Skip to content

chore: bump the actions group with 2 updates#231

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions-94fbc28bfc
Open

chore: bump the actions group with 2 updates#231
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/actions-94fbc28bfc

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 8, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 2 updates: astral-sh/setup-uv and pypa/cibuildwheel.

Updates astral-sh/setup-uv from 8.1.0 to 8.2.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.2.0 🌈 New inputs quiet and download-from-astral-mirror

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • fac544c chore(deps): roll up dependabot updates (#903)
  • 7390f77 docs: update dependabot rollup biome guidance (#902)
  • 363c64a chore(deps): roll up dependabot updates (#901)
  • c4fcbaf chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1 (#900)
  • 8e642c5 chore: update known checksums for 0.11.18 (#899)
  • a92cb43 Add quiet input to suppress info-level log output (#898)
  • e07f2ac chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2 (#842)
  • bc4034e chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (#893)
  • df42d4f chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#891)
  • b9c8c4c feat: add download-from-astral-mirror input (#897)
  • Additional commits viewable in compare view

Updates pypa/cibuildwheel from 3.4 to 4.0

Release notes

Sourced from pypa/cibuildwheel's releases.

v4.0.0

See @​henryiii's release post for more info on new features!

  • 🌟 Adds wheel auditing with abi3audit as a default after the repair step, with new audit-requires and audit-command options (#2805)

  • 🌟 Adds pyemscripten platform tag support (PEP 783), updates Pyodide to 314.0.0a2, and adds a pyodide-eol enable flag for building end-of-life Pyodide versions (#2812, #2848)

  • 🌟 Sets up delvewheel as the default repair-wheel-command for Windows, so extension module DLLs are now bundled automatically. Skip by setting it to empty if not needed. (#2831)

  • ✨ Adds CPython 3.15 support, under the enable option cpython-prerelease. This version of cibuildwheel uses 3.15.0b2. (#2833, #2850)

    While CPython is in beta, the ABI can change, so your wheels might not be compatible with the final release. For this reason, we don't recommend distributing wheels until RC1, at which point 3.15 will be available in cibuildwheel without the flag.

  • ✨ Adds CPython 3.15 support for iOS and Android (#2857, #2858)

  • ✨ Adds Android improvements for building NumPy and related packages, including auditwheel support, pkg-config and Fortran configuration, and the xbuild-files option (#2695)

  • ✨ Adds CIBUILDWHEEL_BUILD_IDENTIFIER environment variable set to the current build identifier (e.g. cp311-manylinux_x86_64) during per-build steps (#2872)

  • ✨ Adds {project} and {package} placeholders to config-settings (#2827)

  • ⚠️ Drops support for Python 3.8 (#2686)

  • ⚠️ Removes the experimental CPython 3.13 free-threading builds and the cpython-freethreading enable option. CPython 3.14+ free-threading support remains available without the enable flag. (#2684)

  • ⚠️ Drops support for Cirrus CI, which is shutting down June 1, 2026 (#2817)

  • ⚠️ Drops GraalPy 3.11 (gp311) support, as agreed in #2741, and removes GraalPy 24-only workarounds (#2895)

  • 🔐 Adds SHA256 verification for direct downloads of Python interpreters, virtualenv, and python-build-standalone assets (#2873)

  • 🔐 Adds tarfile extraction filter for safe archive extraction (#2856)

  • 🐛 Fixes UV_PYTHON not being set for before-build on Linux when using uv as the build-frontend (#2830)

  • 🐛 Fixes detection of musl libc when downloading python-build-standalone, which previously always selected the gnu asset on musl hosts like Alpine (#2889)

  • 🐛 Fixes config-settings expansion when {project} or {package} contains spaces or backslashes (#2886)

  • 🐛 Prevents deadlock when linux32 fails and forwards platform args to the sanity check (#2880, #2888)

  • 🐛 Fixes container resource leaks on start failure and during teardown (#2879, #2887)

  • 🐛 Removes potential partial cache-population in case of error (#2892)

  • 🐛 Raises a clear error when ANDROID_API_LEVEL is not an integer (#2891)

  • 🐛 Replaces assert with proper exception in python-build-standalone (#2859)

  • 🐛 Uses ConfigurationError when package_dir is outside cwd instead of a generic Exception (#2898)

  • 🛠 Updates dependencies and container pins (#2893, #2882, #2874, #2868, #2862, #2884, #2845, #2837, #2818, #2810, #2838, #2813)

  • 🛠 Updates Android to Python 3.13.13 and 3.14.4 (#2821)

  • 🛠 Applies Pyodide-specific patches to the Emscripten toolchain installation (#2800)

  • 🛠 Uses python -V -V for Windows build diagnostics (#2832)

  • 🛠 Simplifies pinned container image lookup (#2897)

  • 🛠 Minor fixups across error messages, OCI container, and options (#2860)

  • 💼 Adds PEP 723 metadata for bin/ scripts and drops the bin dependency group (#2819)

  • 💼 Improves Azure test reliability with retries and caching (#2890)

  • 💼 Fixes Windows GitLab CI test running (#2870)

  • 💼 Updates CI action pins and dev dependencies (#2902, #2867, #2851, #2843, #2826, #2823, #2820, #2807)

  • 💼 Adds agent and copilot setup files (#2861)

  • 💼 Uses if TYPE_CHECKING: blocks (#2866, #2864)

  • 🧪 Fixes Android tests using the uv frontend (#2809)

  • 🧪 Fixes the update-dependencies workflow to use uv to run nox (#2808)

  • 🧪 Adds unit tests for OCIContainer._get_platform_args (#2878)

  • 📚 Updates documentation for delvewheel as the default Windows repair-wheel-command, including the build diagram, schema defaults, and legal note (#2877, #2853, #2891)

  • 📚 Documents platform-specific before-build configuration (#2834)

  • 📚 Updates the "How it works" diagram with details of Android, iOS, and Pyodide builds (#2816)

  • 📚 Adds Pyodide icon and regenerates working examples data for Android, iOS, and Pyodide (#2815, #2811)

  • 📚 Adds intersphinx support for external documentation linking (#2871)

  • 📚 Adds instructions for building CUDA wheels and fixes manylinux container references in FAQ (#2896, #2900)

... (truncated)

Changelog

Sourced from pypa/cibuildwheel's changelog.

v2.23.4

16 March 2026

v2.23.3

26 April 2025

  • 🛠 Dependency updates, including Python 3.13.3 (#2371)

v2.23.2

24 March 2025

  • 🐛 Workaround an issue with pyodide builds when running cibuildwheel with a Python that was installed via UV (#2328 via #2331)
  • 🛠 Dependency updates, including a manylinux update that fixes an 'undefined symbol' error in gcc-toolset (#2334)

v2.23.1

15 March 2025

  • ⚠️ Added warnings when the shorthand values manylinux1, manylinux2010, manylinux_2_24, and musllinux_1_1 are used to specify the images in linux builds. The shorthand to these (unmaintainted) images will be removed in v3.0. If you want to keep using these images, explicitly opt-in using the full image URL, which can be found in this file. (#2312)
  • 🛠 Dependency updates, including a manylinux update which fixes an issue with rustup. (#2315)

v2.23.0

1 March 2025

  • ✨ Adds official support for the new GitHub Actions Arm runners. In fact these worked out-of-the-box, now we include them in our tests and example configs. (#2135 via #2281)
  • ✨ Adds support for building PyPy 3.11 wheels (#2268 via #2281)
  • 🛠 Adopts the beta pypa/manylinux image for armv7l builds (#2269 via #2281)
  • 🛠 Dependency updates, including Pyodide 0.27 (#2117 and #2281)

v2.22.0

23 November 2024

  • 🌟 Added a new CIBW_ENABLE/enable feature that replaces CIBW_FREETHREADED_SUPPORT/free-threaded-support and CIBW_PRERELEASE_PYTHONS with a system that supports both. In cibuildwheel 3, this will also include a PyPy setting and the deprecated options will be removed. (#2048)
  • 🌟 Dependency groups are now supported for tests. Use CIBW_TEST_GROUPS/test-groups to specify groups in [dependency-groups] for testing. (#2063)
  • 🌟 Support for the experimental Ubuntu-based ARMv7l manylinux image (#2052)
  • ✨ Show a warning when cibuildwheel is run from Python 3.10 or older; cibuildwheel 3.0 will require Python 3.11 or newer as host (#2050)
  • 🐛 Fix issue with stderr interfering with checking the docker version (#2074)
  • 🛠 Python 3.9 is now used in CIBW_BEFORE_ALL/before-all on linux, replacing 3.8, which is now EoL (#2043)
  • 🛠 Error messages for producing a pure-Python wheel are slightly more informative (#2044)
  • 🛠 Better error when uname -m fails on ARM (#2049)
  • 🛠 Better error when repair fails and docs for abi3audit on Windows (#2058)
  • 🛠 Better error when manylinux-interpreters ensure fails (#2066)
  • 🛠 Update Pyodide to 0.26.4, and adapt to the unbundled pyodide-build (now 0.29) (#2090)

... (truncated)

Commits
  • f03ac76 Bump version: v4.0.0
  • 557c5f6 feat: remove GraalPy 3.11 (gp311) support (#2895)
  • 70975c2 chore: use ConfigurationError when package_dir is outside cwd (#2898)
  • e2f143c chore(deps): bump docker/setup-qemu-action from 4.0.0 to 4.1.0 in the actions...
  • 866ae74 docs: fix CUDA manylinux container references in FAQ (#2900)
  • 84b518a chore: simplify pinned image lookup (#2897)
  • 785d812 docs: add instructions for building CUDA wheels (#2896)
  • f6bd047 Bump version: v4.0.0rc2
  • 6cd2d19 fix: remove potential partial cache-population in case of error (#2892)
  • cdb170b [Bot] Update dependencies (#2893)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore: bump the actions group with 2 updates
9f6994e 
Bumps the actions group with 2 updates: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel).


Updates `astral-sh/setup-uv` from 8.1.0 to 8.2.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@v8.1.0...v8.2.0)

Updates `pypa/cibuildwheel` from 3.4 to 4.0
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md)
- [Commits](pypa/cibuildwheel@v3.4...v4.0)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: pypa/cibuildwheel
  dependency-version: '4.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jun 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants