Bump the ci-dependencies group with 5 updates

[dependabot]

Bumps the ci-dependencies group with 5 updates:

Package	From	To
actions/dependency-review-action	3.1.3	3.1.4
darbiadev/.github	5.1.0	13.0.0
actions/setup-python	4.7.1	5.0.0
actions/upload-artifact	3.1.3	4.0.0
pypa/gh-action-pypi-publish	1.8.10	1.8.11

Updates actions/dependency-review-action from 3.1.3 to 3.1.4

Release notes

Sourced from actions/dependency-review-action's releases.

3.1.4

What's Changed

• Fixed a bug with severity filtering when using the allow_ghsas option: actions/dependency-review-action#623.

• Updates dependencies:

  • Bump @​types/node from 16.18.61 to 16.18.62 by @​dependabot in actions/dependency-review-action#619 action/pull/620
  • Bump @​typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0 by @​dependabot in actions/dependency-review-action#625
  • Bump typescript from 5.2.2 to 5.3.2 by @​dependabot in actions/dependency-review-action#624

Full Changelog: actions/dependency-review-action@v3...v3.1.4

Commits

• 01bc870 bumping version
• 4b4f0de Merge pull request #623 from actions/fix-advisory-filters
• a93fa86 Fixing test name.
• 550520e Merge pull request #624 from actions/dependabot/npm_and_yarn/typescript-5.3.2
• 2d0fb60 Merge pull request #625 from actions/dependabot/npm_and_yarn/typescript-eslin...
• c07c237 Bump @​typescript-eslint/eslint-plugin from 6.11.0 to 6.12.0
• 4d842d7 Bump typescript from 5.2.2 to 5.3.2
• a6d4686 adding dist
• 4366dba Advisory filters should not drop entire dependencies.
• 50dafeb Tiny logic refactor.
• Additional commits viewable in compare view

Updates darbiadev/.github from 5.1.0 to 13.0.0

Release notes

Sourced from darbiadev/.github's releases.

v13.0.0

What's Changed

• Run mypy in strict mode by @​shenanigansd in darbiadev/.github#111

Full Changelog: darbiadev/.github@v12.0.0...v13.0.0

v12.0.0

What's Changed

• build(deps): bump the template-workflows group in /workflow-templates with 1 update by @​dependabot in darbiadev/.github#109
• build(deps): bump the callable-workflows group with 4 updates by @​dependabot in darbiadev/.github#108
• build(deps): bump the callable-workflows group with 5 updates by @​dependabot in darbiadev/.github#110

Full Changelog: darbiadev/.github@v11.0.0...v12.0.0

v11.0.0

What's Changed

• Correctly skip third-party uploads if tokens are not present by @​shenanigansd in darbiadev/.github#107

Full Changelog: darbiadev/.github@v10.0.0...v11.0.0

v10.0.0

What's Changed

• Add mypy to Python linting by @​shenanigansd in darbiadev/.github#106

Full Changelog: darbiadev/.github@v9.0.0...v10.0.0

v9.0.0

What's Changed

• Disable merge commit creation during checkout for Python tests by @​shenanigansd in darbiadev/.github#105

Full Changelog: darbiadev/.github@v8.1.0...v9.0.0

v8.1.0

What's Changed

• Add uploading Python test coverage to DeepSource by @​shenanigansd in darbiadev/.github#104

Full Changelog: darbiadev/.github@v8.0.0...v8.1.0

v8.0.0

What's Changed

• Revert "Reorganize workflows into folders (#101)" by @​shenanigansd in darbiadev/.github#103

Full Changelog: darbiadev/.github@v7.0.0...v8.0.0

... (truncated)

Commits

• ea97d99 Run mypy in strict mode (#111)
• dda0040 build(deps): bump the callable-workflows group with 5 updates (#110)
• 1fc69f4 build(deps): bump the callable-workflows group with 4 updates (#108)
• 80e4747 build(deps): bump the template-workflows group (#109)
• 38577af Correctly skip third-party uploads if tokens are not present (#107)
• c1a77ef Add mypy to Python linting (#106)
• 6a6eb74 Disable merge commit creation during checkout for Python tests (#105)
• 64b318d Add uploading Python test coverage to DeepSource (#104)
• e156abc Revert "Reorganize workflows into folders (#101)" (#103)
• 54b4274 Delete sphinx-with-pdf workflow (#102)
• Additional commits viewable in compare view

Updates actions/setup-python from 4.7.1 to 5.0.0

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

• Trim python version when reading from file by @​FerranPares in actions/setup-python#628
• Use non-deprecated versions in examples by @​jeffwidman in actions/setup-python#724
• Change deprecation comment to past tense by @​jeffwidman in actions/setup-python#723
• Bump @​babel/traverse from 7.9.0 to 7.23.2 by @​dependabot in actions/setup-python#743
• advanced-usage.md: Encourage the use actions/checkout@v4 by @​cclauss in actions/setup-python#729
• Examples now use checkout@v4 by @​simonw in actions/setup-python#738
• Update actions/checkout to v4 by @​dmitry-shibanov in actions/setup-python#761

New Contributors

• @​FerranPares made their first contribution in actions/setup-python#628
• @​timfel made their first contribution in actions/setup-python#694
• @​jeffwidman made their first contribution in actions/setup-python#724

Full Changelog: actions/setup-python@v4...v4.8.0

Commits

• 0a5c615 Update action to node20 (#772)
• 0ae5836 Add example of GraalPy to docs (#773)
• b64ffca update actions/checkout to v4 (#761)
• 8d28961 Examples now use checkout@v4 (#738)
• 7bc6abb advanced-usage.md: Encourage the use actions/checkout@v4 (#729)
• e8111ce Bump @​babel/traverse from 7.9.0 to 7.23.2 (#743)
• a00ea43 add fix for graalpy ci (#741)
• 8635b1c Change deprecation comment to past tense (#723)
• f6cc428 Use non-deprecated versions in examples (#724)
• 5f2af21 Add GraalPy support (#694)
• Additional commits viewable in compare view

Updates actions/upload-artifact from 3.1.3 to 4.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

For more information, see the @​actions/artifact documentation.

New Contributors

• @​vmjoseph made their first contribution in actions/upload-artifact#464

Full Changelog: actions/upload-artifact@v3...v4.0.0

Commits

• c7d193f Merge pull request #466 from actions/v4-beta
• 13131bb licensed cache
• 4a6c273 Merge branch 'main' into v4-beta
• f391bb9 Merge pull request #465 from actions/robherley/v4-documentation
• 9653d03 Apply suggestions from code review
• 875b630 add limitations section
• ecb2146 add compression example
• 5e7604f trim some repeated info
• d6437d0 naming
• 1b56155 s/v4-beta/v4/g
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.11

💅 Cosmetic output improvements

@​woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.

📝 What's Documented

@​di linked the configuration docs for Trusted Publishing in README via pypa/gh-action-pypi-publish#179.

🛠️ Internal dependencies

• Cryptography was bumped from 41.0.3 to 41.0.6 @ pypa/gh-action-pypi-publish#194
• Pip was bumped from 22.3.1 to 23.3 @ pypa/gh-action-pypi-publish#189
• pre-commit linters got autoupdated @ pypa/gh-action-pypi-publish#184
• Urllib3 was bumped from 2.0.3 to 2.0.7 @ pypa/gh-action-pypi-publish#183 and pypa/gh-action-pypi-publish#185

💪 New Contributors

• @​di made their first contribution in pypa/gh-action-pypi-publish#179

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.10...v1.8.11

Commits

• 2f6f737 Merge commit PR #184 into unstable/v1
• 2fa448a Merge PRs #190, #184, #185, #189 and #194 into unstable/v1
• 824ad31 Revert flake8 to v4.0.1 for WPS
• 41f3f53 Bump cryptography from 41.0.3 to 41.0.6 in /requirements
• 2319287 twine-upload: ::error, switch nudge order
• 254a0d4 twine-upload: add a nudge for password auth
• 70a33ca Bump pip from 22.3.1 to 23.3 in /requirements
• 102f507 Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
• 79739dc Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
• 9a3f9ad [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Superseded by #52.