build(deps): bump hynek/build-and-inspect-python-package from 2.4 to 2.5 in the github-actions group

[dependabot]

Bumps the github-actions group with 1 update: hynek/build-and-inspect-python-package.

Updates hynek/build-and-inspect-python-package from 2.4 to 2.5

Release notes

Sourced from hynek/build-and-inspect-python-package's releases.

v2.5.0

Added

• New input: attest-build-provenance-github generates signed build provenance attestations for workflow artifacts. #122

Changelog

Sourced from hynek/build-and-inspect-python-package's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

2.5.0 - 2024-05-13

Added

• New input: attest-build-provenance-github generates signed build provenance attestations for workflow artifacts. #122

2.4.0 - 2024-04-11

Changed

• The action doesn't crash anymore if the user sets globally the UV_SYSTEM_PYTHON environment variable. #116

2.3.0 - 2024-04-11

Added

• Cache busting for the uv cache. GitHub Actions's caching behavior is a bit idiosyncratic: Once a cache is created, it's immutable. But as long as it's accessed within 7 days, it never goes away.

  Therefore, baipp now uses the hash of the requirements file as part of the cache key. Behaviorally, nothing changes, except that the cache doesn't grow useless over time. #115

2.2.1 - 2024-04-02

Fixed

• The action uses wheel to unpack wheels again (this is a revert of #103) due to incompatibilities with, for example, pytest. To avoid the confusion due to wrong timestamps, the wheel's tree output in the Summary has no timestamps anymore. #114

2.2.0 - 2024-03-31

... (truncated)

Commits

• 4aea7de v2.5.0
• 0f9f778 Attest build provenance of artifacts (#122)
• 36b0128 [pre-commit.ci] pre-commit autoupdate (#121)
• 5841954 Automated dependency upgrades (#120)
• c5aaf62 Update action.yml so what's ehco'ed matches what's done (#119)
• 2a52909 Automated dependency upgrades (#118)
• c63bb68 Start new cycle
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions