Bump the actions group in /.github/workflows with 7 updates

[dependabot[bot]]

Bumps the actions group in /.github/workflows with 7 updates:

Package	From	To
actions/setup-python	5.2.0	5.3.0
actions/dependency-review-action	4.3.4	4.4.0
mamba-org/setup-micromamba	1.9.0	2.0.0
coverallsapp/github-action	2.3.0	2.3.4
pypa/gh-action-pypi-publish	1.10.2	1.11.0
actions/upload-artifact	4.4.0	4.4.3
softprops/action-gh-release	2.0.8	2.0.9

Updates actions/setup-python from 5.2.0 to 5.3.0

Release notes

Sourced from actions/setup-python's releases.

v5.3.0

What's Changed

• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/setup-python#941
• Upgrade IA publish by @​Jcambass in actions/setup-python#943

Bug Fixes:

• Normalise Line Endings to Ensure Cross-Platform Consistency by @​priya-kinthali in actions/setup-python#938
• Revise isGhes logic by @​jww3 in actions/setup-python#963
• Bump pillow from 7.2 to 10.2.0 by @​aparnajyothi-y in actions/setup-python#956

Enhancements:

• Enhance workflows and documentation updates by @​priya-kinthali in actions/setup-python#965
• Bump default versions to latest by @​jeffwidman in actions/setup-python#905

New Contributors

• @​Jcambass made their first contribution in actions/setup-python#941
• @​jww3 made their first contribution in actions/setup-python#963

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.3.0

Commits

• 0b93645 Enhance workflows: Add macOS 13 support, upgrade publish-action, and update d...
• 9c76e71 Bump pillow from 7.2 to 10.2.0 in /tests/data (#956)
• f4c5a11 Revise isGhes logic (#963)
• 19dfb7b Bump default versions to latest (#905)
• e9675cc Merge pull request #943 from actions/Jcambass-patch-1
• 3226af6 Upgrade IA publish
• 70dcb22 Merge pull request #941 from actions/Jcambass-patch-1
• 65b48c7 Create publish-immutable-actions.yml
• 29a37be initial commit (#938)
• See full diff in compare view

Updates actions/dependency-review-action from 4.3.4 to 4.4.0

Release notes

Sourced from actions/dependency-review-action's releases.

v4.4.0

What's Changed

• Fix for merge_group event bug by @​Ahmed3lmallah in actions/dependency-review-action#846

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.5...v4.4.0

v4.3.5

What's Changed

• fix: getRefs function to handle merge_group events by @​louis-bompart in actions/dependency-review-action#766
• Create pull_request_template.md by @​jonjanego in actions/dependency-review-action#794
• Update CONTRIBUTING.md by @​jonjanego in actions/dependency-review-action#793
• Bump @​types/node from 20.11.28 to 20.16.0 by @​dependabot in actions/dependency-review-action#815
• Upgrade transitive micromatch library by @​elireisman in actions/dependency-review-action#829
• Do not list changed dependencies in summary by @​hmaurer in actions/dependency-review-action#828
• Update stale.yaml by @​jonjanego in actions/dependency-review-action#832
• Bump got from 14.4.1 to 14.4.2 by @​dependabot in actions/dependency-review-action#822
• Bump eslint-plugin-jest and ts-jest by @​Ahmed3lmallah in actions/dependency-review-action#840

New Contributors

• @​louis-bompart made their first contribution in actions/dependency-review-action#766
• @​Ahmed3lmallah made their first contribution in actions/dependency-review-action#840

Full Changelog: https://github.com/actions/dependency-review-action/compare/v4.3.4...v4.3.5

Commits

• 4081bf9 Merge pull request #846 from actions/merge-group-bug-fix
• 03e585e fixing minor typo
• 08b4117 updating dist code
• 9c3441f updating dist code
• 304a544 updating tests
• e99353b fixing merge_group schema bug
• a6993e2 Merge pull request #840 from actions/dependabot-updates
• d92f08b Bump eslint-plugin-jest and ts-jest
• 3e334b7 Merge pull request #822 from actions/dependabot/npm_and_yarn/got-14.4.2
• 32b7d88 Merge pull request #832 from actions/jonjanego-patch-3
• Additional commits viewable in compare view

Updates mamba-org/setup-micromamba from 1.9.0 to 2.0.0

Release notes

Sourced from mamba-org/setup-micromamba's releases.

v2.0.0

What's Changed

Bug fixes

• Copy generated mamba.bat to micromamba.bat to workaround cmd.exe Auto… by @​JohanMabille in mamba-org/setup-micromamba#234

New Contributors

• @​JohanMabille made their first contribution in mamba-org/setup-micromamba#234

Full Changelog: https://github.com/mamba-org/setup-micromamba/compare/v1...v2.0.0

v1.11.0

What's Changed

New features

• pin micromamba default version to 1.* by @​pavelzw in mamba-org/setup-micromamba#232

Full Changelog: https://github.com/mamba-org/setup-micromamba/compare/v1.10.0...v1.11.0

v1.10.0

What's Changed

New features

• Include bin hash in cache key by @​bhperry in mamba-org/setup-micromamba#228

Dependency updates

• Bump the actions group with 2 updates by @​dependabot in mamba-org/setup-micromamba#215
• Bump softprops/action-gh-release from 2.0.5 to 2.0.6 in the actions group by @​dependabot in mamba-org/setup-micromamba#218
• Bump softprops/action-gh-release from 2.0.6 to 2.0.8 in the actions group by @​dependabot in mamba-org/setup-micromamba#220

New Contributors

• @​bhperry made their first contribution in mamba-org/setup-micromamba#228

Full Changelog: https://github.com/mamba-org/setup-micromamba/compare/v1.9.0...v1.10.0

Commits

• 617811f Copy generated mamba.bat to micromamba.bat to workaround cmd.exe Auto… (#234)
• 4b9113a pin micromamba default version to 1.* (#232)
• 59b1132 Include bin hash in cache key (#228)
• e751044 Bump softprops/action-gh-release from 2.0.6 to 2.0.8 in the actions group (#220)
• 29a3fc9 Bump softprops/action-gh-release from 2.0.5 to 2.0.6 in the actions group (#218)
• a1ad40c Bump the actions group with 2 updates (#215)
• See full diff in compare view

Updates coverallsapp/github-action from 2.3.0 to 2.3.4

Release notes

Sourced from coverallsapp/github-action's releases.

v2.3.4

What's Changed

• Add coverage-reporter-platform input option by @​afinetooth in coverallsapp/github-action#233
  • Since we have added support for coverage-reporter on aarch64, we need to provide users of our github-action the ability to select this architecture-specific version of coverage-reporter when they're using an aarch64 / arm64 runner in CI.

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2...v2.3.4

v2.3.3

What's Changed

• Make sure the major version tag always points to the latest release (fixes #222) by @​afinetooth in coverallsapp/github-action#230

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2...v2.3.3

v2.3.2

What's Changed

• Verify that coverage-reporter-version option is recognized by @​afinetooth in coverallsapp/github-action#229
• Add build-number to supported inputs options by @​afinetooth and @​brianatgather in coverallsapp/github-action#228
• Change sha256sum command flag to be compatible with alpine linux distros by @​afinetooth and @​jdebbink in coverallsapp/github-action#227
• Docs: Fix the action version in usage example by @​Jeff-Tian in coverallsapp/github-action#210

New Contributors

• @​brianatgather made their first contribution in coverallsapp/github-action#228 / coverallsapp/github-action#199
• @​jdebbink made their first contribution in coverallsapp/github-action#227 / coverallsapp/github-action#198
• @​Jeff-Tian made their first contribution in coverallsapp/github-action#210

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2.3.1...v2.3.2

v2.3.1

What's Changed

Extend behavior of fail-on-error option to setup failures by @​afinetooth in coverallsapp/github-action#226

• Technically an enhancement, these changes make the action behave as many customers already expect by ignoring any and all failures when the fail-on-error input is set to false.

• Adds logic to handle any failures in "setup" tasks, including downloading the coverage-reporter binary, verifying the binary, and finding the binary by its expected name after extraction.

• The new logic checks these actions and exits with code 1 on failure, except if fail-on-error is set to true, in which case it returns exit code 0.

• Adds a matrix workflow that tests the action for each os and the two key binary commands (coveralls report and coevralls done). Each of these scenarios implicitly tests our setup tasks since they run first in each scenario.

• Also extends the behavior of debug: true to flip the shell-specific debug flag for each os including set -x for linux and macos and Set-PSDebug -Trace 1 for windows.

Full Changelog: https://github.com/coverallsapp/github-action/compare/v2.3.0...v2.3.1

Commits

• cfd0633 Add coverage-reporter-platform input option (#233)
• 0db2c3c Update README.md
• 29d7fa2 Add two more helpful steps to update-major-version-tag workflow (#231)
• 4cdef0b Always point the major version tag to the latest release (#230)
• 43f11c4 Verify that coverage-reporter-version option is recognized (#229)
• c258231 Add build number to supported inputs options (#228)
• 0ae2400 Change command to to be compatible with alpine distros. (#227)
• f795697 Update README.md
• 38d584d Update README.md
• 9a6b4a8 docs: fix the action version (#210)
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.10.2 to 1.11.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.11.0

🔏 Helping you become a trusted supply chain link 🔗

Two months ago, in v1.10.0, @​woodruffw💰 integrated support for generating and uploading PEP 740 digital attestations that can be used as provenance objects when analyzing dependency chains for the integrity.

To make sure it works well, it was implemented as an opt-in, so a relatively small subset of projects was able to try it out, and a few issues have been determined and fixed during this time.

That changes today! This version changes the feature toggle to “on by default”. This means that from now on, every project making use of Trusted Publishing will start producing and publishing digital attestations without having to do any modifications to how they use this action.

@​woodruffw💰 flipped the respective toggle in #277 with the possibility to opt-out.

🛠️ Internal Dependencies

@​woodruffw💰 bumped sigstore to v3.5.1 and pypi-attestations to v0.0.13 in lock files via #276.

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.3...v1.11.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to William for working on improving the supply chain provenance in the ecosystem! The overall effort is tracked @ pypi/warehouse#15871.

v1.10.3

💅 Cosmetic Output Improvements

In #270, @​facutuesca💰 made a follow-up to their previous PR #250, making the hints show up more granularly. This effectively makes sure that the suggestion to enable Trusted Publishing does not get displayed when it's already in use. It also makes the message nicer in a few places on the UI.

🛠️ Internal Dependencies

@​mosfet80💰 updated a few internal linter versions in #266, #267, and #271, no user impact. This is usually automated otherwise.

💪 New Contributors

• @​mosfet80 made their first contribution in pypa/gh-action-pypi-publish#266

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.10.2...v1.10.3

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

Commits

• fb13cb3 📝 Reflect the PR #277 changes in README
• 72ead1a Merge PRs #276 and #277 into release/v1
• 0126dca action: enable attestations by default
• 335e8b0 bump sigstore==3.5.1
• 1545e96 requirements: bump sigstore, pypi-attestations
• f760068 Merge pull request #271 from mosfet80/patch-3
• 6edc294 Fix node.js v16 deprecation self-smoke-test-action.yml
• 85a5a80 Merge pull request #270 from trail-of-forks/fix-magic-link-summary
• 954318b Merge pull request #267 from mosfet80/patch-2
• 24791c7 Merge pull request #266 from mosfet80/patch-1
• Additional commits viewable in compare view

Updates actions/upload-artifact from 4.4.0 to 4.4.3

Release notes

Sourced from actions/upload-artifact's releases.

v4.4.3

What's Changed

• Undo indirect dependency updates from #627 by @​joshmgross in actions/upload-artifact#632

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3

v4.4.2

What's Changed

• Bump @actions/artifact to 2.1.11 by @​robherley in actions/upload-artifact#627
  • Includes fix for relative symlinks not resolving properly

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2

v4.4.1

What's Changed

• Add a section about hidden files by @​joshmgross in actions/upload-artifact#607
• Add workflow file for publishing releases to immutable action package by @​Jcambass in actions/upload-artifact#621
• Update @​actions/artifact to latest version, includes symlink and timeout fixes by @​robherley in actions/upload-artifact#625

New Contributors

• @​Jcambass made their first contribution in actions/upload-artifact#621

Full Changelog: https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1

Commits

• b4b15b8 Merge pull request #632 from actions/joshmgross/undo-dependency-changes
• 92b01eb Undo indirect dependency updates from #627
• 8448086 Merge pull request #627 from actions/robherley/v4.4.2
• b1d4642 add explicit relative and absolute symlinks to workflow
• d50e660 bump version
• aabe6f8 build with @​actions/artifact v2.1.11
• 604373d Merge pull request #625 from actions/robherley/artifact-2.1.10
• 0150148 paste right core version
• a009b25 update licenses
• 9f6f6f4 update @​actions/core and @​actions/artifact to latest versions
• Additional commits viewable in compare view

Updates softprops/action-gh-release from 2.0.8 to 2.0.9

Release notes

Sourced from softprops/action-gh-release's releases.

v2.0.9

What's Changed

• maintenance release with updated dependencies

New Contributors

• @​kbakdev made their first contribution in softprops/action-gh-release#521

Full Changelog: https://github.com/softprops/action-gh-release/compare/v2...v2.0.9

Changelog

Sourced from softprops/action-gh-release's changelog.

2.0.9

• maintenance release with updated dependencies

2.0.8

Other Changes 🔄

• chore(deps): bump prettier from 2.8.0 to 3.3.3 by @​dependabot in softprops/action-gh-release#480
• chore(deps): bump @​types/node from 20.14.9 to 20.14.11 by @​dependabot in softprops/action-gh-release#483
• chore(deps): bump @​octokit/plugin-throttling from 9.3.0 to 9.3.1 by @​dependabot in softprops/action-gh-release#484
• chore(deps): bump glob from 10.4.2 to 11.0.0 by @​dependabot in softprops/action-gh-release#477
• refactor: write jest config in ts by @​chenrui333 in softprops/action-gh-release#485
• chore(deps): bump @​actions/github from 5.1.1 to 6.0.0 by @​dependabot in softprops/action-gh-release#470

2.0.7

Bug fixes 🐛

• Fix missing update release body by @​FirelightFlagboy in softprops/action-gh-release#365

Other Changes 🔄

• Bump @​octokit/plugin-retry from 4.0.3 to 7.1.1 by @​dependabot in softprops/action-gh-release#443
• Bump typescript from 4.9.5 to 5.5.2 by @​dependabot in softprops/action-gh-release#467
• Bump @​types/node from 20.14.6 to 20.14.8 by @​dependabot in softprops/action-gh-release#469
• Bump @​types/node from 20.14.8 to 20.14.9 by @​dependabot in softprops/action-gh-release#473
• Bump typescript from 5.5.2 to 5.5.3 by @​dependabot in softprops/action-gh-release#472
• Bump ts-jest from 29.1.5 to 29.2.2 by @​dependabot in softprops/action-gh-release#479
• docs: document that existing releases are updated by @​jvanbruegge in softprops/action-gh-release#474

2.0.6

• maintenance release with updated dependencies

2.0.5

• Factor in file names with spaces when upserting files #446 via @​MystiPanda
• Improvements to error handling #449 via @​till

2.0.4

• Minor follow up to #417. #425

2.0.3

• Declare make_latest as an input field in action.yml #419

2.0.2

• Revisit approach to #384 making unresolved pattern failures opt-in #417

... (truncated)

Commits

• e7a8f85 chore: release 2.0.9
• 04afa13 chore(deps): bump actions/setup-node from 4.0.4 to 4.1.0 (#535)
• 894468a chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#534)
• 3bd23aa chore(deps): bump @​types/node from 22.7.5 to 22.8.2 (#533)
• 21eb2f9 chore(deps): bump @​types/jest from 29.5.13 to 29.5.14 (#532)
• cd8b57e remove unused imports (#521)
• 820a5ad chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#522)
• 9d04f90 chore(deps): bump @​octokit/plugin-throttling from 9.3.1 to 9.3.2 (#523)
• aaf1d5f chore(deps): bump @​actions/core from 1.10.1 to 1.11.1 (#524)
• 7d33a7e chore(deps): bump @​types/node from 22.5.5 to 22.7.5 (#525)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[coveralls]

coverage: 81.352%. remained the same when pulling d85745a969452f32c9abcb53c9b0fe158ac92b42 on dependabot/github_actions/dot-github/workflows/actions-27a9a48a1b into d579b1d0154178a8a854c7cc549d5aaabcbb3145 on master.

[dependabot[bot]]

Dependabot tried to merge this PR, but received the following error from GitHub:

At least 1 approving review is required by reviewers with write access.

[Zeitsperre]

@dependabot recreate

[Zeitsperre]

@dependabot rebase