Bump the actions group across 1 directory with 7 updates #5
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps the actions group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [scientific-python/action-towncrier-changelog](https://github.com/scientific-python/action-towncrier-changelog) | `1` | `2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `3.1.4` | `3.2.1` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `5` | `6` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.12.4` | `1.13.0` | Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) Updates `scientific-python/action-towncrier-changelog` from 1 to 2 - [Release notes](https://github.com/scientific-python/action-towncrier-changelog/releases) - [Changelog](https://github.com/scientific-python/action-towncrier-changelog/blob/main/check_changelog.py) - [Commits](scientific-python/action-towncrier-changelog@v1...v2) Updates `github/codeql-action` from 3 to 4 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@v3...v4) Updates `pypa/cibuildwheel` from 3.1.4 to 3.2.1 - [Release notes](https://github.com/pypa/cibuildwheel/releases) - [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md) - [Commits](pypa/cibuildwheel@c923d83...9c00cb4) Updates `actions/upload-artifact` from 4 to 5 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v5) Updates `actions/download-artifact` from 5 to 6 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v5...v6) Updates `pypa/gh-action-pypi-publish` from 1.12.4 to 1.13.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@76f52bc...ed0c539) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: scientific-python/action-towncrier-changelog dependency-version: '2' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: pypa/cibuildwheel dependency-version: 3.2.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
❌ Linting issuesThis PR is introducing linting issues. Here's a summary of the issues. Note that you can avoid having linting issues by enabling You can see the details of the linting issues under the
|
![ellipsis-dev[bot]](https://avatars.githubusercontent.com/in/64358?s=60&v=4){kind=small}
There was a problem hiding this comment.
Important
Looks good to me! 👍
Reviewed everything up to 95f6e97 in 1 minute and 13 seconds. Click for details.
- Reviewed
288lines of code in11files - Skipped
0files when reviewing. - Skipped posting
13draft comments. View those below. - Modify your settings and rules to customize what types of comments Ellipsis leaves. And don't forget to react with 👍 or 👎 to teach Ellipsis.
1. .github/workflows/arm-unit-tests.yml:22
- Draft comment:
Upgrade to actions/setup-python v6 looks good. Please verify that any caching behavior (parameter 'cache: pip') still works as expected with the new version. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to verify that caching behavior still works as expected after an upgrade. This falls under the rule of not asking the author to ensure behavior is intended or tested. Therefore, this comment should be removed.
2. .github/workflows/check-changelog.yml:33
- Draft comment:
Bump to scientific-python/action-towncrier-changelog v2 is applied. Ensure that any breaking changes or new configuration requirements in v2 are reflected in the workflow if needed. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is related to a dependency change, specifically a version bump of a GitHub Action. The comment asks the author to ensure that any breaking changes or new configuration requirements are reflected in the workflow. This falls under the rule of not commenting on dependency changes or asking the author to ensure compatibility, which is not allowed.
3. .github/workflows/check-sdist.yml:17
- Draft comment:
Updating actions/setup-python to v6 is consistent here. Verify that Python 3.10 still behaves as expected under the new version. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to verify behavior, which is against the rules. It doesn't provide a specific suggestion or point out a specific issue with the code.
4. .github/workflows/codeql.yml:44
- Draft comment:
CodeQL actions are updated to v4 (init, autobuild, analyze). It’s important to review the v4 release notes for any configuration changes that might affect analysis. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is purely informative, suggesting to review release notes for configuration changes. It doesn't provide a specific code suggestion or point out a potential issue in the code.
5. .github/workflows/cuda-ci.yml:21
- Draft comment:
The cibuildwheel action has been updated to a commit hash (9c00cb4...). Ensure that this pinned version is fully compatible with your CUDA GPU builds. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to ensure compatibility with their CUDA GPU builds, which is against the rules. It does not provide a specific suggestion or point out a specific issue with the code.
6. .github/workflows/emscripten.yml:70
- Draft comment:
The cibuildwheel action is now referenced by a new commit hash for building WASM wheels. Verify that this change works correctly with the Pyodide build configuration. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%The comment is asking the PR author to verify that a change works correctly, which violates the rule against asking for confirmation or verification. It doesn't provide a specific suggestion or point out a specific issue with the code.
7. .github/workflows/emscripten.yml:82
- Draft comment:
The upload-artifact action is upgraded to v5, ensuring Node v24 support. Confirm that artifact uploads (wheel files) behave correctly post‐upgrade. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%The comment is asking the PR author to confirm the behavior of artifact uploads after upgrading an action. This falls under asking the author to ensure behavior is intended or tested, which violates the rules.
8. .github/workflows/labeler-title-regex.yml:19
- Draft comment:
The setup-python version is bumped to v6 here. This update is straightforward; just ensure any Python environment specifics remain compatible. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is related to a dependency change, specifically the version bump of setup-python to v6. It asks the author to ensure compatibility, which is against the rules for comments. The comment does not provide a specific code suggestion or ask for a specific test to be written.
9. .github/workflows/lint.yml:28
- Draft comment:
Actions/setup-python has been updated to v6 in the lint job. Validate that dependencies and environment variables are still correctly set up for linting. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to validate that dependencies and environment variables are correctly set up after an update to a GitHub Action. This falls under the category of asking the author to double-check things, which is against the rules.
10. .github/workflows/lint.yml:54
- Draft comment:
Artifact uploader updated to v5. Ensure that lint log artifacts are correctly uploaded and can be downloaded in subsequent steps. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to ensure that the lint log artifacts are correctly uploaded and can be downloaded, which violates the rule against asking the author to ensure behavior is intended or tested. It does not provide a specific code suggestion or ask for a specific test to be written.
11. .github/workflows/publish_pypi.yml:42
- Draft comment:
The gh-action-pypi-publish action is upgraded to v1.13.0, which includes important security fixes (e.g. GHSA-vxmw-7h4f-hqxh). Ensure that the new version's behavior is in line with your publishing process. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is about a dependency change, specifically an upgrade to a GitHub Action. The comment is informative and suggests ensuring the new version's behavior aligns with the publishing process, which is not specific enough to be actionable. It violates the rule against making purely informative comments and asking the author to ensure behavior is intended.
12. .github/workflows/update_tracking_issue.yml:33
- Draft comment:
Setup-python has been bumped to v6 in the update tracking issue workflow. Confirm that the tracking script interacts correctly with the updated environment. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to confirm that the tracking script interacts correctly with the updated environment, which violates the rule against asking the author to confirm or ensure behavior. It does not provide a specific suggestion or point out a specific issue.
13. .github/workflows/wheels.yml:167
- Draft comment:
Multiple action versions have been updated (setup-python, upload-artifact, download-artifact) in the wheels workflow. Please verify that the build matrix, conda integration, and artifact handling still perform as expected. - Reason this comment was not posted:
Comment did not seem useful. Confidence is useful =0%<= threshold50%This comment is asking the PR author to verify that certain aspects of the code still perform as expected after updating action versions. This falls under the rule of not asking the author to ensure behavior is intended or to double-check things. Therefore, this comment should be removed.
Workflow ID: wflow_VouIBcarwRsijcPi
You can customize 
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the actions group with 7 updates in the / directory:
5612343.1.43.2.145561.12.41.13.0Updates
actions/setup-pythonfrom 5 to 6Release notes
Sourced from actions/setup-python's releases.
... (truncated)
Commits
e797f83Upgrade to node 24 (#1164)3d1e2d2Revert "Enhance cache-dependency-path handling to support files outside the w...65b0712Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...5b668cfBump actions/checkout from 4 to 5 (#1181)f62a0e2Change missing cache directory error to warning (#1182)9322b3cUpgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...fbeb884Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)03bb615Bump idna from 2.9 to 3.7 in /tests/data (#843)36da51dAdd version parsing from Pipfile (#1067)3c6f142update documentation (#1156)Updates
scientific-python/action-towncrier-changelogfrom 1 to 2Release notes
Sourced from scientific-python/action-towncrier-changelog's releases.
Commits
f9c7df9Merge pull request #18 from pllim/chglog-v2cc451ccRender final change log for v224aa0c6MAINT: Update readme (#17)f795101BUG: Fix bug with toml parsing (#16)a19a2ccAdd basic action to check out repoUpdates
github/codeql-actionfrom 3 to 4Release notes
Sourced from github/codeql-action's releases.
... (truncated)
Changelog
Sourced from github/codeql-action's changelog.
... (truncated)
Commits
74c8748Update analyze/action.yml34c50c1Merge pull request #3251 from github/mbg/user-error/enablement4ae68afWarn if theadd-snippetsinput is used52a7bd7Check for 403 status194ba0eMake error message tests less brittle53acf0bTurn enablement errors into configuration errorsac9aeeeMerge pull request #3249 from github/henrymercer/api-loggingd49e837Merge branch 'main' into henrymercer/api-logging3d988b2Pass minimal copy ofcore8cc18acMerge pull request #3250 from github/henrymercer/prefer-fs-deleteUpdates
pypa/cibuildwheelfrom 3.1.4 to 3.2.1Release notes
Sourced from pypa/cibuildwheel's releases.
Changelog
Sourced from pypa/cibuildwheel's changelog.
... (truncated)
Commits
9c00cb4Bump version: v3.2.1ae65c7d[Bot] Update dependencies (#2614)86c3857[pre-commit.ci] pre-commit autoupdate (#2615)68b1a81docs: include free-threading builds in identifier list (#2617)f131cd7fix: Python 3.14 on macOS requires MACOSX_DEPLOYMENT_TARGET set to 10.15 (#2613)8602e86[Bot] Update dependencies (#2606)8ccc265fix: resolve issues with macOS-15 runners (#2607)c0c1dea[pre-commit.ci] pre-commit autoupdate (#2608)7c619efBump version: v3.2.0bbebb68[Bot] Update dependencies (#2603)Updates
actions/upload-artifactfrom 4 to 5Release notes
Sourced from actions/upload-artifact's releases.
... (truncated)
Commits
330a01cMerge pull request #734 from actions/danwkennedy/prepare-5.0.003f2824Updategithub.dep.yml905a1ecPreparev5.0.02d9f9cdMerge pull request #725 from patrikpolyak/patch-19687587Merge branch 'main' into patch-12848b2cMerge pull request #727 from danwkennedy/patch-19b51177Spell out the first use of GHEScd231caUpdate GHES guidance to include reference to Node 20 versionde65e23Merge pull request #712 from actions/nebuk89-patch-18747d8cUpdate README.mdUpdates
actions/download-artifactfrom 5 to 6Release notes
Sourced from actions/download-artifact's releases.
Commits
018cc2cMerge pull request #438 from actions/danwkennedy/prepare-6.0.0815651cRevert "Removegithub.dep.yml"bb3a066Removegithub.dep.ymlfa1ce46Preparev6.0.04a24838Merge pull request #431 from danwkennedy/patch-15e3251cReadme: spell out the first use of GHESabefc31Merge pull request #424 from actions/yacaovsnc/update_readmeac43a60Update README with artifact extraction detailsde96f46Merge pull request #417 from actions/yacaovsnc/update_readme7993cb4Remove migration guide for artifact download changesUpdates
pypa/gh-action-pypi-publishfrom 1.12.4 to 1.13.0Release notes
Sourced from pypa/gh-action-pypi-publish's releases.
Commits
ed0c539📦📌 Bump the pinned dependency tree77db1b7Merge branch PR #306, GHSA-vxmw-7h4f-hqxh fix and PR #378 into unstable/v1280b3a1Aliastyping as tin importse380240Useobjectin place oftyping.Anyin annotationse50bff6Deduplicate claim ref lookupdecbc9aHint people to subscribe to #166 for notifications8208ad3Ask not to report bugs with reusable workflowff0fef5🧪 Scope WPS202 suppression to specific files1293b8cUse yamllint disable line length linted01280Linter (different rule)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsImportant
Bump versions of GitHub Actions and tools across multiple workflows for improved features and fixes.
actions/setup-pythonfrom v5 to v6 inarm-unit-tests.yml,check-sdist.yml,labeler-title-regex.yml,lint.yml,publish_pypi.yml,update_tracking_issue.yml, andwheels.yml.actions/upload-artifactfrom v4 to v5 incuda-ci.yml,emscripten.yml,lint.yml, andwheels.yml.actions/download-artifactfrom v5 to v6 incuda-ci.yml,emscripten.yml, andwheels.yml.scientific-python/action-towncrier-changelogfrom v1 to v2 incheck-changelog.yml.github/codeql-actionfrom v3 to v4 incodeql.yml.pypa/cibuildwheelfrom 3.1.4 to 3.2.1 incuda-ci.ymlandemscripten.yml.pypa/gh-action-pypi-publishfrom 1.12.4 to 1.13.0 inpublish_pypi.yml.This description was created by
for 95f6e97. You can customize this summary. It will automatically update as commits are pushed.