Bump the github-actions group with 4 updates

[dependabot]

Bumps the github-actions group with 4 updates: dessant/lock-threads, joerick/cibuildwheel, actions/download-artifact and pypa/gh-action-pypi-publish.

Updates dessant/lock-threads from 7de207be1d3ce97a9abe6ff1306222982d1ca9f9 to 1bf7ec25051fe7c00bdd17e6a7cf3d7bfb7dc771

Changelog

Sourced from dessant/lock-threads's changelog.

Changelog

All notable changes to this project will be documented in this file. See commit-and-tag-version for commit guidelines.

5.0.1 (2023-11-22)

Bug Fixes

• support filtering threads by labels with spaces (0a63678), closes #40

5.0.0 (2023-11-14)

⚠ BREAKING CHANGES

• Discussions are also processed by default, set the process-only input parameter to preserve the old behavior

    steps:
      - uses: dessant/lock-threads@v5
        with:
          process-only: 'issues, prs'

• the action now requires Node.js 20

Features

• lock discussions (0a0976f), closes #25

Bug Fixes

• update dependencies (5a25b54)

4.0.1 (2023-06-12)

Bug Fixes

• retry and throttle GitHub API requests (1618e91), closes #35

4.0.0 (2022-12-04)

⚠ BREAKING CHANGES

• the action now requires Node.js 16

... (truncated)

Commits

• See full diff in compare view

Updates joerick/cibuildwheel from 1e5c26b5b10baa3fb2659be31c51e8bab6f7c4e9 to fff9ec32ed25a9c576750c91e06b410ed0c15db7

Changelog

Sourced from joerick/cibuildwheel's changelog.

---

title: Changelog

Changelog

v2.16.5

30 January 2024

• 🐛 Fix an incompatibility with the GitHub Action and new GitHub Runner images for Windows that bundle Powershell 7.3+ (#1741)
• 🛠 Preliminary support for new macos-14 arm64 runners (#1743)

v2.16.4

28 January 2024

• 🛠 Update manylinux pins to upgrade from a problematic PyPy version. (#1737)

v2.16.3

26 January 2024

• 🐛 Fix a bug when building from sdist, where relative paths to files in the package didn't work because the working directory was wrong (#1687)
• 🛠 Adds the ability to disable mounting the host filesystem in containers to /host, through the disable_host_mount suboption on CIBW_CONTAINER_ENGINE.
• 📚 A lot of docs improvements! (#1708, #1705, #1686, #1679, #1667, #1665)

v2.16.2

3 October 2023

• 🛠 Updates CPython 3.12 version to 3.12.0, final release (#1635)
• ✨ Adds a debug option CIBW_DEBUG_KEEP_CONTAINER to stop cibuildwheel deleting build containers after the build finishes. (#1620)
• 📚 Adds support for [tool.cibuildwheel] checking by adding a schema compatible with the validate-pyproject tool (#1622, #1628, #1629)
• 🐛 Fix parsing of CIBW_CONTAINER_ENGINE and CIBW_BUILD_FRONTEND options to not break arguments on : characters (#1621)
• 🐛 Fix the evaluation order of CIBW_ENVIRONMENT and CIBW_ENVIRONMENT_PASS so that CIBW_ENVIRONMENT assignments can reference environment variables passed through from the host machine. (#1617)
• 🛠 Supports manylinux images' deferred installation of interpreters through the manylinux-interpreters tool (#1630)

v2.16.1

26 September 2023

• 🛠 Updates the prerelease CPython 3.12 version to 3.12.0rc3 (#1625)
• 🛠 Only calls linux32 in containers when necessary (#1599)

v2.16.0

18 September 2023

• ✨ Add the ability to pass additional flags to a build frontend through the CIBW_BUILD_FRONTEND option (#1588).

... (truncated)

Commits

• See full diff in compare view

Updates actions/download-artifact from 3.0.2 to 4.1.1

Release notes

Sourced from actions/download-artifact's releases.

v4.1.1

• Fix transient request timeouts actions/download-artifact#249
• Bump @actions/artifacts to latest version

v4.1.0

What's Changed

• Some cleanup by @​robherley in actions/download-artifact#247
• Fix default for run-id by @​stchr in actions/download-artifact#252
• Support pattern matching to filter artifacts & merge to same directory by @​robherley in actions/download-artifact#259

New Contributors

• @​stchr made their first contribution in actions/download-artifact#252

Full Changelog: actions/download-artifact@v4...v4.1.0

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​bflad made their first contribution in actions/download-artifact#194

Full Changelog: actions/download-artifact@v3...v4.0.0

Commits

• 6b208ae Merge pull request #274 from actions/vmjoseph/timeout-patch
• 6c5b580 only adding updated license
• 5f5015d readding index
• 1fddaaf Revert "updating licenses"
• 8aa9e21 Revert "updating dist"
• 657edd9 updating licenses
• 555a2fc updating dist
• 4fc4d70 updating lock
• 072ac9d updating version no
• 038dc03 updating version no
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from f946db0f765b9ae754e44bfd5ae5b8b91cfb37ef to 2f6f737ca5f74c637829c0f5c3acd0e29ea5e8bf

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[davidism]

@dependabot ignore actions/download-artifact

[dependabot]

OK, I won't notify you about actions/download-artifact again, unless you unignore it.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.