build(deps): bump the actions group with 6 updates (#305)

dependabot[bot] · web-flow · commit e9ef191d968d · 2026-04-19T16:20:12.000-07:00
Bumps the actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [actions/cache](https://github.com/actions/cache) | `5` | `5.0.4` | | [hustcer/setup-nu](https://github.com/hustcer/setup-nu) | `3.22` | `3.23` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4` | `5` | | [cross-platform-actions/action](https://github.com/cross-platform-actions/action) | `0.32.0` | `1.0.0` | | [PyO3/maturin-action](https://github.com/pyo3/maturin-action) | `1.50.1` | `1.51.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | Updates `actions/cache` from 5 to 5.0.4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v5.0.4</h2> <h2>What's Changed</h2> <ul> <li>Add release instructions and update maintainer docs by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1696">actions/cache#1696</a></li> <li>Potential fix for code scanning alert no. 52: Workflow does not contain permissions by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1697">actions/cache#1697</a></li> <li>Fix workflow permissions and cleanup workflow names / formatting by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1699">actions/cache#1699</a></li> <li>docs: Update examples to use the latest version by <a href="https://github.com/XZTDean"><code>@​XZTDean</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li> <li>Fix proxy integration tests by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1701">actions/cache#1701</a></li> <li>Fix cache key in examples.md for bun.lock by <a href="https://github.com/RyPeck"><code>@​RyPeck</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li> <li>Update dependencies &amp; patch security vulnerabilities by <a href="https://github.com/Link"><code>@​Link</code></a>- in <a href="https://redirect.github.com/actions/cache/pull/1738">actions/cache#1738</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/XZTDean"><code>@​XZTDean</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1690">actions/cache#1690</a></li> <li><a href="https://github.com/RyPeck"><code>@​RyPeck</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1722">actions/cache#1722</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.4">https://github.com/actions/cache/compare/v5...v5.0.4</a></p> <h2>v5.0.3</h2> <h2>What's Changed</h2> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v5...v5.0.3">https://github.com/actions/cache/compare/v5...v5.0.3</a></p> <h2>v.5.0.2</h2> <h1>v5.0.2</h1> <h2>What's Changed</h2> <p>When creating cache entries, 429s returned from the cache service will not be retried.</p> <h2>v5.0.1</h2> <blockquote> <p>[!IMPORTANT] <strong><code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>.</strong></p> <p>If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <hr /> <h1>v5.0.1</h1> <h2>What's Changed</h2> <ul> <li>fix: update <code>@​actions/cache</code> for Node.js 24 punycode deprecation by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1685">actions/cache#1685</a></li> <li>prepare release v5.0.1 by <a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1686">actions/cache#1686</a></li> </ul> <h1>v5.0.0</h1> <h2>What's Changed</h2>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h3>5.0.4</h3> <ul> <li>Bump <code>minimatch</code> to v3.1.5 (fixes ReDoS via globstar patterns)</li> <li>Bump <code>undici</code> to v6.24.1 (WebSocket decompression bomb protection, header validation fixes)</li> <li>Bump <code>fast-xml-parser</code> to v5.5.6</li> </ul> <h3>5.0.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.5 (Resolves: <a href="https://github.com/actions/cache/security/dependabot/33">https://github.com/actions/cache/security/dependabot/33</a>)</li> <li>Bump <code>@actions/core</code> to v2.0.3</li> </ul> <h3>5.0.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v5.0.3 <a href="https://redirect.github.com/actions/cache/pull/1692">#1692</a></li> </ul> <h3>5.0.1</h3> <ul> <li>Update <code>@azure/storage-blob</code> to <code>^12.29.1</code> via <code>@actions/cache@5.0.1</code> <a href="https://redirect.github.com/actions/cache/pull/1685">#1685</a></li> </ul> <h3>5.0.0</h3> <blockquote> <p>[!IMPORTANT] <code>actions/cache@v5</code> runs on the Node.js 24 runtime and requires a minimum Actions Runner version of <code>2.327.1</code>. If you are using self-hosted runners, ensure they are updated before upgrading.</p> </blockquote> <h3>4.3.0</h3> <ul> <li>Bump <code>@actions/cache</code> to <a href="https://redirect.github.com/actions/toolkit/pull/2132">v4.1.0</a></li> </ul> <h3>4.2.4</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.5</li> </ul> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/cache/commit/cdf6c1fa76f9f475f3d7449005a359c84ca0f306"><code>cdf6c1f</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1695">#1695</a> from actions/Link-/prepare-5.0.3</li> <li><a href="https://github.com/actions/cache/commit/a1bee22673bee4afb9ce4e0a1dc3da1c44060b7d"><code>a1bee22</code></a> Add review for the <code>@​actions/http-client</code> license</li> <li><a href="https://github.com/actions/cache/commit/46957638dc5c5ff0c34c0143f443c07d3a7c769f"><code>4695763</code></a> Add licensed output</li> <li><a href="https://github.com/actions/cache/commit/dc73bb9f7bf74a733c05ccd2edfd1f2ac9e5f502"><code>dc73bb9</code></a> Upgrade dependencies and address security warnings</li> <li>See full diff in <a href="https://github.com/actions/cache/compare/v5...v5.0.4">compare view</a></li> </ul> </details> <br /> Updates `hustcer/setup-nu` from 3.22 to 3.23 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/hustcer/setup-nu/releases">hustcer/setup-nu's releases</a>.</em></p> <blockquote> <h2>v3.23</h2> <h2>[3.23] - 2026-03-19</h2> <h3>Features</h3> <ul> <li>Add nu/build.nu for assets building (<a href="https://redirect.github.com/hustcer/setup-nu/issues/206">#206</a>)</li> </ul> <h3>Deps</h3> <ul> <li>Upgrade globby,<code>@​biomejs/biome</code> &amp; lefthook</li> <li>Upgrade lefthook,cspell,<code>@​biomejs/biome</code>,undici &amp; @actions/*</li> <li>Upgrade undici to 7.19.0</li> <li>Upgrade <code>@​actions/core</code>,<code>@​actions/tool-cache</code>,undici,lefthook &amp; semver (<a href="https://redirect.github.com/hustcer/setup-nu/issues/205">#205</a>)</li> <li>Upgrade undici,<code>@​biomejs/biome</code>,<code>@​types/node</code> &amp; lefthook</li> <li>Upgrade globby, <code>@​biomejs/biome</code> &amp; cspell (<a href="https://redirect.github.com/hustcer/setup-nu/issues/212">#212</a>)</li> <li>Upgrade <code>@​biomejs/biome</code>,lefthook &amp; undici</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/hustcer/setup-nu/blob/main/CHANGELOG.md">hustcer/setup-nu's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <h2>[3.23] - 2026-03-19</h2> <h3>Features</h3> <ul> <li>Add nu/build.nu for assets building (<a href="https://redirect.github.com/hustcer/setup-nu/issues/206">#206</a>)</li> </ul> <h3>Deps</h3> <ul> <li>Upgrade globby,<code>@​biomejs/biome</code> &amp; lefthook</li> <li>Upgrade lefthook,cspell,<code>@​biomejs/biome</code>,undici &amp; @actions/*</li> <li>Upgrade undici to 7.19.0</li> <li>Upgrade <code>@​actions/core</code>,<code>@​actions/tool-cache</code>,undici,lefthook &amp; semver (<a href="https://redirect.github.com/hustcer/setup-nu/issues/205">#205</a>)</li> <li>Upgrade undici,<code>@​biomejs/biome</code>,<code>@​types/node</code> &amp; lefthook</li> <li>Upgrade globby, <code>@​biomejs/biome</code> &amp; cspell (<a href="https://redirect.github.com/hustcer/setup-nu/issues/212">#212</a>)</li> <li>Upgrade <code>@​biomejs/biome</code>,lefthook &amp; undici</li> </ul> <h2>[3.22] - 2025-12-13</h2> <h3>Bug Fixes</h3> <ul> <li>Added input validation for plugin registration to prevent injection vulnerabilities (<a href="https://redirect.github.com/hustcer/setup-nu/issues/195">#195</a>)</li> </ul> <h3>Features</h3> <ul> <li>Add strict input validation and robust plugin registration; improve target selection and caching (<a href="https://redirect.github.com/hustcer/setup-nu/issues/190">#190</a>)</li> <li>Support proxies (<a href="https://redirect.github.com/hustcer/setup-nu/issues/194">#194</a>)</li> </ul> <h3>Miscellaneous Tasks</h3> <ul> <li>Update .lefthook/pre-push/sync.nu</li> <li>Update README.md</li> <li>Bump actions/checkout from 5 to 6 (<a href="https://redirect.github.com/hustcer/setup-nu/issues/191">#191</a>)</li> <li>Drop 0.88.1 check</li> <li>Update README</li> <li>Update lefthook.yml</li> <li>Upgrade runner os from macos-13 to macos-15</li> <li>Update dist &amp; format code</li> </ul> <h3>Deps</h3> <ul> <li>Upgrade <code>@​octokit/rest</code>,lefthook,<code>@​types/node</code>, and <code>@​biomejs/biome</code></li> <li>Upgrade pnpm to v10</li> <li>Upgrade <code>@​biomejs/biome</code>,cspell &amp; lefthook</li> <li>Upgrade globby, <code>@​biomejs/biome</code> &amp; cspell</li> <li>Upgrade <code>@​biomejs/biome</code>,lefthook &amp; cspell (<a href="https://redirect.github.com/hustcer/setup-nu/issues/193">#193</a>)</li> <li>Upgrade <code>@​actions/core</code> &amp; lefthook</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/hustcer/setup-nu/commit/92c296ba1ba2ba04cc948ab64ddefe192dc13f0c"><code>92c296b</code></a> fix: Try to fix nu release script</li> <li><a href="https://github.com/hustcer/setup-nu/commit/80e1ad3652d49a3d925921229c0cc9ab51be4cf4"><code>80e1ad3</code></a> update CHANGELOG.md for v3.23</li> <li><a href="https://github.com/hustcer/setup-nu/commit/95a863f49018e87e37e4d76354d9373ebf50c7a4"><code>95a863f</code></a> Bump to v3.23</li> <li><a href="https://github.com/hustcer/setup-nu/commit/00b77acd450ca968387009d576e1b39eed2b0fc8"><code>00b77ac</code></a> deps: Upgrade <code>@​biomejs/biome</code>,lefthook &amp; undici</li> <li><a href="https://github.com/hustcer/setup-nu/commit/51f0fb97d1361ea0c4623a257fa7ce45d61d20da"><code>51f0fb9</code></a> Add Nu 0.111.0 to workflows</li> <li><a href="https://github.com/hustcer/setup-nu/commit/b66b096cb519f904df8b345dfb6971369ddca94e"><code>b66b096</code></a> chore: Test install nushell-pro SKILL</li> <li><a href="https://github.com/hustcer/setup-nu/commit/b025b697fc927fa11edfdddd176902b17ce7fbb3"><code>b025b69</code></a> deps: Upgrade globby, <code>@​biomejs/biome</code> &amp; cspell (<a href="https://redirect.github.com/hustcer/setup-nu/issues/212">#212</a>)</li> <li><a href="https://github.com/hustcer/setup-nu/commit/8f2e5e54ed0791ebaa0133649354aaca977f7a49"><code>8f2e5e5</code></a> deps: Upgrade undici,<code>@​biomejs/biome</code>,<code>@​types/node</code> &amp; lefthook</li> <li><a href="https://github.com/hustcer/setup-nu/commit/928c8f8a035d8c802139692ab5d843490f6daf19"><code>928c8f8</code></a> feat: Add nu/build.nu for assets building (<a href="https://redirect.github.com/hustcer/setup-nu/issues/206">#206</a>)</li> <li><a href="https://github.com/hustcer/setup-nu/commit/26a0b4c7a4049d4e25b9d6c77e2cec27a38a6818"><code>26a0b4c</code></a> deps: Upgrade <code>@​actions/core</code>,<code>@​actions/tool-cache</code>,undici,lefthook &amp; semver (<a href="https://redirect.github.com/hustcer/setup-nu/issues/205">#205</a>)</li> <li>Additional commits viewable in <a href="https://github.com/hustcer/setup-nu/compare/v3.22...92c296ba1ba2ba04cc948ab64ddefe192dc13f0c">compare view</a></li> </ul> </details> <br /> Updates `actions/upload-pages-artifact` from 4 to 5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-pages-artifact/releases">actions/upload-pages-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h1>Changelog</h1> <ul> <li>Update upload-artifact action to version 7 <a href="https://github.com/Tom-van-Woudenberg"><code>@​Tom-van-Woudenberg</code></a> (<a href="https://redirect.github.com/actions/upload-pages-artifact/issues/139">#139</a>)</li> <li>feat: add <code>include-hidden-files</code> input <a href="https://github.com/jonchurch"><code>@​jonchurch</code></a> (<a href="https://redirect.github.com/actions/upload-pages-artifact/issues/137">#137</a>)</li> </ul> <p>See details of <a href="https://github.com/actions/upload-pages-artifact/compare/v4.0.0...v4.0.1">all code changes</a> since previous release.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-pages-artifact/commit/fc324d3547104276b827a68afc52ff2a11cc49c9"><code>fc324d3</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-pages-artifact/issues/139">#139</a> from Tom-van-Woudenberg/patch-1</li> <li><a href="https://github.com/actions/upload-pages-artifact/commit/fe9d4b7d84090e1d8d9c53a0236f810d4e00d2c3"><code>fe9d4b7</code></a> Merge branch 'main' into patch-1</li> <li><a href="https://github.com/actions/upload-pages-artifact/commit/0ca16172ca884f0a37117fed41734f29784cc980"><code>0ca1617</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-pages-artifact/issues/137">#137</a> from jonchurch/include-hidden-files</li> <li><a href="https://github.com/actions/upload-pages-artifact/commit/57f0e8492b437b7818227931fef2faa1a379839b"><code>57f0e84</code></a> Update action.yml</li> <li><a href="https://github.com/actions/upload-pages-artifact/commit/4a90348b2933470dc78cec55534259872a6d3c0d"><code>4a90348</code></a> v7 --&gt; hash</li> <li><a href="https://github.com/actions/upload-pages-artifact/commit/56f665a6f297fa95f8d735b314187fb2d7764569"><code>56f665a</code></a> Update upload-artifact action to version 7</li> <li><a href="https://github.com/actions/upload-pages-artifact/commit/f7615f5917213b24245d49ba96693d0f5375a414"><code>f7615f5</code></a> Add <code>include-hidden-files</code> input</li> <li>See full diff in <a href="https://github.com/actions/upload-pages-artifact/compare/v4...v5">compare view</a></li> </ul> </details> <br /> Updates `cross-platform-actions/action` from 0.32.0 to 1.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cross-platform-actions/action/releases">cross-platform-actions/action's releases</a>.</em></p> <blockquote> <h2>Cross Platform Action 1.0.0</h2> <h3>Fixed</h3> <ul> <li>Fix <a href="https://redirect.github.com/cross-platform-actions/action/issues/108">#108</a>: Fix file ownership on Haiku after rsync, resolving git <code>safe.directory</code> errors</li> </ul> <h3>Changed</h3> <ul> <li><strong>Breaking</strong>: Update the requirement of Node for running this action from version 20 to 24.</li> </ul> <h3>Removed</h3> <ul> <li><strong>Breaking</strong>: Remove support for running on macOS runners. Only Linux runners (e.g. <code>ubuntu-latest</code>) are now supported. This was deprecated in v0.25.0.</li> <li><strong>Breaking</strong>: Remove the Xhyve hypervisor and the <code>hypervisor</code> input parameter. QEMU is now the only supported hypervisor. These were deprecated in v0.25.0.</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/cross-platform-actions/action/blob/master/changelog.md">cross-platform-actions/action's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/en/1.0.0/">Keep a Changelog</a>, and this project adheres to <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a>.</p> <h2>[Unreleased]</h2> <h3>Added</h3> <ul> <li>Add support for DragonFly BSD (<a href="https://redirect.github.com/cross-platform-actions/action/issues/19">#19</a>)</li> <li>Add support for MidnightBSD (<a href="https://redirect.github.com/cross-platform-actions/action/issues/102">#102</a>)</li> </ul> <h2>[1.0.0] - 2026-04-12</h2> <h3>Fixed</h3> <ul> <li>Fix <a href="https://redirect.github.com/cross-platform-actions/action/issues/108">#108</a>: Fix file ownership on Haiku after rsync, resolving git <code>safe.directory</code> errors</li> </ul> <h3>Changed</h3> <ul> <li><strong>Breaking</strong>: Update the requirement of Node for running this action from version 20 to 24.</li> </ul> <h3>Removed</h3> <ul> <li><strong>Breaking</strong>: Remove support for running on macOS runners. Only Linux runners (e.g. <code>ubuntu-latest</code>) are now supported. This was deprecated in v0.25.0.</li> <li><strong>Breaking</strong>: Remove the Xhyve hypervisor and the <code>hypervisor</code> input parameter. QEMU is now the only supported hypervisor. These were deprecated in v0.25.0.</li> </ul> <h2>[0.32.0] - 2025-12-21</h2> <h3>Added</h3> <ul> <li>Add support for OmniOS</li> </ul> <h2>[0.31.0] - 2025-12-15</h2> <h3>Added</h3> <ul> <li>Add support for FreeBSD 15.0 (<a href="https://redirect.github.com/cross-platform-actions/action/issues/114">#114</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix empty hostname (<a href="https://redirect.github.com/cross-platform-actions/action/issues/113">#113</a>)</li> </ul> <h2>[0.30.0] - 2025-11-04</h2> <h3>Added</h3> <ul> <li>Document how to report a security vulnerability</li> <li>Add support for OpenBSD 7.8 (<a href="https://redirect.github.com/cross-platform-actions/action/issues/112">#112</a>)</li> </ul> <h3>Security</h3> <ul> <li>Fix potential code injection in the GitHub release workflow (<a href="https://github.com/cross-platform-actions/action/security/advisories/GHSA-928q-63gf-mc2x">#GHSA-928q-63gf-mc2x</a>)</li> </ul> <h2>[0.29.0] - 2025-07-22</h2> <h3>Added</h3> <ul> <li>Add support for FreeBSD 14.3 (<a href="https://redirect.github.com/cross-platform-actions/action/issues/106">#106</a>, <a href="https://redirect.github.com/cross-platform-actions/freebsd-builder/pull/9">freebsd-builder#9</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cross-platform-actions/action/commit/233156312992f3f169d8d0c633c21d12a5d30455"><code>2331563</code></a> Release 1.0.0</li> <li><a href="https://github.com/cross-platform-actions/action/commit/1631483d486914fdd7b33ca197bafead8340936c"><code>1631483</code></a> Assert that the release script is running on master</li> <li><a href="https://github.com/cross-platform-actions/action/commit/47af1ea116ea021006f3409c2de202ba4c3681cf"><code>47af1ea</code></a> Add release script</li> <li><a href="https://github.com/cross-platform-actions/action/commit/ca9a0a1c0877390ade8a21b7f6a5db751164fe01"><code>ca9a0a1</code></a> Add a check that the committed dist files match the source code</li> <li><a href="https://github.com/cross-platform-actions/action/commit/d5b5b85130bbf350cad627bed7637b1b11961d9c"><code>d5b5b85</code></a> Merge pull request <a href="https://redirect.github.com/cross-platform-actions/action/issues/128">#128</a> from cross-platform-actions/dependabot/npm_and_yarn/t...</li> <li><a href="https://github.com/cross-platform-actions/action/commit/3d0f9f6fd88315625459fdacaac65b3f9f4b771f"><code>3d0f9f6</code></a> Fix error in the release CI workflow</li> <li><a href="https://github.com/cross-platform-actions/action/commit/a7e29cd4b4dbec52c0510db19b9a266e69a497c6"><code>a7e29cd</code></a> Remove the <code>hypervisor</code> action parameter</li> <li><a href="https://github.com/cross-platform-actions/action/commit/cd600e1a0ecc8eb20cc5172fb217d8130a4e5c4d"><code>cd600e1</code></a> Remove support for macOS</li> <li><a href="https://github.com/cross-platform-actions/action/commit/db3b320437f7d43aa4c49e0953922f43442c5001"><code>db3b320</code></a> Merge pull request <a href="https://redirect.github.com/cross-platform-actions/action/issues/134">#134</a> from mr-raj12/fix/108-haiku-file-ownership</li> <li><a href="https://github.com/cross-platform-actions/action/commit/529221600b7b1e8aa28ef3dba083aea6b4ad153c"><code>5292216</code></a> Add e2e test for Haiku file ownership after rsync</li> <li>Additional commits viewable in <a href="https://github.com/cross-platform-actions/action/compare/492b0c80085400348c599edace11141a4ee73524...233156312992f3f169d8d0c633c21d12a5d30455">compare view</a></li> </ul> </details> <br /> Updates `PyO3/maturin-action` from 1.50.1 to 1.51.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pyo3/maturin-action/releases">PyO3/maturin-action's releases</a>.</em></p> <blockquote> <h2>v1.51.0</h2> <h2>What's Changed</h2> <ul> <li>Initial Android build support by <a href="https://github.com/messense"><code>@​messense</code></a> in <a href="https://redirect.github.com/PyO3/maturin-action/pull/426">PyO3/maturin-action#426</a></li> <li>Support native riscv64 builds on manylinux 2_39 by <a href="https://github.com/weiji14"><code>@​weiji14</code></a> in <a href="https://redirect.github.com/PyO3/maturin-action/pull/429">PyO3/maturin-action#429</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/weiji14"><code>@​weiji14</code></a> made their first contribution in <a href="https://redirect.github.com/PyO3/maturin-action/pull/429">PyO3/maturin-action#429</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/PyO3/maturin-action/compare/v1.50.1...v1.51.0">https://github.com/PyO3/maturin-action/compare/v1.50.1...v1.51.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/PyO3/maturin-action/commit/e83996d129638aa358a18fbd1dfb82f0b0fb5d3b"><code>e83996d</code></a> Bump version to 1.51.0</li> <li><a href="https://github.com/PyO3/maturin-action/commit/36eb3d01a9199f87fbd6ddf7038b03a03daea226"><code>36eb3d0</code></a> Update versions-manifest.json (<a href="https://redirect.github.com/pyo3/maturin-action/issues/435">#435</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/bd90123931ca0ba261b88b3893dd9609ed72eda3"><code>bd90123</code></a> Update versions-manifest.json (<a href="https://redirect.github.com/pyo3/maturin-action/issues/434">#434</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/ef46725b6d4e993a8fb2fe367bf1f1e3a643e4d5"><code>ef46725</code></a> Bump brace-expansion (<a href="https://redirect.github.com/pyo3/maturin-action/issues/433">#433</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/72c5fe112fe88001c8c5e1a7c89766b7d55f7405"><code>72c5fe1</code></a> Bump actions/setup-node from 6.2.0 to 6.3.0 (<a href="https://redirect.github.com/pyo3/maturin-action/issues/432">#432</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/94507410305a8e2ef07fd58e260bddc52cac4eac"><code>9450741</code></a> Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (<a href="https://redirect.github.com/pyo3/maturin-action/issues/430">#430</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/d8dc7d43e879b97c55e21052a6dc5377dd7438f7"><code>d8dc7d4</code></a> Bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (<a href="https://redirect.github.com/pyo3/maturin-action/issues/431">#431</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/0bca1d2400d75ecf79351a0e7bad20426228ea10"><code>0bca1d2</code></a> Bump picomatch from 4.0.3 to 4.0.4 (<a href="https://redirect.github.com/pyo3/maturin-action/issues/428">#428</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/3f475a463fd27ce2440c13988f39fd1312dc9381"><code>3f475a4</code></a> Support native riscv64 builds on manylinux 2_39 (<a href="https://redirect.github.com/pyo3/maturin-action/issues/429">#429</a>)</li> <li><a href="https://github.com/PyO3/maturin-action/commit/5f46978ce3318baa8b414bc7da24a147233222ee"><code>5f46978</code></a> Bump flatted from 3.3.3 to 3.4.2 (<a href="https://redirect.github.com/pyo3/maturin-action/issues/427">#427</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pyo3/maturin-action/compare/04ac600d27cdf7a9a280dadf7147097c42b757ad...e83996d129638aa358a18fbd1dfb82f0b0fb5d3b">compare view</a></li> </ul> </details> <br /> Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pypa/gh-action-pypi-publish/releases">pypa/gh-action-pypi-publish's releases</a>.</em></p> <blockquote> <h2>v1.14.0</h2>  <h2>✨ What's Changed</h2> <p>The main change in this release is that <code>verbose</code> and <code>print-hash</code> inputs are now on by default. This was contributed by <a href="https://github.com/whitequark"><code>@​whitequark</code></a><a href="https://github.com/sponsors/whitequark">💰</a> in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397">#397</a>.</p> <h2>📝 Docs</h2> <p><a href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a href="https://github.com/sponsors/woodruffw">💰</a> updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388">#388</a> and <a href="https://github.com/him2him2"><code>@​him2him2</code></a><a href="https://github.com/sponsors/him2him2">💰</a> brushed up some grammar in the README and SECURITY docs via <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395">#395</a>.</p> <h2>🛠️ Internal Updates</h2> <p><a href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a href="https://github.com/sponsors/woodruffw">💰</a> bumped <code>sigstore</code> and <code>pypi-attestations</code> in the lock file (<a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/391">#391</a>) and <a href="https://github.com/webknjaz"><code>@​webknjaz</code></a><a href="https://github.com/sponsors/webknjaz">💰</a> added infra for using type annotations in the project (<a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/381">#381</a>).</p> <h2>💪 New Contributors</h2> <ul> <li><a href="https://github.com/him2him2"><code>@​him2him2</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395">#395</a></li> <li><a href="https://github.com/whitequark"><code>@​whitequark</code></a> made their first contribution in <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397">#397</a></li> </ul> <p><strong>🪞 Full Diff</strong>: <a href="https://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0">https://github.com/pypa/gh-action-pypi-publish/compare/v1.13.0...v1.14.0</a></p> <p><strong>🧔‍♂️ Release Manager:</strong> <a href="https://github.com/sponsors/webknjaz"><code>@​webknjaz</code></a> <a href="https://stand-with-ukraine.pp.ua">🇺🇦</a></p> <p><strong>🙏 Special Thanks</strong> to <a href="https://github.com/facutuesca"><code>@​facutuesca</code></a><a href="https://github.com/sponsors/facutuesca">💰</a> and <a href="https://github.com/woodruffw"><code>@​woodruffw</code></a><a href="https://github.com/sponsors/woodruffw">💰</a> for helping maintain this project when <a href="https://github.com/sponsors/webknjaz">I</a> can't!</p> <p><strong>💬 Discuss</strong> <a href="https://bsky.app/profile/webknjaz.me/post/3mivwsz3qzk2e">on Bluesky 🦋</a>, <a href="https://mastodon.social/@webknjaz/116363779997051422">on Mastodon 🐘</a> and <a href="https://github.com/pypa/gh-action-pypi-publish/discussions/404">on GitHub</a>.</p> <p><a href="https://github.com/sponsors/webknjaz"><img src="https://img.shields.io/badge/%40webknjaz-transparent?logo=githubsponsors&amp;logoColor=%23EA4AAA&amp;label=Sponsor&amp;color=2a313c" alt="GH Sponsors badge" /></a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/cef221092ed1bacb1cc03d23a2d87d1d172e277b"><code>cef2210</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/397">#397</a> from whitequark/patch-1</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/b4595e2555a031e2fd6f0bbded4e7918eaa2724e"><code>b4595e2</code></a> Enable <code>verbose</code> and <code>print-hash</code> by default.</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/e2bab26859796ee5c3bf97b8f394ce1e6570e906"><code>e2bab26</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/395">#395</a> from him2him2/docs/fix-typos-and-grammar</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/7495c384ec7a0240a28e568e7ffc60af1629585d"><code>7495c38</code></a> docs: fix typos and grammar in README and SECURITY</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/03f86fee9ac21f854951f5c6e2a02c2a1324aec7"><code>03f86fe</code></a> Merge pull request <a href="https://redirect.github.com/pypa/gh-action-pypi-publish/issues/388">#388</a> from woodruffw-forks/ww/rm-experimental</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/4c78f1c53c55c528d8abd83df933ae92bd4c1d8c"><code>4c78f1c</code></a> Merge branch 'unstable/v1' into ww/rm-experimental</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/b5a6e8ba2611ad0c810f383eed9e6629eb0b3b2f"><code>b5a6e8b</code></a> deps: bump sigstore and pypi-attestations</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/a48a03e758da35722b0d159dae23e0440d0fcce2"><code>a48a03e</code></a> remove another experimental mention</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/8087a88a46924f78608905d7841a170e749524ce"><code>8087a88</code></a> action: remove a lingering mention of PEP 740 being experimental</li> <li><a href="https://github.com/pypa/gh-action-pypi-publish/commit/3317ede93a4981d0fc490510c6fcf8bf0e92ed05"><code>3317ede</code></a> 🧪 Integrate actionlint via pre-commit framework</li> <li>Additional commits viewable in <a href="https://github.com/pypa/gh-action-pypi-publish/compare/ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e...cef221092ed1bacb1cc03d23a2d87d1d172e277b">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml
@@ -44,7 +44,7 @@ jobs:
           ref: ${{ matrix.commit }}
           persist-credentials: false
       - name: Cache base ref build
-        uses: actions/cache@v5
+        uses: actions/cache@v5.0.4
         id: cache
         with:
           key: bin-cache-${{ hashFiles('cpp-linter/src/**', 'Cargo.toml', 'Cargo.lock', 'cpp-linter/Cargo.toml') }}
diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml
@@ -38,7 +38,7 @@ jobs:
           persist-credentials: false
       - run: rustup update --no-self-update
       - name: Cache .cargo locked resources
-        uses: actions/cache@v5
+        uses: actions/cache@v5.0.4
         with:
           path: ~/.cargo
           key: ${{ runner.os }}-docs-cargo-${{ hashFiles('Cargo.lock') }}
@@ -52,7 +52,7 @@ jobs:
         with:
           persist-credentials: false
       - name: Cache .cargo locked resources
-        uses: actions/cache/restore@v5
+        uses: actions/cache/restore@v5.0.4
         with:
           path: ~/.cargo
           key: ${{ runner.os }}-docs-cargo-${{ hashFiles('Cargo.lock') }}
@@ -69,7 +69,7 @@ jobs:
       - name: Build docs
         run: nur docs --build
       - name: Upload docs build as artifact
-        uses: actions/upload-pages-artifact@v4
+        uses: actions/upload-pages-artifact@v5
         with:
           name: cpp-linter-docs
           path: docs/site
@@ -83,7 +83,7 @@ jobs:
           persist-credentials: false
       - run: rustup update --no-self-update
       - name: Cache .cargo locked resources
-        uses: actions/cache/restore@v5
+        uses: actions/cache/restore@v5.0.4
         with:
           path: ~/.cargo
           key: ${{ runner.os }}-docs-cargo-${{ hashFiles('Cargo.lock') }}
diff --git a/.github/workflows/node-js-packaging.yml b/.github/workflows/node-js-packaging.yml
@@ -89,7 +89,7 @@ jobs:
           rustup update stable --no-self-update
           rustup target add ${{ matrix.settings.target }}
       - name: Cache cargo
-        uses: actions/cache@v5 # zizmor: ignore[cache-poisoning]
+        uses: actions/cache@v5.0.4 # zizmor: ignore[cache-poisoning]
         with:
           path: |
             ~/.cargo/registry/index/
@@ -141,7 +141,7 @@ jobs:
           persist-credentials: false
       - name: Build
         id: build
-        uses: cross-platform-actions/action@492b0c80085400348c599edace11141a4ee73524 # v0.32.0
+        uses: cross-platform-actions/action@233156312992f3f169d8d0c633c21d12a5d30455 # v1.0.0
         env:
           DEBUG: napi:*
           RUSTUP_IO_THREADS: 1
diff --git a/.github/workflows/pre-commit-hooks.yml b/.github/workflows/pre-commit-hooks.yml
@@ -27,7 +27,7 @@ jobs:
           persist-credentials: false
       - run: rustup update
       - name: Cache .cargo locked resources
-        uses: actions/cache@v5
+        uses: actions/cache@v5.0.4
         with:
           path: ~/.cargo
           key: ${{ runner.os }}-cargo-${{ hashFiles('Cargo.lock') }}
diff --git a/.github/workflows/python-packaging.yml b/.github/workflows/python-packaging.yml
@@ -83,7 +83,7 @@ jobs:
           fi
 
       - name: Build wheels
-        uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1.50.1
+        uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1.51.0
         with:
           target: ${{ matrix.platform.target }}
           args: --release --out dist --find-interpreter ${{ steps.is-openssl-vendored.outputs.enabled }}
@@ -126,7 +126,7 @@ jobs:
           python-version: '3.x'
           architecture: ${{ matrix.platform.target }}
       - name: Build wheels
-        uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1.50.1
+        uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1.51.0
         with:
           target: ${{ matrix.platform.target }}
           args: --release --out dist --find-interpreter
@@ -155,7 +155,7 @@ jobs:
         with:
           python-version: '3.x'
       - name: Build wheels
-        uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1.50.1
+        uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1.51.0
         with:
           target: ${{ matrix.platform.target }}
           args: --release --out dist --find-interpreter --features openssl-vendored
@@ -176,7 +176,7 @@ jobs:
         with:
           python-version: 3.x
       - name: Build sdist
-        uses: PyO3/maturin-action@04ac600d27cdf7a9a280dadf7147097c42b757ad # v1.50.1
+        uses: PyO3/maturin-action@e83996d129638aa358a18fbd1dfb82f0b0fb5d3b # v1.51.0
         with:
           command: sdist
           args: --out dist
@@ -208,7 +208,7 @@ jobs:
         run: pipx run twine check dist/*
       - name: Publish to PyPI
         if: startsWith(github.ref, 'refs/tags/cpp-linter-py/v')
-        uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0
+        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0
         with:
           skip-existing: true
           # This workflow is registered as a trusted publisher (for test-pypi and pypi).
diff --git a/.github/workflows/run-dev-tests.yml b/.github/workflows/run-dev-tests.yml
@@ -83,7 +83,7 @@ jobs:
         run: choco install ninja
 
       - name: Cache .cargo locked resources
-        uses: actions/cache@v5
+        uses: actions/cache@v5.0.4
         with:
           path: ~/.cargo
           key: ${{ runner.os }}-tests-cargo-${{ hashFiles('Cargo.lock') }}
@@ -94,7 +94,7 @@ jobs:
         run: sudo apt-get update
 
       - name: Install nushell
-        uses: hustcer/setup-nu@920172d92eb04671776f3ba69d605d3b09351c30 # v3.22
+        uses: hustcer/setup-nu@92c296ba1ba2ba04cc948ab64ddefe192dc13f0c # v3.23
 
       - name: Run test suite
         env:
