dependabot[bot] opened a new pull request, #2468: URL: https://github.com/apache/sedona/pull/2468
Bumps the github-dependencies group with 10 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `4` | `5` | | [github/codeql-action](https://github.com/github/codeql-action) | `3` | `4` | | [actions/setup-java](https://github.com/actions/setup-java) | `4` | `5` | | [actions/setup-node](https://github.com/actions/setup-node) | `4` | `6` | | [actions/setup-python](https://github.com/actions/setup-python) | `5` | `6` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `6` | `7` | | [r-lib/actions](https://github.com/r-lib/actions) | `2.11.3` | `2.11.4` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4` | `5` | | [actions/labeler](https://github.com/actions/labeler) | `5` | `6` | | [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `3.2.0` | `3.2.1` | Updates `actions/checkout` from 4 to 5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases";>actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226";>actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238";>actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1";>Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0";>https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss";><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971";>actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail";><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977";>actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells";><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043";>actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross";><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044";>actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89";><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194";>actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang";><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224";>actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236";>actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237";>actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss";><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971";>actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail";><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977";>actions/checkout#1977</a></li> <li><a href="https://github.com/benwells";><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043";>actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89";><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194";>actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236";>actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0";>https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941";>actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946";>actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2";>https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy";><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924";>actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass";><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919";>actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1";>https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md";>actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>V5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226";>actions/checkout#2226</a></li> </ul> <h2>V4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss";><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971";>actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail";><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977";>actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells";><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043";>actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross";><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044";>actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89";><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194";>actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang";><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224";>actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236";>actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941";>actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946";>actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy";><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924";>actions/checkout#1924</a></li> </ul> <h2>v4.2.0</h2> <ul> <li>Add Ref and Commit outputs by <a href="https://github.com/lucacome";><code>@lucacome</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1180";>actions/checkout#1180</a></li> <li>Dependency updates by <a href="https://github.com/dependabot";><code>@dependabot</code></a>- <a href="https://redirect.github.com/actions/checkout/pull/1777";>actions/checkout#1777</a>, <a href="https://redirect.github.com/actions/checkout/pull/1872";>actions/checkout#1872</a></li> </ul> <h2>v4.1.7</h2> <ul> <li>Bump the minor-npm-dependencies group across 1 directory with 4 updates by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1739";>actions/checkout#1739</a></li> <li>Bump actions/checkout from 3 to 4 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1697";>actions/checkout#1697</a></li> <li>Check out other refs/* by commit by <a href="https://github.com/orhantoy";><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1774";>actions/checkout#1774</a></li> <li>Pin actions/checkout's own workflows to a known, good, stable version. by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1776";>actions/checkout#1776</a></li> </ul> <h2>v4.1.6</h2> <ul> <li>Check platform to set archive extension appropriately by <a href="https://github.com/cory-miller";><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1732";>actions/checkout#1732</a></li> </ul> <h2>v4.1.5</h2> <ul> <li>Update NPM dependencies by <a href="https://github.com/cory-miller";><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1703";>actions/checkout#1703</a></li> <li>Bump github/codeql-action from 2 to 3 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1694";>actions/checkout#1694</a></li> <li>Bump actions/setup-node from 1 to 4 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1696";>actions/checkout#1696</a></li> <li>Bump actions/upload-artifact from 2 to 4 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1695";>actions/checkout#1695</a></li> <li>README: Suggest <code>user.email</code> to be <code>41898282+github-actions[bot]@users.noreply.github.com</code> by <a href="https://github.com/cory-miller";><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1707";>actions/checkout#1707</a></li> </ul> <h2>v4.1.4</h2> <ul> <li>Disable <code>extensions.worktreeConfig</code> when disabling <code>sparse-checkout</code> by <a href="https://github.com/jww3";><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1692";>actions/checkout#1692</a></li> <li>Add dependabot config by <a href="https://github.com/cory-miller";><code>@cory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1688";>actions/checkout#1688</a></li> <li>Bump the minor-actions-dependencies group with 2 updates by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1693";>actions/checkout#1693</a></li> <li>Bump word-wrap from 1.2.3 to 1.2.5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1643";>actions/checkout#1643</a></li> </ul> <h2>v4.1.3</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/08c6903cd8c0fde910a37f88322edcfb5dd907a8";><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238";>#2238</a>)</li> <li><a href="https://github.com/actions/checkout/commit/9f265659d3bb64ab1440b03b12f4d47a24320917";><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226";>#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5";>compare view</a></li> </ul> </details> <br /> Updates `github/codeql-action` from 3 to 4 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/releases";>github/codeql-action's releases</a>.</em></p> <blockquote> <h2>v3.31.2</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.31.2/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.31.1</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.31.1/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.31.0</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.31.0 - 24 Oct 2025</h2> <ul> <li>Bump minimum CodeQL bundle version to 2.17.6. <a href="https://redirect.github.com/github/codeql-action/pull/3223";>#3223</a></li> <li>When SARIF files are uploaded by the <code>analyze</code> or <code>upload-sarif</code> actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the <code>upload-sarif</code> action. For <code>analyze</code>, this may affect Advanced Setup for CodeQL users who specify a value other than <code>always</code> for the <code>upload</code> input. <a href="https://redirect.github.com/github/codeql-action/pull/3222";>#3222</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.31.0/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.30.9</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <h2>3.30.9 - 17 Oct 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.3. <a href="https://redirect.github.com/github/codeql-action/pull/3205";>#3205</a></li> <li>Experimental: A new <code>setup-codeql</code> action has been added which is similar to <code>init</code>, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3204";>#3204</a></li> </ul> <p>See the full <a href="https://github.com/github/codeql-action/blob/v3.30.9/CHANGELOG.md";>CHANGELOG.md</a> for more information.</p> <h2>v3.30.8</h2> <h1>CodeQL Action Changelog</h1> <p>See the <a href="https://github.com/github/codeql-action/releases";>releases page</a> for the relevant changes to the CodeQL CLI and language packs.</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md";>github/codeql-action's changelog</a>.</em></p> <blockquote> <h2>4.31.2 - 30 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.31.1 - 30 Oct 2025</h2> <ul> <li>The <code>add-snippets</code> input has been removed from the <code>analyze</code> action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.</li> </ul> <h2>4.31.0 - 24 Oct 2025</h2> <ul> <li>Bump minimum CodeQL bundle version to 2.17.6. <a href="https://redirect.github.com/github/codeql-action/pull/3223";>#3223</a></li> <li>When SARIF files are uploaded by the <code>analyze</code> or <code>upload-sarif</code> actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for the <code>upload-sarif</code> action. For <code>analyze</code>, this may affect Advanced Setup for CodeQL users who specify a value other than <code>always</code> for the <code>upload</code> input. <a href="https://redirect.github.com/github/codeql-action/pull/3222";>#3222</a></li> </ul> <h2>4.30.9 - 17 Oct 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.3. <a href="https://redirect.github.com/github/codeql-action/pull/3205";>#3205</a></li> <li>Experimental: A new <code>setup-codeql</code> action has been added which is similar to <code>init</code>, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3204";>#3204</a></li> </ul> <h2>4.30.8 - 10 Oct 2025</h2> <p>No user facing changes.</p> <h2>4.30.7 - 06 Oct 2025</h2> <ul> <li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a href="https://redirect.github.com/github/codeql-action/pull/3169";>#3169</a></li> </ul> <h2>3.30.6 - 02 Oct 2025</h2> <ul> <li>Update default CodeQL bundle version to 2.23.2. <a href="https://redirect.github.com/github/codeql-action/pull/3168";>#3168</a></li> </ul> <h2>3.30.5 - 26 Sep 2025</h2> <ul> <li>We fixed a bug that was introduced in <code>3.30.4</code> with <code>upload-sarif</code> which resulted in files without a <code>.sarif</code> extension not getting uploaded. <a href="https://redirect.github.com/github/codeql-action/pull/3160";>#3160</a></li> </ul> <h2>3.30.4 - 25 Sep 2025</h2> <ul> <li>We have improved the CodeQL Action's ability to validate that the workflow it is used in does not use different versions of the CodeQL Action for different workflow steps. Mixing different versions of the CodeQL Action in the same workflow is unsupported and can lead to unpredictable results. A warning will now be emitted from the <code>codeql-action/init</code> step if different versions of the CodeQL Action are detected in the workflow file. Additionally, an error will now be thrown by the other CodeQL Action steps if they load a configuration file that was generated by a different version of the <code>codeql-action/init</code> step. <a href="https://redirect.github.com/github/codeql-action/pull/3099";>#3099</a> and <a href="https://redirect.github.com/github/codeql-action/pull/3100";>#3100</a></li> <li>We added support for reducing the size of dependency caches for Java analyses, which will reduce cache usage and speed up workflows. This will be enabled automatically at a later time. <a href="https://redirect.github.com/github/codeql-action/pull/3107";>#3107</a></li> <li>You can now run the latest CodeQL nightly bundle by passing <code>tools: nightly</code> to the <code>init</code> action. In general, the nightly bundle is unstable and we only recommend running it when directed by GitHub staff. <a href="https://redirect.github.com/github/codeql-action/pull/3130";>#3130</a></li> <li>Update default CodeQL bundle version to 2.23.1. <a href="https://redirect.github.com/github/codeql-action/pull/3118";>#3118</a></li> </ul> <h2>3.30.3 - 10 Sep 2025</h2> <p>No user facing changes.</p> <h2>3.30.2 - 09 Sep 2025</h2> <ul> <li>Fixed a bug which could cause language autodetection to fail. <a href="https://redirect.github.com/github/codeql-action/pull/3084";>#3084</a></li> <li>Experimental: The <code>quality-queries</code> input that was added in <code>3.29.2</code> as part of an internal experiment is now deprecated and will be removed in an upcoming version of the CodeQL Action. It has been superseded by a new <code>analysis-kinds</code> input, which is part of the same internal experiment. Do not use this in production as it is subject to change at any time. <a href="https://redirect.github.com/github/codeql-action/pull/3064";>#3064</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/github/codeql-action/commit/74c8748a6f2dada2c01b25ae170d7858ac90f4af";><code>74c8748</code></a> Update analyze/action.yml</li> <li><a href="https://github.com/github/codeql-action/commit/34c50c1d299d8a59b64a9dc6faf04dc0d9c33152";><code>34c50c1</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3251";>#3251</a> from github/mbg/user-error/enablement</li> <li><a href="https://github.com/github/codeql-action/commit/4ae68afd845398aa4e0bd7fccf3a37d121b3ec88";><code>4ae68af</code></a> Warn if the <code>add-snippets</code> input is used</li> <li><a href="https://github.com/github/codeql-action/commit/52a7bd7b6e714abd930eb15cde3c7c76c45d6c0f";><code>52a7bd7</code></a> Check for 403 status</li> <li><a href="https://github.com/github/codeql-action/commit/194ba0ee2dcf02e70ff941763c144ea06f58c485";><code>194ba0e</code></a> Make error message tests less brittle</li> <li><a href="https://github.com/github/codeql-action/commit/53acf0b8aa0a8705134bb6153d859bc2817e1740";><code>53acf0b</code></a> Turn enablement errors into configuration errors</li> <li><a href="https://github.com/github/codeql-action/commit/ac9aeee2261a2f9c74439210107de7657bd5ed42";><code>ac9aeee</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3249";>#3249</a> from github/henrymercer/api-logging</li> <li><a href="https://github.com/github/codeql-action/commit/d49e837b8cf6e8fd2c77703cc5189cfa79547ec0";><code>d49e837</code></a> Merge branch 'main' into henrymercer/api-logging</li> <li><a href="https://github.com/github/codeql-action/commit/3d988b275a8c578caa755c4aaccd900332aefe93";><code>3d988b2</code></a> Pass minimal copy of <code>core</code></li> <li><a href="https://github.com/github/codeql-action/commit/8cc18acfa4e60a22b3ed992afffc562f93c17030";><code>8cc18ac</code></a> Merge pull request <a href="https://redirect.github.com/github/codeql-action/issues/3250";>#3250</a> from github/henrymercer/prefer-fs-delete</li> <li>Additional commits viewable in <a href="https://github.com/github/codeql-action/compare/v3...v4";>compare view</a></li> </ul> </details> <br /> Updates `actions/setup-java` from 4 to 5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-java/releases";>actions/setup-java's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Upgrade to node 24 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/888";>actions/setup-java#888</a></li> </ul> <p>Make sure your runner is updated to this version or newer to use this release. v2.327.1 <a href="https://github.com/actions/runner/releases/tag/v2.327.1";>Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade Publish Immutable Action by <a href="https://github.com/HarithaVattikuti";><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/798";>actions/setup-java#798</a></li> <li>Upgrade eslint-plugin-jest from 27.9.0 to 28.11.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-java/pull/730";>actions/setup-java#730</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-java/pull/833";>actions/setup-java#833</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad";><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/887";>actions/setup-java#887</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-java/pull/896";>actions/setup-java#896</a></li> </ul> <h3>Bug Fixes</h3> <ul> <li>Prevent default installation of JetBrains pre-releases by <a href="https://github.com/priyagupta108";><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/859";>actions/setup-java#859</a></li> <li>Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failures by <a href="https://github.com/gowridurgad";><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/848";>actions/setup-java#848</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gowridurgad";><code>@gowridurgad</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-java/pull/848";>actions/setup-java#848</a></li> <li><a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-java/pull/888";>actions/setup-java#888</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-java/compare/v4...v5.0.0";>https://github.com/actions/setup-java/compare/v4...v5.0.0</a></p> <h2>v4.7.1</h2> <h2>What's Changed</h2> <h3>Documentation changes</h3> <ul> <li>Add Documentation to Recommend Using GraalVM JDK 17 Version to 17.0.12 to Align with GFTC License Terms by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/704";>actions/setup-java#704</a></li> <li>Remove duplicated GraalVM section in documentation by <a href="https://github.com/Marcono1234";><code>@Marcono1234</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/716";>actions/setup-java#716</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.2 by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/766";>actions/setup-java#766</a></li> <li>Upgrade <code>@actions/glob</code> from 0.4.0 to 0.5.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/744";>actions/setup-java#744</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.2.5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/743";>actions/setup-java#743</a></li> <li>Upgrade <code>@action/cache</code> to 4.0.3 by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/773";>actions/setup-java#773</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-java/compare/v4...v4.7.1";>https://github.com/actions/setup-java/compare/v4...v4.7.1</a></p> <h2>v4.7.0</h2> <h2>What's Changed</h2> <ul> <li>Configure Dependabot settings by <a href="https://github.com/HarithaVattikuti";><code>@HarithaVattikuti</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/722";>actions/setup-java#722</a></li> <li>README Update: Added a permissions section by <a href="https://github.com/benwells";><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/723";>actions/setup-java#723</a></li> <li>Upgrade <code>cache</code> from version 3.2.4 to 4.0.0 by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/724";>actions/setup-java#724</a></li> <li>Upgrade <code>@actions/http-client</code> from 2.2.1 to 2.2.3 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/728";>actions/setup-java#728</a></li> <li>Upgrade <code>actions/publish-immutable-action</code> from 0.0.3 to 0.0.4 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/727";>actions/setup-java#727</a></li> <li>Upgrade <code>@types/jest</code> from 29.5.12 to 29.5.14 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-java/pull/729";>actions/setup-java#729</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-java/commit/dded0888837ed1f317902acf8a20df0ad188d165";><code>dded088</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-java/issues/896";>#896</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/0913e9a06eb8b69c62db76aa61f580c2b3a5b4e0";><code>0913e9a</code></a> Upgrade to node 24 (<a href="https://redirect.github.com/actions/setup-java/issues/888";>#888</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/e9343db97e09d87a3c50e544105d99fe912c204b";><code>e9343db</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/setup-java/issues/887";>#887</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/ae2b61dbc685e60e4427b2e8ed4f0135c6ea8597";><code>ae2b61d</code></a> Bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/setup-java/issues/833";>#833</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/c190c18febcf6c040d80b10ea201a05a2c320263";><code>c190c18</code></a> Bump eslint-plugin-jest from 27.9.0 to 29.0.1 (<a href="https://redirect.github.com/actions/setup-java/issues/730";>#730</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/67aec007b3fcabe15ca665bfccc1e255dd52e30d";><code>67aec00</code></a> Fix: prevent default installation of JetBrains pre-releases (<a href="https://redirect.github.com/actions/setup-java/issues/859";>#859</a>)</li> <li><a href="https://github.com/actions/setup-java/commit/ebb356cc4e59bcf94f518203228485f5d40e4b58";><code>ebb356c</code></a> Improve Error Handling for Setup-Java Action to Help Debug Intermittent Failu...</li> <li><a href="https://github.com/actions/setup-java/commit/f4f1212c880fdec8162ea9a6493f4495191887b4";><code>f4f1212</code></a> Update publish-immutable-actions.yml (<a href="https://redirect.github.com/actions/setup-java/issues/798";>#798</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-java/compare/v4...v5";>compare view</a></li> </ul> </details> <br /> Updates `actions/setup-node` from 4 to 6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-node/releases";>actions/setup-node's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <p><strong>Breaking Changes</strong></p> <ul> <li>Limit automatic caching to npm, update workflows and documentation by <a href="https://github.com/priyagupta108";><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1374";>actions/setup-node#1374</a></li> </ul> <p><strong>Dependency Upgrades</strong></p> <ul> <li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes in v5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1336";>#1336</a></li> <li>Upgrade prettier from 2.8.8 to 3.6.2 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1334";>#1334</a></li> <li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1362";>#1362</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v5...v6.0.0";>https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p> <h2>v5.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Enhance caching in setup-node with automatic package manager detection by <a href="https://github.com/priya-kinthali";><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1348";>actions/setup-node#1348</a></li> </ul> <p>This update, introduces automatic caching when a valid <code>packageManager</code> field is present in your <code>package.json</code>. This aims to improve workflow performance and make dependency management more seamless. To disable this automatic caching, set <code>package-manager-cache: false</code></p> <pre lang="yaml"><code>steps: - uses: actions/checkout@v5 - uses: actions/setup-node@v5 with: package-manager-cache: false </code></pre> <ul> <li>Upgrade action to use node24 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1325";>actions/setup-node#1325</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1";>See Release Notes</a></p> <h3>Dependency Upgrades</h3> <ul> <li>Upgrade <code>@octokit/request-error</code> and <code>@actions/github</code> by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1227";>actions/setup-node#1227</a></li> <li>Upgrade uuid from 9.0.1 to 11.1.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1273";>actions/setup-node#1273</a></li> <li>Upgrade undici from 5.28.5 to 5.29.0 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1295";>actions/setup-node#1295</a></li> <li>Upgrade form-data to bring in fix for critical vulnerability by <a href="https://github.com/gowridurgad";><code>@gowridurgad</code></a> in <a href="https://redirect.github.com/actions/setup-node/pull/1332";>actions/setup-node#1332</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-node/pull/1345";>actions/setup-node#1345</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/priya-kinthali";><code>@priya-kinthali</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1348";>actions/setup-node#1348</a></li> <li><a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-node/pull/1325";>actions/setup-node#1325</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-node/compare/v4...v5.0.0";>https://github.com/actions/setup-node/compare/v4...v5.0.0</a></p> <h2>v4.4.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-node/commit/2028fbc5c25fe9cf00d9f06a71cc4710d4507903";><code>2028fbc</code></a> Limit automatic caching to npm, update workflows and documentation (<a href="https://redirect.github.com/actions/setup-node/issues/1374";>#1374</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/13427813f706a0f6c9b74603b31103c40ab1c35a";><code>1342781</code></a> Bump actions/publish-action from 0.3.0 to 0.4.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1362";>#1362</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/89d709d423dc495668cd762a18dd4a070611be3f";><code>89d709d</code></a> Bump prettier from 2.8.8 to 3.6.2 (<a href="https://redirect.github.com/actions/setup-node/issues/1334";>#1334</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/cd2651c46231bc0d6f48d6b34433b845331235fe";><code>cd2651c</code></a> Bump ts-jest from 29.1.2 to 29.4.1 (<a href="https://redirect.github.com/actions/setup-node/issues/1336";>#1336</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/a0853c24544627f65ddf259abe73b1d18a591444";><code>a0853c2</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-node/issues/1345";>#1345</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/b7234cc9fe124f0f4932554b4e5284543083ae7b";><code>b7234cc</code></a> Upgrade action to use node24 (<a href="https://redirect.github.com/actions/setup-node/issues/1325";>#1325</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/d7a11313b581b306c961b506cfc8971208bb03f6";><code>d7a1131</code></a> Enhance caching in setup-node with automatic package manager detection (<a href="https://redirect.github.com/actions/setup-node/issues/1348";>#1348</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/5e2628c959b9ade56971c0afcebbe5332d44b398";><code>5e2628c</code></a> Bumps form-data (<a href="https://redirect.github.com/actions/setup-node/issues/1332";>#1332</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/65beceff8e91358525397bdce9103d999507ab03";><code>65becef</code></a> Bump undici from 5.28.5 to 5.29.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1295";>#1295</a>)</li> <li><a href="https://github.com/actions/setup-node/commit/7e24a656e1c7a0d6f3eaef8d8e84ae379a5b035b";><code>7e24a65</code></a> Bump uuid from 9.0.1 to 11.1.0 (<a href="https://redirect.github.com/actions/setup-node/issues/1273";>#1273</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-node/compare/v4...v6";>compare view</a></li> </ul> </details> <br /> Updates `actions/setup-python` from 5 to 6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-python/releases";>actions/setup-python's releases</a>.</em></p> <blockquote> <h2>v6.0.0</h2> <h2>What's Changed</h2> <h3>Breaking Changes</h3> <ul> <li>Upgrade to node 24 by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1164";>actions/setup-python#1164</a></li> </ul> <p>Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. <a href="https://github.com/actions/runner/releases/tag/v2.327.1";>See Release Notes</a></p> <h3>Enhancements:</h3> <ul> <li>Add support for <code>pip-version</code> by <a href="https://github.com/priyagupta108";><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1129";>actions/setup-python#1129</a></li> <li>Enhance reading from .python-version by <a href="https://github.com/krystof-k";><code>@krystof-k</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/787";>actions/setup-python#787</a></li> <li>Add version parsing from Pipfile by <a href="https://github.com/aradkdj";><code>@aradkdj</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1067";>actions/setup-python#1067</a></li> </ul> <h3>Bug fixes:</h3> <ul> <li>Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1183";>actions/setup-python#1183</a></li> <li>Change missing cache directory error to warning by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1182";>actions/setup-python#1182</a></li> <li>Add Architecture-Specific PATH Management for Python with --user Flag on Windows by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1122";>actions/setup-python#1122</a></li> <li>Include python version in PyPy python-version output by <a href="https://github.com/cdce8p";><code>@cdce8p</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1110";>actions/setup-python#1110</a></li> <li>Update docs: clarification on pip authentication with setup-python by <a href="https://github.com/priya-kinthali";><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1156";>actions/setup-python#1156</a></li> </ul> <h3>Dependency updates:</h3> <ul> <li>Upgrade idna from 2.9 to 3.7 in /<strong>tests</strong>/data by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-python/pull/843";>actions/setup-python#843</a></li> <li>Upgrade form-data to fix critical vulnerabilities <a href="https://redirect.github.com/actions/setup-python/issues/182";>#182</a> & <a href="https://redirect.github.com/actions/setup-python/issues/183";>#183</a> by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1163";>actions/setup-python#1163</a></li> <li>Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1165";>actions/setup-python#1165</a></li> <li>Upgrade actions/checkout from 4 to 5 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-python/pull/1181";>actions/setup-python#1181</a></li> <li>Upgrade <code>@actions/tool-cache</code> from 2.0.1 to 2.0.2 by <a href="https://github.com/dependabot";><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/setup-python/pull/1095";>actions/setup-python#1095</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/krystof-k";><code>@krystof-k</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/787";>actions/setup-python#787</a></li> <li><a href="https://github.com/cdce8p";><code>@cdce8p</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1110";>actions/setup-python#1110</a></li> <li><a href="https://github.com/aradkdj";><code>@aradkdj</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-python/pull/1067";>actions/setup-python#1067</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v6.0.0";>https://github.com/actions/setup-python/compare/v5...v6.0.0</a></p> <h2>v5.6.0</h2> <h2>What's Changed</h2> <ul> <li>Workflow updates related to Ubuntu 20.04 by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1065";>actions/setup-python#1065</a></li> <li>Fix for Candidate Not Iterable Error by <a href="https://github.com/aparnajyothi-y";><code>@aparnajyothi-y</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1082";>actions/setup-python#1082</a></li> <li>Upgrade semver and <code>@types/semver</code> by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1091";>actions/setup-python#1091</a></li> <li>Upgrade prettier from 2.8.8 to 3.5.3 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1046";>actions/setup-python#1046</a></li> <li>Upgrade ts-jest from 29.1.2 to 29.3.2 by <a href="https://github.com/dependabot";><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1081";>actions/setup-python#1081</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-python/compare/v5...v5.6.0";>https://github.com/actions/setup-python/compare/v5...v5.6.0</a></p> <h2>v5.5.0</h2> <h2>What's Changed</h2> <h3>Enhancements:</h3> <ul> <li>Support free threaded Python versions like '3.13t' by <a href="https://github.com/colesbury";><code>@colesbury</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/973";>actions/setup-python#973</a></li> <li>Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade <code>@action/cache</code> from 4.0.0 to 4.0.3 by <a href="https://github.com/priya-kinthali";><code>@priya-kinthali</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1056";>actions/setup-python#1056</a></li> <li>Add support for .tool-versions file in setup-python by <a href="https://github.com/mahabaleshwars";><code>@mahabaleshwars</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1043";>actions/setup-python#1043</a></li> </ul> <h3>Bug fixes:</h3> <ul> <li>Fix architecture for pypy on Linux ARM64 by <a href="https://github.com/mayeut";><code>@mayeut</code></a> in <a href="https://redirect.github.com/actions/setup-python/pull/1011";>actions/setup-python#1011</a> This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-python/commit/e797f83bcb11b83ae66e0230d6156d7c80228e7c";><code>e797f83</code></a> Upgrade to node 24 (<a href="https://redirect.github.com/actions/setup-python/issues/1164";>#1164</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/3d1e2d2ca0a067f27da6fec484fce7f5256def85";><code>3d1e2d2</code></a> Revert "Enhance cache-dependency-path handling to support files outside the w...</li> <li><a href="https://github.com/actions/setup-python/commit/65b071217a8539818fdb8b54561bcbae40380a54";><code>65b0712</code></a> Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...</li> <li><a href="https://github.com/actions/setup-python/commit/5b668cf7652160527499ee14ceaff4be9306cb88";><code>5b668cf</code></a> Bump actions/checkout from 4 to 5 (<a href="https://redirect.github.com/actions/setup-python/issues/1181";>#1181</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/f62a0e252fe7114e86949abfa6e1e89f85bb38c2";><code>f62a0e2</code></a> Change missing cache directory error to warning (<a href="https://redirect.github.com/actions/setup-python/issues/1182";>#1182</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/9322b3ca74000aeb2c01eb777b646334015ddd72";><code>9322b3c</code></a> Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...</li> <li><a href="https://github.com/actions/setup-python/commit/fbeb884f69f0ac1c0257302f62aa524c2824b649";><code>fbeb884</code></a> Bump form-data to fix critical vulnerabilities <a href="https://redirect.github.com/actions/setup-python/issues/182";>#182</a> & <a href="https://redirect.github.com/actions/setup-python/issues/183";>#183</a> (<a href="https://redirect.github.com/actions/setup-python/issues/1163";>#1163</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/03bb6152f4f691b9d64579a1bd791904a083c452";><code>03bb615</code></a> Bump idna from 2.9 to 3.7 in /<strong>tests</strong>/data (<a href="https://redirect.github.com/actions/setup-python/issues/843";>#843</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/36da51d563b70a972897150555bb025096d65565";><code>36da51d</code></a> Add version parsing from Pipfile (<a href="https://redirect.github.com/actions/setup-python/issues/1067";>#1067</a>)</li> <li><a href="https://github.com/actions/setup-python/commit/3c6f142cc0036d53007e92fa1e327564a4cfb7aa";><code>3c6f142</code></a> update documentation (<a href="https://redirect.github.com/actions/setup-python/issues/1156";>#1156</a>)</li> <li>Additional commits viewable in <a href="https://github.com/actions/setup-python/compare/v5...v6";>compare view</a></li> </ul> </details> <br /> Updates `astral-sh/setup-uv` from 6 to 7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases";>astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v7.0.0 🌈 node24 and a lot of bugfixes</h2> <h2>Changes</h2> <p>This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.</p> <p>This release also removes the deprecated input <code>server-url</code> which was used to download uv releases from a different server. The <a href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#manifest-file";>manifest-file</a> input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.</p> <h3>Fixes</h3> <ul> <li>The action now respects when the environment variable <code>UV_CACHE_DIR</code> is already set and does not overwrite it. It now also finds <a href="https://docs.astral.sh/uv/reference/settings/#cache-dir";>cache-dir</a> settings in config files if you set them.</li> <li>Some users encountered problems that <a href="https://github.com/astral-sh/setup-uv?tab=readme-ov-file#disable-cache-pruning";>cache pruning</a> took forever because they had some <code>uv</code> processes running in the background. Starting with uv version <code>0.8.24</code> this action uses <code>uv cache prune --ci --force</code> to ignore the running processes</li> <li>If you just want to install uv but not have it available in path, this action now respects <code>UV_NO_MODIFY_PATH</code></li> <li>Some other actions also set the env var <code>UV_CACHE_DIR</code>. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.</li> </ul> <h3>Improvements</h3> <p>If you are using minimum version specifiers for the version of uv to install for example</p> <pre lang="toml"><code>[tool.uv] required-version = ">=0.8.17" </code></pre> <p>This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.</p> <p>If you are using other specifiers like <code>0.8.x</code> this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.</p> <h2>🚨 Breaking changes</h2> <ul> <li>Use node24 instead of node20 <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/608";>#608</a>)</li> <li>Remove deprecated input server-url <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/607";>#607</a>)</li> </ul> <h2>🐛 Bug fixes</h2> <ul> <li>Respect UV_CACHE_DIR and cache-dir <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/612";>#612</a>)</li> <li>Use --force when pruning cache <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/611";>#611</a>)</li> <li>Respect UV_NO_MODIFY_PATH <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/603";>#603</a>)</li> <li>Warn when <code>UV_CACHE_DIR</code> has changed <a href="https://github.com/jamesbraza";><code>@jamesbraza</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/601";>#601</a>)</li> </ul> <h2>🚀 Enhancements</h2> <ul> <li>Shortcut to latest version for minimum version specifier <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/598";>#598</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>Bump dependencies <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/613";>#613</a>)</li> <li>Fix test-uv-no-modify-path <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/604";>#604</a>)</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/setup-uv/commit/85856786d1ce8acfbcc2f13a5f3fbd6b938f9f41";><code>8585678</code></a> Bump dependencies (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/664";>#664</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/22d500a65c34c827ebc95094040adcee254e92fa";><code>22d500a</code></a> Bump github/codeql-action from 4.30.8 to 4.30.9 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/652";>#652</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/14d557131df7147286f7ce93a5b6b0189f8e1bc3";><code>14d5571</code></a> chore: update known checksums for 0.9.5 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/663";>#663</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/29cd2350cd44d155ed44d0eba0e1b63d07fb3b69";><code>29cd235</code></a> Use tar for extracting the uv zip file on Windows too (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/660";>#660</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/2ddd2b9cb38ad8efd50337e8ab201519a34c9f24";><code>2ddd2b9</code></a> chore: update known checksums for 0.9.4 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/651";>#651</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/b7bf78939d77607a9ccb489e4ec4651ba1092d5c";><code>b7bf789</code></a> Fix "lowest" resolution strategy with lower-bound only (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/649";>#649</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/cb6c0a53d9c61608defba05145184489d20183b2";><code>cb6c0a5</code></a> Change version in docs to v7 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/647";>#647</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/dffc6292f2060d80116faf1baee66598a67f042c";><code>dffc629</code></a> Use working-directory to detect empty workdir (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/645";>#645</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/6e346e1653b720be5aaa194026b82bdef65869c7";><code>6e346e1</code></a> chore: update known checksums for 0.9.3 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/644";>#644</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/3ccd0fd498ef6303a98d4125859aae05eedf6294";><code>3ccd0fd</code></a> Bump github/codeql-action from 4.30.7 to 4.30.8 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/639";>#639</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/setup-uv/compare/v6...v7";>compare view</a></li> </ul> </details> <br /> Updates `r-lib/actions` from 2.11.3 to 2.11.4 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/r-lib/actions/blob/v2-branch/NEWS.md";>r-lib/actions's changelog</a>.</em></p> <blockquote> <h1><code>v2.11.4</code> (2025-10-08)</h1> <ul> <li><code>[setup-r]</code> correctly installs Rtools again on aarch64 Windows, as needed.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/r-lib/actions/commit/6f6e5bc62fba3a704f74e7ad7ef7676c5c6a2590";><code>6f6e5bc</code></a> Update NEWS and docs before release (<a href="https://redirect.github.com/r-lib/actions/issues/1026";>#1026</a>)</li> <li><a href="https://github.com/r-lib/actions/commit/ef7bc5ca2041d628feea5fc2c60fc0ceca18c436";><code>ef7bc5c</code></a> Support aarch64 Windows (<a href="https://redirect.github.com/r-lib/actions/issues/1025";>#1025</a>)</li> <li><a href="https://github.com/r-lib/actions/commit/ab09ddf037935d46c478530ed1e2031026f3460e";><code>ab09ddf</code></a> r-devel-test.yaml: allow linux and windows aarch64</li> <li><a href="https://github.com/r-lib/actions/commit/6b49fefb2846ed3e5e6e58366e7f7dfe01377f02";><code>6b49fef</code></a> Clarify upgrade values (<a href="https://redirect.github.com/r-lib/actions/issues/1004";>#1004</a>)</li> <li><a href="https://github.com/r-lib/actions/commit/4f58f8ffa872cbd4cb016c51ec497fdbe0a02711";><code>4f58f8f</code></a> Fix a few typos (<a href="https://redirect.github.com/r-lib/actions/issues/1000";>#1000</a>)</li> <li>See full diff in <a href="https://github.com/r-lib/actions/compare/v2.11.3...v2.11.4";>compare view</a></li> </ul> </details> <br /> Updates `actions/upload-artifact` from 4 to 5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases";>actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <p><strong>BREAKING CHANGE:</strong> this update supports Node <code>v24.x</code>. This is not a breaking change per-se but we're treating it as such.</p> <ul> <li>Update README.md by <a href="https://github.com/GhadimiR";><code>@GhadimiR</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/681";>actions/upload-artifact#681</a></li> <li>Update README.md by <a href="https://github.com/nebuk89";><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/712";>actions/upload-artifact#712</a></li> <li>Readme: spell out the first use of GHES by <a href="https://github.com/danwkennedy";><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/727";>actions/upload-artifact#727</a></li> <li>Update GHES guidance to include reference to Node 20 version by <a href="https://github.com/patrikpolyak";><code>@patrikpolyak</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/725";>actions/upload-artifact#725</a></li> <li>Bump <code>@actions/artifact</code> to <code>v4.0.0</code></li> <li>Prepare <code>v5.0.0</code> by <a href="https://github.com/danwkennedy";><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/734";>actions/upload-artifact#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/GhadimiR";><code>@GhadimiR</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/681";>actions/upload-artifact#681</a></li> <li><a href="https://github.com/nebuk89";><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/712";>actions/upload-artifact#712</a></li> <li><a href="https://github.com/danwkennedy";><code>@danwkennedy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/727";>actions/upload-artifact#727</a></li> <li><a href="https://github.com/patrikpolyak";><code>@patrikpolyak</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/725";>actions/upload-artifact#725</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v5.0.0";>https://github.com/actions/upload-artifact/compare/v4...v5.0.0</a></p> <h2>v4.6.2</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.3.2 package & prepare for new upload-artifact release by <a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/685";>actions/upload-artifact#685</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc";><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/685";>actions/upload-artifact#685</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.2";>https://github.com/actions/upload-artifact/compare/v4...v4.6.2</a></p> <h2>v4.6.1</h2> <h2>What's Changed</h2> <ul> <li>Update to use artifact 2.2.2 package by <a href="https://github.com/yacaovsnc";><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/673";>actions/upload-artifact#673</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.1";>https://github.com/actions/upload-artifact/compare/v4...v4.6.1</a></p> <h2>v4.6.0</h2> <h2>What's Changed</h2> <ul> <li>Expose env vars to control concurrency and timeout by <a href="https://github.com/yacaovsnc";><code>@yacaovsnc</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/662";>actions/upload-artifact#662</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v4...v4.6.0";>https://github.com/actions/upload-artifact/compare/v4...v4.6.0</a></p> <h2>v4.5.0</h2> <h2>What's Changed</h2> <ul> <li>fix: deprecated <code>Node.js</code> version in action by <a href="https://github.com/hamirmahal";><code>@hamirmahal</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/578";>actions/upload-artifact#578</a></li> <li>Add new <code>artifact-digest</code> output by <a href="https://github.com/bdehamer";><code>@bdehamer</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/656";>actions/upload-artifact#656</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/hamirmahal";><code>@hamirmahal</code></a> made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/578";>actions/upload-artifact#578</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/upload-artifact/commit/330a01c490aca151604b8cf639adc76d48f6c5d4";><code>330a01c</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/734";>#734</a> from actions/danwkennedy/prepare-5.0.0</li> <li><a href="https://github.com/actions/upload-artifact/commit/03f282445299bbefc96171af272a984663b63a26";><code>03f2824</code></a> Update <code>github.dep.yml</code></li> <li><a href="https://github.com/actions/upload-artifact/commit/905a1ecb5915b264cbc519e4eb415b5d82916018";><code>905a1ec</code></a> Prepare <code>v5.0.0</code></li> <li><a href="https://github.com/actions/upload-artifact/commit/2d9f9cdfa99fedaddba68e9b5b5c281eca26cc63";><code>2d9f9cd</code></a> Merge p... _Description has been truncated_ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
