From 581bc0d66942d39eacdc798584f1e0f46d42f5e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 1 Jul 2026 00:10:39 +0000 Subject: [PATCH 1/2] build(deps): bump the github-actions-dependencies group with 11 updates Bumps the github-actions-dependencies group with 11 updates: | Package | From | To | | --- | --- | --- | | [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` | | [github/codeql-action/init](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` | | [github/codeql-action/analyze](https://github.com/github/codeql-action) | `4.36.0` | `4.36.2` | | [actions/setup-java](https://github.com/actions/setup-java) | `5.2.0` | `5.4.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.5` | `6.1.0` | | [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `8.1.0` | `8.2.0` | | [r-lib/actions](https://github.com/r-lib/actions) | `2.12.0` | `2.12.1` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `4.0.0` | `4.1.0` | | [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `3.4.1` | `4.1.0` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | Updates `actions/checkout` from 6.0.2 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/de0fac2e4500dabe0009e67214ff5f5447ce83dd...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0) Updates `github/codeql-action/init` from 4.36.0 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e) Updates `github/codeql-action/analyze` from 4.36.0 to 4.36.2 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/7211b7c8077ea37d8641b6271f6a365a22a5fbfa...8aad20d150bbac5944a9f9d289da16a4b0d87c1e) Updates `actions/setup-java` from 5.2.0 to 5.4.0 - [Release notes](https://github.com/actions/setup-java/releases) - [Commits](https://github.com/actions/setup-java/compare/be666c2fcd27ec809703dec50e508c2fdc7f6654...1bcf9fb12cf4aa7d266a90ae39939e61372fe520) Updates `actions/cache` from 5.0.5 to 6.1.0 - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/27d5ce7f107fe9357f9df03efb73ab90386fccae...55cc8345863c7cc4c66a329aec7e433d2d1c52a9) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/a309ff8b426b58ec0e2a45f0f869d46889d02405...ece7cb06caefa5fff74198d8649806c4678c61a1) Updates `astral-sh/setup-uv` from 8.1.0 to 8.2.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](https://github.com/astral-sh/setup-uv/compare/08807647e7069bb48b6ef5acd8ec9567f424441b...fac544c07dec837d0ccb6301d7b5580bf5edae39) Updates `r-lib/actions` from 2.12.0 to 2.12.1 - [Release notes](https://github.com/r-lib/actions/releases) - [Changelog](https://github.com/r-lib/actions/blob/v2-branch/NEWS.md) - [Commits](https://github.com/r-lib/actions/compare/v2.12.0...v2.12.1) Updates `docker/setup-qemu-action` from 4.0.0 to 4.1.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/ce360397dd3f832beb865e1373c09c0e9f86d70a...06116385d9baf250c9f4dcb4858b16962ea869c3) Updates `pypa/cibuildwheel` from 3.4.1 to 4.1.0 - [Release notes](https://github.com/pypa/cibuildwheel/releases) - [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md) - [Commits](https://github.com/pypa/cibuildwheel/compare/8d2b08b68458a16aeb24b64e68a09ab1c8e82084...294735312765b09d24a2fbec22660ce817587d55) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e...cef221092ed1bacb1cc03d23a2d87d1d172e277b) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-dependencies - dependency-name: github/codeql-action/init dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-dependencies - dependency-name: github/codeql-action/analyze dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-dependencies - dependency-name: actions/setup-java dependency-version: 5.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: actions/cache dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-dependencies - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: astral-sh/setup-uv dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: r-lib/actions dependency-version: 2.12.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions-dependencies - dependency-name: docker/setup-qemu-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies - dependency-name: pypa/cibuildwheel dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions-dependencies - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions-dependencies ... Signed-off-by: dependabot[bot] --- .github/workflows/asf-allowlist-check.yml | 2 +- .github/workflows/basic-tests.yml | 2 +- .github/workflows/codeql.yml | 6 +++--- .github/workflows/docker-build.yml | 6 +++--- .github/workflows/docs.yml | 18 +++++++++--------- .github/workflows/example.yml | 8 ++++---- .github/workflows/java.yml | 8 ++++---- .github/workflows/links.yml | 2 +- .github/workflows/pre-commit-manual.yml | 2 +- .github/workflows/pre-commit.yml | 2 +- .github/workflows/pyflink.yml | 8 ++++---- .github/workflows/python-extension.yml | 6 +++--- .github/workflows/python-wheel.yml | 12 ++++++------ .github/workflows/python.yml | 10 +++++----- .github/workflows/r.yml | 12 ++++++------ 15 files changed, 52 insertions(+), 52 deletions(-) diff --git a/.github/workflows/asf-allowlist-check.yml b/.github/workflows/asf-allowlist-check.yml index baceff15ec8..95b5bb23635 100644 --- a/.github/workflows/asf-allowlist-check.yml +++ b/.github/workflows/asf-allowlist-check.yml @@ -28,7 +28,7 @@ jobs: asf-allowlist-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: apache/infrastructure-actions/allowlist-check@4e9c961f587f72b170874b6f5cd4ac15f7f26eb8 # main diff --git a/.github/workflows/basic-tests.yml b/.github/workflows/basic-tests.yml index 6e8351b9d9f..8f5e513c61f 100644 --- a/.github/workflows/basic-tests.yml +++ b/.github/workflows/basic-tests.yml @@ -35,7 +35,7 @@ jobs: runs-on: ['windows-latest'] steps: - name: 'Checkout ${{ github.ref }} ( ${{ github.sha }} )' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 2 persist-credentials: false diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6ab464fa098..966e1f25881 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -40,17 +40,17 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Initialize CodeQL - uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: languages: ${{ matrix.language }} build-mode: none - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0 + uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2 with: category: 'Security' diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 8e83b8551b2..bd49b1b5a03 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -58,15 +58,15 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: distribution: 'zulu' java-version: 17 - name: Cache Maven packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 5b5c73abfd3..264cb1f5645 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -40,12 +40,12 @@ jobs: build: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: fetch-depth: 0 persist-credentials: true # zizmor: ignore[credential-persistence] - name: Set up Java - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: distribution: 'zulu' java-version: '11' @@ -67,20 +67,20 @@ jobs: run: | cd docs-overrides npx gulp build - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: '3.11' - name: Install uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Sync doc environment run: uv sync --group docs - run: sudo apt update - - uses: r-lib/actions/setup-r@v2.12.0 + - uses: r-lib/actions/setup-r@v2.12.1 with: r-version: release use-public-rspm: true - name: Query R dependencies - uses: r-lib/actions/setup-r-dependencies@v2.12.0 + uses: r-lib/actions/setup-r-dependencies@v2.12.1 with: cache: true extra-packages: | @@ -127,20 +127,20 @@ jobs: name: generated-docs path: staging - name: Cache Python packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-pip- - name: Cache Maven packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} restore-keys: ${{ runner.os }}-m2 - name: Cache Node modules - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: docs-overrides/node_modules key: ${{ runner.os }}-node-${{ hashFiles('docs-overrides/package-lock.json') }} diff --git a/.github/workflows/example.yml b/.github/workflows/example.yml index 6fa1823a687..ff93e6abda7 100644 --- a/.github/workflows/example.yml +++ b/.github/workflows/example.yml @@ -58,10 +58,10 @@ jobs: sedona: 1.8.0 hadoop: 3.3.4 steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: distribution: 'zulu' java-version: '17' @@ -74,14 +74,14 @@ jobs: - run: sudo apt-get update - run: sudo apt-get install sbt - name: Cache SBT - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: | ~/.ivy2/cache ~/.sbt key: ${{ runner.os }}-sbt-${{ hashFiles('**/build.sbt') }} - name: Cache Maven packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/java.yml b/.github/workflows/java.yml index 30e84dd93ca..b0eacd30fbe 100644 --- a/.github/workflows/java.yml +++ b/.github/workflows/java.yml @@ -85,18 +85,18 @@ jobs: jdk: '11' skipTests: '' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: distribution: 'zulu' java-version: ${{ matrix.jdk }} - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: '3.10' - name: Cache Maven packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 9b4d76e4347..b1e76ed7284 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -31,7 +31,7 @@ jobs: permissions: issues: write # required for Broken Links Report steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Link Checker diff --git a/.github/workflows/pre-commit-manual.yml b/.github/workflows/pre-commit-manual.yml index 0a536757502..51adac39807 100644 --- a/.github/workflows/pre-commit-manual.yml +++ b/.github/workflows/pre-commit-manual.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout ${{ github.ref }} ( ${{ github.sha }} )' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: j178/prek-action@bdca6f102f98e2b4c7029491a53dfd366469e33d # v2.0.4 diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 55e25f14c63..d619cee1f94 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -39,7 +39,7 @@ jobs: runs-on: ubuntu-latest steps: - name: 'Checkout ${{ github.ref }} ( ${{ github.sha }} )' - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - uses: j178/prek-action@bdca6f102f98e2b4c7029491a53dfd366469e33d # v2.0.4 diff --git a/.github/workflows/pyflink.yml b/.github/workflows/pyflink.yml index 0cd65a69759..5889b0f4ccd 100644 --- a/.github/workflows/pyflink.yml +++ b/.github/workflows/pyflink.yml @@ -53,18 +53,18 @@ jobs: matrix: python: ['3.11', '3.10'] steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: distribution: 'zulu' java-version: '11' - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: ${{ matrix.python }} - name: Install uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - run: mvn package -pl "org.apache.sedona:sedona-flink-shaded_2.12" -am -DskipTests - name: Install python package + flink extra run: | diff --git a/.github/workflows/python-extension.yml b/.github/workflows/python-extension.yml index cc90f9ed295..67bab0ba541 100644 --- a/.github/workflows/python-extension.yml +++ b/.github/workflows/python-extension.yml @@ -58,14 +58,14 @@ jobs: shell: bash working-directory: python steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: ${{ matrix.python }} - name: Install uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 with: version: '0.9.22' - name: Install dependencies (dev) diff --git a/.github/workflows/python-wheel.yml b/.github/workflows/python-wheel.yml index 0f008696cf4..b985d285cdc 100644 --- a/.github/workflows/python-wheel.yml +++ b/.github/workflows/python-wheel.yml @@ -60,19 +60,19 @@ jobs: run: shell: bash steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Set up QEMU if: runner.os == 'Linux' - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + uses: docker/setup-qemu-action@06116385d9baf250c9f4dcb4858b16962ea869c3 # v4.1.0 with: # temporarily pin to qemu@v8 to workaround non-determininstic gcc segfaults # https://github.com/docker/setup-qemu-action/issues/188 image: tonistiigi/binfmt:qemu-v8.1.5 platforms: all - name: Build wheels - uses: pypa/cibuildwheel@8d2b08b68458a16aeb24b64e68a09ab1c8e82084 # v3.4.1 + uses: pypa/cibuildwheel@294735312765b09d24a2fbec22660ce817587d55 # v4.1.0 env: CIBW_SKIP: 'pp* *musl*' CIBW_ARCHS_LINUX: 'x86_64 aarch64' @@ -89,12 +89,12 @@ jobs: name: Build source distribution runs-on: ubuntu-latest steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - name: Install uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 with: enable-cache: false @@ -129,5 +129,5 @@ jobs: done echo "Content copied to dist." - name: Publish package to PyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 # repository_url: https://test.pypi.org/legacy/ # to test diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index a44bfddfee2..d4febd9e3fb 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -79,20 +79,20 @@ jobs: shapely: '1' steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: distribution: 'zulu' java-version: '${{ matrix.java }}' - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: ${{ matrix.python }} - name: Install uv - uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0 + uses: astral-sh/setup-uv@fac544c07dec837d0ccb6301d7b5580bf5edae39 # v8.2.0 - name: Cache Maven packages - uses: actions/cache@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5 + uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: path: ~/.m2 key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }} diff --git a/.github/workflows/r.yml b/.github/workflows/r.yml index d8561da4854..082e0c4ac5e 100644 --- a/.github/workflows/r.yml +++ b/.github/workflows/r.yml @@ -86,15 +86,15 @@ jobs: run: | sudo apt-get -y remove --purge default-jdk adoptopenjdk-11-hotspot || : shell: bash - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: persist-credentials: false - - uses: r-lib/actions/setup-r@v2.12.0 + - uses: r-lib/actions/setup-r@v2.12.1 with: r-version: ${{ matrix.r }} use-public-rspm: true - name: Query R dependencies - uses: r-lib/actions/setup-r-dependencies@v2.12.0 + uses: r-lib/actions/setup-r-dependencies@v2.12.1 with: cache: true extra-packages: | @@ -102,7 +102,7 @@ jobs: any::rcmdcheck working-directory: './R' - name: Build and check R package - uses: r-lib/actions/check-r-package@v2.12.0 + uses: r-lib/actions/check-r-package@v2.12.1 with: build_args: 'c("--no-build-vignettes", "--no-manual")' args: 'c("--no-build-vignettes", "--no-manual", "--no-tests")' @@ -112,12 +112,12 @@ jobs: _R_CHECK_FORCE_SUGGESTS_: false - name: Install apache.sedona from source run: Rscript -e 'install.packages("./R/", repos = NULL, type = "source")' - - uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0 + - uses: actions/setup-java@1bcf9fb12cf4aa7d266a90ae39939e61372fe520 # v5.4.0 with: distribution: 'temurin' java-version: '11' cache: 'maven' - - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0 + - uses: actions/setup-python@ece7cb06caefa5fff74198d8649806c4678c61a1 # v6.3.0 with: python-version: '3.11' - name: Install PySpark From dc3944c9ef707b792dc086b2e5ff7d4149f07ef6 Mon Sep 17 00:00:00 2001 From: Jia Yu Date: Sat, 11 Jul 2026 18:45:25 -0700 Subject: [PATCH 2/2] Keep pypa/gh-action-pypi-publish at v1.13.0 for ASF allowlist v1.14.0 (cef2210) is not on the ASF actions allowlist, which fails the asf-allowlist-check. Retain the allowlisted v1.13.0 pin while taking the other 10 action bumps in this group. Claude-Session: https://claude.ai/code/session_01NncPBeZ6iNkQFbMMzVt23L --- .github/workflows/python-wheel.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/python-wheel.yml b/.github/workflows/python-wheel.yml index b985d285cdc..3cc89e7776e 100644 --- a/.github/workflows/python-wheel.yml +++ b/.github/workflows/python-wheel.yml @@ -129,5 +129,5 @@ jobs: done echo "Content copied to dist." - name: Publish package to PyPI - uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 + uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 # repository_url: https://test.pypi.org/legacy/ # to test