ci(deps): Bump the minor-and-patch group with 2 updates

[dependabot]

Bumps the minor-and-patch group with 2 updates: robinraju/release-downloader and pypa/gh-action-pypi-publish.

Updates robinraju/release-downloader from 1.12 to 1.13

Release notes

Sourced from robinraju/release-downloader's releases.

Release Downloader v1.13

What's Changed

• chore: group dependendabot updates by @​robinraju in robinraju/release-downloader#905
• chore: dependency updates by @​robinraju in robinraju/release-downloader#906
• Upgrade action runtime to node 24 by @​robinraju in robinraju/release-downloader#907
• Await directory creation by @​DavidS-ovm in robinraju/release-downloader#902
• Add workflow to check if dist directory id up to date by @​robinraju in robinraju/release-downloader#908
• ci(mergify): upgrade configuration to current format by @​mergify[bot] in robinraju/release-downloader#918
• Improve error reporting by @​DavidS-ovm in robinraju/release-downloader#903
• Add more test coverage by @​robinraju in robinraju/release-downloader#920
• Split CI into separate worflows (pr validation + main branch builds) by @​robinraju in robinraju/release-downloader#921
• Build using CI and restrict commits by users by @​robinraju in robinraju/release-downloader#924
• Bump @​types/node from 24.12.0 to 25.5.0 by @​dependabot[bot] in robinraju/release-downloader#912
• Bump minimatch from 10.2.4 to 10.2.5 by @​dependabot[bot] in robinraju/release-downloader#923
• Bump picomatch from 2.3.1 to 2.3.2 by @​dependabot[bot] in robinraju/release-downloader#915
• Bump lodash from 4.17.23 to 4.18.1 by @​dependabot[bot] in robinraju/release-downloader#922
• Bump tar from 7.5.12 to 7.5.13 in the npm-production group across 1 directory by @​dependabot[bot] in robinraju/release-downloader#925
• Bump eslint-plugin-jest from 28.11.0 to 29.15.0 by @​dependabot[bot] in robinraju/release-downloader#914
• Bump brace-expansion from 1.1.12 to 1.1.13 by @​dependabot[bot] in robinraju/release-downloader#916
• Bump the npm-development group across 1 directory with 8 updates by @​dependabot[bot] in robinraju/release-downloader#919
• Potential fix for code scanning alert no. 8: Workflow does not contain permissions by @​robinraju in robinraju/release-downloader#926
• Bump the npm-development group with 5 updates by @​dependabot[bot] in robinraju/release-downloader#928
• Bump eslint-plugin-github from 5.1.8 to 6.0.0 by @​dependabot[bot] in robinraju/release-downloader#929
• Migrate to ESM by @​robinraju in robinraju/release-downloader#932
• Bump @​actions/core from 1.11.1 to 3.0.0 by @​dependabot[bot] in robinraju/release-downloader#913
• Bump typescript from 5.8.2 to 6.0.2 by @​dependabot[bot] in robinraju/release-downloader#931
• fix #729: Remove archive after extraction by @​Wires77 in robinraju/release-downloader#792
• Specify different extract path by @​gnpaone in robinraju/release-downloader#768

New Contributors

• @​DavidS-ovm made their first contribution in robinraju/release-downloader#902
• @​mergify[bot] made their first contribution in robinraju/release-downloader#918
• @​Wires77 made their first contribution in robinraju/release-downloader#792
• @​gnpaone made their first contribution in robinraju/release-downloader#768

Full Changelog: robinraju/release-downloader@v1.12...v1.13

Commits

• 28fc21f chore: refresh dist [skip ci]
• d049b59 Specify different extract path (#768)
• 5014b08 chore: refresh dist [skip ci]
• 3bd996f fix #729: Remove archive after extraction (#792)
• ffd8c66 Bump typescript from 5.8.2 to 6.0.2 (#931)
• 688517e chore: refresh dist [skip ci]
• 39e265d Bump @​actions/core from 1.11.1 to 3.0.0 (#913)
• 222ca9c chore: refresh dist [skip ci]
• b16c1cd Migrate to ESM (#932)
• 93eac22 Bump eslint-plugin-github from 5.1.8 to 6.0.0 (#929)
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

• @​him2him2 made their first contribution in #395
• @​whitequark made their first contribution in #397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits

• cef2210 Merge pull request #397 from whitequark/patch-1
• b4595e2 Enable verbose and print-hash by default.
• e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
• 7495c38 docs: fix typos and grammar in README and SECURITY
• 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
• 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
• b5a6e8b deps: bump sigstore and pypi-attestations
• a48a03e remove another experimental mention
• 8087a88 action: remove a lingering mention of PEP 740 being experimental
• 3317ede 🧪 Integrate actionlint via pre-commit framework
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

🎉 Thanks for opening this pull request!

Your contribution is appreciated. Here are some helpful commands you can use:

Quick Commands

• /autofix - Auto-format and fix linting issues (ruff format + ruff check --fix)
• /lock - Update the uv.lock file with latest dependencies

Available Poe Tasks

You can run any of these tasks using the slash command: /poe <task-name>

Core Tasks

• /poe test - Run all tests
• /poe test-fast - Run tests with fast exit on first failure
• /poe lint - Check code style and quality
• /poe format - Format code with ruff
• /poe deps - Check for unused and missing dependencies
• /poe check - Run format check, linting, dependency check, and tests

Quick Fixes

• /poe fix - Auto-format and fix linting issues
• /poe clean - Clean up build artifacts and cache

Build & Install

• /poe build - Build the package
• /poe install - Install with development dependencies

Other Commands

• /poe version - Show package version
• /poe pre-commit - Run pre-commit style checks

The CI will automatically run tests when you push commits. Happy coding! 🚀