-
-
Notifications
You must be signed in to change notification settings - Fork 900
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump the github-actions group with 3 updates #1298
Bump the github-actions group with 3 updates #1298
Conversation
Bumps the github-actions group with 3 updates: [actions/setup-python](https://github.com/actions/setup-python), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/setup-python` from 4.7.1 to 5.0.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@65d7f2d...0a5c615) Updates `actions/upload-artifact` from 3.1.3 to 4.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@a8a3f3a...c7d193f) Updates `actions/download-artifact` from 3.0.2 to 4.1.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@9bc31d5...f44cd7b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
@@ -59,6 +59,7 @@ source = ["flask_sqlalchemy", "tests"] | |||
source = ["src", "*/site-packages"] | |||
|
|||
[tool.mypy] | |||
cache_dir = "/dev/null" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you really want this in pyproject.toml though?
Tip: GitHub nowadays also lets you manually remove cache entries via https://github.com/pallets-eco/flask-sqlalchemy/actions/caches
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, I don't, I'm just messing with things trying to understand what's going awry with all our typing calls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ooo thank you! I didn't know about that, I'll poke at that as well.
@dependabot ignore actions/upload-artifact major version |
OK, I won't notify you about version 4.x.x of actions/upload-artifact again, unless you unignore it. |
@dependabot ignore actions/download-artifact major version |
OK, I won't notify you about version 4.x.x of actions/download-artifact again, unless you unignore it. |
Looks like these dependencies are updatable in another way, so this is no longer needed. |
We need to ignore upload-artifact and download-artifact v4 until slsa-generator uses v4 instead of v3. Otherwise, the provenance doesn't get downloaded to be included in the release. |
@davidism Ah, got it, thanks for commenting! |
Here's the issue to watch to know when we can upgrade: slsa-framework/slsa-github-generator#3068 |
Bumps the github-actions group with 3 updates: actions/setup-python, actions/upload-artifact and actions/download-artifact.
Updates
actions/setup-python
from 4.7.1 to 5.0.0Release notes
Sourced from actions/setup-python's releases.
Commits
0a5c615
Update action to node20 (#772)0ae5836
Add example of GraalPy to docs (#773)b64ffca
update actions/checkout to v4 (#761)8d28961
Examples now use checkout@v4 (#738)7bc6abb
advanced-usage.md: Encourage the use actions/checkout@v4 (#729)e8111ce
Bump@babel/traverse
from 7.9.0 to 7.23.2 (#743)a00ea43
add fix for graalpy ci (#741)8635b1c
Change deprecation comment to past tense (#723)f6cc428
Use non-deprecated versions in examples (#724)5f2af21
Add GraalPy support (#694)Updates
actions/upload-artifact
from 3.1.3 to 4.0.0Release notes
Sourced from actions/upload-artifact's releases.
Commits
c7d193f
Merge pull request #466 from actions/v4-beta13131bb
licensed cache4a6c273
Merge branch 'main' into v4-betaf391bb9
Merge pull request #465 from actions/robherley/v4-documentation9653d03
Apply suggestions from code review875b630
add limitations sectionecb2146
add compression example5e7604f
trim some repeated infod6437d0
naming1b56155
s/v4-beta/v4/gUpdates
actions/download-artifact
from 3.0.2 to 4.1.0Release notes
Sourced from actions/download-artifact's releases.
Commits
f44cd7b
Merge pull request #259 from actions/robherley/glob-downloads3181fe8
add some migration docsaaaac7b
licensed cache7c9182f
update readmeb94e701
licensed cache0b55470
add test case for globbed downloads to same directory0b51c2e
update prettier/eslint versionsc4c6db7
support globbing artifact list & merging download directory1bd0606
Merge pull request #252 from stchr/patch-1eff4d42
fix default for run-idDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions