From af41d669655780e42d9daabddcf656dae802d66a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Dec 2025 08:08:15 +0000 Subject: [PATCH] Bump the actions group with 6 updates Bumps the actions group with 6 updates: | Package | From | To | | --- | --- | --- | | [github/codeql-action](https://github.com/github/codeql-action) | `4.31.7` | `4.31.8` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5` | `6` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `6` | `7` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.11` | `8.0.0` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.1.5` | `7.1.6` | | [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action) | `c0e2b1c877e25a91d1d747c438d49199cad29698` | `cb3d8e846e148d1111d90b03375b9c03deceda37` | Updates `github/codeql-action` from 4.31.7 to 4.31.8 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/cf1bb45a277cb3c205638b2cd5c984db1c46a412...1b168cd39490f61582a9beae412bb7057a6b2c4e) Updates `actions/upload-artifact` from 5 to 6 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v5...v6) Updates `actions/download-artifact` from 6 to 7 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v6...v7) Updates `peter-evans/create-pull-request` from 7.0.11 to 8.0.0 - [Release notes](https://github.com/peter-evans/create-pull-request/releases) - [Commits](https://github.com/peter-evans/create-pull-request/compare/22a9089034f40e5a961c8808d113e2c98fb63676...98357b18bf14b5342f975ff684046ec3b2a07725) Updates `astral-sh/setup-uv` from 7.1.5 to 7.1.6 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/ed21f2f24f8dd64503750218de024bcf64c7250a...681c641aba71e4a1c380be3ab5e12ad51f415867) Updates `zizmorcore/zizmor-action` from c0e2b1c877e25a91d1d747c438d49199cad29698 to cb3d8e846e148d1111d90b03375b9c03deceda37 - [Release notes](https://github.com/zizmorcore/zizmor-action/releases) - [Commits](https://github.com/zizmorcore/zizmor-action/compare/c0e2b1c877e25a91d1d747c438d49199cad29698...cb3d8e846e148d1111d90b03375b9c03deceda37) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: actions/upload-artifact dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: actions/download-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: peter-evans/create-pull-request dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions - dependency-name: zizmorcore/zizmor-action dependency-version: cb3d8e846e148d1111d90b03375b9c03deceda37 dependency-type: direct:production dependency-group: actions ... Signed-off-by: dependabot[bot] --- .github/workflows/codeql.yml | 4 ++-- .github/workflows/dist.yml | 8 ++++---- .github/workflows/release-python.yml | 2 +- .github/workflows/sbom.yml | 4 ++-- .github/workflows/test-python.yml | 20 ++++++++++---------- .github/workflows/zizmor.yml | 2 +- 6 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 48ad4183fb..55dd016a87 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,7 +46,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4 + uses: github/codeql-action/init@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -63,6 +63,6 @@ jobs: pip install -e . - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4 + uses: github/codeql-action/analyze@1b168cd39490f61582a9beae412bb7057a6b2c4e # v4 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dist.yml b/.github/workflows/dist.yml index 81c6fa4200..2d36211dac 100644 --- a/.github/workflows/dist.yml +++ b/.github/workflows/dist.yml @@ -91,7 +91,7 @@ jobs: # Free-threading builds: ls wheelhouse/*cp314t*.whl - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@v6 with: name: wheel-${{ matrix.buildplat[1] }} path: ./wheelhouse/*.whl @@ -124,7 +124,7 @@ jobs: cd .. python -c "from pymongo import has_c; assert has_c()" - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@v6 with: name: "sdist" path: ./dist/*.tar.gz @@ -135,13 +135,13 @@ jobs: name: Download Wheels steps: - name: Download all workflow run artifacts - uses: actions/download-artifact@v6 + uses: actions/download-artifact@v7 - name: Flatten directory working-directory: . run: | find . -mindepth 2 -type f -exec mv {} . \; find . -type d -empty -delete - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@v6 with: name: all-dist-${{ github.run_id }} path: "./*" diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml index 43e500337e..e3dd1edb1c 100644 --- a/.github/workflows/release-python.yml +++ b/.github/workflows/release-python.yml @@ -75,7 +75,7 @@ jobs: id-token: write steps: - name: Download all the dists - uses: actions/download-artifact@v6 + uses: actions/download-artifact@v7 with: name: all-dist-${{ github.run_id }} path: dist/ diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index c99196dc87..d443c49505 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -63,14 +63,14 @@ jobs: run: rm -rf .venv .venv-sbom - name: Upload SBOM artifact - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: sbom path: sbom.json if-no-files-found: error - name: Create Pull Request - uses: peter-evans/create-pull-request@22a9089034f40e5a961c8808d113e2c98fb63676 + uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: 'chore: Update SBOM after dependency changes' diff --git a/.github/workflows/test-python.yml b/.github/workflows/test-python.yml index 0403802dde..c35fad7c35 100644 --- a/.github/workflows/test-python.yml +++ b/.github/workflows/test-python.yml @@ -26,7 +26,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: enable-cache: true python-version: "3.10" @@ -68,7 +68,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: enable-cache: true python-version: ${{ matrix.python-version }} @@ -87,7 +87,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: enable-cache: true python-version: "3.10" @@ -112,7 +112,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: enable-cache: true python-version: "3.10" @@ -131,7 +131,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: enable-cache: true python-version: "3.10" @@ -153,7 +153,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: enable-cache: true python-version: "${{matrix.python}}" @@ -174,7 +174,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: enable-cache: true python-version: "3.10" @@ -214,7 +214,7 @@ jobs: run: | pip install build python -m build --sdist - - uses: actions/upload-artifact@v5 + - uses: actions/upload-artifact@v6 with: name: "sdist" path: dist/*.tar.gz @@ -226,7 +226,7 @@ jobs: timeout-minutes: 20 steps: - name: Download sdist - uses: actions/download-artifact@v6 + uses: actions/download-artifact@v7 with: path: sdist/ - name: Unpack SDist @@ -264,7 +264,7 @@ jobs: with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@ed21f2f24f8dd64503750218de024bcf64c7250a # v7 + uses: astral-sh/setup-uv@681c641aba71e4a1c380be3ab5e12ad51f415867 # v7 with: python-version: "3.10" - id: setup-mongodb diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml index e3b54cabd9..40c32b0957 100644 --- a/.github/workflows/zizmor.yml +++ b/.github/workflows/zizmor.yml @@ -18,4 +18,4 @@ jobs: with: persist-credentials: false - name: Run zizmor 🌈 - uses: zizmorcore/zizmor-action@c0e2b1c877e25a91d1d747c438d49199cad29698 + uses: zizmorcore/zizmor-action@cb3d8e846e148d1111d90b03375b9c03deceda37