Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the github-actions group with 7 updates #362

Merged
merged 1 commit into from
Mar 7, 2024
Merged

Bump the github-actions group with 7 updates #362

merged 1 commit into from
Mar 7, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 7, 2024

Bumps the github-actions group with 7 updates:

Package From To
actions/checkout 3 4
actions/setup-python 4 5
codecov/codecov-action 3 4
actions/upload-pages-artifact 1 3
actions/deploy-pages 2 4
docker/setup-qemu-action 2 3
pypa/gh-action-pypi-publish 1.8.11 1.8.12

Updates actions/checkout from 3 to 4

Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: actions/checkout@v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.0

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.2

... (truncated)

Commits

Updates actions/setup-python from 4 to 5

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

New Contributors

Full Changelog: actions/setup-python@v4...v4.8.0

v4.7.1

What's Changed

Full Changelog: actions/setup-python@v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).

      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table>

... (truncated)

Commits

Updates codecov/codecov-action from 3 to 4

Release notes

Sourced from codecov/codecov-action's releases.

v4.0.0

v4 of the Codecov Action uses the CLI as the underlying upload. The CLI has helped to power new features including local upload, the global upload token, and new upcoming features.

Breaking Changes

  • The Codecov Action runs as a node20 action due to node16 deprecation. See this post from GitHub on how to migrate.
  • Tokenless uploading is unsupported. However, PRs made from forks to the upstream public repos will support tokenless (e.g. contributors to OS projects do not need the upstream repo's Codecov token). This doc shows instructions on how to add the Codecov token.
  • OS platforms have been added, though some may not be automatically detected. To see a list of platforms, see our CLI download page
  • Various arguments to the Action have been changed. Please be aware that the arguments match with the CLI's needs

v3 versions and below will not have access to CLI features (e.g. global upload token, ATS).

What's Changed

... (truncated)

Changelog

Sourced from codecov/codecov-action's changelog.

4.0.0-beta.2

Fixes

  • #1085 not adding -n if empty to do-upload command

4.0.0-beta.1

v4 represents a move from the universal uploader to the Codecov CLI. Although this will unlock new features for our users, the CLI is not yet at feature parity with the universal uploader.

Breaking Changes

  • No current support for aarch64 and alpine architectures.
  • Tokenless uploading is unsuported
  • Various arguments to the Action have been removed

3.1.4

Fixes

  • #967 Fix typo in README.md
  • #971 fix: add back in working dir
  • #969 fix: CLI option names for uploader

Dependencies

  • #970 build(deps-dev): bump @​types/node from 18.15.12 to 18.16.3
  • #979 build(deps-dev): bump @​types/node from 20.1.0 to 20.1.2
  • #981 build(deps-dev): bump @​types/node from 20.1.2 to 20.1.4

3.1.3

Fixes

  • #960 fix: allow for aarch64 build

Dependencies

  • #957 build(deps-dev): bump jest-junit from 15.0.0 to 16.0.0
  • #958 build(deps): bump openpgp from 5.7.0 to 5.8.0
  • #959 build(deps-dev): bump @​types/node from 18.15.10 to 18.15.12

3.1.2

Fixes

  • #718 Update README.md
  • #851 Remove unsupported path_to_write_report argument
  • #898 codeql-analysis.yml
  • #901 Update README to contain correct information - inputs and negate feature
  • #955 fix: add in all the extra arguments for uploader

Dependencies

  • #819 build(deps): bump openpgp from 5.4.0 to 5.5.0
  • #835 build(deps): bump node-fetch from 3.2.4 to 3.2.10
  • #840 build(deps): bump ossf/scorecard-action from 1.1.1 to 2.0.4
  • #841 build(deps): bump @​actions/core from 1.9.1 to 1.10.0
  • #843 build(deps): bump @​actions/github from 5.0.3 to 5.1.1
  • #869 build(deps): bump node-fetch from 3.2.10 to 3.3.0
  • #872 build(deps-dev): bump jest-junit from 13.2.0 to 15.0.0
  • #879 build(deps): bump decode-uri-component from 0.2.0 to 0.2.2

... (truncated)

Commits
  • 54bcd87 chore(release): v4.1.0 (#1307)
  • 8ba77ef build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#1305)
  • c60aa80 build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 (#1306)
  • 2fc4847 fix: set safe directory (#1304)
  • 0cfda1d chore(release): bump to 4.0.2 (#1302)
  • 7d3a55e build(deps): bump actions/upload-artifact from 4.3.0 to 4.3.1 (#1286)
  • fe84a0b build(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.21.0 to 7.0.0 (...
  • e12c940 Use updated syntax for GitHub Markdown notes (#1300)
  • ef7f8a5 build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#1298)
  • b8a1d6a build(deps-dev): bump @​typescript-eslint/eslint-plugin from 6.20.0 to 6.21.0 ...
  • Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 1 to 3

Release notes

Sourced from actions/upload-pages-artifact's releases.

v3.0.0

Changelog

To deploy a GitHub Pages site which has been uploaded with this version of actions/upload-pages-artifact, you must also use actions/deploy-pages@v4 or newer.

See details of all code changes since previous release.

v2.0.0

Changelog

See details of all code changes since previous release.

v1.0.10

Changelog

See details of all code changes since previous release.

v1.0.9

Removed chmod as we moved towards trusting correct file permissions have been set. In the event this isn't the case then we raise an error in the action related to the file permissions.

v1.0.8

Changelog

See details of all code changes since previous release.

v1.0.7

Changelog

See details of all code changes since previous release.

v1.0.6

Changelog

... (truncated)

Commits
  • 56afc60 Merge pull request #94 from SilverRainZ/main
  • d12fdfb Merge branch 'main' into main
  • aef5542 Merge pull request #88 from uiolee/patch-1
  • 29cedd7 Merge branch 'main' into patch-1
  • a69c22e Merge pull request #92 from actions/dependabot/github_actions/non-breaking-ch...
  • 794e304 Group tar's output to prevent it from messing up logs
  • 14007f6 Bump the non-breaking-changes group with 1 update
  • 0191170 Merge pull request #91 from actions/dependabot-grouping
  • 0e7832d Update Dependabot config to group non-breaking changes
  • 1a6d9fa Update README.md
  • Additional commits viewable in compare view

Updates actions/deploy-pages from 2 to 4

Release notes

Sourced from actions/deploy-pages's releases.

v4.0.0

Changelog

  • Deploy pages using artifact IDs @​konradpabjan (#251)
  • This version requires the permission actions: read in the workflows which use it.

ℹ️ This version of actions/deploy-pages is ONLY compatible with artifacts uploaded by either:

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v3.0.1

Changelog

🧰 Maintenance

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v3.0.0

Changelog

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v2.0.5

Changelog

... (truncated)

Commits
  • decdde0 Merge pull request #295 from lmammino/patch-1
  • 0b3be6b Update distributables
  • c2c861c Update tests
  • 294fbcd Merge branch 'main' into patch-1
  • 2a4b535 Merge pull request #298 from SimonSiefke/fix/typo
  • 4825f57 Merge branch 'main' into fix/typo
  • fa29843 Merge pull request #310 from actions/dependabot/npm_and_yarn/actions/artifact...
  • d005625 Update distributables after Dependabot 🤖
  • 636701b Bump @​actions/artifact from 2.0.1 to 2.1.1
  • 25b8009 Merge pull request #307 from actions/dependabot-grouping
  • Additional commits viewable in compare view

Updates docker/setup-qemu-action from 2 to 3

Release notes

Sourced from docker/setup-qemu-action's releases.

v3.0.0

Full Changelog: docker/setup-qemu-action@v2.2.0...v3.0.0

v2.2.0

Full Changelog: docker/setup-qemu-action@v2.1.0...v2.2.0

v2.1.0

Full Changelog: docker/setup-qemu-action@v2.0.0...v2.1.0

Commits
  • 6882732 Merge pull request #103 from docker/dependabot/npm_and_yarn/actions/core-1.10.1
  • 183f4af chore: update generated content
  • f174935 build(deps): bump @​actions/core from 1.10.0 to 1.10.1
  • 2e423eb Merge pull request #89 from docker/dependabot/npm_and_yarn/semver-6.3.1
  • ecc406a Bump semver from 6.3.0 to 6.3.1
  • 12dec5e Merge pull request #102 from crazy-max/update-node20
  • c29b312 chore: node 20 as default runtime
  • 34ae628 chore: update generated content
  • 1f3d2e1 chore: fix author in package.json
  • 277dbe8 vendor: bump @​docker/actions-toolkit from 0.3.0 to 0.12.0
  • Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.8.11 to 1.8.12

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.12

💅 Cosmetic Output Improvements

@​woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.

📝 What's Documented

@​virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @​xuanzhi33💰 later corrected the markdown syntax there via #216.

🛠️ Internal Dependencies

  • pre-commit linters got autoupdated @ #204
  • Cryptography was bumped from 41.0.6 to 42.0.4 @ #210, #213 and #214

⚙️ Secret Stuff

@​woodruffw proactively updated the OIDC minting API endpoint used during the exchange via #206. Nothing you should be too concerned about, promise!

💪 New Contributors

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.11...v1.8.12

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

Commits
  • e53eb8b Clarify the error during OIDC exchange on PRs from forks
  • edfa8f3 Merge pull request #216 from xuanzhi33/unstable/v1
  • aeff019 docs(fix): Fix a markdown alert
  • 24c5d5c Merge pull request #214 from pypa/dependabot/pip/requirements/cryptography-42...
  • c13b4aa build(deps): bump cryptography from 42.0.2 to 42.0.4 in /requirements
  • 72a79c8 Merge pull request #213 from pypa/dependabot/pip/requirements/cryptography-42...
  • 751e5b8 build(deps): bump cryptography from 42.0.0 to 42.0.2 in /requirements
  • 0580fcb Merge pull request #210 from pypa/dependabot/pip/requirements/cryptography-42...
  • a524841 build(deps): bump cryptography from 41.0.6 to 42.0.0 in /requirements
  • 3f824c7 Merge pull request #204 from pypa/pre-commit-ci-update-config
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the github-actions group with 7 updates
bb365ea 
Bumps the github-actions group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `3` | `4` |
| [actions/setup-python](https://github.com/actions/setup-python) | `4` | `5` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `3` | `4` |
| [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `1` | `3` |
| [actions/deploy-pages](https://github.com/actions/deploy-pages) | `2` | `4` |
| [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `2` | `3` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.8.11` | `1.8.12` |


Updates `actions/checkout` from 3 to 4
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v3...v4)

Updates `actions/setup-python` from 4 to 5
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v4...v5)

Updates `codecov/codecov-action` from 3 to 4
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v3...v4)

Updates `actions/upload-pages-artifact` from 1 to 3
- [Release notes](https://github.com/actions/upload-pages-artifact/releases)
- [Commits](actions/upload-pages-artifact@v1...v3)

Updates `actions/deploy-pages` from 2 to 4
- [Release notes](https://github.com/actions/deploy-pages/releases)
- [Commits](actions/deploy-pages@v2...v4)

Updates `docker/setup-qemu-action` from 2 to 3
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](docker/setup-qemu-action@v2...v3)

Updates `pypa/gh-action-pypi-publish` from 1.8.11 to 1.8.12
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@v1.8.11...v1.8.12)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/upload-pages-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/deploy-pages
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 7, 2024
@maxbachmann maxbachmann merged commit 4d896f6 into main Mar 7, 2024
20 of 21 checks passed
@dependabot dependabot bot deleted the dependabot/github_actions/github-actions-834e59c047 branch March 7, 2024 11:55
@cclauss cclauss mentioned this pull request Mar 7, 2024
Merged
cclauss
cclauss reviewed Mar 7, 2024
View reviewed changes
.github/workflows/coverage.yml
@@ -37,7 +37,7 @@ jobs:
coverage xml
coverage report

- uses: codecov/codecov-action@v3
- uses: codecov/codecov-action@v4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There were breaking changes in this release!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think that the codecov action worked for external contributors previously.

@cclauss cclauss mentioned this pull request Mar 7, 2024
Closed
cclauss added a commit to cclauss/pytest-cov that referenced this pull request Mar 7, 2024
@cclauss
Keep GitHub Actions up to date with GitHub's Dependabot
8f23ae2 
Dependabot will generate a pull request like rapidfuzz/RapidFuzz#362 to keep the six GitHub Actions used in `.github/workflows/test.yml` up-to-date.
* https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
@cclauss cclauss mentioned this pull request Mar 7, 2024
Merged
cclauss added a commit to cclauss/pytest-cov that referenced this pull request Mar 17, 2024
@cclauss
Keep GitHub Actions up to date with GitHub's Dependabot
625b509 
Dependabot will generate a pull request like rapidfuzz/RapidFuzz#362 to keep the six GitHub Actions used in `.github/workflows/test.yml` up-to-date.
* https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
cclauss added a commit to cclauss/pytest-cov that referenced this pull request Mar 18, 2024
@cclauss
Keep GitHub Actions up to date with GitHub's Dependabot
9979622 
Dependabot will generate a pull request like rapidfuzz/RapidFuzz#362 to keep the six GitHub Actions used in `.github/workflows/test.yml` up-to-date.
* https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
ionelmc pushed a commit to pytest-dev/pytest-cov that referenced this pull request Mar 18, 2024
@cclauss @ionelmc
Keep GitHub Actions up to date with GitHub's Dependabot
4a5a4b5 
Dependabot will generate a pull request like rapidfuzz/RapidFuzz#362 to keep the six GitHub Actions used in `.github/workflows/test.yml` up-to-date.
* https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
* https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem
@cclauss cclauss mentioned this pull request Mar 19, 2024
Merged
3 tasks
@cclauss cclauss mentioned this pull request Mar 29, 2024
Merged
@cclauss cclauss mentioned this pull request May 20, 2024
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maxbachmann maxbachmann maxbachmann left review comments

@cclauss cclauss cclauss left review comments

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cclauss @maxbachmann