Skip to content

Bump the "dependencies" group with 2 updates across multiple ecosystems#55

Merged
kattni merged 1 commit intomainfrom
dependabot/dependencies-59d4ee0211
Apr 5, 2026
Merged

Bump the "dependencies" group with 2 updates across multiple ecosystems#55
kattni merged 1 commit intomainfrom
dependabot/dependencies-59d4ee0211

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 5, 2026

Bumps the dependencies group with 3 updates: hynek/build-and-inspect-python-package, actions/download-artifact and ncipollo/release-action.

Updates hynek/build-and-inspect-python-package from 2.14.0 to 2.17.0

Release notes

Sourced from hynek/build-and-inspect-python-package's releases.

v2.17.0

Fixed

  • The action now passes Zizmor in pedantic mode. #212

v2.16.0

Added

  • New include-free-threaded input. When set to 'true', free-threaded Python siblings (for example, 3.14t) are included in the version outputs for Python 3.14 and later, inserted inline after each matching version. #208

v2.15.0

Added

  • The Python version used to build the package can now be configured using the python-version input. #191
Changelog

Sourced from hynek/build-and-inspect-python-package's changelog.

2.17.0 - 2026-03-27

Fixed

  • The action now passes Zizmor in pedantic mode. #212

2.16.0 - 2026-03-26

Added

  • New include-free-threaded input. When set to 'true', free-threaded Python siblings (for example, 3.14t) are included in the version outputs for Python 3.14 and later, inserted inline after each matching version. #208

2.15.0 - 2026-03-19

Added

  • The Python version used to build the package can now be configured using the python-version input. #191

Changed

  • Pick Python version explictly instead of "3.x" to prevent incompatibily problems like #182 in the future.
Commits
  • fe0a0fb v2.17.0
  • 53f0dea Access ENV variable directly (#216)
  • 2ada6ad Let Zizmor collect all
  • c587d90 ci: make ci-supported-python.yml pass pedantic Zizmor
  • e943986 ci: make ci.yml pass pedantic Zizmor
  • dd13d25 Explain write
  • 3579e59 Switch Zizmor to pedantic
  • 969aa25 update: no permissions by default
  • c9b743b The action is, in fact, useless
  • 28c7e15 update: actually do persist dependencies
  • Additional commits viewable in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

Updates ncipollo/release-action from 1.20.0 to 1.21.0

Release notes

Sourced from ncipollo/release-action's releases.

v1.21.0

What's Changed

Full Changelog: ncipollo/release-action@v1...v1.21.0

Commits

Bumps the dependencies group with 4 updates: build, setuptools-scm, tox-uv and setuptools.

Updates build from 1.4.0 to 1.4.2

Release notes

Sourced from build's releases.

1.4.2

What's Changed

New Contributors

Full Changelog: pypa/build@1.4.1...1.4.2

1.4.1

What's Changed

Full Changelog: pypa/build@1.4.0...1.4.1

Changelog

Sourced from build's changelog.

#################### 1.4.2 (2026-03-25) ####################

Bugfixes

  • Ensure the uv installer uses the current version of Python, avoiding an issue if UV_PYTHON is set, for example. (:issue:977)
  • Fix _has_valid_outer_pip returning True when pip is missing, causing build to try using a non-existent pip instead of falling back to virtualenv. (:issue:1003)

#################### 1.4.1 (2026-03-24) ####################

Features

  • Allow setting build constraints - by :user:gaborbernat (:issue:963)
  • Automate releases with pre-release workflow and trusted publishing - by :user:gaborbernat (:issue:991)

Documentation

  • Fix documentation grammar and typos (:issue:979)
  • Reorganize documentation using Diataxis framework - by :user:gaborbernat (:issue:988)
  • Document release process and workflow security practices in contributing guide (:issue:991)

Miscellaneous

  • :issue:991

Bugfixes

  • Fix pip hack workaround - by :user:gaborbernat (:issue:980)

#################### 1.4.0 (2026-01-08) ####################

  • Add --quiet flag (:pr:947)
  • Add option to dump PEP 517 metadata with --metadata (:pr:940, :pr:943)

... (truncated)

Commits
  • 7b7ae07 chore: prepare for 1.4.2
  • 17f3b57 fix: release changelog issue (#1006)
  • b945752 fix: _has_valid_outer_pip when pip is missing (#1003)
  • 74ae997 🔧 fix(towncrier): match docstrfmt RST formatting expectations (#1002)
  • 3786929 🐛 fix(release): detect pre-commit environment inconsistencies (#1001)
  • 737bdb7 fix(uv): always pass the python to use (#996)
  • bd88956 chore: prepare for 1.4.1
  • 062e7e2 🐛 fix(deps): add pre-commit to release dependency group (#1000)
  • 3d8e260 🐛 fix(ci): resolve pre-release auth failure and change detection (#999)
  • f2a2610 chore: fix fix job (#997)
  • Additional commits viewable in compare view

Updates setuptools-scm from 9.2.2 to 10.0.5

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.0.5

Fixed

  • Allow dump_version() deprecation warning to be silenced by passing scm_version=None. (#1286)
  • Remove [tool.uv.sources] from setuptools-scm/pyproject.toml to fix sdist builds outside the workspace — the workspace root already declares the source mapping for development. (#1330)

setuptools-scm v10.0.4

Fixed

  • Anchor get_version in setup.py with relative_to and fallback_root so SCM fallbacks (e.g. PKG-INFO) do not resolve against the wrong directory when the build cwd is the workspace or repo root. (#1302)
  • Enter GlobalOverrides for SETUPTOOLS_SCM when using setuptools_scm.get_version / _get_version, avoiding implicit context warnings for direct API callers. (#1314)

Miscellaneous

  • Upgrade pre-commit hooks (Ruff, mypy, codespell), align locked Ruff with hooks, and add Ruff per-file configuration for setuptools_scm re-export modules. (#1311)

setuptools-scm v10.0.3

Fixed

  • Remove monorepo-only ../vcs-versioning/src from build-system.backend-path so sdists install under PEP 517 (paths must stay inside the source tree). (#1306)

Miscellaneous

  • Add griffecli to test dependencies so the API stability check keeps working after the Griffe CLI was split into a separate package. (#1310)

setuptools-scm v10.0.2

Fixed

  • Fix version file not generated for editable installs. Version files are now written to the source tree by default during inference (restoring pre-10.x behavior), and also registered as build_py outputs so strict editable installs include them in the persistent auxiliary directory. Set SETUPTOOLS_SCM_WRITE_TO_SOURCE=0 to disable source-tree writing (e.g., for read-only source directories). (#1298)

setuptools-scm v10.0.1

Miscellaneous

  • Simplify release tag creation to use a single createRelease API call instead of separate createTag/createRef/createRelease calls, avoiding dangling tag objects on partial failures. (#release-pipeline)

setuptools-scm v10.0.0

Removed

  • Drop Python 3.8 and 3.9 support. Minimum Python version is now 3.10. (#1228)

Added

  • setuptools-scm now depends on vcs-versioning for core version inference logic. This enables other build backends to use the same version inference without setuptools dependency. (#1228)
  • Version files (write_to and version_file) are now written to the build directory during build_py instead of the source tree during version inference. This enables installing packages from read-only source directories (e.g., Bazel builds).

... (truncated)

Commits
  • e2ba34f Merge pull request #1328 from pypa/release/main
  • d34d072 Prepare release: setuptools-scm v10.0.5
  • 7c62809 Merge pull request #1332 from RonnyPfannschmidt/fix/1330-remove-workspace-sou...
  • f600a29 fix: remove workspace source override from setuptools-scm member (fixes #1330)
  • f76244e Merge pull request #1327 from RonnyPfannschmidt/update-classifiers-python-3.14
  • 8c23c5b Merge pull request #1286 from effigies/scm_version_sentinel
  • 629842a build: update trove classifiers and add Python 3.14 support
  • 6a1fc3b Merge pull request #1318 from pypa/release/main
  • a63b13a Prepare release: setuptools-scm v10.0.4, vcs-versioning v1.1.0
  • 59275f7 Merge pull request #1325 from RonnyPfannschmidt/issue-1302-setuptools-build-b...
  • Additional commits viewable in compare view

Updates tox-uv from 1.33.0 to 1.34.0

Release notes

Sourced from tox-uv's releases.

1.34.0

What's Changed

Full Changelog: tox-dev/tox-uv@1.33.4...1.34.0

1.33.4

What's Changed

Full Changelog: tox-dev/tox-uv@1.33.3...1.33.4

1.33.3

What's Changed

Full Changelog: tox-dev/tox-uv@1.33.2...1.33.3

1.33.2

What's Changed

Full Changelog: tox-dev/tox-uv@1.33.1...1.33.2

1.33.1

What's Changed

Full Changelog: tox-dev/tox-uv@1.33.0...1.33.1

Commits
  • d9b72cf ✨ feat(runner): add PEP 723 inline script metadata support (#319)
  • 0215281 [pre-commit.ci] pre-commit autoupdate (#318)
  • 4deee33 🔒 ci(workflows): add zizmor security auditing (#317)
  • 60d1fd6 [pre-commit.ci] pre-commit autoupdate (#316)
  • 93eecc2 [pre-commit.ci] pre-commit autoupdate (#315)
  • e0b9d0f 🐛 fix(meta): remove tox_uv namespace conflict (#314)
  • 8cee50b 🐛 fix(venv): resolve env names with trailing digits correctly (#313)
  • ff811cb 🐛 fix(venv): reject non-Python env names as interpreter specs (#312)
  • ef8450c [pre-commit.ci] pre-commit autoupdate (#307)
  • 906a243 🐛 fix(venv): resolve Python spec from env name when tox passes fallback path ...
  • Additional commits viewable in compare view

Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

  • Fix the loading of launcher manifest.xml file. (#5047)
  • Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

  • Add advice about how to improve predictability when installing sdists. (#5168)

Misc

Commits
  • 5a13876 Bump version: 82.0.0 → 82.0.1
  • 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
  • f9c37b2 Docs/CI: Fix intersphinx references (#5195)
  • 8173db2 Docs: Fix intersphinx references
  • 09bafbc Fix past tense on newsfragment
  • 461ea56 Add news fragment
  • c4ffe53 Avoid using (deprecated) 'json.version' in tests
  • 749258b Cleanup pkg_resources dependencies and configuration (#5175)
  • 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
  • b809c86 Sync setuptools schema with validate-pyproject (#5157)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group with 3 updates
e695537 
Bumps the dependencies group with 3 updates: [hynek/build-and-inspect-python-package](https://github.com/hynek/build-and-inspect-python-package), [actions/download-artifact](https://github.com/actions/download-artifact) and [ncipollo/release-action](https://github.com/ncipollo/release-action).


Updates `hynek/build-and-inspect-python-package` from 2.14.0 to 2.17.0
- [Release notes](https://github.com/hynek/build-and-inspect-python-package/releases)
- [Changelog](https://github.com/hynek/build-and-inspect-python-package/blob/main/CHANGELOG.md)
- [Commits](hynek/build-and-inspect-python-package@v2.14.0...v2.17.0)

Updates `actions/download-artifact` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@v8.0.0...v8.0.1)

Updates `ncipollo/release-action` from 1.20.0 to 1.21.0
- [Release notes](https://github.com/ncipollo/release-action/releases)
- [Commits](ncipollo/release-action@v1.20.0...v1.21.0)
Bump the dependencies group with 4 updates

Bumps the dependencies group with 4 updates: [build](https://github.com/pypa/build), [setuptools-scm](https://github.com/pypa/setuptools-scm), [tox-uv](https://github.com/tox-dev/tox-uv) and [setuptools](https://github.com/pypa/setuptools).


Updates `build` from 1.4.0 to 1.4.2
- [Release notes](https://github.com/pypa/build/releases)
- [Changelog](https://github.com/pypa/build/blob/main/CHANGELOG.rst)
- [Commits](pypa/build@1.4.0...1.4.2)

Updates `setuptools-scm` from 9.2.2 to 10.0.5
- [Release notes](https://github.com/pypa/setuptools-scm/releases)
- [Changelog](https://github.com/pypa/setuptools-scm/blob/main/RELEASE_SYSTEM.md)
- [Commits](pypa/setuptools-scm@v9.2.2...setuptools-scm-v10.0.5)

Updates `tox-uv` from 1.33.0 to 1.34.0
- [Release notes](https://github.com/tox-dev/tox-uv/releases)
- [Commits](tox-dev/tox-uv@1.33.0...1.34.0)

Updates `setuptools` from 82.0.0 to 82.0.1
- [Release notes](https://github.com/pypa/setuptools/releases)
- [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst)
- [Commits](pypa/setuptools@v82.0.0...v82.0.1)

---
updated-dependencies:
- dependency-name: hynek/build-and-inspect-python-package
  dependency-version: 2.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: ncipollo/release-action
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: build
  dependency-version: 1.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: setuptools-scm
  dependency-version: 10.0.5
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: tox-uv
  dependency-version: 1.34.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: setuptools
  dependency-version: 82.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 5, 2026
@kattni kattni merged commit d1dd82a into main Apr 5, 2026
4 checks passed
@kattni kattni deleted the dependabot/dependencies-59d4ee0211 branch April 5, 2026 21:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kattni kattni kattni approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kattni