Bump the github-actions group with 11 updates

[dependabot]

Bumps the github-actions group with 11 updates:

Package	From	To
actions/checkout	4.1.1	4.1.2
actions/setup-node	4.0.1	4.0.2
actions/upload-artifact	4.3.0	4.3.1
actions/download-artifact	4.1.1	4.1.4
docker/setup-buildx-action	3.0.0	3.1.0
docker/build-push-action	5.1.0	5.2.0
pypa/gh-action-pypi-publish	1.8.11	1.8.14
peter-evans/create-pull-request	6.0.0	6.0.2
softprops/action-gh-release	1	2
reviewdog/action-suggester	1.10.0	1.11.0
github/codeql-action	3.24.0	3.24.7

Updates actions/checkout from 4.1.1 to 4.1.2

Release notes

Sourced from actions/checkout's releases.

v4.1.2

We are investigating the following issue with this release and have rolled-back the v4 tag to point to v4.1.1

• sparse-checkout is not available on git versions prior to 2.27.0 (see actions/checkout#1651)

What's Changed

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598
• Bump tough-cookie from 4.0.0 to 4.1.3 by @​dependabot in actions/checkout#1406
• Bump @​babel/traverse from 7.20.5 to 7.24.0 by @​dependabot in actions/checkout#1642

New Contributors

• @​jww3 made their first contribution in actions/checkout#1616

Full Changelog: actions/checkout@v4.1.1...v4.1.2

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.1.2

• Fix: Disable sparse checkout whenever sparse-checkout option is not present @​dscho in actions/checkout#1598

v4.1.1

• Correct link to GitHub Docs by @​peterbe in actions/checkout#1511
• Link to release page from what's new section by @​cory-miller in actions/checkout#1514

v4.1.0

• Add support for partial checkout filters

v4.0.0

• Support fetching without the --progress option
• Update to node20

v3.6.0

• Fix: Mark test scripts with Bash'isms to be run via Bash
• Add option to fetch tags even if fetch-depth > 0

v3.5.3

• Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in
• Fix typos found by codespell
• Add support for sparse checkouts

v3.5.2

• Fix api endpoint for GHES

v3.5.1

• Fix slow checkout on Windows

v3.5.0

• Add new public key for known_hosts

v3.4.0

• Upgrade codeql actions to v2
• Upgrade dependencies
• Upgrade @​actions/io

v3.3.0

• Implement branch list using callbacks from exec function
• Add in explicit reference to private checkout options
• [Fix comment typos (that got added in #770)](actions/checkout#1057)

v3.2.0

• Add GitHub Action to perform release
• Fix status badge
• Replace datadog/squid with ubuntu/squid Docker image
• Wrap pipeline commands for submoduleForeach in quotes
• Update @​actions/io to 1.1.2

... (truncated)

Commits

• 9bb5618 Prep for release of v4.1.2 (#1649)
• 8eb1f6a Bump @​babel/traverse from 7.20.5 to 7.24.0 (#1642)
• 556e4c3 Bump tough-cookie from 4.0.0 to 4.1.3 (#1406)
• b32f140 Warn on attempts to publish test-ubuntu-git from non-main branch. (#1623)
• 2650dbd Give test-ubuntu-git its own README (#1620)
• aadec89 Explicitly disable sparse checkout unless asked for (#1598)
• df0bcdd Refine workflow for generating test-ubuntu-git (#1617)
• 473055b Create test-ubuntu-git Docker Container for Proxy Tests (#1616)
• See full diff in compare view

Updates actions/setup-node from 4.0.1 to 4.0.2

Release notes

Sourced from actions/setup-node's releases.

v4.0.2

What's Changed

• Add support for volta.extends by @​ThisIsManta in actions/setup-node#921
• Add support for arm64 Windows by @​dmitry-shibanov in actions/setup-node#927

New Contributors

• @​ThisIsManta made their first contribution in actions/setup-node#921

Full Changelog: actions/setup-node@v4.0.1...v4.0.2

Commits

• 60edb5d Add support for arm64 Windows (#927)
• d86ebcd Add support for volta.extends (#921)
• See full diff in compare view

Updates actions/upload-artifact from 4.3.0 to 4.3.1

Release notes

Sourced from actions/upload-artifact's releases.

v4.3.1

• Bump @​actions/artifacts to latest version to include updated GHES host check

Commits

• 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
• f1e993d update artifact license
• 4881bfd updating dist:
• a30777e @​eggyhead
• 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
• 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
• dfa1ab2 fix typo with v3 artifact downloads in migration guide
• d00351b Merge pull request #509 from markmssd/patch-1
• 707f5a7 Update limitation of 10 artifacts upload to 500
• See full diff in compare view

Updates actions/download-artifact from 4.1.1 to 4.1.4

Release notes

Sourced from actions/download-artifact's releases.

v4.1.4

What's Changed

• Update @​actions/artifact by @​bethanyj28 in actions/download-artifact#307

Full Changelog: actions/download-artifact@v4...v4.1.4

v4.1.3

What's Changed

• Update release-new-action-version.yml by @​konradpabjan in actions/download-artifact#292
• Update toolkit dependency with updated unzip logic by @​bethanyj28 in actions/download-artifact#299
• Update @​actions/artifact by @​bethanyj28 in actions/download-artifact#303

New Contributors

• @​bethanyj28 made their first contribution in actions/download-artifact#299

Full Changelog: actions/download-artifact@v4...v4.1.3

v4.1.2

• Bump @​actions/artifacts to latest version to include updated GHES host check

Commits

• c850b93 Merge pull request #307 from bethanyj28/main
• 6fd111f update @​actions/artifact
• 87c5514 Merge pull request #303 from bethanyj28/main
• 47f9ce6 update @​actions/artifact
• 127824d Merge pull request #299 from bethanyj28/main
• 6dd49bf licensed only artifact
• f71c0e3 Revert "licensed"
• 7c63dfd licensed
• 67d37cd Update toolkit
• 3487549 Update release-new-action-version.yml (#292)
• Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.0.0 to 3.1.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v3.1.0

• cache-binary input to enable/disable caching binary to GHA cache backend by @​crazy-max in docker/setup-buildx-action#300
• build(deps): bump @​babel/traverse from 7.17.3 to 7.23.2 in docker/setup-buildx-action#282
• build(deps): bump @​docker/actions-toolkit from 0.12.0 to 0.17.0 in docker/setup-buildx-action#281 docker/setup-buildx-action#284 docker/setup-buildx-action#299
• build(deps): bump uuid from 9.0.0 to 9.0.1 in docker/setup-buildx-action#271
• build(deps): bump undici from 5.26.3 to 5.28.3 in docker/setup-buildx-action#297

Full Changelog: docker/setup-buildx-action@v3.0.0...v3.1.0

Commits

• 0d103c3 Merge pull request #300 from crazy-max/cache-binary
• f19477a chore: update generated content
• a4180f8 cache-binary input to enable/disable caching binary to GHA cache backend
• 5243153 Merge pull request #299 from docker/dependabot/npm_and_yarn/docker/actions-to...
• 3679a54 chore: update generated content
• 37a22a2 build(deps): bump @​docker/actions-toolkit from 0.14.0 to 0.17.0
• 65afe61 Merge pull request #297 from docker/dependabot/npm_and_yarn/undici-5.28.3
• fcb8f72 chore: update generated content
• f62b9a1 Merge pull request #298 from crazy-max/bump-gha
• 74c5b71 bump codecov/codecov-action from 3 to 4
• Additional commits viewable in compare view

Updates docker/build-push-action from 5.1.0 to 5.2.0

Release notes

Sourced from docker/build-push-action's releases.

v5.2.0

• Disable quotes detection for outputs input by @​crazy-max in docker/build-push-action#1074
• Warn about ignored inputs by @​favonia in docker/build-push-action#1019
• Bump @​docker/actions-toolkit from 0.14.0 to 0.18.0 in docker/build-push-action#1070
• Bump undici from 5.26.3 to 5.28.3 in docker/build-push-action#1057

Full Changelog: docker/build-push-action@v5.1.0...v5.2.0

Commits

• af5a7ed Merge pull request #1074 from crazy-max/build-cmd-debug
• 2a85189 chore: update generated content
• 6c20794 disable quotes detection for "outputs" input
• afdf0c0 chore: debug build cmd and args
• 00ae31a Merge pull request #1070 from docker/dependabot/npm_and_yarn/docker/actions-t...
• 701942b chore: update generated content
• 90e54d0 chore(deps): Bump @​docker/actions-toolkit from 0.14.0 to 0.18.0
• 831ca17 Merge pull request #1066 from crazy-max/ci-local-cache
• 6bd0e54 ci: local-cache job to test local cache feature
• b3eddbb Merge pull request #1057 from docker/dependabot/npm_and_yarn/undici-5.28.3
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.8.11 to 1.8.14

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.14

🛠️ Internal Dependencies

Nothing changed feature-wise. The only notable update is that the underlying container runtime now uses Python 3.12 and pip has been updated to v24.0 there. This is should go unnoticed in terms of behavior. It's just a bit of maintenance burden to be done occasionally by @​webknjaz💰. Enjoy!

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.13...v1.8.14

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

v1.8.13

🐛 What's Fixed

This action is now able to consume and publish distribution packages with Metadata-Version: 2.3 embedded.

🛠️ Internal Dependencies

@​SigureMo💰 sent us a bump of pkginfo version to version 1.10.0 in #219. It's a transitive dependency for us and is not an API-level change but upgrading it has a side effect of letting Twine recognize distribution packages declaring Metadata-Version: 2.3. In particular, it is known to affect distributions built with Maturin >= 1.5.0.

Following that, @​webknjaz💰 upgraded other transitive and direct dependency pins, including, among others, the following notable bumps:

• cryptography == 42.0.5
• id == 1.3.0
• readme-renderer == 43.0
• Twine == 5.0.0

💪 New Contributors

@​SigureMo made their first contribution in pypa/gh-action-pypi-publish#219

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.12...v1.8.13

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

v1.8.12

💅 Cosmetic Output Improvements

@​woodruffw💰 replaced the notice annotations with simplified debug messages related to authentication methanism selection via #196. The also improved the error clarity during OIDC exchange on PRs from forks via #203.

📝 What's Documented

@​virtuald💰 updated the docs and pointer messages were updated to mention that reusable workflows aren't supported right now in #186 and @​xuanzhi33💰 later corrected the markdown syntax there via #216.

🛠️ Internal Dependencies

• pre-commit linters got autoupdated @ #204
• Cryptography was bumped from 41.0.6 to 42.0.4 @ #210, #213 and #214

⚙️ Secret Stuff

... (truncated)

Commits

• 81e9d93 Bump pip to v24.0 in runtime prerequisites lock
• 91527c4 Regenerate lockfiles with pip-tools v7.4.1
• 3a817c6 Bump action runtime to CPython 3.12
• 741947b Add a config file for pip-tools
• d7af439 Mass-bump transitive dependencies of runtime
• e90ddca Bump readme-renderer to v43.0
• dae7fa3 Bump Twine to v5.0.0
• 0fe04ae Bump id to v1.3.0
• 444e179 Bump cryptography to v42.0.5
• 820be4e Normalize pip-tools' header comment @ runtime.txt
• Additional commits viewable in compare view

Updates peter-evans/create-pull-request from 6.0.0 to 6.0.2

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v6.0.2

⚡ Improves performance in some cases where the action rebases changes on to the specified base.

What's Changed

• build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot in peter-evans/create-pull-request#2797
• build(deps-dev): bump @​types/node from 18.19.18 to 18.19.21 by @​dependabot in peter-evans/create-pull-request#2798
• build(deps-dev): bump @​types/node from 18.19.21 to 18.19.23 by @​dependabot in peter-evans/create-pull-request#2811
• perf: shallow fetch the actual base when rebasing from working base by @​peter-evans in peter-evans/create-pull-request#2816

New Contributors

• @​webmonarch made their first contribution in peter-evans/create-pull-request#2816

Full Changelog: peter-evans/create-pull-request@v6.0.1...v6.0.2

Create Pull Request v6.0.1

⚙️ Fixes an issue where updating a pull request leads to the error Cannot read properties of undefined (reading 'number'). This was likely caused by GitHub fixing a long standing bug with an API endpoint, resulting in a breaking change.

What's Changed

• build(deps-dev): bump @​types/jest from 29.5.11 to 29.5.12 by @​dependabot in peter-evans/create-pull-request#2730
• build(deps-dev): bump prettier from 3.2.4 to 3.2.5 by @​dependabot in peter-evans/create-pull-request#2731
• build(deps-dev): bump @​types/node from 18.19.10 to 18.19.14 by @​dependabot in peter-evans/create-pull-request#2732
• build(deps): bump peter-evans/slash-command-dispatch from 3 to 4 by @​dependabot in peter-evans/create-pull-request#2748
• build(deps): bump peter-evans/create-pull-request from 5 to 6 by @​dependabot in peter-evans/create-pull-request#2747
• build(deps-dev): bump @​types/node from 18.19.14 to 18.19.15 by @​dependabot in peter-evans/create-pull-request#2759
• build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.9.0 by @​dependabot in peter-evans/create-pull-request#2769
• build(deps-dev): bump @​types/node from 18.19.15 to 18.19.17 by @​dependabot in peter-evans/create-pull-request#2768
• build(deps-dev): bump @​types/node from 18.19.17 to 18.19.18 by @​dependabot in peter-evans/create-pull-request#2780
• build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @​dependabot in peter-evans/create-pull-request#2781
• fix: list pulls using the correct head format by @​peter-evans in peter-evans/create-pull-request#2792

Full Changelog: peter-evans/create-pull-request@v6.0.0...v6.0.1

Commits

• 70a41ab perf: shallow fetch the actual base when rebasing from working base (#2816)
• 57a1014 build(deps-dev): bump @​types/node from 18.19.21 to 18.19.23 (#2811)
• b3a2c5d build(deps-dev): bump @​types/node from 18.19.18 to 18.19.21 (#2798)
• 02c7da5 build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 (#2797)
• bac6da8 docs: update description of delete-branch
• a4f52f8 fix: list pulls using the correct head format (#2792)
• 853c071 build(deps-dev): bump eslint from 8.56.0 to 8.57.0 (#2781)
• d2c126e build(deps-dev): bump @​types/node from 18.19.17 to 18.19.18 (#2780)
• 43d39c6 build(deps-dev): bump @​types/node from 18.19.15 to 18.19.17 (#2768)
• 5a9d206 build(deps-dev): bump eslint-plugin-jest from 27.6.3 to 27.9.0 (#2769)
• Additional commits viewable in compare view

Updates softprops/action-gh-release from 1 to 2

Release notes

Sourced from softprops/action-gh-release's releases.

v2.0.0

• update actions.yml declaration to node20 to address warnings

Changelog

Sourced from softprops/action-gh-release's changelog.

2.0.4

• Minor follow up to #417. #425

2.0.3

• Declare make_latest as an input field in action.yml #419

2.0.2

• Revisit approach to #384 making unresolved pattern failures opt-in #417

2.0.1

• Add support for make_latest property #304 via @​samueljseay
• Fail run if files setting contains invalid patterns #384 via @​rpdelaney
• Add support for proxy env variables (don't use node-fetch) #386 via @​timor-raiman
• Suppress confusing warning when input_files is empty #389 via @​Drowze

2.0.0

• 2.0.0!? this release corrects a disjunction between git tag versions used in the marketplace and versions list this file. Previous versions should have really been 1.*. Going forward this should be better aligned.
• Upgrade action.yml declaration to node20 to address deprecations

0.1.15

• Upgrade to action.yml declaration to node16 to address deprecations
• Upgrade dependencies
• Add asset output as a JSON array containing information about the uploaded assets

0.1.14

• provides an new workflow input option generate_release_notes which when set to true will automatically generate release notes for you based on GitHub activity #179. Please see the GitHub docs for this feature for more information

0.1.13

• fix issue with multiple runs concatenating release bodies #145

0.1.12

• fix bug leading to empty strings subsituted for inputs users don't provide breaking api calls #144

0.1.11

• better error message on release create failed #143

0.1.10

• fixed error message formatting for file uploads

... (truncated)

Commits

• 9d7c94c build
• 6ffed59 followup to #417 (#425)
• 1ce812a package script for updating git tag
• 3198ee1 prep release
• 7ee8e06 declare an update docs for make_latest input (#419)
• d99959e prep release
• 0e39c67 make pattern error opt in (#417)
• 20e085c kick off 2.0.1 release
• 9f5c4d3 update changelog
• 0bea76b Add support for make_latest property (#304)
• Additional commits viewable in compare view

Updates reviewdog/action-suggester from 1.10.0 to 1.11.0

Release notes

Sourced from reviewdog/action-suggester's releases.

Release v1.11.0

What's Changed

• chore(deps): update reviewdog/reviewdog to 0.17.1 by @​github-actions in reviewdog/action-suggester#51

Full Changelog: reviewdog/action-suggester@v1.10.0...v1.11.0

Commits

• 3d7fde6 Merge pull request #51 from reviewdog/depup/reviewdog/reviewdog
• 8db15b7 chore(deps): update reviewdog/reviewdog to 0.17.1
• See full diff in compare view

Updates github/codeql-action from 3.24.0 to 3.24.7

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.24.7 - 12 Mar 2024

• Update default CodeQL bundle version to 2.16.4. #2185

3.24.6 - 29 Feb 2024

No user facing changes.

3.24.5 - 23 Feb 2024

• Update default CodeQL bundle version to 2.16.3. #2156

3.24.4 - 21 Feb 2024

• Fix an issue where an existing, but empty, /sys/fs/cgroup/cpuset.cpus file always resulted in a single-threaded run. #2151

3.24.3 - 15 Feb 2024

• Fix an issue where the CodeQL Action would fail to load a configuration specified by the config input to the init Action. #2147

3.24.2 - 15 Feb 2024

• Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. #2141

3.24.1 - 13 Feb 2024

• Update default CodeQL bundle version to 2.16.2. #2124
• The CodeQL action no longer fails if it can't write to the telemetry api endpoint. #2121

3.24.0 - 02 Feb 2024

• CodeQL Python analysis will no longer install dependencies on GitHub Enterprise Server, as is already the case for GitHub.com. See release notes for 3.23.0 for more details. #2106

3.23.2 - 26 Jan 2024

• On Linux, the maximum possible value for the --threads option now respects the CPU count as specified in cgroup files to more accurately reflect the number of available cores when running in containers. #2083
• Update default CodeQL bundle version to 2.16.1. #2096

3.23.1 - 17 Jan 2024

... (truncated)

Commits

• 3ab4101 Merge pull request #2192 from github/update-v3.24.7-5e882999f
• a006adf Update changelog for v3.24.7
• 5e88299 Bump the npm group with 2 updates (#2190)
• 69e120d Merge pull request #2191 from github/henrymercer/use-include-query-help-flag
• 5ec06c7 Use the --sarif-include-query-help option when supported
• caf3779 Update default bundle to 2.16.4 (#2185)
• 532ca54 Fail analyze step by passing an invalid option to database finalize (#2189)
• 2fa207a Merge pull request #2188 from github/henrymercer/prepare-build-mode-help
• 24c3eda Escape named value in input description
• 27a6cd0 Remove experimental qualifiers from build mode input
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.