Keep GitHub Actions up to date with GitHub's Dependabot

[cclauss]

Automatically creates pull requests to upgrade GitHub Actions which will remove the warning like at the bottom right of https://github.com/mdmintz/pynose/actions/runs/7873191347

• https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot
• https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#package-ecosystem

[mdmintz]

.github/workflows/python-package.yml has already been updated to use the newer versions.

.github/workflows/python-package-legacy.yml is expected to have those deprecation warnings because Python 3.6 is already deprecated, and we're keeping support for that anyway, at least until GitHub Actions drops support for Python 3.6 entirely.

Definitely no Dependabot, as that creates unnecessary noise for things that are already known.

[cclauss]

The Actions updates have nothing to do with the versions of Python that can be used. That is governed not by the actions but by the version of Ubuntu, macOS, or Windows used and the https://github.com/actions/python-versions file.

I agree that Dependabot can be chatty to PyPI or npm, etc. dependencies but Actions do not receive major updates often. Reduction of chattiness was handled in this PR by bundling all Actions updates into a single PR (so max one new PR a week) but the interval could be set to monthly (so max one new PR a month -- not chatty but at least automatic).

[mdmintz]

The newer Actions versions don't fully support Python 3.6: https://github.com/mdmintz/pynose/actions/runs/4308067130/job/11698879866

See https://github.com/actions/setup-python/issues/544 for more info.

That's the whole reason why the original Actions job got split into two in the first place:

• python-package.yml
• python-package-legacy.yml

[cclauss]

If you drop back from runs-on: ubuntu-latest to ubuntu-20.04 you will be able to test on Py3.5 and Py3.6 even on the latest action.

[mdmintz]

I updated to actions/setup-python@v5: https://github.com/mdmintz/pynose/commit/8d612ee5621e81494598f940a96171c2b7b67f1b The warning message went away. All set.