search

afuetterer / oaipmh-scythe

A Scythe for harvesting OAI-PMH repositories.
https://afuetterer.github.io/oaipmh-scythe/
BSD 3-Clause "New" or "Revised" License
7 stars 2 forks source link

ci: bump the github-actions group across 1 directory with 9 updates #382

Closed dependabot[bot] closed 4 weeks ago

dependabot[bot] commented 1 month ago

Bumps the github-actions group with 9 updates in the / directory:

Package From To
actions/checkout 4.1.6 4.1.7
github/codeql-action 3.25.5 3.25.15
actions/setup-python 5.1.0 5.1.1
python-semantic-release/python-semantic-release 9.7.3 9.8.6
python-semantic-release/upload-to-gh-release 0f96c02a48278aff14251e9f1a0d73122a8c638b 0dcddac3ba7b691d7a3fd4586b640d7b214a0016
pypa/gh-action-pypi-publish 1.8.14 1.9.0
ossf/scorecard-action 2.3.3 2.4.0
hynek/build-and-inspect-python-package 2.5.0 2.8.0
peter-evans/create-pull-request 6.0.5 6.1.0

Updates actions/checkout from 4.1.6 to 4.1.7

Release notes

Sourced from actions/checkout's releases.

v4.1.7

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v4.1.6...v4.1.7

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.7

v4.1.6

v4.1.5

v4.1.4

v4.1.3

v4.1.2

v4.1.1

v4.1.0

v4.0.0

v3.6.0

v3.5.3

... (truncated)

Commits


Updates github/codeql-action from 3.25.5 to 3.25.15

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time.

3.25.13 - 19 Jul 2024

  • Add codeql-version to outputs. #2368
  • Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
    • If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.25.12 - 12 Jul 2024

  • Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
  • Update default CodeQL bundle version to 2.18.0. #2364

3.25.11 - 28 Jun 2024

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
  • Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

... (truncated)

Commits
  • afb54ba Merge pull request #2391 from github/update-v3.25.15-4b1d7da10
  • 57a4b22 Update changelog for v3.25.15
  • 4b1d7da Merge pull request #2385 from github/update-bundle/codeql-bundle-v2.18.1
  • 97e8f69 Merge branch 'main' into update-bundle/codeql-bundle-v2.18.1
  • f8e94f9 Merge pull request #2389 from github/mergeback/v3.25.14-to-main-5cf07d8b
  • 9e375a8 Update checked-in dependencies
  • 02d73d0 Update changelog and version after v3.25.14
  • 5cf07d8 Merge pull request #2388 from github/update-v3.25.14-1b214db07
  • ecab108 Update changelog for v3.25.14
  • 1b214db Merge pull request #2387 from github/aibaars/remove-set-secret
  • Additional commits viewable in compare view


Updates actions/setup-python from 5.1.0 to 5.1.1

Release notes

Sourced from actions/setup-python's releases.

v5.1.1

What's Changed

Bug fixes:

  • fix(ci): update all failing workflows by @​mayeut in actions/setup-python#863 This update ensures compatibility and optimal performance of workflows on the latest macOS version.

Documentation changes:

Dependency updates:

New Contributors

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.1.1

Commits


Updates python-semantic-release/python-semantic-release from 9.7.3 to 9.8.6

Release notes

Sourced from python-semantic-release/python-semantic-release's releases.

v9.8.6 (2024-07-20)

Fixes

  • version-cmd: resolve build command execution in powershell (#980, 32c8e70)

Documentation

  • configuration: correct GHA parameter name for commit email (#981)

Detailed Changes: https://github.com/python-semantic-release/python-semantic-release/compare/v9.8.5...v9.8.6

v9.8.5 (2024-07-06)

Fixes

  • Enable --print-last-released* when in detached head or non-release branch (#926)

  • changelog: resolve commit ordering issue when dates are similar (bfda159)

  • version-cmd: drop branch restriction for --print-last-released* opts (782c0a6)

Performance Improvements

  • Improve git history processing for changelog generation (#972)

  • changelog: improve git history parser changelog generation (bfda159)

Resolved Issues

  • #900: Allow version --print-last-released outside of release branches

Detailed Changes: https://github.com/python-semantic-release/python-semantic-release/compare/v9.8.4...v9.8.5

v9.8.4 (2024-07-04)

Fixes

  • changelog-cmd: remove usage strings when error occured (348a51d)

  • changelog-cmd: render default changelog when user template directory exist but is empty (bded8de)

  • config: prevent path traversal manipulation of target changelog location (43e35d0, 3eb3dba)

  • publish-cmd: prevent error when provided tag does not exist locally (16afbbb)

... (truncated)

Changelog

Sourced from python-semantic-release/python-semantic-release's changelog.

CHANGELOG

v9.8.6 (2024-07-20)

Documentation

  • docs(configuration): correct GHA parameter name for commit email (#981)

git_committer_name was repeated; replace one instance of it with git_committer_email (ce9ffdb)

Fix

  • fix(version-cmd): resolve build command execution in powershell (#980)

Fixes the command line option for passing a shell command to Powershell. Also included a similar shell detection result for pwsh (Powershell Core) (32c8e70)

v9.8.5 (2024-07-06)

Fix

  • fix: enable --print-last-released* when in detached head or non-release branch (#926)

  • test(version-cmd): add tests to print when detached or non-release branch

    ref: #900

  • fix(version-cmd): drop branch restriction for --print-last-released* opts

    Resolves: #900 (782c0a6)

Performance

  • perf: improve git history processing for changelog generation (#972)

  • perf(changelog): improve git history parser changelog generation

    This converts the double for-loop (O(n^2)) down to O(n) using a lookup table to match the current commit with a known tag rather than iterating through all the tags of the repository every time.

  • fix(changelog): resolve commit ordering issue when dates are similar (bfda159)

v9.8.4 (2024-07-04)

Fix

  • fix(changelog-cmd): remove usage strings when error occured

... (truncated)

Commits
  • dec06aa 9.8.6
  • 32c8e70 fix(version-cmd): resolve build command execution in powershell (#980)
  • ce9ffdb docs(configuration): correct GHA parameter name for commit email (#981)
  • 3ba5346 9.8.5
  • 782c0a6 fix: enable --print-last-released* when in detached head or non-release bra...
  • bfda159 perf: improve git history processing for changelog generation (#972)
  • e02a9bd 9.8.4
  • 7342484 style: beautify 348a51db8a837d951966aff3789aa0c93d473829
  • 348a51d fix(changelog-cmd): remove usage strings when error occured
  • afbb187 fix(publish-cmd): remove usage strings when error occured
  • Additional commits viewable in compare view


Updates python-semantic-release/upload-to-gh-release from 0f96c02a48278aff14251e9f1a0d73122a8c638b to 0dcddac3ba7b691d7a3fd4586b640d7b214a0016

Changelog

Sourced from python-semantic-release/upload-to-gh-release's changelog.

[semantic_release] assets = ["README.md", "LICENSE"] build_command = """python3 ./scripts/bump_version.py""" commit_parser = "angular"

[semantic_release.changelog] exclude_commit_patterns = [ '''chore(?:([^)]?))?: .+''', '''ci(?:([^)]?))?: .+''', '''refactor(?:([^)]?))?: .+''', '''style(?:([^)]?))?: .+''', '''test(?:([^)]?))?: .+''', '''build((?!deps): .+)''', '''Merged? .''', '''Initial Commit.*''', ]

[semantic_release.branches.main] match = "(main|master)" prerelease = false

[semantic_release.remote] type = "github" token = { env = "GH_TOKEN" }

[semantic_release.publish] upload_to_vcs_release = false

Commits
  • 0dcddac 9.8.6
  • 23d348d build(deps): bump python-semantic-release from 9.8.5 to 9.8.6 (#19)
  • 1b1cde2 ci(deps): bump python-semantic-release action from 9.8.5 to 9.8.6 (#20)
  • e2355e1 ci(deps): bump python-semantic-release from 9.8.3 to 9.8.5 (#18)
  • fe6cc89 9.8.5
  • 637a381 build(deps): bump python-semantic-release from 9.8.4 to 9.8.5 (#17)
  • ab38ab6 9.8.4
  • bc1d48b build(deps): bump python-semantic-release from 9.8.3 to 9.8.4 (#16)
  • 1521494 ci(deps): bump python-semantic-release from 9.8.2 to 9.8.3 (#15)
  • c7c3b69 9.8.3
  • Additional commits viewable in compare view


Updates pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.9.0

💅 Cosmetic Output Improvements

🛠️ Internal Dependencies

  • pre-commit linters got auto-updated @ #225
  • some notable dependency bumps include
    • cryptography == 42.0.7
    • id == 1.4.0
    • idna == 3.7 via #228
    • requests == 2.32.0 via #240
    • Twine == 5.1.0

⚙️ Secret Stuff

In #241, @​br3ndonland💰 added a Docker label linking the container image to this repository for GHCR to display it nicely. This is preparatory work for a big performance-focused refactoring he's working on in #230.

💪 New Contributors

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.14...v1.9.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​pradyunsg💰 for promptly unblocking this release to Marketplace as GitHub started asking for yet another developer agreement signature from the organization admins.

Commits
  • ec4db0b Merge PR #243 into unstable/v1
  • e790844 oidc-exchange: link to status dashboard
  • 87b624f 💅Update homepage @ Dockerfile to GH Marketplace
  • da2f9bb Merge pull request #241 from br3ndonland/ghcr-label
  • abbea2d Add Docker label for GHCR
  • 2734d07 build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements (#240)
  • a54b9b8 ---
  • 699cd61 ⇪📦 Bump the runtime dep lockfile
  • 8414fc2 [pre-commit.ci] pre-commit autoupdate (#225)
  • 67a07eb Disable the progress bar when running twine upload
  • Additional commits viewable in compare view


Updates ossf/scorecard-action from 2.3.3 to 2.4.0

Release notes

Sourced from ossf/scorecard-action's releases.

v2.4.0

What's Changed

This update bumps the Scorecard version to the v5 release. For a complete list of changes, please refer to the v5.0.0 release notes. Of special note to Scorecard Action is the Maintainer Annotation feature, which can be used to suppress some Code Scanning false positives. Alerts will not be generated for any Scorecard Check with an annotation.

Documentation

New Contributors

Full Changelog: https://github.com/ossf/scorecard-action/compare/v2.3.3...v2.4.0

Commits
  • 62b2cac bump docker tag to v2.4.0 for release (#1414)
  • c09630c lower license score alert threshold to 9 (#1411)
  • cf8594c :seedling: Bump github.com/sigstore/cosign/v2 from 2.2.4 to 2.3.0 (#1413)
  • de5fcb9 :seedling: Bump the github-actions group with 2 updates (#1412)
  • a46b90b bump scorecard to v5.0.0 release (#1410)
  • 9fc518d :seedling: Bump golang in the docker-images group (#1407)
  • a8eaa1b :seedling: Bump the github-actions group with 2 updates (#1408)
  • 873d5fd :seedling: Bump the github-actions group across 1 directory with 2 updates (#...
  • 54cc1fe :seedling: Bump the docker-images group with 2 updates (#1401)
  • 82bcb91 :seedling: Bump golang.org/x/net from 0.26.0 to 0.27.0 (#1400)
  • Additional commits viewable in compare view


Updates hynek/build-and-inspect-python-package from 2.5.0 to 2.8.0

Release notes

Sourced from hynek/build-and-inspect-python-package's releases.

v2.8.0

Changed

  • We now use uv's new uv cache prune --ci to only cache downloaded files. This makes the cache smaller and faster to pack/unpack. #135

Fixed

  • Turns out, the default location of uv's cache cannot be cached and actions/cache fails silently with an opaque "Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved." log message. We have moved the cache to /tmp. #135

v2.7.0

Added

  • A header before package contents in the summary. Especially useful together with a preceding build provenance attestation. #131

v2.6.0

Added

  • Support for ubuntu-24.04 builders. #126

  • New output: artifact-name is the name of the uploaded artifact. #125

Changelog

Sourced from hynek/build-and-inspect-python-package's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

2.8.0 - 2024-07-25

Changed

  • Use uv's new uv cache prune --ci to only cache downloaded files. This makes the cache smaller and faster to pack/unpack. #135

Fixed

  • Turns out, the default location of uv's cache cannot be cached and actions/cache fails silently with an opaque "Path(s) specified in the action for caching do(es) not exist, hence no cache is being saved." log message. We have moved the cache to /tmp. #135

2.7.0 - 2024-07-17

Added

  • A header before package contents in the summary. Especially useful together with a preceding build provenance attestation. #131

2.6.0 - 2024-05-26

Added

  • Support for ubuntu-24.04 builders. #126

  • New output: artifact-name is the name of the uploaded artifact. #125

2.5.0 - 2024-05-13

Added

  • New input: attest-build-provenance-github generates signed build provenance attestations for workflow artifacts. #122

... (truncated)

Commits


Updates peter-evans/create-pull-request from 6.0.5 to 6.1.0

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v6.1.0

✨ Adds pull-request-branch as an action output.

What's Changed

Full Changelog: https://github.com/peter-evans/create-pull-request/compare/v6.0.5...v6.1.0

Commits
  • c5a7806 feat: add branch name output (#2995)
  • 4383ba9 build: update distribution (#2990)
  • 36f7648 build(deps): bump undici from 6.18.2 to 6.19.2 (#2977)
  • 5f7c158 build(deps-dev): bump @​types/node from 18.19.34 to 18.19.36 (#2976)
  • db1713d build(deps-dev): bump ts-jest from 29.1.4 to 29.1.5 (#2975)
  • ca98a71 build(deps-dev): bump ws from 8.11.0 to 8.17.1 (#2970)
  • ce00808 build(deps-dev): bump braces from 3.0.2 to 3.0.3 (#2962)
  • 7318c0b build(deps-dev): bump prettier from 3.3.0 to 3.3.2 (#2959)
  • e30bbbb build: update distribution (#2947)
  • bad19b8 build(deps-dev): bump @​types/node from 18.19.33 to 18.19.34 (#2935)
  • Additional commits viewable in compare view


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
afuetterer commented 4 weeks ago

@dependabot recreate

dependabot[bot] commented 4 weeks ago

Superseded by #387.