>2e85713</code></a>
Bump actions/setup-node from 6.0.0 to 6.1.0 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/715">#715</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/58b6d7b303576a48786c1bbb6959b7875a3a84ec"><code>58b6d7b</code></a>
fix: add OS version to cache key to prevent binary incompatibility (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/716">#716</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/e8b52af86e46cb518daf4b47877e582bc9e37b8b"><code>e8b52af</code></a>
chore: update known checksums for 0.9.17 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/714">#714</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/ed21f2f24f8dd64503750218de024bcf64c7250a"><code>ed21f2f</code></a>
Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/695">#695</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/93202d8fbe8ed7d8099f4773a9684b037e0b6205"><code>93202d8</code></a>
bump dependencies (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/709">#709</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/5ce090076db3f5a2ed5bbd4a75c9123c727ff2af"><code>5ce0900</code></a>
set biome files.maxSize to 2MiB (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/708">#708</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/4180991cd97ec5ff7a3147ba70d3cc188015b467"><code>4180991</code></a>
allow cache-local-path w/o enable-cache (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/707">#707</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/0439606c8e2f1191835c4446afb6e4ac29363801"><code>0439606</code></a>
Bump github/codeql-action from 4.30.9 to 4.31.6 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/698">#698</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/7dd56c18e98cbf9546ad0ca8108ab326f681708a"><code>7dd56c1</code></a>
chore: update known checksums for 0.9.16 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/706">#706</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/setup-uv/compare/1e862dfacbd1d6d858c55d9b792c756523627244...681c641aba71e4a1c380be3ab5e12ad51f415867">compare
view</a></li>
</ul>
</details>
<br />
Updates `actions/upload-artifact` from 5.0.0 to 6.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>v6 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/upload-artifact@v6 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v5 had preliminary
support for Node.js 24, however this action was by default still running
on Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Upload Artifact Node 24 support by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/719">actions/upload-artifact#719</a></li>
<li>fix: update <code>@actions/artifact</code> for Node.js 24 punycode
deprecation by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/744">actions/upload-artifact#744</a></li>
<li>prepare release v6.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/upload-artifact/pull/745">actions/upload-artifact#745</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0">https://github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/upload-artifact/commit/b7c566a772e6b6bfb58ed0dc250532a479d7789f"><code>b7c566a</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/745">#745</a>
from actions/upload-artifact-v6-release</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/e516bc8500aaf3d07d591fcd4ae6ab5f9c391d5b"><code>e516bc8</code></a>
docs: correct description of Node.js 24 support in README</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/ddc45ed9bca9b38dbd643978d88e3981cdc91415"><code>ddc45ed</code></a>
docs: update README to correct action name for Node.js 24 support</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/615b319bd27bb32c3d64dca6b6ed6974d5fbe653"><code>615b319</code></a>
chore: release v6.0.0 for Node.js 24 support</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/017748b48f8610ca8e6af1222f4a618e84a9c703"><code>017748b</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/upload-artifact/issues/744">#744</a>
from actions/fix-storage-blob</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/38d4c7997f5510fcc41fc4aae2a6b97becdbe7fc"><code>38d4c79</code></a>
chore: rebuild dist</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/7d27270e0cfd253e666c44abac0711308d2d042f"><code>7d27270</code></a>
chore: add missing license cache files for <code>@actions/core</code>,
<code>@actions/io</code>, and mi...</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/5f643d3c9475505ccaf26d686ffbfb71a8387261"><code>5f643d3</code></a>
chore: update license files for <code>@actions/artifact</code><a
href="https://github.com/5"><code>@5</code></a>.0.1 dependencies</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/1df1684032c88614064493e1a0478fcb3583e1d0"><code>1df1684</code></a>
chore: update package-lock.json with <code>@actions/artifact</code><a
href="https://github.com/5"><code>@5</code></a>.0.1</li>
<li><a
href="https://github.com/actions/upload-artifact/commit/b5b1a918401ee270935b6b1d857ae66c85f3be6f"><code>b5b1a91</code></a>
fix: update <code>@actions/artifact</code> to ^5.0.0 for Node.js 24
punycode fix</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f">compare
view</a></li>
</ul>
</details>
<br />
Updates `actions/download-artifact` from 6.0.0 to 7.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/download-artifact/releases">actions/download-artifact's
releases</a>.</em></p>
<blockquote>
<h2>v7.0.0</h2>
<h2>v7 - What's new</h2>
<blockquote>
<p>[!IMPORTANT]
actions/download-artifact@v7 now runs on Node.js 24 (<code>runs.using:
node24</code>) and requires a minimum Actions Runner version of 2.327.1.
If you are using self-hosted runners, ensure they are updated before
upgrading.</p>
</blockquote>
<h3>Node.js 24</h3>
<p>This release updates the runtime to Node.js 24. v6 had preliminary
support for Node 24, however this action was by default still running on
Node.js 20. Now this action by default will run on Node.js 24.</p>
<h2>What's Changed</h2>
<ul>
<li>Update GHES guidance to include reference to Node 20 version by <a
href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a>
in <a
href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li>
<li>Download Artifact Node24 support by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li>
<li>fix: update <code>@actions/artifact</code> to fix Node.js 24
punycode deprecation by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/451">actions/download-artifact#451</a></li>
<li>prepare release v7.0.0 for Node.js 24 support by <a
href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/download-artifact/pull/452">actions/download-artifact#452</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/patrikpolyak"><code>@patrikpolyak</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/440">actions/download-artifact#440</a></li>
<li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/download-artifact/pull/415">actions/download-artifact#415</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0">https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/download-artifact/commit/37930b1c2abaa49bbe596cd826c3c89aef350131"><code>37930b1</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/452">#452</a>
from actions/download-artifact-v7-release</li>
<li><a
href="https://github.com/actions/download-artifact/commit/72582b9e0acd370909e83fa4a1fd0fca3ad452d8"><code>72582b9</code></a>
doc: update readme</li>
<li><a
href="https://github.com/actions/download-artifact/commit/0d2ec9d4cbcefe257d822f108de2a1f15f8da9f6"><code>0d2ec9d</code></a>
chore: release v7.0.0 for Node.js 24 support</li>
<li><a
href="https://github.com/actions/download-artifact/commit/fd7ae8fda6dc16277a9ffbc91cdb0eedf156e912"><code>fd7ae8f</code></a>
Merge pull request <a
href="https://redirect.github.com/actions/download-artifact/issues/451">#451</a>
from actions/fix-storage-blob</li>
<li><a
href="https://github.com/actions/download-artifact/commit/d484700543354b15886d6a52910cf61b7f1d2b27"><code>d484700</code></a>
chore: restore minimatch.dep.yml license file</li>
<li><a
href="https://github.com/actions/download-artifact/commit/03a808050efe42bb6ad85281890afd4e4546672c"><code>03a8080</code></a>
chore: remove obsolete dependency license files</li>
<li><a
href="https://github.com/actions/download-artifact/commit/56fe6d904b0968950f8b68ea17774c54973ed5e2"><code>56fe6d9</code></a>
chore: update <code>@actions/artifact</code> license file to 5.0.1</li>
<li><a
href="https://github.com/actions/download-artifact/commit/8e3ebc4ab4d2e095e5eb44ba1a4a53b6b03976ad"><code>8e3ebc4</code></a>
chore: update package-lock.json with <code>@actions/artifact</code><a
href="https://github.com/5"><code>@5</code></a>.0.1</li>
<li><a
href="https://github.com/actions/download-artifact/commit/1e3c4b4d4906c98ab57453c24efefdf16c078044"><code>1e3c4b4</code></a>
fix: update <code>@actions/artifact</code> to ^5.0.0 for Node.js 24
punycode fix</li>
<li><a
href="https://github.com/actions/download-artifact/commit/458627d354794c71bc386c8d5839d20b5885fe2a"><code>458627d</code></a>
chore: use local <code>@actions/artifact</code> package for Node.js 24
testing</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131">compare
view</a></li>
</ul>
</details>
<br />
Updates `sigstore/gh-action-sigstore-python` from 3.1.0 to 3.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/gh-action-sigstore-python/releases">sigstore/gh-action-sigstore-python's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<p><code>gh-action-sigstore-python</code> action now manages the used
Python version internally, improving reliability.</p>
<h3>Changed</h3>
<ul>
<li>Manage Python version internally (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/242">#242</a>,
<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/258">#258</a>)</li>
<li>Dependency updates</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md">sigstore/gh-action-sigstore-python's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<p>All notable changes to <code>gh-action-sigstore-python</code> will be
documented in this file.</p>
<p>The format is based on <a
href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>.</p>
<p>All versions prior to 3.0.0 are untracked.</p>
<h2>[Unreleased]</h2>
<h2>[3.2.0]</h2>
<p><code>gh-action-sigstore-python</code> now manages the used Python
version internally, improving reliability.</p>
<h3>Changed</h3>
<ul>
<li>Manage Python version internally
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/242">#242</a>,
<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/258">#258</a>)</li>
<li>Dependency updates</li>
</ul>
<h2>[3.1.0]</h2>
<p><code>gh-action-sigstore-python</code> is now compatible with <a
href="https://blog.sigstore.dev/rekor-v2-ga/">Rekor v2</a>
transparency log (but produced signature bundles still contain Rekor v1
entries by default).</p>
<h3>Changed</h3>
<ul>
<li>The action now uses sigstore-python 4.1. All other dependencies are
also updated
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/220">#220</a>)</li>
</ul>
<h3>Fixed</h3>
<ul>
<li>Fixed incompatibility with Python 3.14 by upgrading dependencies
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/225">#225</a>)</li>
</ul>
<h3>Added</h3>
<ul>
<li><code>rekor-version</code> argument was added to control the Rekor
transparency log
version when signing. The default version in the
gh-action-sigstore-python
3.x series will remain 1 (except when using <code>staging: true</code>).
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/228">#228</a>)</li>
</ul>
<h2>[3.0.1]</h2>
<h3>Changed</h3>
<ul>
<li>The minimum Python version supported by this action is now 3.9
(<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/pull/155">#155</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/a5caf349bc536fbef3668a10ed7f5cd309a4b53d"><code>a5caf34</code></a>
build(deps): bump actions/checkout in the actions group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/265">#265</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/7b8cfcba45e769065eb4bf410ccf1dcb13b8b24f"><code>7b8cfcb</code></a>
build(deps): bump the actions group with 2 updates (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/264">#264</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/270f433185478a1a3902211f074a7efa94452f55"><code>270f433</code></a>
build(deps-dev): bump ruff in the python-dependencies group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/263">#263</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/034c8bfd0f9070272055a64998e33ae2a5291615"><code>034c8bf</code></a>
build(deps): bump actions/setup-python in the actions group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/260">#260</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/5483fa818031f71d2e23ae9a2456ae538dada9b4"><code>5483fa8</code></a>
Fix .python-version lookup (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/258">#258</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/f962baac4faa7a96f5626208433f5dc47188b103"><code>f962baa</code></a>
build(deps): bump github/codeql-action in the actions group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/259">#259</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/225a3128d9f24d0e4c80f459d1b9ab1a4d17be9a"><code>225a312</code></a>
build(deps): bump astral-sh/setup-uv in the actions group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/253">#253</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/b7c02b3cfdd3b758852ef056ec53a6619a0b620c"><code>b7c02b3</code></a>
build(deps): bump actions/checkout in the actions group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/251">#251</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/52bad44deeac5948618be5ac2d5ce8815cdda0cb"><code>52bad44</code></a>
build(deps-dev): bump ruff in the python-dependencies group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/252">#252</a>)</li>
<li><a
href="https://github.com/sigstore/gh-action-sigstore-python/commit/68eceea097be69ea42957f920f8cd8684aeb09d2"><code>68eceea</code></a>
build(deps): bump certifi in the python-dependencies group (<a
href="https://redirect.github.com/sigstore/gh-action-sigstore-python/issues/250">#250</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/sigstore/gh-action-sigstore-python/compare/f832326173235dcb00dd5d92cd3f353de3188e6c...a5caf349bc536fbef3668a10ed7f5cd309a4b53d">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent f08970f commit 412c17c
2 files changed
+9
-9
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
15 | | - | |
| 15 | + | |
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
| |||
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
34 | | - | |
| 34 | + | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | 38 | | |
39 | 39 | | |
40 | | - | |
| 40 | + | |
41 | 41 | | |
42 | 42 | | |
43 | 43 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | | - | |
| 10 | + | |
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
| 16 | + | |
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
| |||
26 | 26 | | |
27 | 27 | | |
28 | 28 | | |
29 | | - | |
| 29 | + | |
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
| |||
45 | 45 | | |
46 | 46 | | |
47 | 47 | | |
48 | | - | |
| 48 | + | |
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
| |||
68 | 68 | | |
69 | 69 | | |
70 | 70 | | |
71 | | - | |
| 71 | + | |
72 | 72 | | |
73 | 73 | | |
74 | 74 | | |
75 | 75 | | |
76 | | - | |
| 76 | + | |
77 | 77 | | |
78 | 78 | | |
79 | 79 | | |
| |||
0 commit comments