Skip to content

chore(ci): bump the github-actions group with 5 updates#238

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-691dd7ec27
Open

chore(ci): bump the github-actions group with 5 updates#238
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-691dd7ec27

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the github-actions group with 5 updates:

Package From To
actions/checkout 6 7
actions/cache 5 6
codecov/codecov-action 6 7
pypa/cibuildwheel 3.4.1 4.1.0
tiangolo/issue-manager 0.6.0 0.8.0

Updates actions/checkout from 6 to 7

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

v6.0.2

What's Changed

Full Changelog: actions/checkout@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: actions/checkout@v6...v6.0.1

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/cache from 5 to 6

Release notes

Sourced from actions/cache's releases.

v6.0.0

What's Changed

Full Changelog: actions/cache@v5...v6.0.0

v5.1.0

What's Changed

Full Changelog: actions/cache@v5...v5.1.0

v5.0.5

What's Changed

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

What's Changed

New Contributors

Full Changelog: actions/cache@v5...v5.0.4

v5.0.3

What's Changed

Full Changelog: actions/cache@v5...v5.0.3

v.5.0.2

v5.0.2

What's Changed

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

How to prepare a release

[!NOTE] Relevant for maintainers with write access only.

  1. Switch to a new branch from main.
  2. Run npm test to ensure all tests are passing.
  3. Update the version in https://github.com/actions/cache/blob/main/package.json.
  4. Run npm run build to update the compiled files.
  5. Update this https://github.com/actions/cache/blob/main/RELEASES.md with the new version and changes in the ## Changelog section.
  6. Run licensed cache to update the license report.
  7. Run licensed status and resolve any warnings by updating the https://github.com/actions/cache/blob/main/.licensed.yml file with the exceptions.
  8. Commit your changes and push your branch upstream.
  9. Open a pull request against main and get it reviewed and merged.
  10. Draft a new release https://github.com/actions/cache/releases use the same version number used in package.json
    1. Create a new tag with the version number.
    2. Auto generate release notes and update them to match the changes you made in RELEASES.md.
    3. Toggle the set as the latest release option.
    4. Publish the release.
  11. Navigate to https://github.com/actions/cache/actions/workflows/release-new-action-version.yml
    1. There should be a workflow run queued with the same version number.
    2. Approve the run to publish the new version and update the major tags for this action.

Changelog

6.1.0

6.0.0

  • Updated @actions/cache to ^6.0.1, @actions/core to ^3.0.1, @actions/exec to ^3.0.0, @actions/io to ^3.0.2
  • Migrated to ESM module system
  • Upgraded Jest to v30 and test infrastructure to be ESM compatible

5.0.4

  • Bump minimatch to v3.1.5 (fixes ReDoS via globstar patterns)
  • Bump undici to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)
  • Bump fast-xml-parser to v5.5.6

5.0.3

5.0.2

... (truncated)

Commits
  • 55cc834 Merge pull request #1768 from jasongin/readonly-cache
  • d8cd72f Bump @​actions/cache to v6.1.0 - handle cache write error due to RO token
  • 2c8a9bd Merge pull request #1760 from actions/samirat/esm_migration_and_package_update
  • e9b91fd Prettier fixes
  • e4884b8 Rebuild dist
  • 10baf01 Fixed licenses
  • e39b386 Fix test mock return order
  • b692820 PR feedback
  • 6074912 Rebuild dist bundles as ESM to match type:module
  • 5a912e8 Fix lint and jest issues
  • Additional commits viewable in compare view

Updates codecov/codecov-action from 6 to 7

Release notes

Sourced from codecov/codecov-action's releases.

v7.0.0

⚠️ Due to migration issues with keybase, we are unable to update our keys under the codecovsecurity account. We have deleted the account and are using codecovsecops with the original gpg key

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v7.0.0

v6.0.2

This is a copy of the v7.0.0 release to make updates easier

What's Changed

Full Changelog: codecov/codecov-action@v6.0.1...v6.0.2

v6.0.1

What's Changed

Full Changelog: codecov/codecov-action@v6.0.0...v6.0.1

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates pypa/cibuildwheel from 3.4.1 to 4.1.0

Release notes

Sourced from pypa/cibuildwheel's releases.

v4.1.0

  • ✨ Updates Pyodide to the final 314.0.0 release, so Pyodide 3.14 wheels now build by default without the pyodide-prerelease enable flag. (#2906)
  • 🐛 Raises clear errors when a build produces no wheel, instead of failing later with a confusing message (#2909)
  • 🛠 Speeds up CLI startup through lazy imports on Python 3.15 (#2797)
  • 📚 Adds an FAQ section on caching cibuildwheel's downloaded tools with CIBW_CACHE_PATH (#2842)
  • 📚 Documentation improvements: clarifies which shell is used for command options, clarifies environment variable precedence, and fixes a dead Pyodide env info link (#2904, #2905, #2911)

v4.0.0

See @​henryiii's release post for more info on new features!

  • 🌟 Adds wheel auditing with abi3audit as a default after the repair step, with new audit-requires and audit-command options (#2805)

  • 🌟 Adds pyemscripten platform tag support (PEP 783), updates Pyodide to 314.0.0a2, and adds a pyodide-eol enable flag for building end-of-life Pyodide versions (#2812, #2848)

  • 🌟 Sets up delvewheel as the default repair-wheel-command for Windows, so extension module DLLs are now bundled automatically. Skip by setting it to empty if not needed. (#2831)

  • ✨ Adds CPython 3.15 support, under the enable option cpython-prerelease. This version of cibuildwheel uses 3.15.0b2. (#2833, #2850)

    While CPython is in beta, the ABI can change, so your wheels might not be compatible with the final release. For this reason, we don't recommend distributing wheels until RC1, at which point 3.15 will be available in cibuildwheel without the flag.

  • ✨ Adds CPython 3.15 support for iOS and Android (#2857, #2858)

  • ✨ Adds Android improvements for building NumPy and related packages, including auditwheel support, pkg-config and Fortran configuration, and the xbuild-files option (#2695)

  • ✨ Adds CIBUILDWHEEL_BUILD_IDENTIFIER environment variable set to the current build identifier (e.g. cp311-manylinux_x86_64) during per-build steps (#2872)

  • ✨ Adds {project} and {package} placeholders to config-settings (#2827)

  • ⚠️ Drops support for Python 3.8 (#2686)

  • ⚠️ Removes the experimental CPython 3.13 free-threading builds and the cpython-freethreading enable option. CPython 3.14+ free-threading support remains available without the enable flag. (#2684)

  • ⚠️ Drops support for Cirrus CI, which is shutting down June 1, 2026 (#2817)

  • ⚠️ Drops GraalPy 3.11 (gp311) support, as agreed in #2741, and removes GraalPy 24-only workarounds (#2895)

  • 🔐 Adds SHA256 verification for direct downloads of Python interpreters, virtualenv, and python-build-standalone assets (#2873)

  • 🔐 Adds tarfile extraction filter for safe archive extraction (#2856)

  • 🐛 Fixes UV_PYTHON not being set for before-build on Linux when using uv as the build-frontend (#2830)

  • 🐛 Fixes detection of musl libc when downloading python-build-standalone, which previously always selected the gnu asset on musl hosts like Alpine (#2889)

  • 🐛 Fixes config-settings expansion when {project} or {package} contains spaces or backslashes (#2886)

  • 🐛 Prevents deadlock when linux32 fails and forwards platform args to the sanity check (#2880, #2888)

  • 🐛 Fixes container resource leaks on start failure and during teardown (#2879, #2887)

  • 🐛 Removes potential partial cache-population in case of error (#2892)

  • 🐛 Raises a clear error when ANDROID_API_LEVEL is not an integer (#2891)

  • 🐛 Replaces assert with proper exception in python-build-standalone (#2859)

  • 🐛 Uses ConfigurationError when package_dir is outside cwd instead of a generic Exception (#2898)

  • 🛠 Updates dependencies and container pins (#2893, #2882, #2874, #2868, #2862, #2884, #2845, #2837, #2818, #2810, #2838, #2813)

  • 🛠 Updates Android to Python 3.13.13 and 3.14.4 (#2821)

  • 🛠 Applies Pyodide-specific patches to the Emscripten toolchain installation (#2800)

  • 🛠 Uses python -V -V for Windows build diagnostics (#2832)

  • 🛠 Simplifies pinned container image lookup (#2897)

  • 🛠 Minor fixups across error messages, OCI container, and options (#2860)

  • 💼 Adds PEP 723 metadata for bin/ scripts and drops the bin dependency group (#2819)

  • 💼 Improves Azure test reliability with retries and caching (#2890)

  • 💼 Fixes Windows GitLab CI test running (#2870)

  • 💼 Updates CI action pins and dev dependencies (#2902, #2867, #2851, #2843, #2826, #2823, #2820, #2807)

  • 💼 Adds agent and copilot setup files (#2861)

  • 💼 Uses if TYPE_CHECKING: blocks (#2866, #2864)

  • 🧪 Fixes Android tests using the uv frontend (#2809)

  • 🧪 Fixes the update-dependencies workflow to use uv to run nox (#2808)

... (truncated)

Changelog

Sourced from pypa/cibuildwheel's changelog.

v4.1.0

12 June 2026

  • ✨ Updates Pyodide to the final 314.0.0 release, so Pyodide 3.14 wheels now build by default without the pyodide-prerelease enable flag. (#2906)
  • 🐛 Raises clear errors when a build produces no wheel, instead of failing later with a confusing message (#2909)
  • 🛠 Speeds up CLI startup through lazy imports on Python 3.15 (#2797)
  • 📚 Adds an FAQ section on caching cibuildwheel's downloaded tools with CIBW_CACHE_PATH (#2842)
  • 📚 Documentation improvements: clarifies which shell is used for command options, clarifies environment variable precedence, and fixes a dead Pyodide env info link (#2904, #2905, #2911)

v4.0.0

7 June 2026

See @​henryiii's release post for more info on new features!

  • 🌟 Adds wheel auditing with abi3audit as a default after the repair step, with new audit-requires and audit-command options (#2805)

  • 🌟 Adds pyemscripten platform tag support (PEP 783), updates Pyodide to 314.0.0a2, and adds a pyodide-eol enable flag for building end-of-life Pyodide versions (#2812, #2848)

  • 🌟 Sets up delvewheel as the default repair-wheel-command for Windows, so extension module DLLs are now bundled automatically. Skip by setting it to empty if not needed. (#2831)

  • ✨ Adds CPython 3.15 support, under the enable option cpython-prerelease. This version of cibuildwheel uses 3.15.0b2. (#2833, #2850)

    While CPython is in beta, the ABI can change, so your wheels might not be compatible with the final release. For this reason, we don't recommend distributing wheels until RC1, at which point 3.15 will be available in cibuildwheel without the flag.

  • ✨ Adds CPython 3.15 support for iOS and Android (#2857, #2858)

  • ✨ Adds Android improvements for building NumPy and related packages, including auditwheel support, pkg-config and Fortran configuration, and the xbuild-files option (#2695)

  • ✨ Adds CIBUILDWHEEL_BUILD_IDENTIFIER environment variable set to the current build identifier (e.g. cp311-manylinux_x86_64) during per-build steps (#2872)

  • ✨ Adds {project} and {package} placeholders to config-settings (#2827)

  • ⚠️ Drops support for Python 3.8 (#2686)

  • ⚠️ Removes the experimental CPython 3.13 free-threading builds and the cpython-freethreading enable option. CPython 3.14+ free-threading support remains available without the enable flag. (#2684)

  • ⚠️ Drops support for Cirrus CI, which is shutting down June 1, 2026 (#2817)

  • ⚠️ Drops GraalPy 3.11 (gp311) support, as agreed in #2741, and removes GraalPy 24-only workarounds (#2895)

  • 🔐 Adds SHA256 verification for direct downloads of Python interpreters, virtualenv, and python-build-standalone assets (#2873)

  • 🔐 Adds tarfile extraction filter for safe archive extraction (#2856)

  • 🐛 Fixes UV_PYTHON not being set for before-build on Linux when using uv as the build-frontend (#2830)

  • 🐛 Fixes detection of musl libc when downloading python-build-standalone, which previously always selected the gnu asset on musl hosts like Alpine (#2889)

  • 🐛 Fixes config-settings expansion when {project} or {package} contains spaces or backslashes (#2886)

  • 🐛 Prevents deadlock when linux32 fails and forwards platform args to the sanity check (#2880, #2888)

  • 🐛 Fixes container resource leaks on start failure and during teardown (#2879, #2887)

  • 🐛 Removes potential partial cache-population in case of error (#2892)

  • 🐛 Raises a clear error when ANDROID_API_LEVEL is not an integer (#2891)

  • 🐛 Replaces assert with proper exception in python-build-standalone (#2859)

  • 🐛 Uses ConfigurationError when package_dir is outside cwd instead of a generic Exception (#2898)

  • 🛠 Updates dependencies and container pins (#2893, #2882, #2874, #2868, #2862, #2884, #2845, #2837, #2818, #2810, #2838, #2813)

  • 🛠 Updates Android to Python 3.13.13 and 3.14.4 (#2821)

  • 🛠 Applies Pyodide-specific patches to the Emscripten toolchain installation (#2800)

  • 🛠 Uses python -V -V for Windows build diagnostics (#2832)

  • 🛠 Simplifies pinned container image lookup (#2897)

  • 🛠 Minor fixups across error messages, OCI container, and options (#2860)

  • 💼 Adds PEP 723 metadata for bin/ scripts and drops the bin dependency group (#2819)

  • 💼 Improves Azure test reliability with retries and caching (#2890)

... (truncated)

Commits
  • 2947353 Bump version: v4.1.0
  • 14a3c3a Remove Travis pre-commit check
  • 42aa134 chore: minor cleanups and perf tweaks from code review (#2910)
  • 01265e5 Clarify shell used for command options (#2904)
  • f4afd95 Add FAQ section on caching cibuildwheel's downloaded tools (#2842)
  • 6c08562 fix: faster CLI on Python 3.15 (#2797)
  • 4f42ee3 fix: raise clear errors when no wheel is produced (#2909)
  • f3aa1be Fix dead Pyodide env info link, remove mention of alpha ABI (#2911)
  • d60fc2b Support new graalpy asset names that include Python version. (#2863)
  • 55c8985 docs: clarify environment precedence (#2905)
  • Additional commits viewable in compare view

Updates tiangolo/issue-manager from 0.6.0 to 0.8.0

Release notes

Sourced from tiangolo/issue-manager's releases.

0.8.0

Refactors

  • ♻️ Refactor main Dockerfile to contain all logic, cache by uv. PR #62 by @​tiangolo.

Internal

0.7.1

Fixes

Internal

0.7.0

Features

  • ✨ Add default labels answered, waiting, invalid, maybe-ai. PR #56 by @​tiangolo.

Docs

Internal

Changelog

Sourced from tiangolo/issue-manager's changelog.

0.8.0 (2026-06-24)

Refactors

  • ♻️ Refactor main Dockerfile to contain all logic, cache by uv. PR #62 by @​tiangolo.

Internal

0.7.1

Fixes

Internal

0.7.0

Features

  • ✨ Add default labels answered, waiting, invalid, maybe-ai. PR #56 by @​tiangolo.

Docs

  • 📝 Fix formatting in README.md. PR

Bumps the github-actions group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6` | `7` |
| [actions/cache](https://github.com/actions/cache) | `5` | `6` |
| [codecov/codecov-action](https://github.com/codecov/codecov-action) | `6` | `7` |
| [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `3.4.1` | `4.1.0` |
| [tiangolo/issue-manager](https://github.com/tiangolo/issue-manager) | `0.6.0` | `0.8.0` |


Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v6...v7)

Updates `actions/cache` from 5 to 6
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v5...v6)

Updates `codecov/codecov-action` from 6 to 7
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v6...v7)

Updates `pypa/cibuildwheel` from 3.4.1 to 4.1.0
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md)
- [Commits](pypa/cibuildwheel@v3.4.1...v4.1.0)

Updates `tiangolo/issue-manager` from 0.6.0 to 0.8.0
- [Release notes](https://github.com/tiangolo/issue-manager/releases)
- [Changelog](https://github.com/tiangolo/issue-manager/blob/master/release-notes.md)
- [Commits](tiangolo/issue-manager@0.6.0...0.8.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: actions/cache
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: codecov/codecov-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: pypa/cibuildwheel
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
- dependency-name: tiangolo/issue-manager
  dependency-version: 0.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Update of github actions labels Jul 1, 2026
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (bb02e74) to head (39978e4).

Additional details and impacted files
@@            Coverage Diff            @@
##              main      #238   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           70        70           
  Branches        11        11           
=========================================
  Hits            70        70           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@codspeed-hq

codspeed-hq Bot commented Jul 1, 2026

Copy link
Copy Markdown

Merging this PR will not alter performance

✅ 13 untouched benchmarks


Comparing dependabot/github_actions/github-actions-691dd7ec27 (39978e4) with main (bb02e74)

Open in CodSpeed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Update of github actions

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants