Skip to content

Bump the github-actions group with 4 updates#763

Merged
rgommers merged 2 commits intomainfrom
dependabot/github_actions/github-actions-552a6552f7
Aug 1, 2024
Merged

Bump the github-actions group with 4 updates#763
rgommers merged 2 commits intomainfrom
dependabot/github_actions/github-actions-552a6552f7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 1, 2024
edited
Loading

Bumps the github-actions group with 4 updates: pypa/cibuildwheel, actions/upload-artifact, actions/download-artifact and softprops/action-gh-release.

Updates pypa/cibuildwheel from 2.18.1 to 2.19.2

Release notes

Sourced from pypa/cibuildwheel's releases.

Version 2.19.2

  • 🐛 Update manylinux2014 pins to versions that support past-EoL CentOS 7 mirrors. (#1917)
  • 🐛 Support --no-isolation with build[uv] build-frontend. (#1889)
  • 🛠 Provide attestations for releases at https://github.com/pypa/cibuildwheel/attestations. (#1916)
  • 🛠 Provide CPython 3.13.0b3. (#1913)
  • 🛠 Remove some workarounds now that pip 24.1 is available. (#1891, #1892)
  • 📚 Remove nosetest from our docs. (#1821)
  • 📚 Document the macOS ARM workaround for 3.8 on GHA. (#1871)
  • 📚 GitLab CI + macOS is now a supported platform with an example. (#1911)

Version 2.19.1

  • 🐛 Don't require setup-python on GHA for Pyodide (#1868)
  • 🐛 Specify full python path for uv (fixes issue in 0.2.10 & 0.2.11) (#1881)
  • 🛠 Update for pip 24.1b2 on CPython 3.13. (#1879)
  • 🛠 Fix a warning in our schema generation script. (#1866)
  • 🛠 Cleaner output on pytest 8-8.2. (#1865)

Version 2.19.0

Release post: https://iscinumpy.dev/post/cibuildwheel-2-19-0/

  • 🌟 Add a Pyodide platform. Set with --platform pyodide or CIBW_PLATFORM: pyodide on Linux with a host Python 3.12 to build WebAssembly wheels. Not accepted on PyPI currently, but usable directly in a website using Pyodide, for live docs, etc. (#1456, #1859)
  • 🌟 Add build[uv] backend, which will take a pre-existing uv install (or install cibuildwheel[uv]) and use uv for all environment setup and installs on Python 3.8+. This is significantly faster in most cases. (#1856)
  • ✨ Add free-threaded macOS builds and update CPython to 3.13.0b2. (#1854)
  • 🐛 Issue copying a wheel to a non-existent output dir fixed. (#1851, #1862)
  • 🐛 Better determinism for the test environment seeding. (#1835)
  • 🛠 VIRTUAL_ENV variable now set. (#1842)
  • 🛠 Remove a pip<21.3 workaround. (#1842)
  • 🛠 Error handling was refactored to use exceptions. (#1719)
  • 🛠 Hardcoded paths in tests avoided. (#1834)
  • 🛠 Single Python tests made more generic. (#1835)
  • 🛠 Sped up our ci by splitting up emulation tests. (#1839)
Commits

Updates actions/upload-artifact from 4.3.3 to 4.3.4

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.4

What's Changed

Full Changelog: actions/upload-artifact@v4.3.3...v4.3.4

Commits

Updates actions/download-artifact from 4.1.7 to 4.1.8

Release notes

Sourced from actions/download-artifact's releases.

v4.1.8

What's Changed

Full Changelog: actions/download-artifact@v4...v4.1.8

Commits
  • fa0a91b Merge pull request #341 from actions/robherley/bump-pkgs
  • b54d088 Update @​actions/artifact version, bump dependencies
  • See full diff in compare view

Updates softprops/action-gh-release from 2.0.6 to 2.0.8

Release notes

Sourced from softprops/action-gh-release's releases.

v2.0.8

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.0.8

v2.0.7

What's Changed

Bug fixes 🐛

Other Changes 🔄

New Contributors

Full Changelog: softprops/action-gh-release@v2.0.6...v2.0.7

Changelog

Sourced from softprops/action-gh-release's changelog.

2.0.8

Other Changes 🔄

2.0.7

Bug fixes 🐛

Other Changes 🔄

2.0.6

  • maintenance release with updated dependencies

2.0.5

2.0.4

2.0.3

  • Declare make_latest as an input field in action.yml #419

2.0.2

  • Revisit approach to #384 making unresolved pattern failures opt-in #417

2.0.1

... (truncated)

Commits
  • c062e08 release 2.0.8
  • 380635c chore(deps): bump @​actions/github from 5.1.1 to 6.0.0 (#470)
  • 20adb42 refactor: write jest config in ts (#485)
  • f808f15 chore(deps): bump glob from 10.4.2 to 11.0.0 (#477)
  • 6145241 chore(deps): bump @​octokit/plugin-throttling from 9.3.0 to 9.3.1 (#484)
  • 4ac522d chore(deps): bump @​types/node from 20.14.9 to 20.14.11 (#483)
  • 25849b1 chore(deps): bump prettier from 2.8.0 to 3.3.3 (#480)
  • 6206056 chore: update dependabot commit msg
  • 39aadf1 chore: run frizbee actions .github/workflows/
  • 6f3ab65 chore: update dist file
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 1, 2024
rgommers
rgommers requested changes Aug 1, 2024
View reviewed changes
Copy link
Member

@rgommers rgommers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The cibuildwheel updates look incorrect. The hash 147de6...) is the most recent commit on the cibuildwheel main branch, but the version numbers in this diff aren't touched, which is clearly wrong. @cclauss maybe you'd be able to figure out why?

@agriyakhetarpal
Copy link
Collaborator

agriyakhetarpal commented Aug 1, 2024
edited
Loading

Strangely, 147de6f4f7bba00e694321b7cf3a519441a444fa isn't a part of a release from cibuildwheel, but the earlier hash is.

@cclauss
Copy link
Contributor

cclauss commented Aug 1, 2024

In a mountain hut because it is the National Day here in Switzerland but perhaps @henryiii can shed some light on this.

@agriyakhetarpal
Copy link
Collaborator

agriyakhetarpal commented Aug 1, 2024
edited
Loading

I'll try to see if asking to re-create the PR helps – it could have been a Dependabot bug.

Edit: I see, someone with greater than triage permissions has to do it 😅

@agriyakhetarpal
Copy link
Collaborator

agriyakhetarpal commented Aug 1, 2024

@dependabot recreate

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 1, 2024

Sorry, only users with push access can use that command.

@rgommers
Copy link
Member

rgommers commented Aug 1, 2024

@dependabot recreate

@dependabot
Bump the github-actions group with 4 updates
105cc91 
Bumps the github-actions group with 4 updates: [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `pypa/cibuildwheel` from 2.18.1 to 2.19.2
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Commits](pypa/cibuildwheel@v2.18.1...v2.19.2)

Updates `actions/upload-artifact` from 4.3.3 to 4.3.4
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@6546280...0b2256b)

Updates `actions/download-artifact` from 4.1.7 to 4.1.8
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](actions/download-artifact@65a9edc...fa0a91b)

Updates `softprops/action-gh-release` from 2.0.6 to 2.0.8
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@a74c6b7...c062e08)

---
updated-dependencies:
- dependency-name: pypa/cibuildwheel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github-actions-552a6552f7 branch from 6189690 to 105cc91 Compare August 1, 2024 14:26
@rgommers
Copy link
Member

rgommers commented Aug 1, 2024

That recreate didn't change anything. I pushed a commit to force using the actual upstream commit that's tagged as v2.19.2, and also consistently used v as the first letter of the code comment (maybe it matters).

Either way, not so great that dependabot picks a random commit from main rather than a tagged version.

@rgommers rgommers added this to the v1.7.0 milestone Aug 1, 2024
rgommers
rgommers approved these changes Aug 1, 2024
View reviewed changes
Copy link
Member

@rgommers rgommers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested all wheel builds on my fork, all green - in it goes.

@rgommers rgommers merged commit a65ad65 into main Aug 1, 2024
@rgommers rgommers deleted the dependabot/github_actions/github-actions-552a6552f7 branch August 1, 2024 16:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rgommers rgommers rgommers approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

v1.7.0

Development

Successfully merging this pull request may close these issues.

3 participants

@agriyakhetarpal @cclauss @rgommers