From 850fb091ab88d3973fa440212bbd614229a7ffc1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Mar 2025 10:25:36 +0000
Subject: [PATCH 1/2] Bump actions/cache from 4.2.2 to 4.2.3 (#10603)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to
4.2.3.
Release notes
Sourced from actions/cache's
releases.
v4.2.3
What's Changed
- Update to use
@actions/cache 4.0.3 package &
prepare for new release by @salmanmkc in actions/cache#1577
(SAS tokens for cache entries are now masked in debug logs)
New Contributors
Full Changelog: https://github.com/actions/cache/compare/v4.2.2...v4.2.3
Changelog
Sourced from actions/cache's
changelog.
4.2.3
- Bump
@actions/cache to v4.0.3 (obfuscates SAS token in
debug logs for cache entries)
Commits
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/ci-cd.yml | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index d242e698ec0..b75868bc813 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -51,7 +51,7 @@ jobs:
with:
python-version: 3.11
- name: Cache PyPI
- uses: actions/cache@v4.2.2
+ uses: actions/cache@v4.2.3
with:
key: pip-lint-${{ hashFiles('requirements/*.txt') }}
path: ~/.cache/pip
@@ -112,7 +112,7 @@ jobs:
with:
submodules: true
- name: Cache llhttp generated files
- uses: actions/cache@v4.2.2
+ uses: actions/cache@v4.2.3
id: cache
with:
key: llhttp-${{ hashFiles('vendor/llhttp/package*.json', 'vendor/llhttp/src/**/*') }}
@@ -179,7 +179,7 @@ jobs:
echo "dir=$(pip cache dir)" >> "${GITHUB_OUTPUT}"
shell: bash
- name: Cache PyPI
- uses: actions/cache@v4.2.2
+ uses: actions/cache@v4.2.3
with:
key: pip-ci-${{ runner.os }}-${{ matrix.pyver }}-${{ matrix.no-extensions }}-${{ hashFiles('requirements/*.txt') }}
path: ${{ steps.pip-cache.outputs.dir }}
From 8fbf5cae33940d7960e020c83ccddd68330cb279 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 20 Mar 2025 11:04:18 +0000
Subject: [PATCH 2/2] Bump setuptools from 76.1.0 to 77.0.1 (#10605)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Bumps [setuptools](https://github.com/pypa/setuptools) from 76.1.0 to
77.0.1.
Changelog
Sourced from setuptools's
changelog.
v77.0.1
Bugfixes
- Manually fix news fragment entries causing CI to crash when building
docs. (#4891)
v77.0.0
Features
- Added initial support for license expression (PEP :pep:
639
<639#add-license-expression-field>). -- by
:user:cdce8p (#4706)
- Store
License-File\s in
.dist-info/licenses subfolder and added support for
recursive globs for license_files (PEP :pep:639
<639#add-license-expression-field>). -- by
:user:cdce8p (#4728)
- Bump core metadata version to
2.4. -- by
:user:cdce8p (#4830)
- Updated vendored copy of
wheel to v0.45.1.
(#4869)
Deprecations and Removals
- Added initial implementation of :pep:
639.
Users relying on pre- :pep:639 implementation details
(like precise license file paths inside dist-info
directory)
may need to adjust their code base to avoid problems.
Deprecations and stronger validation were also introduced (#4829).
- Added exception (or warning) when deprecated license classifiers are
used,
according to PEP :pep:
639
<639#deprecate-license-classifiers>. (#4833)
- Deprecated
tools.setuptools.license-files in favor of
project.license-files
and added exception if project.license-files and
tools.setuptools.license-files
are used together. -- by :user:cdce8p (#4837)
- Deprecated
project.license as a TOML table in
pyproject.toml. Users are expected to move towards using
project.license-files and/or SPDX expressions (as strings)
in
pyproject.license.
See PEP :pep:639
<639#deprecate-license-key-table-subkeys>. (#4840)
- Added simple validation for given glob patterns in
license-files:
a warning will be generated if no file is matched.
Invalid glob patterns can raise an exception.
-- thanks :user:cdce8p for contributions. (#4838)
Misc
Commits
f577461
Bump version: 77.0.0 → 77.0.185677af
Manually fix news fragment entries (#4891)ce2e283
Change news fragment name to imply patch version bump7653149
Add news fragments7db26a1
Manually fix news fragment entries5d58b45
Bump version: 76.1.0 → 77.0.0f49d589
Update URL in warningdee0a5e
Add news fragment for PEP 639 marking as 'breaking'74725de
Update vendored copy of wheel (#4869)5585c1c
Add news fragment- Additional commits viewable in compare
view
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
Signed-off-by: dependabot[bot]
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
requirements/constraints.txt | 2 +-
requirements/dev.txt | 2 +-
requirements/doc-spelling.txt | 2 +-
requirements/doc.txt | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index d3f92d2a7ee..ba399607582 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -284,7 +284,7 @@ yarl==1.18.3
# The following packages are considered to be unsafe in a requirements file:
pip==25.0.1
# via pip-tools
-setuptools==76.1.0
+setuptools==77.0.1
# via
# incremental
# pip-tools
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5d2b7b8efb5..c100460deff 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -275,7 +275,7 @@ yarl==1.18.3
# The following packages are considered to be unsafe in a requirements file:
pip==25.0.1
# via pip-tools
-setuptools==76.1.0
+setuptools==77.0.1
# via
# incremental
# pip-tools
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index 7e7f8a7b582..6837ab93403 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -76,5 +76,5 @@ urllib3==2.3.0
# via requests
# The following packages are considered to be unsafe in a requirements file:
-setuptools==76.1.0
+setuptools==77.0.1
# via incremental
diff --git a/requirements/doc.txt b/requirements/doc.txt
index d4aba6e4c37..8a7f29bfb99 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -69,5 +69,5 @@ urllib3==2.3.0
# via requests
# The following packages are considered to be unsafe in a requirements file:
-setuptools==76.1.0
+setuptools==77.0.1
# via incremental