Skip to content

Bump the gha-dependencies group with 4 updates#1304

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/gha-dependencies-ad3968d70f
Open

Bump the gha-dependencies group with 4 updates#1304
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/gha-dependencies-ad3968d70f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 16, 2026
edited by github-actions bot
Loading

Bumps the gha-dependencies group with 4 updates: jupyterlab/maintainer-tools, codecov/codecov-action, github-community-projects/issue-metrics and astral-sh/setup-uv.

Updates jupyterlab/maintainer-tools from 0.33.0 to 0.34.0

Release notes

Sourced from jupyterlab/maintainer-tools's releases.

v0.34.0

0.34.0

(Full Changelog)

Enhancements made

Bugs fixed

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​krassowski (activity)

v0.33.1

0.33.1

(Full Changelog)

Maintenance and upkeep improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​krassowski (activity)

Changelog

Sourced from jupyterlab/maintainer-tools's changelog.

Changelog

0.34.0

(Full Changelog)

Enhancements made

Bugs fixed

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​krassowski (activity)

0.33.1

(Full Changelog)

Maintenance and upkeep improvements

Contributors to this release

The following people contributed discussions, new ideas, code and documentation contributions, and review. See our definition of contributors.

(GitHub contributors page for this release)

@​jtpio (activity) | @​krassowski (activity)

0.33.0

(Full Changelog)

Enhancements made

... (truncated)

Commits
  • f5d710d Publish 0.34.0
  • 96aead1 Add python_cache_key_suffix, respect depedency_type (#287)
  • 7b3a9fd Fix base-setup on Python 3.9 with old cache (force pin of virtualenv in `...
  • 29c0f2d Publish 0.33.1
  • 6b251fb Fix inlining for latest playwright version (#285)
  • See full diff in compare view

Updates codecov/codecov-action from 5.5.4 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

Changelog

Sourced from codecov/codecov-action's changelog.

v5.5.2

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

v5.5.1

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.0..v5.5.1

v5.5.0

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.3..v5.5.0

v5.4.3

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.4.2..v5.4.3

v5.4.2

... (truncated)

Commits

Updates github-community-projects/issue-metrics from 3.23.1 to 4.2.1

Release notes

Sourced from github-community-projects/issue-metrics's releases.

v4.2.1

Changelog

🐛 Bug Fixes

🧰 Maintenance

See details of all code changes since previous release

v4.2.0

Changelog

🚀 Features

See details of all code changes since previous release

v4.1.3

Changelog

🧰 Maintenance

See details of all code changes since previous release

v4.1.2

Changelog

🐛 Bug Fixes

  • fix: prevent dev dependency downloads at runtime @​zkoppert (#704)
  • fix: cast gh_app_id to string for JWT encoding compatibility @​jmeridth (#705)
  • fix: tighten workflow permissions, add security hardening, and fix uv tool invocations @​jmeridth (#702)

🧰 Maintenance

  • chore(deps): bump numpy from 2.4.2 to 2.4.3 in the dependencies group @dependabot[bot] (#708)
  • chore(deps): bump kenyonj/mark-ready-when-ready from 33b13c51ba23786efb933701ef253352baf05bdd to b6279addd55dd13208965a9eff24b2cf1989a8ef @dependabot[bot] (#707)
  • chore(deps): bump python from 6a27522 to 584e89d @dependabot[bot] (#706)

See details of all code changes since previous release

v4.1.1

Changelog

🐛 Bug Fixes

  • fix: add --project flag to uv entrypoint for GitHub Actions compatibility @​jmeridth (#700)

... (truncated)

Commits
  • c9e9838 chore(deps): bump cryptography from 46.0.6 to 46.0.7 (#723)
  • 02f30dc chore(deps): bump types-requests from 2.32.4.20260107 to 2.32.4.20260324 (#722)
  • dd15690 chore(deps): bump pytest-cov in the dependencies group (#721)
  • 61b23a7 chore(deps): bump the dependencies group with 5 updates (#720)
  • 0101cdc chore(deps): bump requests from 2.33.0 to 2.33.1 (#718)
  • 7bee6e6 chore(deps): bump cryptography from 46.0.5 to 46.0.6 (#716)
  • ff28a0c Merge pull request #715 from github-community-projects/fix/test-time-to-first...
  • 7a3a883 fix: correct TypeError test to actually exercise exception handler
  • 8bd2f25 Merge pull request #683 from meoyushi/feat-time-to-first-review
  • 18503f1 chore(deps): bump requests from 2.32.5 to 2.33.0 (#712)
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.3.1 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

🧰 Maintenance

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

We now default to download uv from releases.astral.sh. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

📚 Documentation preview 📚: https://earthaccess--1304.org.readthedocs.build/en/1304/

@dependabot
Bump the gha-dependencies group with 4 updates
4e2ee5a 
Bumps the gha-dependencies group with 4 updates: [jupyterlab/maintainer-tools](https://github.com/jupyterlab/maintainer-tools), [codecov/codecov-action](https://github.com/codecov/codecov-action), [github-community-projects/issue-metrics](https://github.com/github-community-projects/issue-metrics) and [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv).


Updates `jupyterlab/maintainer-tools` from 0.33.0 to 0.34.0
- [Release notes](https://github.com/jupyterlab/maintainer-tools/releases)
- [Changelog](https://github.com/jupyterlab/maintainer-tools/blob/main/CHANGELOG.md)
- [Commits](jupyterlab/maintainer-tools@7bebe19...f5d710d)

Updates `codecov/codecov-action` from 5.5.4 to 6.0.0
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@75cd116...57e3a13)

Updates `github-community-projects/issue-metrics` from 3.23.1 to 4.2.1
- [Release notes](https://github.com/github-community-projects/issue-metrics/releases)
- [Commits](github-community-projects/issue-metrics@6fa9041...c9e9838)

Updates `astral-sh/setup-uv` from 7.3.1 to 8.0.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@5a095e7...cec2083)

---
updated-dependencies:
- dependency-name: jupyterlab/maintainer-tools
  dependency-version: 0.34.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: gha-dependencies
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha-dependencies
- dependency-name: github-community-projects/issue-metrics
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha-dependencies
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: gha-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 16, 2026
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 16, 2026

Binder 👈 Launch a binder notebook on this branch for commit 4e2ee5a

I will automatically update this comment whenever this PR is modified

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants