Bump the "dependencies" group with 3 updates across multiple ecosystems

[dependabot]

Bumps the dependencies group with 2 updates: actions/upload-artifact and actions/download-artifact.

Updates actions/upload-artifact from 4.6.2 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

• Update the readme with direct upload details by @​danwkennedy in actions/upload-artifact#795
• Readme: bump all the example versions to v7 by @​danwkennedy in actions/upload-artifact#796
• Include changes in typespec/ts-http-runtime 0.3.5 by @​yacaovsnc in actions/upload-artifact#797

Full Changelog: actions/upload-artifact@v7...v7.0.1

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Add proxy integration test by @​Link- in actions/upload-artifact#754
• Upgrade the module to ESM and bump dependencies by @​danwkennedy in actions/upload-artifact#762
• Support direct file uploads by @​danwkennedy in actions/upload-artifact#764

New Contributors

• @​Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

v6.0.0

v6 - What's new

[!IMPORTANT] actions/upload-artifact@v6 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v5 had preliminary support for Node.js 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Upload Artifact Node 24 support by @​salmanmkc in actions/upload-artifact#719
• fix: update @​actions/artifact for Node.js 24 punycode deprecation by @​salmanmkc in actions/upload-artifact#744
• prepare release v6.0.0 for Node.js 24 support by @​salmanmkc in actions/upload-artifact#745

Full Changelog: actions/upload-artifact@v5.0.0...v6.0.0

v5.0.0

What's Changed

... (truncated)

Commits

• 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
• 634250c Include changes in typespec/ts-http-runtime 0.3.5
• e454baa Readme: bump all the example versions to v7 (#796)
• 74fad66 Update the readme with direct upload details (#795)
• bbbca2d Support direct file uploads (#764)
• 589182c Upgrade the module to ESM and bump dependencies (#762)
• 47309c9 Merge pull request #754 from actions/Link-/add-proxy-integration-tests
• 02a8460 Add proxy integration test
• b7c566a Merge pull request #745 from actions/upload-artifact-v6-release
• e516bc8 docs: correct description of Node.js 24 support in README
• Additional commits viewable in compare view

Updates actions/download-artifact from 4.3.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in actions/download-artifact#471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

v7.0.0

v7 - What's new

[!IMPORTANT] actions/download-artifact@v7 now runs on Node.js 24 (runs.using: node24) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading.

Node.js 24

This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24.

What's Changed

• Update GHES guidance to include reference to Node 20 version by @​patrikpolyak in actions/download-artifact#440
• Download Artifact Node24 support by @​salmanmkc in actions/download-artifact#415
• fix: update @​actions/artifact to fix Node.js 24 punycode deprecation by @​salmanmkc in actions/download-artifact#451
• prepare release v7.0.0 for Node.js 24 support by @​salmanmkc in actions/download-artifact#452

... (truncated)

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• Additional commits viewable in compare view

Bumps the dependencies group with 2 updates: setuptools-scm and setuptools.

Updates setuptools-scm from 9.2.2 to 10.0.5

Release notes

Sourced from setuptools-scm's releases.

setuptools-scm v10.0.5

Fixed

• Allow dump_version() deprecation warning to be silenced by passing scm_version=None. (#1286)
• Remove [tool.uv.sources] from setuptools-scm/pyproject.toml to fix sdist builds outside the workspace — the workspace root already declares the source mapping for development. (#1330)

setuptools-scm v10.0.4

Fixed

• Anchor get_version in setup.py with relative_to and fallback_root so SCM fallbacks (e.g. PKG-INFO) do not resolve against the wrong directory when the build cwd is the workspace or repo root. (#1302)
• Enter GlobalOverrides for SETUPTOOLS_SCM when using setuptools_scm.get_version / _get_version, avoiding implicit context warnings for direct API callers. (#1314)

Miscellaneous

• Upgrade pre-commit hooks (Ruff, mypy, codespell), align locked Ruff with hooks, and add Ruff per-file configuration for setuptools_scm re-export modules. (#1311)

setuptools-scm v10.0.3

Fixed

• Remove monorepo-only ../vcs-versioning/src from build-system.backend-path so sdists install under PEP 517 (paths must stay inside the source tree). (#1306)

Miscellaneous

• Add griffecli to test dependencies so the API stability check keeps working after the Griffe CLI was split into a separate package. (#1310)

setuptools-scm v10.0.2

Fixed

• Fix version file not generated for editable installs. Version files are now written to the source tree by default during inference (restoring pre-10.x behavior), and also registered as build_py outputs so strict editable installs include them in the persistent auxiliary directory. Set SETUPTOOLS_SCM_WRITE_TO_SOURCE=0 to disable source-tree writing (e.g., for read-only source directories). (#1298)

setuptools-scm v10.0.1

Miscellaneous

• Simplify release tag creation to use a single createRelease API call instead of separate createTag/createRef/createRelease calls, avoiding dangling tag objects on partial failures. (#release-pipeline)

setuptools-scm v10.0.0

Removed

• Drop Python 3.8 and 3.9 support. Minimum Python version is now 3.10. (#1228)

Added

• setuptools-scm now depends on vcs-versioning for core version inference logic. This enables other build backends to use the same version inference without setuptools dependency. (#1228)
• Version files (write_to and version_file) are now written to the build directory during build_py instead of the source tree during version inference. This enables installing packages from read-only source directories (e.g., Bazel builds).

... (truncated)

Commits

• e2ba34f Merge pull request #1328 from pypa/release/main
• d34d072 Prepare release: setuptools-scm v10.0.5
• 7c62809 Merge pull request #1332 from RonnyPfannschmidt/fix/1330-remove-workspace-sou...
• f600a29 fix: remove workspace source override from setuptools-scm member (fixes #1330)
• f76244e Merge pull request #1327 from RonnyPfannschmidt/update-classifiers-python-3.14
• 8c23c5b Merge pull request #1286 from effigies/scm_version_sentinel
• 629842a build: update trove classifiers and add Python 3.14 support
• 6a1fc3b Merge pull request #1318 from pypa/release/main
• a63b13a Prepare release: setuptools-scm v10.0.4, vcs-versioning v1.1.0
• 59275f7 Merge pull request #1325 from RonnyPfannschmidt/issue-1302-setuptools-build-b...
• Additional commits viewable in compare view

Updates setuptools from 82.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Bumps the dependencies group with 2 updates: https://github.com/astral-sh/ruff-pre-commit and https://github.com/rvben/rumdl-pre-commit.

Updates https://github.com/astral-sh/ruff-pre-commit from v0.15.13 to 0.15.15

Release notes

Sourced from https://github.com/astral-sh/ruff-pre-commit's releases.

v0.15.15

See: https://github.com/astral-sh/ruff/releases/tag/0.15.15

v0.15.14

See: https://github.com/astral-sh/ruff/releases/tag/0.15.14

Commits

• 0671d8a Mirror: 0.15.15
• 0c7b6c9 Mirror: 0.15.14
• 7b9f758 Document rule selection args (#167)
• See full diff in compare view

Updates https://github.com/rvben/rumdl-pre-commit from v0.1.87 to 0.2.3

Release notes

Sourced from https://github.com/rvben/rumdl-pre-commit's releases.

v0.2.3

See: https://github.com/rvben/rumdl/releases/tag/v0.2.3

v0.2.2

See: https://github.com/rvben/rumdl/releases/tag/v0.2.2

v0.2.1

See: https://github.com/rvben/rumdl/releases/tag/v0.2.1

v0.2.0

See: https://github.com/rvben/rumdl/releases/tag/v0.2.0

v0.1.96

See: https://github.com/rvben/rumdl/releases/tag/v0.1.96

v0.1.95

See: https://github.com/rvben/rumdl/releases/tag/v0.1.95

v0.1.94

See: https://github.com/rvben/rumdl/releases/tag/v0.1.94

v0.1.93

See: https://github.com/rvben/rumdl/releases/tag/v0.1.93

v0.1.92

See: https://github.com/rvben/rumdl/releases/tag/v0.1.92

v0.1.91

See: https://github.com/rvben/rumdl/releases/tag/v0.1.91

v0.1.90

See: https://github.com/rvben/rumdl/releases/tag/v0.1.90

v0.1.89

See: https://github.com/rvben/rumdl/releases/tag/v0.1.89

v0.1.88

See: https://github.com/rvben/rumdl/releases/tag/v0.1.88

Commits

• 6246326 Mirror: 0.2.3
• 34f0353 Mirror: 0.2.2
• 82b0ebc Mirror: 0.2.1
• b502987 Mirror: 0.2.0
• 2b042d1 Mirror: 0.1.96
• 661f545 Mirror: 0.1.95
• e7804d8 Mirror: 0.1.94
• 3412145 Mirror: 0.1.93
• 849c00e Mirror: 0.1.92
• 79d0e6f Mirror: 0.1.91
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions