Skip to content

build(deps): bump the github-actions group across 1 directory with 3 updates#1321

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/github-actions-95332d4214
Open

build(deps): bump the github-actions group across 1 directory with 3 updates#1321
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/github-actions-95332d4214

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 13, 2026
edited
Loading

Bumps the github-actions group with 3 updates in the / directory: hynek/build-and-inspect-python-package, pypa/gh-action-pypi-publish and softprops/action-gh-release.

Updates hynek/build-and-inspect-python-package from 2.14 to 2.17

Release notes

Sourced from hynek/build-and-inspect-python-package's releases.

v2.17.0

Fixed

  • The action now passes Zizmor in pedantic mode. #212

v2.16.0

Added

  • New include-free-threaded input. When set to 'true', free-threaded Python siblings (for example, 3.14t) are included in the version outputs for Python 3.14 and later, inserted inline after each matching version. #208

v2.15.0

Added

  • The Python version used to build the package can now be configured using the python-version input. #191
Changelog

Sourced from hynek/build-and-inspect-python-package's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

2.17.0 - 2026-03-27

Fixed

  • The action now passes Zizmor in pedantic mode. #212

2.16.0 - 2026-03-26

Added

  • New include-free-threaded input. When set to 'true', free-threaded Python siblings (for example, 3.14t) are included in the version outputs for Python 3.14 and later, inserted inline after each matching version. #208

2.15.0 - 2026-03-19

Added

  • The Python version used to build the package can now be configured using the python-version input. #191

Changed

  • Pick Python version explictly instead of "3.x" to prevent incompatibily problems like #182 in the future.

2.14.0 - 2025-10-11

Changed

  • Update tools such that they work on Python 3.14 (which is now 3.x on GitHub Actions). #182

  • The action now ignores UV_PYTHON coming from the outside. #184

... (truncated)

Commits
  • fe0a0fb v2.17.0
  • 53f0dea Access ENV variable directly (#216)
  • 2ada6ad Let Zizmor collect all
  • c587d90 ci: make ci-supported-python.yml pass pedantic Zizmor
  • e943986 ci: make ci.yml pass pedantic Zizmor
  • dd13d25 Explain write
  • 3579e59 Switch Zizmor to pedantic
  • 969aa25 update: no permissions by default
  • c9b743b The action is, in fact, useless
  • 28c7e15 update: actually do persist dependencies
  • Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

Commits
  • cef2210 Merge pull request #397 from whitequark/patch-1
  • b4595e2 Enable verbose and print-hash by default.
  • e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
  • 7495c38 docs: fix typos and grammar in README and SECURITY
  • 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
  • 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
  • b5a6e8b deps: bump sigstore and pypi-attestations
  • a48a03e remove another experimental mention
  • 8087a88 action: remove a lingering mention of PEP 740 being experimental
  • 3317ede 🧪 Integrate actionlint via pre-commit framework
  • Additional commits viewable in compare view

Updates softprops/action-gh-release from 2 to 3

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

  • fix issue with multiple runs concatenating release bodies #145
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 13, 2026
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-95332d4214 branch from 5399a79 to c7d50d7 Compare April 20, 2026 20:12
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-95332d4214 branch from c7d50d7 to fb255a5 Compare April 27, 2026 22:02
@dependabot
build(deps): bump the github-actions group across 1 directory with 3 …
c1d6651 
…updates

Bumps the github-actions group with 3 updates in the / directory: [hynek/build-and-inspect-python-package](https://github.com/hynek/build-and-inspect-python-package), [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `hynek/build-and-inspect-python-package` from 2.14 to 2.17
- [Release notes](https://github.com/hynek/build-and-inspect-python-package/releases)
- [Changelog](https://github.com/hynek/build-and-inspect-python-package/blob/main/CHANGELOG.md)
- [Commits](hynek/build-and-inspect-python-package@v2.14...v2.17)

Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@v1.13.0...v1.14.0)

Updates `softprops/action-gh-release` from 2 to 3
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@v2...v3)

---
updated-dependencies:
- dependency-name: hynek/build-and-inspect-python-package
  dependency-version: '2.17'
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-version: '3'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/github-actions-95332d4214 branch from fb255a5 to c1d6651 Compare May 4, 2026 22:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants