From a435fef3cf4165e9b3b55b8fb497e5fba416f488 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Mar 2026 04:57:06 +0000 Subject: [PATCH] Bump the gha-updates group with 6 updates Bumps the gha-updates group with 6 updates: | Package | From | To | | --- | --- | --- | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.3.0` | `7.3.1` | | [extractions/setup-just](https://github.com/extractions/setup-just) | `3.0.0` | `3.1.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.2` | `4.32.4` | | [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) | `1.15.2` | `1.15.3` | Updates `astral-sh/setup-uv` from 7.3.0 to 7.3.1 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/eac588ad8def6316056a12d4907a9d4d84ff7a3b...5a095e7a2014a4212f075830d4f7277575a9d098) Updates `extractions/setup-just` from 3.0.0 to 3.1.0 - [Release notes](https://github.com/extractions/setup-just/releases) - [Commits](https://github.com/extractions/setup-just/compare/e33e0265a09d6d736e2ee1e0eb685ef1de4669ff...f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) Updates `actions/download-artifact` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3) Updates `github/codeql-action` from 4.32.2 to 4.32.4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...89a39a4e59826350b863aa6b6252a07ad50cf83e) Updates `actions-rust-lang/setup-rust-toolchain` from 1.15.2 to 1.15.3 - [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases) - [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions-rust-lang/setup-rust-toolchain/compare/1780873c7b576612439a134613cc4cc74ce5538c...a0b538fa0b742a6aa35d6e2c169b4bd06d225a98) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gha-updates - dependency-name: extractions/setup-just dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-updates - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-updates - dependency-name: actions/download-artifact dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-updates - dependency-name: github/codeql-action dependency-version: 4.32.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gha-updates - dependency-name: actions-rust-lang/setup-rust-toolchain dependency-version: 1.15.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gha-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/lint.yml | 4 ++-- .github/workflows/release.yml | 10 +++++----- .github/workflows/scorecard.yml | 4 ++-- .github/workflows/test.yml | 24 ++++++++++++------------ .github/workflows/zizmor.yml | 6 +++--- 5 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 6b04926..36a0280 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -36,11 +36,11 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 with: enable-cache: true - name: Install Just - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff + uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install Dependencies env: PYTHON_PATH: ${{ steps.sp.outputs.python-path }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3e76496..8e2df52 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -47,13 +47,13 @@ jobs: with: python-version: ">=3.11" # for tomlib - name: Install uv - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 with: enable-cache: false restore-cache: false save-cache: false - name: Setup Just - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff + uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Verify Tag run: | TAG_NAME=${GITHUB_REF#refs/tags/} @@ -74,7 +74,7 @@ jobs: - name: Build the binary wheel and a source tarball run: just build - name: Store the distribution packages - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: python-package-distributions path: dist/ @@ -98,7 +98,7 @@ jobs: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 with: name: python-package-distributions path: dist/ @@ -118,7 +118,7 @@ jobs: steps: - name: Download all the dists - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 with: name: python-package-distributions path: dist/ diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 13403b4..9f0b391 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -48,7 +48,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: SARIF file path: results.sarif @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e with: sarif_file: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 9b7163b..c602f87 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -52,9 +52,9 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install Just - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff + uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 with: enable-cache: true - name: Install Emacs @@ -76,7 +76,7 @@ jobs: just test - name: Store coverage files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} @@ -107,9 +107,9 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install Just - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff + uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 with: enable-cache: true - name: install-emacs-macos @@ -131,7 +131,7 @@ jobs: just test - name: Store coverage files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} @@ -161,9 +161,9 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install Just - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff + uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install uv - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 with: enable-cache: true - name: install-vim-windows @@ -184,7 +184,7 @@ jobs: just test - name: Store coverage files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} @@ -203,11 +203,11 @@ jobs: python-version: '3.14' - name: Install uv - uses: astral-sh/setup-uv@eac588ad8def6316056a12d4907a9d4d84ff7a3b + uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 with: enable-cache: true - name: Setup Just - uses: extractions/setup-just@e33e0265a09d6d736e2ee1e0eb685ef1de4669ff + uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Install Release Dependencies env: PYTHON_PATH: ${{ steps.sp.outputs.python-path }} @@ -215,7 +215,7 @@ jobs: just setup "$PYTHON_PATH" - name: Get coverage files - uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 with: pattern: "*.coverage" merge-multiple: true diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 7dd9d01..7f0804e 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: Set up Rust - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c + uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 - name: Install jq run: | sudo apt-get update @@ -41,14 +41,14 @@ jobs: zizmor --format sarif .github/workflows/ > results.sarif - name: Upload analysis results - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: zizmor-results path: results.sarif retention-days: 7 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2 + uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e with: sarif_file: results.sarif