Bump the github-action-dependencies group with 10 updates

[dependabot]

Bumps the github-action-dependencies group with 10 updates:

Package	From	To
actions/setup-python	4.7.1	5.0.0
actions/upload-pages-artifact	2	3
actions/configure-pages	3	4
actions/deploy-pages	2	4
pypa/gh-action-pypi-publish	1.8.10	1.8.11
release-drafter/release-drafter	5.25.0	6.0.0
actions/cache	3	4
actions/upload-artifact	3	4
actions/download-artifact	3	4
SonarSource/sonarcloud-github-action	2.0.2	2.1.1

Updates actions/setup-python from 4.7.1 to 5.0.0

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

• Trim python version when reading from file by @​FerranPares in actions/setup-python#628
• Use non-deprecated versions in examples by @​jeffwidman in actions/setup-python#724
• Change deprecation comment to past tense by @​jeffwidman in actions/setup-python#723
• Bump @​babel/traverse from 7.9.0 to 7.23.2 by @​dependabot in actions/setup-python#743
• advanced-usage.md: Encourage the use actions/checkout@v4 by @​cclauss in actions/setup-python#729
• Examples now use checkout@v4 by @​simonw in actions/setup-python#738
• Update actions/checkout to v4 by @​dmitry-shibanov in actions/setup-python#761

New Contributors

• @​FerranPares made their first contribution in actions/setup-python#628
• @​timfel made their first contribution in actions/setup-python#694
• @​jeffwidman made their first contribution in actions/setup-python#724

Full Changelog: actions/setup-python@v4...v4.8.0

Commits

• 0a5c615 Update action to node20 (#772)
• 0ae5836 Add example of GraalPy to docs (#773)
• b64ffca update actions/checkout to v4 (#761)
• 8d28961 Examples now use checkout@v4 (#738)
• 7bc6abb advanced-usage.md: Encourage the use actions/checkout@v4 (#729)
• e8111ce Bump @​babel/traverse from 7.9.0 to 7.23.2 (#743)
• a00ea43 add fix for graalpy ci (#741)
• 8635b1c Change deprecation comment to past tense (#723)
• f6cc428 Use non-deprecated versions in examples (#724)
• 5f2af21 Add GraalPy support (#694)
• Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 2 to 3

Release notes

Sourced from actions/upload-pages-artifact's releases.

v3.0.0

Changelog

• Use v4 upload-artifact tag @​robherley (#80)
• Upload pages artifact with upload-artifact v4-beta @​konradpabjan (#78)

To deploy a GitHub Pages site which has been uploaded with this version of actions/upload-pages-artifact, you must also use actions/deploy-pages@v4 or newer.

See details of all code changes since previous release.

Commits

• 56afc60 Merge pull request #94 from SilverRainZ/main
• d12fdfb Merge branch 'main' into main
• aef5542 Merge pull request #88 from uiolee/patch-1
• 29cedd7 Merge branch 'main' into patch-1
• a69c22e Merge pull request #92 from actions/dependabot/github_actions/non-breaking-ch...
• 794e304 Group tar's output to prevent it from messing up logs
• 14007f6 Bump the non-breaking-changes group with 1 update
• 0191170 Merge pull request #91 from actions/dependabot-grouping
• 0e7832d Update Dependabot config to group non-breaking changes
• 1a6d9fa Update README.md
• Additional commits viewable in compare view

Updates actions/configure-pages from 3 to 4

Release notes

Sourced from actions/configure-pages's releases.

v4.0.0

Changelog

• Use a centralized .node-version file @​JamesMGreene (#117)
• Update action to node20 @​takost (#108)

See details of all code changes since previous release.

v3.0.7

Changelog

• Update Actions workflows to use Node 20.x @​JamesMGreene (#116)
• Bump eslint-plugin-github from 4.7.0 to 4.10.1 @​dependabot (#114)
• Bump word-wrap from 1.2.3 to 1.2.5 @​dependabot (#113)
• Bump jest from 29.5.0 to 29.7.0 @​dependabot (#112)
• Bump @​babel/traverse from 7.21.3 to 7.23.5 @​dependabot (#110)
• Bump espree from 9.5.2 to 9.6.1 @​dependabot (#111)
• Bump eslint from 8.38.0 to 8.40.0 @​dependabot (#93)

See details of all code changes since previous release.

v3.0.6

Changelog

• Bump eslint from 8.36.0 to 8.38.0 @​dependabot (#89)
• Bump eslint-plugin-github from 4.6.1 to 4.7.0 @​dependabot (#86)
• Bump eslint-config-prettier from 8.7.0 to 8.8.0 @​dependabot (#85)
• Bump prettier from 2.8.6 to 2.8.7 @​dependabot (#84)
• Make "Get Pages failed" error message more helpful @​WofWca (#83)
• Bump prettier from 2.8.4 to 2.8.6 @​dependabot (#81)
• Add a CodeQL security scanning workflow @​JamesMGreene (#68)

See details of all code changes since previous release.

v3.0.5

Changelog

• Bump jest from 29.4.3 to 29.5.0 @​dependabot (#77)
• Bump eslint from 8.35.0 to 8.36.0 @​dependabot (#76)
• Bump espree from 9.4.1 to 9.5.0 @​dependabot (#78)
• Bump eslint-config-prettier from 8.6.0 to 8.7.0 @​dependabot (#75)
• Bump eslint from 8.34.0 to 8.35.0 @​dependabot (#73)
• Bump jest from 29.4.1 to 29.4.3 @​dependabot (#72)
• Bump eslint-plugin-github from 4.6.0 to 4.6.1 @​dependabot (#71)
• Amend token coverage for enablement in Action metadata file @​JamesMGreene (#51)

See details of all code changes since previous release.

v3.0.4

Changelog

... (truncated)

Commits

• 1f0c5cd Merge pull request #117 from actions/use-node-version-file
• 591bb0d Merge branch 'main' into use-node-version-file
• 1465f01 Merge pull request #108 from takost/update-to-node-20
• f2fc553 Merge branch 'main' into update-to-node-20
• 373694e Use a centralized .node-version file
• 3a01413 Update action to node20
• See full diff in compare view

Updates actions/deploy-pages from 2 to 4

Release notes

Sourced from actions/deploy-pages's releases.

v4.0.0

Changelog

• Deploy pages using artifact IDs @​konradpabjan (#251)
• This version requires the permission actions: read in the workflows which use it.

---

ℹ️ This version of actions/deploy-pages is ONLY compatible with artifacts uploaded by either:

• actions/upload-pages-artifact@v3 or newer
• actions/upload-artifact@v4 or newer.

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v3.0.1

Changelog

• Bump eslint from 8.54.0 to 8.55.0 @​dependabot (#266)
• Bump nock from 13.3.8 to 13.4.0 @​dependabot (#267)
• Bump eslint-config-prettier from 9.0.0 to 9.1.0 @​dependabot (#268)
• Bump @​actions/core from 1.10.0 to 1.10.1 @​dependabot (#269)
• Bump @​actions/github from 5.1.1 to 6.0.0 @​dependabot (#261)
• Update compatibility table for v3 @​JamesMGreene (#270)

🧰 Maintenance

• chore/docs: update version, fix typos @​kbdharun (#272)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v3.0.0

Changelog

• Update action to node20 @​takost (#256)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

v2.0.5

Changelog

... (truncated)

Commits

• decdde0 Merge pull request #295 from lmammino/patch-1
• 0b3be6b Update distributables
• c2c861c Update tests
• 294fbcd Merge branch 'main' into patch-1
• 2a4b535 Merge pull request #298 from SimonSiefke/fix/typo
• 4825f57 Merge branch 'main' into fix/typo
• fa29843 Merge pull request #310 from actions/dependabot/npm_and_yarn/actions/artifact...
• d005625 Update distributables after Dependabot 🤖
• 636701b Bump @​actions/artifact from 2.0.1 to 2.1.1
• 25b8009 Merge pull request #307 from actions/dependabot-grouping
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.8.10 to 1.8.11

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.8.11

💅 Cosmetic output improvements

@​woodruffw added a nudge suggesting the users storing passwords in a GitHub Actions repository secrets to switch to using secretless publishing in pypa/gh-action-pypi-publish#190. This also reminds people that PyPI will start mandating two-factor authentication to perform uploads in 2024.

📝 What's Documented

@​di linked the configuration docs for Trusted Publishing in README via pypa/gh-action-pypi-publish#179.

🛠️ Internal dependencies

• Cryptography was bumped from 41.0.3 to 41.0.6 @ pypa/gh-action-pypi-publish#194
• Pip was bumped from 22.3.1 to 23.3 @ pypa/gh-action-pypi-publish#189
• pre-commit linters got autoupdated @ pypa/gh-action-pypi-publish#184
• Urllib3 was bumped from 2.0.3 to 2.0.7 @ pypa/gh-action-pypi-publish#183 and pypa/gh-action-pypi-publish#185

💪 New Contributors

• @​di made their first contribution in pypa/gh-action-pypi-publish#179

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.8.10...v1.8.11

Commits

• 2f6f737 Merge commit PR #184 into unstable/v1
• 2fa448a Merge PRs #190, #184, #185, #189 and #194 into unstable/v1
• 824ad31 Revert flake8 to v4.0.1 for WPS
• 41f3f53 Bump cryptography from 41.0.3 to 41.0.6 in /requirements
• 2319287 twine-upload: ::error, switch nudge order
• 254a0d4 twine-upload: add a nudge for password auth
• 70a33ca Bump pip from 22.3.1 to 23.3 in /requirements
• 102f507 Bump urllib3 from 2.0.6 to 2.0.7 in /requirements
• 79739dc Merge pull request #183 from pypa/dependabot/pip/requirements/urllib3-2.0.6
• 9a3f9ad [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates release-drafter/release-drafter from 5.25.0 to 6.0.0

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.0.0

What's Changed

• Update Node.js to 20 (#1379) @​massongit

Full Changelog: release-drafter/release-drafter@v5.25.0...v6.0.0

v6.0.0-beta.1

Prerelease of v6, first release of the CLI, feel free to provide feedback in the pull request: release-drafter/release-drafter#1204

Commits

• 3f0f870 v6.0.0
• 80296b4 Update Node.js to 20 (#1379)
• See full diff in compare view

Updates actions/cache from 3 to 4

Release notes

Sourced from actions/cache's releases.

v4.0.0

What's Changed

• Update action to node20 by @​takost in actions/cache#1284
• feat: save-always flag by @​to-s in actions/cache#1242

New Contributors

• @​takost made their first contribution in actions/cache#1284
• @​to-s made their first contribution in actions/cache#1242

Full Changelog: actions/cache@v3...v4.0.0

v3.3.3

What's Changed

• Cache v3.3.3 by @​robherley in actions/cache#1302

New Contributors

• @​robherley made their first contribution in actions/cache#1302

Full Changelog: actions/cache@v3...v3.3.3

v3.3.2

What's Changed

• Fixed readme with new segment timeout values by @​kotewar in actions/cache#1133
• Readme fixes by @​kotewar in actions/cache#1134
• Updated description of the lookup-only input for main action by @​kotewar in actions/cache#1130
• Change two new actions mention as quoted text by @​bishal-pdMSFT in actions/cache#1131
• Update Cross-OS Caching tips by @​pdotl in actions/cache#1122
• Bazel example (Take #2️⃣) by @​vorburger in actions/cache#1132
• Remove actions to add new PRs and issues to a project board by @​jorendorff in actions/cache#1187
• Consume latest toolkit and fix dangling promise bug by @​chkimes in actions/cache#1217
• Bump action version to 3.3.2 by @​bethanyj28 in actions/cache#1236

New Contributors

• @​vorburger made their first contribution in actions/cache#1132
• @​jorendorff made their first contribution in actions/cache#1187
• @​chkimes made their first contribution in actions/cache#1217
• @​bethanyj28 made their first contribution in actions/cache#1236

Full Changelog: actions/cache@v3...v3.3.2

v3.3.1

What's Changed

• Reduced download segment size to 128 MB and timeout to 10 minutes by @​kotewar in actions/cache#1129

Full Changelog: actions/cache@v3...v3.3.1

v3.3.0

What's Changed

• Bug: Permission is missing in cache delete example by @​kotokaze in actions/cache#1123

... (truncated)

Changelog

Sourced from actions/cache's changelog.

Releases

3.0.0

• Updated minimum runner version support from node 12 -> node 16

3.0.1

• Added support for caching from GHES 3.5.
• Fixed download issue for files > 2GB during restore.

3.0.2

• Added support for dynamic cache size cap on GHES.

3.0.3

• Fixed avoiding empty cache save when no files are available for caching. (issue)

3.0.4

• Fixed tar creation error while trying to create tar with path as ~/ home folder on ubuntu-latest. (issue)

3.0.5

• Removed error handling by consuming actions/cache 3.0 toolkit, Now cache server error handling will be done by toolkit. (PR)

3.0.6

• Fixed #809 - zstd -d: no such file or directory error
• Fixed #833 - cache doesn't work with github workspace directory

3.0.7

• Fixed #810 - download stuck issue. A new timeout is introduced in the download process to abort the download if it gets stuck and doesn't finish within an hour.

3.0.8

• Fix zstd not working for windows on gnu tar in issues #888 and #891.
• Allowing users to provide a custom timeout as input for aborting download of a cache segment using an environment variable SEGMENT_DOWNLOAD_TIMEOUT_MINS. Default is 60 minutes.

3.0.9

• Enhanced the warning message for cache unavailablity in case of GHES.

3.0.10

• Fix a bug with sorting inputs.
• Update definition for restore-keys in README.md

... (truncated)

Commits

• 13aacd8 Merge pull request #1242 from to-s/main
• 53b35c5 Merge branch 'main' into main
• 65b8989 Merge pull request #1284 from takost/update-to-node-20
• d0be34d Fix dist
• 66cf064 Merge branch 'main' into update-to-node-20
• 1326563 Merge branch 'main' into main
• e718767 Fix format
• 0122982 Apply workaround for earlyExit
• 3185ecf Update "only-" actions to node20
• 25618a0 Bump version
• Additional commits viewable in compare view

Updates actions/upload-artifact from 3 to 4

Release notes

Sourced from actions/upload-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​vmjoseph made their first contribution in actions/upload-artifact#464

Full Changelog: actions/upload-artifact@v3...v4.0.0

v3.1.3

What's Changed

• chore(github): remove trailing whitespaces by @​ljmf00 in actions/upload-artifact#313
• Bump @​actions/artifact version to v1.1.2 by @​bethanyj28 in actions/upload-artifact#436

Full Changelog: actions/upload-artifact@v3...v3.1.3

v3.1.2

• Update all @actions/* NPM packages to their latest versions- #374
• Update all dev dependencies to their most recent versions - #375

v3.1.1

• Update actions/core package to latest version to remove set-output deprecation warning #351

v3.1.0

What's Changed

• Bump @​actions/artifact to v1.1.0 (actions/upload-artifact#327)
  • Adds checksum headers on artifact upload (actions/toolkit#1095) (actions/toolkit#1063)

Commits

• 5d5d22a Merge pull request #515 from actions/eggyhead/update-artifact-v2.1.1
• f1e993d update artifact license
• 4881bfd updating dist:
• a30777e @​eggyhead
• 3a80482 Merge pull request #511 from actions/robherley/migration-docs-typo
• 9d63e3f Merge branch 'main' into robherley/migration-docs-typo
• dfa1ab2 fix typo with v3 artifact downloads in migration guide
• d00351b Merge pull request #509 from markmssd/patch-1
• 707f5a7 Update limitation of 10 artifacts upload to 500
• 26f96df Merge pull request #505 from actions/robherley/merge-artifacts
• Additional commits viewable in compare view

Updates actions/download-artifact from 3 to 4

Release notes

Sourced from actions/download-artifact's releases.

v4.0.0

What's Changed

The release of upload-artifact@v4 and download-artifact@v4 are major changes to the backend architecture of Artifacts. They have numerous performance and behavioral improvements.

ℹ️ However, this is a major update that includes breaking changes. Artifacts created with versions v3 and below are not compatible with the v4 actions. Uploads and downloads must use the same major actions versions. There are also key differences from previous versions that may require updates to your workflows.

For more information, please see:

1. The changelog post.
2. The README.
3. The migration documentation.
4. As well as the underlying npm package, @​actions/artifact documentation.

New Contributors

• @​bflad made their first contribution in actions/download-artifact#194

Full Changelog: actions/download-artifact@v3...v4.0.0

v3.0.2

• Bump @actions/artifact to v1.1.1 - actions/download-artifact#195
• Fixed a bug in Node16 where if an HTTP download finished too quickly (<1ms, e.g. when it's mocked) we attempt to delete a temp file that has not been created yet Migrate dev environment and workflows to node16  actions/toolkit#1278

v3.0.1

• Bump @​actions/core to 1.10.0

Commits

• eaceaf8 Merge pull request #291 from actions/eggyhead/update-artifact-v2.1.1
• 81eafdc update artifact license
• 9ac5cad updating artifact dependency to version 2.1.1
• 3ad8411 Merge pull request #287 from actions/robherley/sync-migration-docs
• 1de4643 Sync migration docs with upload-artifact
• bb3fa7f Merge pull request #275 from actions/robherley/better-log-msgs
• a244de5 ncc
• 355659b clarify log messages when using pattern/merge-multiple params
• 6b208ae Merge pull request #274 from actions/vmjoseph/timeout-patch
• 6c5b580 only adding updated license
• Additional commits viewable in compare view

Updates SonarSource/sonarcloud-github-action from 2.0.2 to 2.1.1

Release notes

Sourced from SonarSource/sonarcloud-github-action's releases.

Fix cleanup script and update README

v2.1.1

Fix permissions of .scannerwork directory after scan

v2.1.0

Commits

• 49e6cd3 Update README.md about manually cleaning the work directory
• 5f0b535 Check for existance of .scannerwork in cleanup script
• fb9ead3 chown only .scannerwork
• e2a1ee7 Fix permissions of .scannerwork directory (#57)
• 5ee47de Update README with new Clean Code wording and link from Marketing (#56)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.