From 96bdaf1d7bc0ebcad6d47bcbf2abe658adeffd18 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 21 Nov 2025 23:12:04 +0000 Subject: [PATCH 1/2] Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/check-release-notes.yml | 2 +- .github/workflows/ci.yml | 4 ++-- .github/workflows/codeql.yml | 2 +- .github/workflows/release.yml | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/check-release-notes.yml b/.github/workflows/check-release-notes.yml index 16970db4..0f3924ad 100644 --- a/.github/workflows/check-release-notes.yml +++ b/.github/workflows/check-release-notes.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 1 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: Default MISSING_CHANGELOG_ENTRY to 1 run: echo 'MISSING_CHANGELOG_ENTRY=1' >> "$GITHUB_ENV" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 26347ccc..c8a936be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 6 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: ./.github/actions/setup-python with: python-version: "3.10" @@ -66,7 +66,7 @@ jobs: runs-on: ${{ matrix.os }} timeout-minutes: 8 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: # TODO: This can be very expensive for large repos. Is there a better way to do this? # Fetch all history and tags for setuptools_scm to work diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 351e9c3c..711fbf37 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -29,7 +29,7 @@ jobs: # actions: read # contents: read steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - uses: github/codeql-action/init@v4 with: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6aed8584..85b55b04 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest timeout-minutes: 6 steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: # TODO: This can be very expensive for large repos. Is there a better way to do this? # Fetch all history and tags for setuptools_scm to work @@ -105,7 +105,7 @@ jobs: steps: # Generate the release notes - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 with: # TODO: This can be very expensive for large repos. Is there a better way to do this? # Fetch all history and tags for setuptools_scm to work From 281e6483b2e5cbf6d7c0081c1fcf0ab4e28c89fc Mon Sep 17 00:00:00 2001 From: Tomas Pereira de Vasconcelos Date: Tue, 25 Nov 2025 12:23:37 +1100 Subject: [PATCH 2/2] Update changelog with recent CI/CD action bumps --- docs/reference/changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/reference/changelog.md b/docs/reference/changelog.md index 45af126a..fc7fb17d 100644 --- a/docs/reference/changelog.md +++ b/docs/reference/changelog.md @@ -7,6 +7,7 @@ Unreleased changes ## CI/CD +- Bump actions/checkout from 5 to 6 ({gh-pr}`357`) - Bump actions/download-artifact from 5 to 6 ({gh-pr}`354`) - Bump actions/upload-artifact from 4 to 5 ({gh-pr}`353`) - Bump sigstore/gh-action-sigstore-python from 3.0.1 to 3.1.0 ({gh-pr}`352`)