build(deps): Bump actions/setup-python from 5.6.0 to 6.2.0 by dependabot[bot] · Pull Request #10 · microsoft/agent-governance-toolkit

dependabot · 2026-03-04T21:19:32Z

Bumps actions/setup-python from 5.6.0 to 6.2.0.

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

Upgrade dependencies to Node 24 compatible versions by @salmanmkc in actions/setup-python#1259

Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

v6.1.0

What's Changed

Enhancements:

Add support for pip-install input by @gowridurgad in actions/setup-python#1201

Add graalpy early-access and windows builds by @timfel in actions/setup-python#880

Dependency and Documentation updates:

Enhanced wording and updated example usage for allow-prereleases by @yarikoptic in actions/setup-python#979

Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @dependabot in actions/setup-python#1139

Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @dependabot in actions/setup-python#1094

Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @dependabot in actions/setup-python#1199

Upgrade requests from 2.32.2 to 2.32.4 by @dependabot in actions/setup-python#1130

Upgrade prettier from 3.5.3 to 3.6.2 by @dependabot in actions/setup-python#1234

Upgrade @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @dependabot in actions/setup-python#1235

New Contributors

@yarikoptic made their first contribution in actions/setup-python#979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

What's Changed

Breaking Changes

Upgrade to node 24 by @salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Add support for pip-version by @priyagupta108 in actions/setup-python#1129

Enhance reading from .python-version by @krystof-k in actions/setup-python#787

Add version parsing from Pipfile by @aradkdj in actions/setup-python#1067

Bug fixes:

Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @aparnajyothi-y in actions/setup-python#1183

Change missing cache directory error to warning by @aparnajyothi-y in actions/setup-python#1182

Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @aparnajyothi-y in actions/setup-python#1122

Include python version in PyPy python-version output by @cdce8p in actions/setup-python#1110

Update docs: clarification on pip authentication with setup-python by @priya-kinthali in actions/setup-python#1156

Dependency updates:

Upgrade idna from 2.9 to 3.7 in /tests/data by @dependabot[bot] in actions/setup-python#843

Upgrade form-data to fix critical vulnerabilities #182 & #183 by @aparnajyothi-y in actions/setup-python#1163

Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @aparnajyothi-y in actions/setup-python#1165

Upgrade actions/checkout from 4 to 5 by @dependabot[bot] in actions/setup-python#1181

Upgrade @actions/tool-cache from 2.0.1 to 2.0.2 by @dependabot[bot] in actions/setup-python#1095

... (truncated)

Commits

a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
bfe8cc5 Upgrade @actions dependencies to Node 24 compatible versions (#1259)
4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
83679a8 Bump @types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ...
bfc4944 Bump prettier from 3.5.3 to 3.6.2 (#1234)
97aeb3e Bump requests from 2.32.2 to 2.32.4 in /tests/data (#1130)
443da59 Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi...
cfd55ca graalpy: add graalpy early-access and windows builds (#880)
bba65e5 Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md (#1094)
18566f8 Improve wording and "fix example" (remove 3.13) on testing against pre-releas...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.6.0 to 6.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a26af69...a309ff8) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.2.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

Implements monitoring for emergent offensive behavior in agent-to-agent conversations, motivated by Irregular Labs research demonstrating that AI agents can autonomously develop attack behavior through feedback loops. New components: - EscalationClassifier: detects coercive rhetoric and urgency amplification - OffensiveIntentDetector: detects vuln research, priv esc, exfil planning - FeedbackLoopBreaker: detects error-retry cycles and escalation trends - ConversationGuardian: orchestrates all three into composite alerts Integration: - A2AGovernanceAdapter now accepts optional conversation_guardian parameter - Guardian runs between content check and rate limit (step 5.5) - BREAK/QUARANTINE alerts cause task denial - New a2a_conversation_policy section in policy_schema.json - All exports added to integrations __init__.py Tests: 48 new tests covering all components, edge cases, and the full Irregular Labs paper scenario (lead agent convincing sub-agent to hack). All 68 tests passing (20 existing + 48 new). OWASP ASI coverage: #1 Goal Hijacking, #8 Insecure A2A Comms, #10 Rogue Agents Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

dependabot bot added the dependencies Pull requests that update a dependency file label Mar 4, 2026

imran-siddique merged commit 4458f9c into main Mar 4, 2026
17 of 19 checks passed

dependabot bot deleted the dependabot/github_actions/actions/setup-python-6.2.0 branch March 4, 2026 22:34

imran-siddique mentioned this pull request Mar 4, 2026

build(deps): Bump actions/checkout from 4.2.2 to 6.0.2 #11

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): Bump actions/setup-python from 5.6.0 to 6.2.0#10

build(deps): Bump actions/setup-python from 5.6.0 to 6.2.0#10
imran-siddique merged 1 commit intomainfrom
dependabot/github_actions/actions/setup-python-6.2.0

dependabot bot commented on behalf of github Mar 4, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant