Bumps the actions group with 4 updates in the / directory:actions/checkout,pypa/cibuildwheel,reviewdog/action-setup andgithub/codeql-action.
Updatesactions/checkout from 5.0.0 to 6.0.0
Release notes
Sourced fromactions/checkout's releases.
v6.0.0
What's Changed
Full Changelog:actions/checkout@v5.0.0...v6.0.0
v6-beta
What's Changed
Updated persist-credentials to store the credentials under$RUNNER_TEMP instead of directly in the local git config.
This requires a minimum Actions Runner version ofv2.329.0 to access the persisted credentials forDocker container action scenarios.
v5.0.1
What's Changed
Full Changelog:actions/checkout@v5...v5.0.1
Changelog
Sourced fromactions/checkout's changelog.
Changelog
V6.0.0
V5.0.1
V5.0.0
V4.3.1
V4.3.0
v4.2.2
v4.2.1
v4.2.0
v4.1.7
v4.1.6
v4.1.5
... (truncated)
Commits
Updatespypa/cibuildwheel from 3.2.1 to 3.3.0
Release notes
Sourced frompypa/cibuildwheel's releases.
v3.3.0
- 🐛 Fix an incompatibility with Docker v29 (#2660)
- ✨ Adds
test-runtime option, to customise how tests on simulated/emulated environments are run (#2636) - ✨ Adds support for new
manylinux_2_35 images on 32-bit ARMarmv7l, offering better C++20 compatibility (#2656) - ✨
build[uv] is now supported on Android (#2587) - ✨ You can now install extras (such as
uv) with a simple option on the GitHub Action (#2630) - ✨
{project} and{package} placeholders are now supported inrepair-wheel-command (#2589) - 🛠 The versions set with
dependency-versions no longer constrain packages specified by yourbuild-system.requires. Previously, on platforms other than Linux, the constraints in this option would remain in the environment during the build. This has been tidied up make behaviour more consistent between platforms, and to prevent version conflicts. (#2583) - 🛠 Improve the handling of
test-command on Android, enabling more options to be passed (#2590) - 📚 Docs improvements (#2618)
Changelog
Sourced frompypa/cibuildwheel's changelog.
title: Changelog
Changelog
v3.3.0
12 November 2025
- 🐛 Fix an incompatibility with Docker v29 (#2660)
- ✨ Adds
test-runtime option, to customise how tests on simulated/emulated environments are run (#2636) - ✨ Adds support for new
manylinux_2_35 images on 32-bit ARMarmv7l, offering better C++20 compatibility (#2656) - ✨
build[uv] is now supported on Android (#2587) - ✨ You can now install extras (such as
uv) with a simple option on the GitHub Action (#2630) - ✨
{project} and{package} placeholders are now supported inrepair-wheel-command (#2589) - 🛠 The versions set with
dependency-versions no longer constrain packages specified by yourbuild-system.requires. Previously, on platforms other than Linux, the constraints in this option would remain in the environment during the build. This has been tidied up make behaviour more consistent between platforms, and to prevent version conflicts. (#2583) - 🛠 Improve the handling of
test-command on Android, enabling more options to be passed (#2590) - 📚 Docs improvements (#2618)
v3.2.1
12 October 2025
- 🛠 Update to CPython 3.14.0 final (#2614)
- 🐛 Fix the default MACOSX_DEPLOYMENT_TARGET on Python 3.14 (#2613)
- 📚 Docs improvements (#2617)
v3.2.0
22 September 2025
- ✨ Adds GraalPy v25 (Python 3.12) support (#2597)
- 🛠 Update to CPython 3.14.0rc3 (#2602)
- 🛠 Adds CPython 3.14.0 prerelease support for Android, and a number of improvements to Android builds (#2568,#2591)
- 🛠 Improvements to testing on Android, passing environment markers when installing the venv, and providing more debug output when build-verbosity is set (#2575)
- ⚠️ PyPy 3.10 was moved to
pypy-eol in theenable option, as it is now end-of-life. (#2521) - 📚 Docs improvements (#2574,#2601,#2598)
v3.1.4
19 August 2025
- ✨ Add a
--clean-cache command to clean up our cache (#2489) - 🛠 Update Python to 3.14rc2 and other patch version bumps (#2542,#2556)
- 🛠 Update Pyodide to 0.28.2 (#2562,#2558)
- 🐛 Fix resolution with
pyodide-build whendependency-versions is set (#2548) - 🐛 Set
CMAKE_FIND_ROOT_PATH_MODE_PACKAGE toBOTH on Android (#2547) - 🐛 Add
patchelf dependency for platforms that can build Android wheels (#2552) - 🐛 Ignore empty values for
CIBW_ARCHS like most other environment variables (#2541)
... (truncated)
Commits
Updatesreviewdog/action-setup from 1.4.0 to 1.5.0
Release notes
Sourced fromreviewdog/action-setup's releases.
Release v1.5.0
What's Changed
Full Changelog:reviewdog/action-setup@v1.4.0...v1.5.0
Commits
d8a7baa Merge pull request#74 from reviewdog/depup/reviewdogb041f0d Merge pull request#75 from reviewdog/renovate/reviewdog-action-misspell-1.x05dc1a3 Merge pull request#73 from reviewdog/renovate/chainguard-dev-actions-digestf2ffb34 Merge pull request#68 from reviewdog/renovate/reviewdog-action-shellcheck-1.x28695c5 Merge pull request#67 from reviewdog/renovate/reviewdog-action-actionlint-1.x65d14e0 chore(deps): update reviewdog/action-misspell action to v1.27.0f3a4e22 Merge pull request#64 from reviewdog/renovate/haya14busa-action-bumpr-1.xf257542 chore(deps): update reviewdog/action-actionlint action to v1.68.078083cb chore(deps): update chainguard-dev/actions digest to 4aa34020eb086b Merge pull request#76 from reviewdog/renovate/actions-checkout-5.x- Additional commits viewable incompare view
Updatesgithub/codeql-action from 4.31.0 to 4.31.5
Release notes
Sourced fromgithub/codeql-action's releases.
v4.31.5
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
4.31.5 - 24 Nov 2025
- Update default CodeQL bundle version to 2.23.6.#3321
See the fullCHANGELOG.md for more information.
v4.31.4
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
4.31.4 - 18 Nov 2025
No user facing changes.
See the fullCHANGELOG.md for more information.
v4.31.3
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, seeUpcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5.#3288
See the fullCHANGELOG.md for more information.
v4.31.2
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
4.31.2 - 30 Oct 2025
No user facing changes.
See the fullCHANGELOG.md for more information.
v4.31.1
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
... (truncated)
Changelog
Sourced fromgithub/codeql-action's changelog.
CodeQL Action Changelog
See thereleases page for the relevant changes to the CodeQL CLI and language packs.
[UNRELEASED]
No user facing changes.
4.31.5 - 24 Nov 2025
- Update default CodeQL bundle version to 2.23.6.#3321
4.31.4 - 18 Nov 2025
No user facing changes.
4.31.3 - 13 Nov 2025
- CodeQL Action v3 will be deprecated in December 2026. The Action now logs a warning for customers who are running v3 but could be running v4. For more information, seeUpcoming deprecation of CodeQL Action v3.
- Update default CodeQL bundle version to 2.23.5.#3288
4.31.2 - 30 Oct 2025
No user facing changes.
4.31.1 - 30 Oct 2025
- The
add-snippets input has been removed from theanalyze action. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.
4.31.0 - 24 Oct 2025
- Bump minimum CodeQL bundle version to 2.17.6.#3223
- When SARIF files are uploaded by the
analyze orupload-sarif actions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarif action. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalways for theupload input.#3222
4.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3.#3205
- Experimental: A new
setup-codeql action has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time.#3204
4.30.8 - 10 Oct 2025
No user facing changes.
4.30.7 - 06 Oct 2025
- [v4+ only] The CodeQL Action now runs on Node.js v24.#3169
3.30.6 - 02 Oct 2025
- Update default CodeQL bundle version to 2.23.2.#3168
... (truncated)
Commits
fdbfb4d Merge pull request#3322 from github/update-v4.31.5-ec2ee575c81f6d64 Update changelog for v4.31.5ec2ee57 Merge pull request#3321 from github/update-bundle/codeql-bundle-v2.23.6ecc8787 Add changelog note1d2a238 Update default bundle to codeql-bundle-v2.23.6ce729e4 Merge pull request#3315 from github/henrymercer/dead-code-eliminationac359aa Add return type112cd07 Merge branch 'main' into henrymercer/dead-code-elimination0b43179 Merge pull request#3306 from github/dependabot/npm_and_yarn/types/sinon-21.0.0e818008 Merge pull request#3305 from github/dependabot/npm_and_yarn/eslint/compat-2.0.0- Additional commits viewable incompare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting@dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase will rebase this PR@dependabot recreate will recreate this PR, overwriting any edits that have been made to it@dependabot merge will merge this PR after your CI passes on it@dependabot squash and merge will squash and merge this PR after your CI passes on it@dependabot cancel merge will cancel a previously requested merge and block automerging@dependabot reopen will reopen this PR if it is closed@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
Bumps the actions group with 4 updates in the / directory:actions/checkout,pypa/cibuildwheel,reviewdog/action-setup andgithub/codeql-action.
Updates
actions/checkoutfrom 5.0.0 to 6.0.0Release notes
Sourced fromactions/checkout's releases.
Changelog
Sourced fromactions/checkout's changelog.
... (truncated)
Commits
1af3b93update readme/changelog for v6 (#2311)71cf226v6-beta (#2298)069c695Persist creds to a separate file (#2286)ff7abcdUpdate README to include Node.js 24 support details and requirements (#2248)Updates
pypa/cibuildwheelfrom 3.2.1 to 3.3.0Release notes
Sourced frompypa/cibuildwheel's releases.
Changelog
Sourced frompypa/cibuildwheel's changelog.
... (truncated)
Commits
63fd63bBump version: v3.3.0f4fe311fix: support Docker 29 (#2660)f6c8108feat: make the{project}placeholder available torepair-wheel-command(#...ccbae30feat: support uv with Android (#2587)1337e50chore: pytest log_level is better than log_cli_level (#2657)720f8e2feat: add manylinux_2_35 (#2656)4c7f369[pre-commit.ci] pre-commit autoupdate (#2658)e1baa60chore: enable more Ruff checks (#2654)1f2f8b2fix: don't constrainbuild-system.requireswith ourdependency-versions(...8c5b02f[pre-commit.ci] pre-commit autoupdate (#2648)Updates
reviewdog/action-setupfrom 1.4.0 to 1.5.0Release notes
Sourced fromreviewdog/action-setup's releases.
Commits
d8a7baaMerge pull request#74 from reviewdog/depup/reviewdogb041f0dMerge pull request#75 from reviewdog/renovate/reviewdog-action-misspell-1.x05dc1a3Merge pull request#73 from reviewdog/renovate/chainguard-dev-actions-digestf2ffb34Merge pull request#68 from reviewdog/renovate/reviewdog-action-shellcheck-1.x28695c5Merge pull request#67 from reviewdog/renovate/reviewdog-action-actionlint-1.x65d14e0chore(deps): update reviewdog/action-misspell action to v1.27.0f3a4e22Merge pull request#64 from reviewdog/renovate/haya14busa-action-bumpr-1.xf257542chore(deps): update reviewdog/action-actionlint action to v1.68.078083cbchore(deps): update chainguard-dev/actions digest to 4aa34020eb086bMerge pull request#76 from reviewdog/renovate/actions-checkout-5.xUpdates
github/codeql-actionfrom 4.31.0 to 4.31.5Release notes
Sourced fromgithub/codeql-action's releases.
... (truncated)
Changelog
Sourced fromgithub/codeql-action's changelog.
... (truncated)
Commits
fdbfb4dMerge pull request#3322 from github/update-v4.31.5-ec2ee575c81f6d64Update changelog for v4.31.5ec2ee57Merge pull request#3321 from github/update-bundle/codeql-bundle-v2.23.6ecc8787Add changelog note1d2a238Update default bundle to codeql-bundle-v2.23.6ce729e4Merge pull request#3315 from github/henrymercer/dead-code-eliminationac359aaAdd return type112cd07Merge branch 'main' into henrymercer/dead-code-elimination0b43179Merge pull request#3306 from github/dependabot/npm_and_yarn/types/sinon-21.0.0e818008Merge pull request#3305 from github/dependabot/npm_and_yarn/eslint/compat-2.0.0Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions