From a74941a81d8740c3688fb891de960bd161cd6931 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Apr 2026 18:50:30 +0000 Subject: [PATCH] Bump the gha-updates group with 8 updates Bumps the gha-updates group with 8 updates: | Package | From | To | | --- | --- | --- | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.3.1` | `8.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [github/codeql-action](https://github.com/github/codeql-action) | `4.32.4` | `4.35.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | | [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) | `3.2.0` | `3.3.0` | | [rhysd/action-setup-vim](https://github.com/rhysd/action-setup-vim) | `1.6.0` | `1.6.1` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` | | [actions-rust-lang/setup-rust-toolchain](https://github.com/actions-rust-lang/setup-rust-toolchain) | `1.15.3` | `1.15.4` | Updates `astral-sh/setup-uv` from 7.3.1 to 8.0.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/5a095e7a2014a4212f075830d4f7277575a9d098...cec208311dfd045dd5311c1add060b2062131d57) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v6...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) Updates `github/codeql-action` from 4.32.4 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v4.32.4...c10b8064de6f491fea524254123dbe5e09572f13) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c) Updates `sigstore/gh-action-sigstore-python` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](https://github.com/sigstore/gh-action-sigstore-python/compare/a5caf349bc536fbef3668a10ed7f5cd309a4b53d...04cffa1d795717b140764e8b640de88853c92acc) Updates `rhysd/action-setup-vim` from 1.6.0 to 1.6.1 - [Release notes](https://github.com/rhysd/action-setup-vim/releases) - [Changelog](https://github.com/rhysd/action-setup-vim/blob/master/CHANGELOG.md) - [Commits](https://github.com/rhysd/action-setup-vim/compare/19e3dd31a84dbc2c5445d65e9b363f616cab96c1...febef33995d6649302e9d88dda81e071b68f16a7) Updates `codecov/codecov-action` from 5.5.2 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/671740ac38dd9b0130fbe1cec585b89eea48d3de...57e3a136b779b570ffcdbf80b3bdc90e7fab3de2) Updates `actions-rust-lang/setup-rust-toolchain` from 1.15.3 to 1.15.4 - [Release notes](https://github.com/actions-rust-lang/setup-rust-toolchain/releases) - [Changelog](https://github.com/actions-rust-lang/setup-rust-toolchain/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions-rust-lang/setup-rust-toolchain/compare/a0b538fa0b742a6aa35d6e2c169b4bd06d225a98...150fca883cd4034361b621bd4e6a9d34e5143606) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-updates - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-updates - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-updates - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gha-updates - dependency-name: sigstore/gh-action-sigstore-python dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: gha-updates - dependency-name: rhysd/action-setup-vim dependency-version: 1.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gha-updates - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: gha-updates - dependency-name: actions-rust-lang/setup-rust-toolchain dependency-version: 1.15.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: gha-updates ... Signed-off-by: dependabot[bot] --- .github/workflows/bandit.yml | 4 ++-- .github/workflows/debug.yml | 2 +- .github/workflows/lint.yml | 2 +- .github/workflows/release.yml | 10 ++++----- .github/workflows/scorecard.yml | 2 +- .github/workflows/test.yml | 36 ++++++++++++++++----------------- .github/workflows/zizmor.yml | 4 ++-- 7 files changed, 30 insertions(+), 30 deletions(-) diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml index 1cef1f3..3463dc4 100644 --- a/.github/workflows/bandit.yml +++ b/.github/workflows/bandit.yml @@ -33,7 +33,7 @@ jobs: python-version: '3.x' allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Install Just @@ -53,6 +53,6 @@ jobs: - name: Upload to code-scanning if: ${{ always() }} - uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 with: sarif_file: bandit.sarif diff --git a/.github/workflows/debug.yml b/.github/workflows/debug.yml index 7ed68e3..127813e 100644 --- a/.github/workflows/debug.yml +++ b/.github/workflows/debug.yml @@ -37,7 +37,7 @@ jobs: with: python-version: ${{ github.event.inputs.python-version }} - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Install Just diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 2872efb..396288d 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -66,7 +66,7 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Install Just diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 22de058..c4b94cf 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -48,7 +48,7 @@ jobs: with: python-version: "3.14" # for tomlib - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false restore-cache: false @@ -105,7 +105,7 @@ jobs: id-token: write # IMPORTANT: mandatory for trusted publishing steps: - name: Download all the dists - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: name: python-package-distributions path: dist/ @@ -125,12 +125,12 @@ jobs: steps: - name: Download all the dists - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: name: python-package-distributions path: dist/ - name: Sign the dists with Sigstore - uses: sigstore/gh-action-sigstore-python@a5caf349bc536fbef3668a10ed7f5cd309a4b53d + uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc with: inputs: >- ./dist/*.tar.gz @@ -174,7 +174,7 @@ jobs: steps: - name: Download all the dists - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: name: python-package-distributions path: dist/ diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index acc7519..f1fc06f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -58,6 +58,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard (optional). # Commenting out will disable upload of results to your repo's Code Scanning dashboard - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 with: sarif_file: results.sarif diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 278cc51..bdd2ef8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -130,7 +130,7 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just @@ -154,7 +154,7 @@ jobs: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} - name: Store env files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: requirements-${{ env.COVERAGE_FILE }}.txt path: requirements-test*.txt @@ -210,7 +210,7 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just @@ -234,7 +234,7 @@ jobs: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} - name: Store env files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: requirements-${{ env.COVERAGE_FILE }}.txt path: requirements-test*.txt @@ -332,7 +332,7 @@ jobs: uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 timeout-minutes: 60 - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just @@ -348,7 +348,7 @@ jobs: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} - name: Store env files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: requirements-${{ env.COVERAGE_FILE }}.txt path: requirements-test*.txt @@ -455,7 +455,7 @@ jobs: uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 timeout-minutes: 60 - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just @@ -471,7 +471,7 @@ jobs: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} - name: Store env files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: requirements-${{ env.COVERAGE_FILE }}.txt path: requirements-test*.txt @@ -571,7 +571,7 @@ jobs: uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 timeout-minutes: 60 - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just @@ -606,7 +606,7 @@ jobs: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} - name: Store env files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: requirements-${{ env.COVERAGE_FILE }}.txt path: requirements-test*.txt @@ -662,14 +662,14 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: install-vim-windows if: ${{ github.event.inputs.debug == 'true' }} - uses: rhysd/action-setup-vim@19e3dd31a84dbc2c5445d65e9b363f616cab96c1 + uses: rhysd/action-setup-vim@febef33995d6649302e9d88dda81e071b68f16a7 - name: Setup tmate session if: ${{ github.event.inputs.debug == 'true' }} uses: mxschmitt/action-tmate@c0afd6f790e3a5564914980036ebf83216678101 @@ -686,7 +686,7 @@ jobs: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} - name: Store env files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: requirements-${{ env.COVERAGE_FILE }}.txt path: requirements-test*.txt @@ -742,7 +742,7 @@ jobs: python-version: ${{ matrix.python-version }} allow-prereleases: true - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just @@ -766,7 +766,7 @@ jobs: name: ${{ env.COVERAGE_FILE }} path: ${{ env.COVERAGE_FILE }} - name: Store env files - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: requirements-${{ env.COVERAGE_FILE }}.txt path: requirements-test*.txt @@ -791,13 +791,13 @@ jobs: with: python-version: '3.12' - name: Install uv - uses: astral-sh/setup-uv@5a095e7a2014a4212f075830d4f7277575a9d098 + uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 with: enable-cache: false - name: Setup Just uses: extractions/setup-just@f8a3cce218d9f83db3a2ecd90e41ac3de6cdfd9b - name: Get coverage files - uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 + uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c with: pattern: "*.coverage" merge-multiple: true @@ -805,7 +805,7 @@ jobs: - run: just coverage - name: Upload coverage to Codecov - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de + uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 with: token: ${{ secrets.CODECOV_TOKEN }} files: diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index 8166f04..6f72e1e 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -29,7 +29,7 @@ jobs: persist-credentials: false - name: Set up Rust - uses: actions-rust-lang/setup-rust-toolchain@a0b538fa0b742a6aa35d6e2c169b4bd06d225a98 + uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 - name: Install jq run: | sudo apt-get update @@ -50,7 +50,7 @@ jobs: retention-days: 7 - name: Upload to code-scanning - uses: github/codeql-action/upload-sarif@89a39a4e59826350b863aa6b6252a07ad50cf83e + uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 with: sarif_file: results.sarif