build(deps): bump the actions group with 3 updates

[dependabot[bot]]

Bumps the actions group with 3 updates: docker/build-push-action, actions/attest-build-provenance and pypa/gh-action-pypi-publish.

Updates docker/build-push-action from 5 to 6

Release notes

Sourced from docker/build-push-action's releases.

v6.0.0

• Export build record and generate build summary by @​crazy-max in docker/build-push-action#1120
• Bump @​docker/actions-toolkit from 0.24.0 to 0.26.0 in docker/build-push-action#1132 docker/build-push-action#1136 docker/build-push-action#1138
• Bump braces from 3.0.2 to 3.0.3 in docker/build-push-action#1137

[!NOTE] This major release adds support for generating Build summary and exporting build record for your build. You can disable this feature by setting DOCKER_BUILD_NO_SUMMARY: true environment variable in your workflow.

Full Changelog: https://github.com/docker/build-push-action/compare/v5.4.0...v6.0.0

v5.4.0

• Show builder information before building by @​crazy-max in docker/build-push-action#1128
• Handle attestations correctly with provenance and sbom inputs by @​crazy-max in docker/build-push-action#1086
• Bump @​docker/actions-toolkit from 0.19.0 to 0.24.0 in docker/build-push-action#1088 docker/build-push-action#1105 docker/build-push-action#1121 docker/build-push-action#1127
• Bump undici from 5.28.3 to 5.28.4 in docker/build-push-action#1090

Full Changelog: https://github.com/docker/build-push-action/compare/v5.3.0...v5.4.0

v5.3.0

• Bump @​docker/actions-toolkit from 0.18.0 to 0.19.0 in docker/build-push-action#1080

Full Changelog: https://github.com/docker/build-push-action/compare/v5.2.0...v5.3.0

v5.2.0

• Disable quotes detection for outputs input by @​crazy-max in docker/build-push-action#1074
• Warn about ignored inputs by @​favonia in docker/build-push-action#1019
• Bump @​docker/actions-toolkit from 0.14.0 to 0.18.0 in docker/build-push-action#1070
• Bump undici from 5.26.3 to 5.28.3 in docker/build-push-action#1057

Full Changelog: https://github.com/docker/build-push-action/compare/v5.1.0...v5.2.0

v5.1.0

• Add annotations input by @​crazy-max in docker/build-push-action#992
• Add secret-envs input by @​elias-lundgren in docker/build-push-action#980
• Bump @​babel/traverse from 7.17.3 to 7.23.2 in docker/build-push-action#991
• Bump @​docker/actions-toolkit from 0.13.0-rc.1 to 0.14.0 in docker/build-push-action#990 docker/build-push-action#1006

Full Changelog: https://github.com/docker/build-push-action/compare/v5.0.0...v5.1.0

Commits

• c382f71 Merge pull request #1120 from crazy-max/build-summary
• 5a5b70d chore: update generated content
• dc24cf9 don't generate summary for cloud driver
• 667cb22 DOCKER_BUILD_NO_SUMMARY env to disable summary
• d880b19 generate build summary
• e51051a export build record and upload artifact
• 86c2bd0 Merge pull request #1137 from docker/dependabot/npm_and_yarn/braces-3.0.3
• 268d2b1 Merge pull request #1138 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 2b8dc7f chore: update generated content
• 840c12b chore(deps): Bump @​docker/actions-toolkit from 0.25.1 to 0.26.0
• Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.2.0 to 1.3.2

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.3.2

What's Changed

• Bump actions/attest from 1.3.1 to 1.3.2 by @​bdehamer in actions/attest-build-provenance#123
  • Increase timeout for OCI operations

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v1.3.1...v1.3.2

v1.3.1

What's Changed

• Bump actions/attest from 1.3.0 to 1.3.1 by @​bdehamer in actions/attest-build-provenance#117
  • Bugfix when detecting support for the referrers API with OCI registries

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v1.3.0...v1.3.1

v1.3.0

What's Changed

• Bump actions/attest-build-provenance/predicate from 1.0.0 to 1.1.0 by @​bdehamer in actions/attest-build-provenance#116
  • Switch to new GH provenance build type
• Bump actions/attest from 1.2.0 to 1.3.0 by @​bdehamer in actions/attest-build-provenance#116
  • Dynamic construction of GitHub API URLs based on GITHUB_SERVER_URL
  • Improved handling of Rekor 409 responses
  • Bugfix - detection of registries with support for the OCI referrers API

Full Changelog: https://github.com/actions/attest-build-provenance/compare/v1.2.0...v1.3.0

Commits

• bdd5137 bump actions/attest from 1.3.1 to 1.3.2 (#123)
• cd2e38c Bump the npm-development group with 4 updates (#122)
• 995dfa6 add multi-subject examples to docs (#118)
• 534b352 bump actions/attest from 1.3.0 to 1.3.1 (#117)
• 3119152 bump predicate and actions/attest (#116)
• 52bfabd Bump braces from 3.0.2 to 3.0.3 (#115)
• 46e4ff8 bump @​actions/attest from 1.2.1 to 1.3.0 (#114)
• 3161db1 Bump eslint-plugin-github from 4.10.2 to 5.0.1 (#107)
• 3471ca2 Bump the npm-development group with 6 updates (#106)
• 8f1fc17 Revert "disable github action linting (#54)" (#102)
• See full diff in compare view

Updates pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.9.0

💅 Cosmetic Output Improvements

• @​woodruffw💰 updated the tense on password nudge in #234
• @​shenxianpeng💰 helped us disable the progress bar that was being produced by the twine upload command via #231
• @​woodruffw💰 also linked the PyPI status dashboard in the trusted publishing error message via pypa/gh-action-pypi-publish#243

🛠️ Internal Dependencies

• pre-commit linters got auto-updated @ #225
• some notable dependency bumps include
  • cryptography == 42.0.7
  • id == 1.4.0
  • idna == 3.7 via #228
  • requests == 2.32.0 via #240
  • Twine == 5.1.0

⚙️ Secret Stuff

In #241, @​br3ndonland💰 added a Docker label linking the container image to this repository for GHCR to display it nicely. This is preparatory work for a big performance-focused refactoring he's working on in #230.

💪 New Contributors

• @​shenxianpeng made their first contribution in pypa/gh-action-pypi-publish#231
• @​br3ndonland made their first contribution in pypa/gh-action-pypi-publish#241

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.8.14...v1.9.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​pradyunsg💰 for promptly unblocking this release to Marketplace as GitHub started asking for yet another developer agreement signature from the organization admins.

Commits

• ec4db0b Merge PR #243 into unstable/v1
• e790844 oidc-exchange: link to status dashboard
• 87b624f 💅Update homepage @ Dockerfile to GH Marketplace
• da2f9bb Merge pull request #241 from br3ndonland/ghcr-label
• abbea2d Add Docker label for GHCR
• 2734d07 build(deps): bump requests from 2.31.0 to 2.32.0 in /requirements (#240)
• a54b9b8 ---
• 699cd61 ⇪📦 Bump the runtime dep lockfile
• 8414fc2 [pre-commit.ci] pre-commit autoupdate (#225)
• 67a07eb Disable the progress bar when running twine upload
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 98.21%. Comparing base (644b1ba) to head (aa3650c). Report is 10 commits behind head on main.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## main #2520 +/- ## ======================================= Coverage 98.21% 98.21% ======================================= Files 69 69 Lines 4543 4543 Branches 804 804 ======================================= Hits 4462 4462 Misses 48 48 Partials 33 33 ``` | [Flag](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | Coverage Δ | | |---|---|---| | [contrib](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `97.79% <ø> (ø)` | | | [doctest](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `98.08% <ø> (ø)` | | | [unittests-3.10](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.23% <ø> (ø)` | | | [unittests-3.11](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.23% <ø> (ø)` | | | [unittests-3.12](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.23% <ø> (ø)` | | | [unittests-3.8](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.25% <ø> (ø)` | | | [unittests-3.9](https://app.codecov.io/gh/scikit-hep/pyhf/pull/2520/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep) | `96.27% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=scikit-hep#carryforward-flags-in-the-pull-request-comment) to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[matthewfeickert]

@meeseeksdev backport to release/v0.7.x