Bump the github-action-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the github-action-dependencies group with 5 updates in the / directory:

Package	From	To
actions/setup-python	5.3.0	5.4.0
crazy-max/ghaction-github-labeler	5.1.0	5.2.0
pypa/gh-action-pypi-publish	1.12.2	1.12.4
release-drafter/release-drafter	6.0.0	6.1.0
SonarSource/sonarcloud-github-action	3.1.0	5.0.0

Updates actions/setup-python from 5.3.0 to 5.4.0

Release notes

Sourced from actions/setup-python's releases.

v5.4.0

What's Changed

Enhancements:

• Update cache error message by @​aparnajyothi-y in actions/setup-python#968
• Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 by @​priya-kinthali in actions/setup-python#985
• Configure Dependabot settings by @​HarithaVattikuti in actions/setup-python#1008

Documentation changes:

• Readme update - recommended permissions by @​benwells in actions/setup-python#1009
• Improve Advanced Usage examples by @​lrq3000 in actions/setup-python#645

Dependency updates:

• Upgrade undici from 5.28.4 to 5.28.5 by @​dependabot in actions/setup-python#1012
• Upgrade urllib3 from 1.25.9 to 1.26.19 in /tests/data by @​dependabot in actions/setup-python#895
• Upgrade actions/publish-immutable-action from 0.0.3 to 0.0.4 by @​dependabot in actions/setup-python#1014
• Upgrade @actions/http-client from 2.2.1 to 2.2.3 by @​dependabot in actions/setup-python#1020
• Upgrade requests from 2.24.0 to 2.32.2 in /tests/data by @​dependabot in actions/setup-python#1019
• Upgrade @actions/cache to ^4.0.0 by @​priyagupta108 in actions/setup-python#1007

New Contributors

• @​benwells made their first contribution in actions/setup-python#1009
• @​HarithaVattikuti made their first contribution in actions/setup-python#1008
• @​lrq3000 made their first contribution in actions/setup-python#645

Full Changelog: actions/setup-python@v5...v5.4.0

Commits

• 4237552 Improve Advanced Usage examples (#645)
• 709bfa5 Bump requests from 2.24.0 to 2.32.2 in /tests/data (#1019)
• ceb20b2 Bump @​actions/http-client from 2.2.1 to 2.2.3 (#1020)
• 0dc2d2c Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 (#1014)
• feb9c6e Bump urllib3 from 1.25.9 to 1.26.19 in /tests/data (#895)
• d0b4fc4 Bump undici from 5.28.4 to 5.28.5 (#1012)
• e3dfaac Configure Dependabot settings (#1008)
• b8cf3eb Use the new cache service: upgrade @actions/cache to ^4.0.0 (#1007)
• 1928ae6 Update README.md (#1009)
• 3fddbee Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 (#985)
• Additional commits viewable in compare view

Updates crazy-max/ghaction-github-labeler from 5.1.0 to 5.2.0

Release notes

Sourced from crazy-max/ghaction-github-labeler's releases.

v5.2.0

• Load yaml files using the failsafe schema option by @​pjpires in crazy-max/ghaction-github-labeler#226
• Bump cross-spawn from 7.0.3 to 7.0.6 in crazy-max/ghaction-github-labeler#223
• Bump undici from 5.28.4 to 5.28.5 in crazy-max/ghaction-github-labeler#225

Full Changelog: crazy-max/ghaction-github-labeler@v5.1.0...v5.2.0

Commits

• 31674a3 Merge pull request #225 from crazy-max/dependabot/npm_and_yarn/undici-5.28.5
• 0f4f1ec chore: update generated content
• 44d83ee Merge pull request #227 from crazy-max/bake-v6
• 758a909 ci: update bake-action to v6
• 1c66a35 chore(deps): bump undici from 5.28.4 to 5.28.5
• 989e392 Merge pull request #222 from crazy-max/dependabot/github_actions/codecov/code...
• ec65374 ci: fix deprecated input for codecov-action
• 765a634 Merge pull request #223 from crazy-max/dependabot/npm_and_yarn/cross-spawn-7.0.6
• 98f4f2b Merge pull request #226 from pjpires/yaml-failsafe-schema
• c0910be Update generated content
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.12.2 to 1.12.4

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.12.4

✨ What's Changed

The main theme of this patch release that the support for uploading PEP 639 licensing metadata to PyPI has been fixed in #327.

🛠️ Internal Updates

A few smaller updates include the attestation existence being checked earlier in the process now, listing all the violating files together, not just one (PR #315). And the lock file with the software available in runtime has been re-pinned in #329. Additionally, the CI now runs the smoke-tests against both Ubuntu 22.04 and 24.04 explicitly via da900af96347cc027433720ad4f122117645459d.

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.12.3...v1.12.4

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​dnicolodi💰 and @​woodruffw💰 for releasing the license metadata support fix in Twine!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

v1.12.3

✨ What's Improved

With the updates by @​woodruffw💰 and @​webknjaz💰 via #309 and #313, it is now possible to publish [distribution packages] that include [core metadata v2.4], like those built using [maturin]. This is done by bumping Twine to v6.0.1 and pkginfo to v1.12.0.

📝 Docs

We've made an attempt to clarify the runtime and workflow shape that are expected to be supported for calling this action in: https://github.com/marketplace/actions/pypi-publish#Non-goals.

[!TIP] Please, let us know in the release discussion if anything still remains unclear. TL;DR always call [pypi-publish] once per job; don't invoke it in reusable workflows; physically move building the dists into separate jobs having restricted permissions and storing the dists as GitHub Actions artifacts; when using self-hosted runners, make sure to still use [pypi-publish] on a GitHub-provided infra with runs-on: ubuntu-latest, while building and testing may remain self-hosted; don't perform any other actions in the publishing job; don't call [pypi-publish] from composite actions.

🛠️ Internal Updates

@​br3ndonland💰 improved the container image generation automation to include Git SHA in #301. And @​woodruffw💰 added the workflow_ref context to Trusted Publishing debug logging in #305, helping us diagnose misconfigurations faster. #313 also extends the smoke test in the CI to check against the [maturin]-made dists. Additionally, jeepney and secretstorage transitive deps have been added to the pip constraint-based lock file, as Dependabot seems to have missed those earlier.

... (truncated)

Commits

• 76f52bc Merge pull request #329 from webknjaz/maintenance/runtime-lockfile-24-02-2025
• 72de13b 📌 Mass-upgrade transitive dependency pins
• 1995f2e Merge pull request #327 from webknjaz/maintenance/twine-6.1-pep639
• 29f40bd 📦 Enable metadata 2.4 support in Twine
• 10df67d 📦 Enable support for PEP 639 metadata
• e0449d2 🧪 Integrate a unified alls-green GHA status
• cebc64f 🧪 Bump setuptools in smoke test to v75.8.0
• da900af 🧪 Run smoke tests against Ubuntu 24 and 22
• 8cafb5c 💰 Sync the funding config
• 916e576 Merge pull request #315 from webknjaz/refactoring/attestations-exist-bundle
• Additional commits viewable in compare view

Updates release-drafter/release-drafter from 6.0.0 to 6.1.0

Release notes

Sourced from release-drafter/release-drafter's releases.

v6.1.0

What's Changed

New

• Add config option for PR query limit (#1362) @​ssolbeck

Bug Fixes

• Fix: Correctly mention bot accounts in release notes (#1376) @​jamietanna
• Update only drafts with the same prerelease status (#1385) @​jaap3

Documentation

• docs: Fix Fork Link (#1412) @​Dor-bl
• Ensure support new default branch name (#1079) @​Triloworld
• update schema generation and update schema to draft 07 (#1422) @​jetersen
• fix typo: therelease (#1407) @​billykern
• Document added action outputs introduced in #1300 (#1406) @​SVNKoch
• Update README.md (#1421) @​yusufraji
• fix: update broken link in readme (#1416) @​kopach
• Update v6 README.md (#1384) @​taku333

Full Changelog: release-drafter/release-drafter@v6.0.0...v6.1.0

Commits

• b1476f6 v6.1.0
• d7328d2 Add config option for pull-request-limit (#1362)
• 5faffa9 docs: Fix Fork Link (#1412)
• a914231 Ensure support new main branch name (#1079)
• d6eceac Fix: Correctly mention bot accounts in release notes (#1376)
• 41c11a2 update schema generation and update schema to draft 07 (#1422)
• 8296e40 fix typo: therelease (#1407)
• 0ad4f70 Document action outputs introduced in #1300 (#1406)
• 378bacb Update README.md (#1421)
• c139411 Update only drafts with the same prerelease status (#1385)
• Additional commits viewable in compare view

Updates SonarSource/sonarcloud-github-action from 3.1.0 to 5.0.0

Release notes

Sourced from SonarSource/sonarcloud-github-action's releases.

v5.0.0

What's Changed

• SCSCANGHA-39 Redirect to the SonarQube Scan Action v5.0.0 by @​henryju in SonarSource/sonarcloud-github-action#102
• Sonarqube-scan-action 404 fix by @​mbianchidev in SonarSource/sonarcloud-github-action#103

New Contributors

• @​mbianchidev made their first contribution in SonarSource/sonarcloud-github-action#103

Full Changelog: SonarSource/sonarcloud-github-action@v4...v5.0.0

v4.0.0

⚠️ DEPRECATION WARNING ⚠️

This new version of the GitHub action for SonarQube Cloud is going to be the last one specifically designed for SonarQube Cloud.

Since v4.1.0, the former GitHub action for SonarQube Server (sonarqube-scan-action) is the entrypoint for both Server and Cloud: a single GitHub action to interact with the SonarQube solution, whether on premise or in the cloud!

You can read more about the unified action here.

What's Changed

• SCSCANGHA-25 Remove docker and SCSCANGHA-28 Rebranding by @​antonioaversa in SonarSource/sonarcloud-github-action#98
• SCSCANGHA-32 Shorten description and remove mend docker check by @​antonioaversa in SonarSource/sonarcloud-github-action#99

New Contributors

• @​Godin made their first contribution in SonarSource/sonarcloud-github-action#93
• @​pavel-mikula-sonarsource made their first contribution in SonarSource/sonarcloud-github-action#96
• @​antonioaversa made their first contribution in SonarSource/sonarcloud-github-action#98

Full Changelog: SonarSource/sonarcloud-github-action@v3...v4.0.0

Commits

• ffc3010 Add a link to the sonarqube-scan-action marketplace entry (#103)
• 91eed76 SCSCANGHA-39 Redirect to the SonarQube Scan Action v5.0.0
• f170077 SCSCANGHA-37 Update CODEOWNERS (#100)
• 02ef911 Shorten description and remove mend docker check
• 4afec88 SCSCANGHA-28 Rebranding
• 48d9e10 SCSCANGHA-25 Replace the Docker action by a composite action forwarding to th...
• 982992a Add Jira integration
• 9f9bba2 Recommend to not use this action for analysis of Dart code
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud