From 8b855bddd148351a51416da535befd1494c695a4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Feb 2025 10:23:40 +0000 Subject: [PATCH 1/2] Bump sphinxcontrib-towncrier from 0.4.0a0 to 0.5.0a0 (#10501) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [sphinxcontrib-towncrier](https://github.com/sphinx-contrib/sphinxcontrib-towncrier) from 0.4.0a0 to 0.5.0a0.
Release notes

Sourced from sphinxcontrib-towncrier's releases.

v0.5.0a0

Release v0.5.0a0

This release is published to https://pypi.org/project/sphinxcontrib-towncrier/0.5.0a0.

This release has been produced by the following workflow run: https://github.com/sphinx-contrib/sphinxcontrib-towncrier/actions/runs/13579622041.

🐛 What's Fixed

The main improvement is that @​bennyrowland💰 added support for Towncrier 24.7.0rc1 and higher via #96. Towncrier versions of year 2024 are now integrated into the CI as well (#93).

There are a few more corner case adjustments and fixes that we didn't bother recording as they aren't met in the “happy path”. They handle missing configs, files and directories.

🛠️ Internal Updates

@​dvzrv💰 upgraded setuptools-scm in packaging to rely on modern handling of git archives in #80

@​webknjaz💰 heavily refactored the CI/CD, introducing a reusable workflow generalizing tox invocations @ sphinx-contrib/sphinxcontrib-towncrier#106 and a few direct commits.

As a part of the testing improvements, the code coverage level has been raised to about 20% higher than before. Additionally, a typing has been fixed here and there.

☣️ Anything else I might care about?

[!caution] This release heavily reduced the support matrix. The minimum supported Python version is now 3.9. And the lowest required Towncrier is 23.

💪 New Contributors

🪞 Full Diff: https://github.com/sphinx-contrib/sphinxcontrib-towncrier/compare/v0.4.0a0...v0.5.0a0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​bennyrowland💰 for driving the Towncrier compatibility research and proposing fixes! They laid the foundation for this entire release.

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=sphinxcontrib-towncrier&package-manager=pip&previous-version=0.4.0a0&new-version=0.5.0a0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- requirements/constraints.txt | 2 +- requirements/dev.txt | 2 +- requirements/doc-spelling.txt | 2 +- requirements/doc.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/requirements/constraints.txt b/requirements/constraints.txt index fefdfb8351c..25a78129c77 100644 --- a/requirements/constraints.txt +++ b/requirements/constraints.txt @@ -228,7 +228,7 @@ sphinxcontrib-serializinghtml==2.0.0 # via sphinx sphinxcontrib-spelling==8.0.1 ; platform_system != "Windows" # via -r requirements/doc-spelling.in -sphinxcontrib-towncrier==0.4.0a0 +sphinxcontrib-towncrier==0.5.0a0 # via -r requirements/doc.in stamina==24.3.0 # via cherry-picker diff --git a/requirements/dev.txt b/requirements/dev.txt index 5d97119a346..4555b984d89 100644 --- a/requirements/dev.txt +++ b/requirements/dev.txt @@ -219,7 +219,7 @@ sphinxcontrib-qthelp==2.0.0 # via sphinx sphinxcontrib-serializinghtml==2.0.0 # via sphinx -sphinxcontrib-towncrier==0.4.0a0 +sphinxcontrib-towncrier==0.5.0a0 # via -r requirements/doc.in stamina==24.3.0 # via cherry-picker diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt index 566fba8056b..f1f9119e898 100644 --- a/requirements/doc-spelling.txt +++ b/requirements/doc-spelling.txt @@ -61,7 +61,7 @@ sphinxcontrib-serializinghtml==2.0.0 # via sphinx sphinxcontrib-spelling==8.0.1 ; platform_system != "Windows" # via -r requirements/doc-spelling.in -sphinxcontrib-towncrier==0.4.0a0 +sphinxcontrib-towncrier==0.5.0a0 # via -r requirements/doc.in tomli==2.2.1 # via diff --git a/requirements/doc.txt b/requirements/doc.txt index 96aca40d460..6ff0ccc7f70 100644 --- a/requirements/doc.txt +++ b/requirements/doc.txt @@ -54,7 +54,7 @@ sphinxcontrib-qthelp==2.0.0 # via sphinx sphinxcontrib-serializinghtml==2.0.0 # via sphinx -sphinxcontrib-towncrier==0.4.0a0 +sphinxcontrib-towncrier==0.5.0a0 # via -r requirements/doc.in tomli==2.2.1 # via From def4e4d630817b598f42de1aba3b7be23da66a78 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 28 Feb 2025 10:32:06 +0000 Subject: [PATCH 2/2] Bump actions/cache from 4.2.1 to 4.2.2 (#10502) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/cache](https://github.com/actions/cache) from 4.2.1 to 4.2.2.
Release notes

Sourced from actions/cache's releases.

v4.2.2

What's Changed

[!IMPORTANT] As a reminder, there were important backend changes to release v4.2.0, see those release notes and the announcement for more details.

Full Changelog: https://github.com/actions/cache/compare/v4.2.1...v4.2.2

Changelog

Sourced from actions/cache's changelog.

4.2.2

  • Bump @actions/cache to v4.0.2
Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/cache&package-manager=github_actions&previous-version=4.2.1&new-version=4.2.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci-cd.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index d3eafb488a8..8dc0033f56d 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -51,7 +51,7 @@ jobs: with: python-version: 3.11 - name: Cache PyPI - uses: actions/cache@v4.2.1 + uses: actions/cache@v4.2.2 with: key: pip-lint-${{ hashFiles('requirements/*.txt') }} path: ~/.cache/pip @@ -112,7 +112,7 @@ jobs: with: submodules: true - name: Cache llhttp generated files - uses: actions/cache@v4.2.1 + uses: actions/cache@v4.2.2 id: cache with: key: llhttp-${{ hashFiles('vendor/llhttp/package*.json', 'vendor/llhttp/src/**/*') }} @@ -179,7 +179,7 @@ jobs: echo "dir=$(pip cache dir)" >> "${GITHUB_OUTPUT}" shell: bash - name: Cache PyPI - uses: actions/cache@v4.2.1 + uses: actions/cache@v4.2.2 with: key: pip-ci-${{ runner.os }}-${{ matrix.pyver }}-${{ matrix.no-extensions }}-${{ hashFiles('requirements/*.txt') }} path: ${{ steps.pip-cache.outputs.dir }}