chore(deps): bump the actions group with 2 updates

[dependabot[bot]]

Bumps the actions group with 2 updates: pypa/cibuildwheel and actions/attest-build-provenance.

Updates pypa/cibuildwheel from 2.18.1 to 2.19.0

Release notes

Sourced from pypa/cibuildwheel's releases.

Version 2.19.0

• 🌟 Add a Pyodide platform. Set with --platform pyodide or CIBW_PLATFORM: pyodide on Linux with a host Python 3.12 to build WebAssembly wheels. Not accepted on PyPI currently, but usable directly in a website using Pyodide, for live docs, etc. (#1456, #1859)
• 🌟 Add build[uv] backend, which will take a pre-existing uv install (or install cibuildwheel[uv]) and use uv for all environment setup and installs on Python 3.8+. This is significantly faster in most cases. (#1856)
• ✨ Add free-threaded macOS builds and update CPython to 3.13.0b2. (#1854)
• 🐛 Issue copying a wheel to a non-existent output dir fixed. (#1851, #1862)
• 🐛 Better determinism for the test environment seeding. (#1835)
• 🛠 VIRTUAL_ENV variable now set. (#1842)
• 🛠 Remove a pip<21.3 workaround. (#1842)
• 🛠 Error handling was refactored to use exceptions. (#1719)
• 🛠 Hardcoded paths in tests avoided. (#1834)
• 🛠 Single Python tests made more generic. (#1835)
• 🛠 Sped up our ci by splitting up emulation tests. (#1839)

Changelog

Sourced from pypa/cibuildwheel's changelog.

v2.19.0

• 🌟 Add Pyodide platform. Set with --platform pyodide or CIBW_PLATFORM: pyodide on Linux with a host Python 3.12 to build WebAssembly wheels. Not accepted on PyPI currently, but usable directly in a website using Pyodide, for live docs, etc. (#1456, #1859)
• 🌟 Add build[uv] backend, which will take a pre-existing uv install (or install cibuildwheel[uv]) and use uv for all environment setup and installs on Python 3.8+. This is significantly faster in most cases. (#1856)
• ✨ Add free-threaded macOS builds and update CPython to 3.13.0b2. (#1854)
• 🐛 Issue copying a wheel to a non-existent output dir fixed. (#1851, #1862)
• 🐛 Better determinism for the test environment seeding. (#1835)
• 🛠 VIRTUAL_ENV variable now set. (#1842)
• 🛠 Remove a pip<21.3 workaround. (#1842)
• 🛠 Error handling was refactored to use exceptions. (#1719)
• 🛠 Hardcoded paths in tests avoided. (#1834)
• 🛠 Single Python tests made more generic. (#1835)
• 🛠 Sped up our ci by splitting up emulation tests. (#1839)

Commits

• a8d190a Bump version: v2.19.0
• bf817c6 refactor: error handling to use exceptions (#1719)
• 384c8d5 feat: build[uv] (#1856)
• c37e5a2 fix: util.move_file shall not use log.notice (#1862)
• 130fdd2 feat: free-threaded Python for macOS, MACOSX_DEPLOYMENT_TARGET updates (#1854)
• ed12054 chore: bump pyodide (#1859)
• 6c6e0f6 fix: handle case where output_dir does not already exist on macos & windows (...
• 877d3bf [pre-commit.ci] pre-commit autoupdate (#1852)
• 21e9ef1 [Bot] Update dependencies (#1848)
• c333b13 fix: include VIRTUAL_ENV variable (#1842)
• Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.1.2 to 1.2.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.2.0

What's Changed

• Bump actions/attest from 1.1.2 to 1.2.0 by @​bdehamer in actions/attest-build-provenance#101
  • Batch processing w/ exponential backoff
  • Bugfix when pushing attestation to OCI registry

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v1.1.2...v1.2.0

Commits

• 49df96e bump actions attest from 1.1.2 to 1.2.0 (#101)
• 132fcc7 Bump the npm-development group with 5 updates (#100)
• 923ac69 Bump the npm-development group with 5 updates (#93)
• 70c1bd1 Bump the npm-development group with 3 updates (#81)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.