Skip to content

Bump actions/setup-python from 5 to 6#314

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/setup-python-6
Open

Bump actions/setup-python from 5 to 6#314
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions/setup-python-6

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 11, 2026
edited
Loading

Bumps actions/setup-python from 5 to 6.

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits
  • a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
  • bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
  • 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
  • 83679a8 Bump @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
  • bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
  • 97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
  • 443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
  • cfd55ca graalpy: add graalpy early-access and windows builds (#880)
  • bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
  • 18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
Bump actions/setup-python from 5 to 6
b7eddb8 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 11, 2026
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Apr 17, 2026

Dependabot attempted to update this pull request, but because the branch dependabot/github_actions/actions/setup-python-6 is protected it was unable to do so.

@JimWallace JimWallace mentioned this pull request May 20, 2026
Merged
3 tasks
JimWallace added a commit that referenced this pull request May 20, 2026
@JimWallace @claude
v0.4.196: migrate all Node.js 20 GitHub Actions to Node.js 24 (#638)
79c59f5 
GitHub forces Node 20 JS actions onto Node 24 on 2026-06-02 and removes
the Node 20 runtime on 2026-09-16. Bump every action still declaring
runs.using: node20:

- actions/upload-artifact v4 -> v7 (docker-build, zap-baseline)
- actions/download-artifact v4 -> v8 (docker-build)
- actions/setup-python v5 -> v6 (jupyterlite)
- softprops/action-gh-release v2 -> v3 (release)
- codecov/codecov-action v5 -> v6 (test-coverage; v5 internally pinned
  the Node 20 actions/github-script@v7, v6 uses github-script v8)

Already on Node 24 (checkout@v6, cache@v5, setup-node@v5, codeql@v4,
docker/*) left unchanged. Supersedes Dependabot PRs #368, #316, #314.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
JimWallace added a commit that referenced this pull request May 20, 2026
@JimWallace @claude
v0.4.197: Docker CI maintenance — PR path filter, concurrency cancel,…
be0cfdd 
… action bumps (#641)

* v0.4.196: migrate all Node.js 20 GitHub Actions to Node.js 24

GitHub forces Node 20 JS actions onto Node 24 on 2026-06-02 and removes
the Node 20 runtime on 2026-09-16. Bump every action still declaring
runs.using: node20:

- actions/upload-artifact v4 -> v7 (docker-build, zap-baseline)
- actions/download-artifact v4 -> v8 (docker-build)
- actions/setup-python v5 -> v6 (jupyterlite)
- softprops/action-gh-release v2 -> v3 (release)
- codecov/codecov-action v5 -> v6 (test-coverage; v5 internally pinned
  the Node 20 actions/github-script@v7, v6 uses github-script v8)

Already on Node 24 (checkout@v6, cache@v5, setup-node@v5, codeql@v4,
docker/*) left unchanged. Supersedes Dependabot PRs #368, #316, #314.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* v0.4.197: only run Docker image build on image-relevant PRs

Build and Push Docker Image is the longest job in the suite and already
builds + Trivy-scans without pushing on PRs. Path-filter its pull_request
trigger to inputs that can change the image build or scan result
(Dockerfile, Package.swift/.resolved, docker-compose.yml, deploy/**, and
the workflow file). Source-only PRs skip it; the debug build in
swift-tests.yml still proves the code compiles. Push-to-main and tag
builds stay unconditional, so every merge and release still gets a full
build + scan + push and base-image CVE drift is still caught.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

* v0.4.197: concurrency cancel for Docker PR runs + action bumps

Fold the remaining CI cleanups into the 0.4.197 maintenance pass:

- docker-build.yml: add a concurrency group so re-pushing a PR cancels
  its prior in-flight Docker run; main/tag builds are never cancelled.
- actions/setup-node v5 -> v6 (swift-tests.yml; supersedes Dependabot #315).
- aquasecurity/trivy-action v0.35.0 -> v0.36.0 (supersedes Dependabot #423).

Both action bumps are drop-in: setup-node v6 stays on Node 24, trivy
v0.36.0 only bumps the bundled Trivy binary.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants