From e43bdd9e08fe2971205bdf6d6db91cca50c66a72 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Sep 2025 08:23:49 +0000 Subject: [PATCH 1/2] Bump the actions group with 5 updates Bumps the actions group with 5 updates: | Package | From | To | | --- | --- | --- | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.29.11` | `3.30.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4` | `5` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.12.4` | `1.13.0` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6.6.0` | `6.6.1` | Updates `actions/setup-python` from 5 to 6 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5...v6) Updates `github/codeql-action` from 3.29.11 to 3.30.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...f1f6e5f6af878fb37288ce1c627459e94dbf7d01) Updates `actions/download-artifact` from 4 to 5 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v4...v5) Updates `pypa/gh-action-pypi-publish` from 1.12.4 to 1.13.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/76f52bc884231f62b9a034ebfe128415bbaabdfc...ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e) Updates `astral-sh/setup-uv` from 6.6.0 to 6.6.1 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/4959332f0f014c5280e7eac8b70c90cb574c9f9b...557e51de59eb14aaaba2ed9621916900a91d50c6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: github/codeql-action dependency-version: 3.30.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions - dependency-name: astral-sh/setup-uv dependency-version: 6.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 6 +++--- .github/workflows/dist.yml | 6 +++--- .github/workflows/release-python.yml | 6 +++--- .github/workflows/test-python.yml | 22 +++++++++++----------- 4 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 8dffe1fa7b..1027b20834 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -42,11 +42,11 @@ jobs: with: ref: ${{ inputs.ref }} persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3 + uses: github/codeql-action/init@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -63,6 +63,6 @@ jobs: pip install -e . - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3c3833e0f8c1c83d449a7478aa59c036a9165498 # v3 + uses: github/codeql-action/analyze@f1f6e5f6af878fb37288ce1c627459e94dbf7d01 # v3 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dist.yml b/.github/workflows/dist.yml index e5b36ad7dd..0110d8df41 100644 --- a/.github/workflows/dist.yml +++ b/.github/workflows/dist.yml @@ -52,7 +52,7 @@ jobs: persist-credentials: false ref: ${{ inputs.ref }} - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: cache: 'pip' python-version: 3.11 @@ -115,7 +115,7 @@ jobs: persist-credentials: false ref: ${{ inputs.ref }} - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: # Build sdist on lowest supported Python python-version: '3.9' @@ -143,7 +143,7 @@ jobs: name: Download Wheels steps: - name: Download all workflow run artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 - name: Flatten directory working-directory: . run: | diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 9cce310d91..a30afbccd5 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -76,19 +76,19 @@ jobs: id-token: write steps: - name: Download all the dists - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: name: all-dist-${{ github.run_id }} path: dist/ - name: Publish package distributions to TestPyPI - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1 with: repository-url: https://test.pypi.org/legacy/ skip-existing: true attestations: ${{ env.DRY_RUN }} - name: Publish package distributions to PyPI if: startsWith(env.DRY_RUN, 'false') - uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # release/v1 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # release/v1 post-publish: needs: [publish] diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index d55c0d7c7c..6ddd4c0c0e 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -23,7 +23,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: enable-cache: true python-version: "3.9" @@ -65,7 +65,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: enable-cache: true python-version: ${{ matrix.python-version }} @@ -84,7 +84,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: enable-cache: true python-version: "3.9" @@ -109,7 +109,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: enable-cache: true python-version: "3.9" @@ -128,7 +128,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: enable-cache: true python-version: "3.9" @@ -150,7 +150,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: enable-cache: true python-version: "${{matrix.python}}" @@ -170,7 +170,7 @@ jobs: - uses: actions/checkout@v5 with: persist-credentials: false - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: cache: 'pip' cache-dependency-path: 'pyproject.toml' @@ -193,7 +193,7 @@ jobs: timeout-minutes: 20 steps: - name: Download sdist - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 - name: Unpack SDist shell: bash run: | @@ -202,7 +202,7 @@ jobs: mkdir test tar --strip-components=1 -zxf *.tar.gz -C ./test ls test - - uses: actions/setup-python@v5 + - uses: actions/setup-python@v6 with: cache: 'pip' cache-dependency-path: 'sdist/test/pyproject.toml' @@ -229,7 +229,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: python-version: '3.9' - id: setup-mongodb @@ -255,7 +255,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@4959332f0f014c5280e7eac8b70c90cb574c9f9b # v5 + uses: astral-sh/setup-uv@557e51de59eb14aaaba2ed9621916900a91d50c6 # v5 with: python-version: '3.9' - id: setup-mongodb From 12bb544cab5ba53dbd102e0c0c2c9099dcd90363 Mon Sep 17 00:00:00 2001 From: Steven Silvester Date: Mon, 8 Sep 2025 09:08:13 -0500 Subject: [PATCH 2/2] fix usage of download-artifact --- .github/workflows/test-python.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 6ddd4c0c0e..89c1e6a95f 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -194,6 +194,8 @@ jobs: steps: - name: Download sdist uses: actions/download-artifact@v5 + with: + path: sdist/ - name: Unpack SDist shell: bash run: |