Bump urllib3 from 2.6.0 to 2.6.3 in /__tests__/data by dependabot[bot] · Pull Request #1264 · actions/setup-python

dependabot · 2026-01-08T06:38:07Z

Bumps urllib3 from 2.6.0 to 2.6.3.

Release notes

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by @D47A, 8.9 High, GHSA-38jv-5279-wg99)

Started treating Retry-After times greater than 6 hours as 6 hours by default. (urllib3/urllib3#3743)

Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. (urllib3/urllib3#3752)

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. (urllib3/urllib3#3734)

2.6.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. (#3731)

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)

Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)

Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)

2.6.2 (2025-12-11)

Fixed HTTPResponse.read_chunked() to properly handle leftover data in the decoder's buffer when reading compressed chunked responses. ([#3734](https://github.com/urllib3/urllib3/issues/3734) <https://github.com/urllib3/urllib3/issues/3734>__)

2.6.1 (2025-12-08)

Restore previously removed HTTPResponse.getheaders() and HTTPResponse.getheader() methods. ([#3731](https://github.com/urllib3/urllib3/issues/3731) <https://github.com/urllib3/urllib3/issues/3731>__)

Commits

0248277 Release 2.6.3
8864ac4 Merge commit from fork
70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
34284cb Mention experimental features in the security policy (#3746)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.

aparnajyothi-y · 2026-01-19T10:43:50Z

@dependabot recreate

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.0 to 2.6.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.0...2.6.3) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

aparnajyothi-y · 2026-01-21T11:27:40Z

@dependabot recreate

Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.6.0 to 2.6.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.6.0...2.6.3) --- updated-dependencies: - dependency-name: urllib3 dependency-version: 2.6.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>

…/github.com/actions/setup-python into dependabot/pip/__tests__/data/urllib3-2.6.3

Bumps the github-actions group with 7 updates: | Package | From | To | | --- | --- | --- | | [actions/setup-python](https://github.com/actions/setup-python) | `6.1.0` | `6.2.0` | | [actions/cache](https://github.com/actions/cache) | `5.0.1` | `5.0.2` | | [actions/setup-java](https://github.com/actions/setup-java) | `5.1.0` | `5.2.0` | | [anchore/scan-action](https://github.com/anchore/scan-action) | `7.2.3` | `7.3.0` | | [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action) | `1.0.29` | `1.0.31` | | [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `8.0.0` | `8.1.0` | | [ruby/setup-ruby](https://github.com/ruby/setup-ruby) | `1.283.0` | `1.286.0` | Updates `actions/setup-python` from 6.1.0 to 6.2.0 Release notes *Sourced from [actions/setup-python's releases](https://github.com/actions/setup-python/releases).* > v6.2.0 > ------ > > What's Changed > -------------- > > ### Dependency Upgrades > > * Upgrade dependencies to Node 24 compatible versions by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/setup-python#1259](https://redirect.github.com/actions/setup-python/pull/1259) > * Upgrade urllib3 from 2.5.0 to 2.6.3 in `/__tests__/data` by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1253](https://redirect.github.com/actions/setup-python/pull/1253) and [actions/setup-python#1264](https://redirect.github.com/actions/setup-python/pull/1264) > > **Full Changelog**: <actions/setup-python@v6...v6.2.0> Commits * [`a309ff8`](actions/setup-python@a309ff8) Bump urllib3 from 2.6.0 to 2.6.3 in /**tests**/data ([#1264](https://redirect.github.com/actions/setup-python/issues/1264)) * [`bfe8cc5`](actions/setup-python@bfe8cc5) Upgrade [`@actions`](https://github.com/actions) dependencies to Node 24 compatible versions ([#1259](https://redirect.github.com/actions/setup-python/issues/1259)) * [`4f41a90`](actions/setup-python@4f41a90) Bump urllib3 from 2.5.0 to 2.6.0 in /**tests**/data ([#1253](https://redirect.github.com/actions/setup-python/issues/1253)) * See full diff in [compare view](actions/setup-python@83679a8...a309ff8) Updates `actions/cache` from 5.0.1 to 5.0.2 Release notes *Sourced from [actions/cache's releases](https://github.com/actions/cache/releases).* > v.5.0.2 > ------- > > v5.0.2 > ====== > > What's Changed > -------------- > > When creating cache entries, 429s returned from the cache service will not be retried. Changelog *Sourced from [actions/cache's changelog](https://github.com/actions/cache/blob/main/RELEASES.md).* > Releases > ======== > > Changelog > --------- > > ### 5.0.2 > > * Bump `@actions/cache` to v5.0.3 [#1692](https://redirect.github.com/actions/cache/pull/1692) > > ### 5.0.1 > > * Update `@azure/storage-blob` to `^12.29.1` via `@actions/cache@5.0.1` [#1685](https://redirect.github.com/actions/cache/pull/1685) > > ### 5.0.0 > > > [!IMPORTANT] > > `actions/cache@v5` runs on the Node.js 24 runtime and requires a minimum Actions Runner version of `2.327.1`. > > If you are using self-hosted runners, ensure they are updated before upgrading. > > ### 4.3.0 > > * Bump `@actions/cache` to [v4.1.0](https://redirect.github.com/actions/toolkit/pull/2132) > > ### 4.2.4 > > * Bump `@actions/cache` to v4.0.5 > > ### 4.2.3 > > * Bump `@actions/cache` to v4.0.3 (obfuscates SAS token in debug logs for cache entries) > > ### 4.2.2 > > * Bump `@actions/cache` to v4.0.2 > > ### 4.2.1 > > * Bump `@actions/cache` to v4.0.1 > > ### 4.2.0 > > TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. [actions/cache](https://github.com/actions/cache) now integrates with the new cache service (v2) APIs. > > The new service will gradually roll out as of **February 1st, 2025**. The legacy service will also be sunset on the same date. Changes in these release are **fully backward compatible**. > > **We are deprecating some versions of this action**. We recommend upgrading to version `v4` or `v3` as soon as possible before **February 1st, 2025.** (Upgrade instructions below). > > If you are using pinned SHAs, please use the SHAs of versions `v4.2.0` or `v3.4.0` > > If you do not upgrade, all workflow runs using any of the deprecated [actions/cache](https://github.com/actions/cache) will fail. ... (truncated) Commits * [`8b402f5`](actions/cache@8b402f5) Merge pull request [#1692](https://redirect.github.com/actions/cache/issues/1692) from GhadimiR/main * [`304ab5a`](actions/cache@304ab5a) license for httpclient * [`609fc19`](actions/cache@609fc19) Update licensed record for cache * [`b22231e`](actions/cache@b22231e) Build * [`93150cd`](actions/cache@93150cd) Add PR link to releases * [`9b8ca9f`](actions/cache@9b8ca9f) Bump actions/cache to 5.0.3 * See full diff in [compare view](actions/cache@9255dc7...8b402f5) Updates `actions/setup-java` from 5.1.0 to 5.2.0 Release notes *Sourced from [actions/setup-java's releases](https://github.com/actions/setup-java/releases).* > v5.2.0 > ------ > > What's Changed > -------------- > > ### Enhancement > > * Retry on HTTP 522 Connection timed out by [`@findepi`](https://github.com/findepi) in [actions/setup-java#964](https://redirect.github.com/actions/setup-java/pull/964) > > ### Documentation Changes > > * Update gradle caching by [`@priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-java#972](https://redirect.github.com/actions/setup-java/pull/972) > * Update checkout to v6 by [`@mahabaleshwars`](https://github.com/mahabaleshwars) in [actions/setup-java#973](https://redirect.github.com/actions/setup-java/pull/973) > > ### Dependency Updates > > * Upgrade `@actions/cache` to v5 by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/setup-java#968](https://redirect.github.com/actions/setup-java/pull/968) > * Upgrade actions/checkout from 5 to 6 by [`@dependabot`](https://github.com/dependabot) in [actions/setup-java#961](https://redirect.github.com/actions/setup-java/pull/961) > > New Contributors > ---------------- > > * [`@findepi`](https://github.com/findepi) made their first contribution in [actions/setup-java#964](https://redirect.github.com/actions/setup-java/pull/964) > > **Full Changelog**: <actions/setup-java@v5...v5.2.0> Commits * [`be666c2`](actions/setup-java@be666c2) Chore: Version Update and Checkout Update to v6 ([#973](https://redirect.github.com/actions/setup-java/issues/973)) * [`f7a6fef`](actions/setup-java@f7a6fef) Bump actions/checkout from 5 to 6 ([#961](https://redirect.github.com/actions/setup-java/issues/961)) * [`d81c4e4`](actions/setup-java@d81c4e4) Upgrade `@actions/cache` to v5 ([#968](https://redirect.github.com/actions/setup-java/issues/968)) * [`1b1bbe1`](actions/setup-java@1b1bbe1) readme update ([#972](https://redirect.github.com/actions/setup-java/issues/972)) * [`5d7b214`](actions/setup-java@5d7b214) Retry on HTTP 522 Connection timed out ([#964](https://redirect.github.com/actions/setup-java/issues/964)) * See full diff in [compare view](actions/setup-java@f2beeb2...be666c2) Updates `anchore/scan-action` from 7.2.3 to 7.3.0 Release notes *Sourced from [anchore/scan-action's releases](https://github.com/anchore/scan-action/releases).* > v7.3.0 > ------ > > New in scan-action v7.3.0 > ------------------------- > > ⬆️ Dependencies > --------------- > > * chore(deps): bump `@actions/tool-cache` from 2.0.2 to 3.0.0 ([#567](https://redirect.github.com/anchore/scan-action/issues/567)) [[`@dependabot`](https://github.com/dependabot)] > * chore(deps): bump `@actions/cache` from 5.0.1 to 5.0.2 ([#568](https://redirect.github.com/anchore/scan-action/issues/568)) [[`@dependabot`](https://github.com/dependabot)] > * chore(deps): bump `@actions/core` from 2.0.1 to 2.0.2 ([#569](https://redirect.github.com/anchore/scan-action/issues/569)) [[`@dependabot`](https://github.com/dependabot)] > * chore(deps-dev): bump tar from 7.5.2 to 7.5.3 ([#574](https://redirect.github.com/anchore/scan-action/issues/574)) [[`@dependabot`](https://github.com/dependabot)] > * chore(deps): update Grype to v0.105.0 ([#572](https://redirect.github.com/anchore/scan-action/issues/572)) [[`@anchore-actions-token-generator`](https://github.com/anchore-actions-token-generator)[bot]] Commits * [`0d444ed`](anchore/scan-action@0d444ed) chore: update release drafter permissions ([#578](https://redirect.github.com/anchore/scan-action/issues/578)) * [`f9bddf7`](anchore/scan-action@f9bddf7) chore: update release drafter to include appropriate dependencies ([#577](https://redirect.github.com/anchore/scan-action/issues/577)) * [`ffeb136`](anchore/scan-action@ffeb136) chore(deps): bump `@actions/tool-cache` from 2.0.2 to 3.0.0 ([#567](https://redirect.github.com/anchore/scan-action/issues/567)) * [`32bbf28`](anchore/scan-action@32bbf28) chore(deps): bump `@actions/cache` from 5.0.1 to 5.0.2 ([#568](https://redirect.github.com/anchore/scan-action/issues/568)) * [`5f513a1`](anchore/scan-action@5f513a1) chore(deps): bump `@actions/core` from 2.0.1 to 2.0.2 ([#569](https://redirect.github.com/anchore/scan-action/issues/569)) * [`02ce04c`](anchore/scan-action@02ce04c) chore(deps-dev): bump tar from 7.5.2 to 7.5.3 ([#574](https://redirect.github.com/anchore/scan-action/issues/574)) * [`6ac601c`](anchore/scan-action@6ac601c) Chore better zizmor ([#573](https://redirect.github.com/anchore/scan-action/issues/573)) * [`e2f9cdb`](anchore/scan-action@e2f9cdb) chore(deps): update Grype to v0.105.0 ([#572](https://redirect.github.com/anchore/scan-action/issues/572)) * [`cddc16d`](anchore/scan-action@cddc16d) chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 ([#571](https://redirect.github.com/anchore/scan-action/issues/571)) * See full diff in [compare view](anchore/scan-action@62b74fb...0d444ed) Updates `anthropics/claude-code-action` from 1.0.29 to 1.0.31 Release notes *Sourced from [anthropics/claude-code-action's releases](https://github.com/anthropics/claude-code-action/releases).* > v1.0.31 > ------- > > What's Changed > -------------- > > * fix: ensure SSH signing key has trailing newline by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#834](https://redirect.github.com/anthropics/claude-code-action/pull/834) > * Consolidate CI workflows into a single entry point by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#836](https://redirect.github.com/anthropics/claude-code-action/pull/836) > * chore: bump Bun to 1.3.6 and setup-bun action to v2.1.2 by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#848](https://redirect.github.com/anthropics/claude-code-action/pull/848) > * refactor: remove CLI path, use Agent SDK exclusively by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#849](https://redirect.github.com/anthropics/claude-code-action/pull/849) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.31> > > v1.0.30 > ------- > > What's Changed > -------------- > > * fix: parse ALL --allowed-tools flags, not just the first one by [`@AlexanderBartash`](https://github.com/AlexanderBartash) in [anthropics/claude-code-action#801](https://redirect.github.com/anthropics/claude-code-action/pull/801) > * docs: clarify that Claude does not auto-create PRs by default by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#824](https://redirect.github.com/anthropics/claude-code-action/pull/824) > * fix: add checkHumanActor to agent mode by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#826](https://redirect.github.com/anthropics/claude-code-action/pull/826) > * chore: comment out release-base-action job in release workflow by [`@ashwin-ant`](https://github.com/ashwin-ant) in [anthropics/claude-code-action#833](https://redirect.github.com/anthropics/claude-code-action/pull/833) > > New Contributors > ---------------- > > * [`@AlexanderBartash`](https://github.com/AlexanderBartash) made their first contribution in [anthropics/claude-code-action#801](https://redirect.github.com/anthropics/claude-code-action/pull/801) > > **Full Changelog**: <anthropics/claude-code-action@v1...v1.0.30> Commits * [`2316a9a`](anthropics/claude-code-action@2316a9a) chore: bump Claude Code to 2.1.15 and Agent SDK to 0.2.15 * [`49cfcf8`](anthropics/claude-code-action@49cfcf8) refactor: remove CLI path, use Agent SDK exclusively ([#849](https://redirect.github.com/anthropics/claude-code-action/issues/849)) * [`e208124`](anthropics/claude-code-action@e208124) chore: bump Bun to 1.3.6 and setup-bun action to v2.1.2 ([#848](https://redirect.github.com/anthropics/claude-code-action/issues/848)) * [`ba60ef7`](anthropics/claude-code-action@ba60ef7) Consolidate CI workflows into a single entry point ([#836](https://redirect.github.com/anthropics/claude-code-action/issues/836)) * [`f3c892c`](anthropics/claude-code-action@f3c892c) chore: bump Claude Code to 2.1.11 and Agent SDK to 0.2.11 * [`6e896a0`](anthropics/claude-code-action@6e896a0) fix: ensure SSH signing key has trailing newline ([#834](https://redirect.github.com/anthropics/claude-code-action/issues/834)) * [`a017b83`](anthropics/claude-code-action@a017b83) chore: comment out release-base-action job in release workflow ([#833](https://redirect.github.com/anthropics/claude-code-action/issues/833)) * [`75f52e5`](anthropics/claude-code-action@75f52e5) chore: bump Claude Code to 2.1.9 and Agent SDK to 0.2.9 * [`1bbc9e7`](anthropics/claude-code-action@1bbc9e7) fix: add checkHumanActor to agent mode ([#826](https://redirect.github.com/anthropics/claude-code-action/issues/826)) * [`625ea15`](anthropics/claude-code-action@625ea15) docs: clarify that Claude does not auto-create PRs by default ([#824](https://redirect.github.com/anthropics/claude-code-action/issues/824)) * Additional commits viewable in [compare view](anthropics/claude-code-action@1b8ee3b...2316a9a) Updates `peter-evans/create-pull-request` from 8.0.0 to 8.1.0 Release notes *Sourced from [peter-evans/create-pull-request's releases](https://github.com/peter-evans/create-pull-request/releases).* > Create Pull Request v8.1.0 > -------------------------- > > What's Changed > -------------- > > * README.md: bump given GitHub actions to their latest versions by [`@deining`](https://github.com/deining) in [peter-evans/create-pull-request#4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265) > * build(deps): bump the github-actions group with 2 updates by [`@dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4273](https://redirect.github.com/peter-evans/create-pull-request/pull/4273) > * build(deps-dev): bump the npm group with 2 updates by [`@dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4274](https://redirect.github.com/peter-evans/create-pull-request/pull/4274) > * build(deps-dev): bump undici from 6.22.0 to 6.23.0 by [`@dependabot`](https://github.com/dependabot)[bot] in [peter-evans/create-pull-request#4284](https://redirect.github.com/peter-evans/create-pull-request/pull/4284) > * Update distribution by [`@actions-bot`](https://github.com/actions-bot) in [peter-evans/create-pull-request#4289](https://redirect.github.com/peter-evans/create-pull-request/pull/4289) > * fix: Handle remote prune failures gracefully on self-hosted runners by [`@peter-evans`](https://github.com/peter-evans) in [peter-evans/create-pull-request#4295](https://redirect.github.com/peter-evans/create-pull-request/pull/4295) > * feat: add `@octokit/plugin-retry` to handle retriable server errors by [`@peter-evans`](https://github.com/peter-evans) in [peter-evans/create-pull-request#4298](https://redirect.github.com/peter-evans/create-pull-request/pull/4298) > > New Contributors > ---------------- > > * [`@deining`](https://github.com/deining) made their first contribution in [peter-evans/create-pull-request#4265](https://redirect.github.com/peter-evans/create-pull-request/pull/4265) > > **Full Changelog**: <peter-evans/create-pull-request@v8.0.0...v8.1.0> Commits * [`c0f553f`](peter-evans/create-pull-request@c0f553f) feat: add `@octokit/plugin-retry` to handle retriable server errors ([#4298](https://redirect.github.com/peter-evans/create-pull-request/issues/4298)) * [`7000124`](peter-evans/create-pull-request@7000124) fix: Handle remote prune failures gracefully ([#4295](https://redirect.github.com/peter-evans/create-pull-request/issues/4295)) * [`34aa40e`](peter-evans/create-pull-request@34aa40e) build: update distribution ([#4289](https://redirect.github.com/peter-evans/create-pull-request/issues/4289)) * [`641099d`](peter-evans/create-pull-request@641099d) build(deps-dev): bump undici from 6.22.0 to 6.23.0 ([#4284](https://redirect.github.com/peter-evans/create-pull-request/issues/4284)) * [`2271f1d`](peter-evans/create-pull-request@2271f1d) build(deps-dev): bump the npm group with 2 updates ([#4274](https://redirect.github.com/peter-evans/create-pull-request/issues/4274)) * [`437c31a`](peter-evans/create-pull-request@437c31a) build(deps): bump the github-actions group with 2 updates ([#4273](https://redirect.github.com/peter-evans/create-pull-request/issues/4273)) * [`0979079`](peter-evans/create-pull-request@0979079) docs: update readme * [`5b751cd`](peter-evans/create-pull-request@5b751cd) README.md: bump given GitHub actions to their latest versions ([#4265](https://redirect.github.com/peter-evans/create-pull-request/issues/4265)) * See full diff in [compare view](peter-evans/create-pull-request@98357b1...c0f553f) Updates `ruby/setup-ruby` from 1.283.0 to 1.286.0 Release notes *Sourced from [ruby/setup-ruby's releases](https://github.com/ruby/setup-ruby/releases).* > v1.286.0 > -------- > > What's Changed > -------------- > > * Add truffleruby-33.0.1,truffleruby+graalvm-33.0.1 by [`@ruby-builder-bot`](https://github.com/ruby-builder-bot) in [ruby/setup-ruby#864](https://redirect.github.com/ruby/setup-ruby/pull/864) > > **Full Changelog**: <ruby/setup-ruby@v1.285.0...v1.286.0> > > v1.285.0 > -------- > > What's Changed > -------------- > > * Convert to String earlier in generate-windows-versions.rb by [`@eregon`](https://github.com/eregon) in [ruby/setup-ruby#862](https://redirect.github.com/ruby/setup-ruby/pull/862) > * Update all dependencies to latest by [`@eregon`](https://github.com/eregon) in [ruby/setup-ruby#863](https://redirect.github.com/ruby/setup-ruby/pull/863) > > **Full Changelog**: <ruby/setup-ruby@v1.284.0...v1.285.0> > > v1.284.0 > -------- > > What's Changed > -------------- > > * Fix compatibility to ruby-3.2 by [`@larskanis`](https://github.com/larskanis) in [ruby/setup-ruby#861](https://redirect.github.com/ruby/setup-ruby/pull/861) > > **Full Changelog**: <ruby/setup-ruby@v1.283.0...v1.284.0> Commits * [`90be115`](ruby/setup-ruby@90be115) Add truffleruby-33.0.1,truffleruby+graalvm-33.0.1 * [`e69dcf3`](ruby/setup-ruby@e69dcf3) Update all dependencies to latest * [`9f55308`](ruby/setup-ruby@9f55308) Convert to String earlier in generate-windows-versions.rb * [`80740b3`](ruby/setup-ruby@80740b3) Add new RubyInstaller releases 4.0.1-1 and 3.2.10-1 * [`5fcbc91`](ruby/setup-ruby@5fcbc91) Fix compatibility to ruby-3.2 * See full diff in [compare view](ruby/setup-ruby@708024e...90be115) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.1.0 to 6.2.0. Release notes *Sourced from [actions/setup-python's releases](https://github.com/actions/setup-python/releases).* > v6.2.0 > ------ > > What's Changed > -------------- > > ### Dependency Upgrades > > * Upgrade dependencies to Node 24 compatible versions by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/setup-python#1259](https://redirect.github.com/actions/setup-python/pull/1259) > * Upgrade urllib3 from 2.5.0 to 2.6.3 in `/__tests__/data` by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1253](https://redirect.github.com/actions/setup-python/pull/1253) and [actions/setup-python#1264](https://redirect.github.com/actions/setup-python/pull/1264) > > **Full Changelog**: <actions/setup-python@v6...v6.2.0> Commits * [`a309ff8`](actions/setup-python@a309ff8) Bump urllib3 from 2.6.0 to 2.6.3 in /**tests**/data ([#1264](https://redirect.github.com/actions/setup-python/issues/1264)) * [`bfe8cc5`](actions/setup-python@bfe8cc5) Upgrade [`@actions`](https://github.com/actions) dependencies to Node 24 compatible versions ([#1259](https://redirect.github.com/actions/setup-python/issues/1259)) * [`4f41a90`](actions/setup-python@4f41a90) Bump urllib3 from 2.5.0 to 2.6.0 in /**tests**/data ([#1253](https://redirect.github.com/actions/setup-python/issues/1253)) * See full diff in [compare view](actions/setup-python@83679a8...a309ff8) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=actions/setup-python&package-manager=github\_actions&previous-version=6.1.0&new-version=6.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Dependency Upgrades Upgrade dependencies to Node 24 compatible versions by @salmanmkc in actions/setup-python#1259 Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @dependabot in actions/setup-python#1253 and actions/setup-python#1264

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.6.0 to 6.2.0. Release notes *Sourced from [actions/setup-python's releases](https://github.com/actions/setup-python/releases).* > v6.2.0 > ------ > > What's Changed > -------------- > > ### Dependency Upgrades > > * Upgrade dependencies to Node 24 compatible versions by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/setup-python#1259](https://redirect.github.com/actions/setup-python/pull/1259) > * Upgrade urllib3 from 2.5.0 to 2.6.3 in `/__tests__/data` by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1253](https://redirect.github.com/actions/setup-python/pull/1253) and [actions/setup-python#1264](https://redirect.github.com/actions/setup-python/pull/1264) > > **Full Changelog**: <actions/setup-python@v6...v6.2.0> > > v6.1.0 > ------ > > What's Changed > -------------- > > ### Enhancements: > > * Add support for `pip-install` input by [`@gowridurgad`](https://github.com/gowridurgad) in [actions/setup-python#1201](https://redirect.github.com/actions/setup-python/pull/1201) > * Add graalpy early-access and windows builds by [`@timfel`](https://github.com/timfel) in [actions/setup-python#880](https://redirect.github.com/actions/setup-python/pull/880) > > ### Dependency and Documentation updates: > > * Enhanced wording and updated example usage for `allow-prereleases` by [`@yarikoptic`](https://github.com/yarikoptic) in [actions/setup-python#979](https://redirect.github.com/actions/setup-python/pull/979) > * Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1139](https://redirect.github.com/actions/setup-python/pull/1139) > * Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1094](https://redirect.github.com/actions/setup-python/pull/1094) > * Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1199](https://redirect.github.com/actions/setup-python/pull/1199) > * Upgrade requests from 2.32.2 to 2.32.4 by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1130](https://redirect.github.com/actions/setup-python/pull/1130) > * Upgrade prettier from 3.5.3 to 3.6.2 by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1234](https://redirect.github.com/actions/setup-python/pull/1234) > * Upgrade `@types/node` from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by [`@dependabot`](https://github.com/dependabot) in [actions/setup-python#1235](https://redirect.github.com/actions/setup-python/pull/1235) > > New Contributors > ---------------- > > * [`@yarikoptic`](https://github.com/yarikoptic) made their first contribution in [actions/setup-python#979](https://redirect.github.com/actions/setup-python/pull/979) > > **Full Changelog**: <actions/setup-python@v6...v6.1.0> > > v6.0.0 > ------ > > What's Changed > -------------- > > ### Breaking Changes > > * Upgrade to node 24 by [`@salmanmkc`](https://github.com/salmanmkc) in [actions/setup-python#1164](https://redirect.github.com/actions/setup-python/pull/1164) > > Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1) > > ### Enhancements: > > * Add support for `pip-version` by [`@priyagupta108`](https://github.com/priyagupta108) in [actions/setup-python#1129](https://redirect.github.com/actions/setup-python/pull/1129) > * Enhance reading from .python-version by [`@krystof-k`](https://github.com/krystof-k) in [actions/setup-python#787](https://redirect.github.com/actions/setup-python/pull/787) > * Add version parsing from Pipfile by [`@aradkdj`](https://github.com/aradkdj) in [actions/setup-python#1067](https://redirect.github.com/actions/setup-python/pull/1067) > > ### Bug fixes: > > * Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by [`@aparnajyothi-y`](https://github.com/aparnajyothi-y) in [actions/setup-python#1183](https://redirect.github.com/actions/setup-python/pull/1183) > * Change missing cache directory error to warning by [`@aparnajyothi-y`](https://github.com/aparnajyothi-y) in [actions/setup-python#1182](https://redirect.github.com/actions/setup-python/pull/1182) > * Add Architecture-Specific PATH Management for Python with --user Flag on Windows by [`@aparnajyothi-y`](https://github.com/aparnajyothi-y) in [actions/setup-python#1122](https://redirect.github.com/actions/setup-python/pull/1122) > * Include python version in PyPy python-version output by [`@cdce8p`](https://github.com/cdce8p) in [actions/setup-python#1110](https://redirect.github.com/actions/setup-python/pull/1110) > * Update docs: clarification on pip authentication with setup-python by [`@priya-kinthali`](https://github.com/priya-kinthali) in [actions/setup-python#1156](https://redirect.github.com/actions/setup-python/pull/1156) > > ### Dependency updates: > > * Upgrade idna from 2.9 to 3.7 in /**tests**/data by [`@dependabot`](https://github.com/dependabot)[bot] in [actions/setup-python#843](https://redirect.github.com/actions/setup-python/pull/843) > * Upgrade form-data to fix critical vulnerabilities [#182](https://redirect.github.com/actions/setup-python/issues/182) & [#183](https://redirect.github.com/actions/setup-python/issues/183) by [`@aparnajyothi-y`](https://github.com/aparnajyothi-y) in [actions/setup-python#1163](https://redirect.github.com/actions/setup-python/pull/1163) > * Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by [`@aparnajyothi-y`](https://github.com/aparnajyothi-y) in [actions/setup-python#1165](https://redirect.github.com/actions/setup-python/pull/1165) > * Upgrade actions/checkout from 4 to 5 by [`@dependabot`](https://github.com/dependabot)[bot] in [actions/setup-python#1181](https://redirect.github.com/actions/setup-python/pull/1181) > * Upgrade `@actions/tool-cache` from 2.0.1 to 2.0.2 by [`@dependabot`](https://github.com/dependabot)[bot] in [actions/setup-python#1095](https://redirect.github.com/actions/setup-python/pull/1095) ... (truncated) Commits * [`a309ff8`](actions/setup-python@a309ff8) Bump urllib3 from 2.6.0 to 2.6.3 in /**tests**/data ([#1264](https://redirect.github.com/actions/setup-python/issues/1264)) * [`bfe8cc5`](actions/setup-python@bfe8cc5) Upgrade [`@actions`](https://github.com/actions) dependencies to Node 24 compatible versions ([#1259](https://redirect.github.com/actions/setup-python/issues/1259)) * [`4f41a90`](actions/setup-python@4f41a90) Bump urllib3 from 2.5.0 to 2.6.0 in /**tests**/data ([#1253](https://redirect.github.com/actions/setup-python/issues/1253)) * [`83679a8`](actions/setup-python@83679a8) Bump `@types/node` from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel ... * [`bfc4944`](actions/setup-python@bfc4944) Bump prettier from 3.5.3 to 3.6.2 ([#1234](https://redirect.github.com/actions/setup-python/issues/1234)) * [`97aeb3e`](actions/setup-python@97aeb3e) Bump requests from 2.32.2 to 2.32.4 in /**tests**/data ([#1130](https://redirect.github.com/actions/setup-python/issues/1130)) * [`443da59`](actions/setup-python@443da59) Bump actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pi... * [`cfd55ca`](actions/setup-python@cfd55ca) graalpy: add graalpy early-access and windows builds ([#880](https://redirect.github.com/actions/setup-python/issues/880)) * [`bba65e5`](actions/setup-python@bba65e5) Bump typescript from 5.4.2 to 5.9.3 and update docs/advanced-usage.md ([#1094](https://redirect.github.com/actions/setup-python/issues/1094)) * [`18566f8`](actions/setup-python@18566f8) Improve wording and "fix example" (remove 3.13) on testing against pre-releas... * Additional commits viewable in [compare view](actions/setup-python@a26af69...a309ff8) [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility\_score?dependency-name=actions/setup-python&package-manager=github\_actions&previous-version=5.6.0&new-version=6.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-python](https://github.com/actions/setup-python) | action | major | `v4` → `v6` | --- ### Release Notes <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v6.2.0`](https://github.com/actions/setup-python/releases/tag/v6.2.0) [Compare Source](actions/setup-python@v6.1.0...v6.2.0) #### What's Changed ##### Dependency Upgrades - Upgrade dependencies to Node 24 compatible versions by [@salmanmkc](https://github.com/salmanmkc) in [#1259](actions/setup-python#1259) - Upgrade urllib3 from 2.5.0 to 2.6.3 in `/__tests__/data` by [@dependabot](https://github.com/dependabot) in [#1253](actions/setup-python#1253) and [#1264](actions/setup-python#1264) **Full Changelog**: <actions/setup-python@v6...v6.2.0> ### [`v6.1.0`](https://github.com/actions/setup-python/releases/tag/v6.1.0) [Compare Source](actions/setup-python@v6.0.0...v6.1.0) #### What's Changed ##### Enhancements: - Add support for `pip-install` input by [@gowridurgad](https://github.com/gowridurgad) in [#1201](actions/setup-python#1201) - Add graalpy early-access and windows builds by [@timfel](https://github.com/timfel) in [#880](actions/setup-python#880) ##### Dependency and Documentation updates: - Enhanced wording and updated example usage for `allow-prereleases` by [@yarikoptic](https://github.com/yarikoptic) in [#979](actions/setup-python#979) - Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by [@dependabot](https://github.com/dependabot) in [#1139](actions/setup-python#1139) - Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by [@dependabot](https://github.com/dependabot) in [#1094](actions/setup-python#1094) - Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by [@dependabot](https://github.com/dependabot) in [#1199](actions/setup-python#1199) - Upgrade requests from 2.32.2 to 2.32.4 by [@dependabot](https://github.com/dependabot) in [#1130](actions/setup-python#1130) - Upgrade prettier from 3.5.3 to 3.6.2 by [@dependabot](https://github.com/dependabot) in [#1234](actions/setup-python#1234) - Upgrade [@types/node](https://github.com/types/node) from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by [@dependabot](https://github.com/dependabot) in [#1235](actions/setup-python#1235) #### New Contributors - [@yarikoptic](https://github.com/yarikoptic) made their first contribution in [#979](actions/setup-python#979) **Full Changelog**: <actions/setup-python@v6...v6.1.0> ### [`v6.0.0`](https://github.com/actions/setup-python/releases/tag/v6.0.0) [Compare Source](actions/setup-python@v5.6.0...v6.0.0) #### What's Changed ##### Breaking Changes - Upgrade to node 24 by [@salmanmkc](https://github.com/salmanmkc) in [#1164](actions/setup-python#1164) Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. [See Release Notes](https://github.com/actions/runner/releases/tag/v2.327.1) ##### Enhancements: - Add support for `pip-version` by [@priyagupta108](https://github.com/priyagupta108) in [#1129](actions/setup-python#1129) - Enhance reading from .python-version by [@krystof-k](https://github.com/krystof-k) in [#787](actions/setup-python#787) - Add version parsing from Pipfile by [@aradkdj](https://github.com/aradkdj) in [#1067](actions/setup-python#1067) ##### Bug fixes: - Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1183](actions/setup-python#1183) - Change missing cache directory error to warning by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1182](actions/setup-python#1182) - Add Architecture-Specific PATH Management for Python with --user Flag on Windows by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1122](actions/setup-python#1122) - Include python version in PyPy python-version output by [@cdce8p](https://github.com/cdce8p) in [#1110](actions/setup-python#1110) - Update docs: clarification on pip authentication with setup-python by [@priya-kinthali](https://github.com/priya-kinthali) in [#1156](actions/setup-python#1156) ##### Dependency updates: - Upgrade idna from 2.9 to 3.7 in /**tests**/data by [@dependabot](https://github.com/dependabot)\[bot] in [#843](actions/setup-python#843) - Upgrade form-data to fix critical vulnerabilities [#182](actions/setup-python#182) & [#183](actions/setup-python#183) by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1163](actions/setup-python#1163) - Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1165](actions/setup-python#1165) - Upgrade actions/checkout from 4 to 5 by [@dependabot](https://github.com/dependabot)\[bot] in [#1181](actions/setup-python#1181) - Upgrade [@actions/tool-cache](https://github.com/actions/tool-cache) from 2.0.1 to 2.0.2 by [@dependabot](https://github.com/dependabot)\[bot] in [#1095](actions/setup-python#1095) #### New Contributors - [@krystof-k](https://github.com/krystof-k) made their first contribution in [#787](actions/setup-python#787) - [@cdce8p](https://github.com/cdce8p) made their first contribution in [#1110](actions/setup-python#1110) - [@aradkdj](https://github.com/aradkdj) made their first contribution in [#1067](actions/setup-python#1067) **Full Changelog**: <actions/setup-python@v5...v6.0.0> ### [`v5.6.0`](https://github.com/actions/setup-python/releases/tag/v5.6.0) [Compare Source](actions/setup-python@v5.5.0...v5.6.0) #### What's Changed - Workflow updates related to Ubuntu 20.04 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1065](actions/setup-python#1065) - Fix for Candidate Not Iterable Error by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#1082](actions/setup-python#1082) - Upgrade semver and [@types/semver](https://github.com/types/semver) by [@dependabot](https://github.com/dependabot) in [#1091](actions/setup-python#1091) - Upgrade prettier from 2.8.8 to 3.5.3 by [@dependabot](https://github.com/dependabot) in [#1046](actions/setup-python#1046) - Upgrade ts-jest from 29.1.2 to 29.3.2 by [@dependabot](https://github.com/dependabot) in [#1081](actions/setup-python#1081) **Full Changelog**: <actions/setup-python@v5...v5.6.0> ### [`v5.5.0`](https://github.com/actions/setup-python/releases/tag/v5.5.0) [Compare Source](actions/setup-python@v5.4.0...v5.5.0) #### What's Changed ##### Enhancements: - Support free threaded Python versions like '3.13t' by [@colesbury](https://github.com/colesbury) in [#973](actions/setup-python#973) - Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade [@action/cache](https://github.com/action/cache) from 4.0.0 to 4.0.3 by [@priya-kinthali](https://github.com/priya-kinthali) in [#1056](actions/setup-python#1056) - Add support for .tool-versions file in setup-python by [@mahabaleshwars](https://github.com/mahabaleshwars) in [#1043](actions/setup-python#1043) ##### Bug fixes: - Fix architecture for pypy on Linux ARM64 by [@mayeut](https://github.com/mayeut) in [#1011](actions/setup-python#1011) This update maps arm64 to aarch64 for Linux ARM64 PyPy installations. ##### Dependency updates: - Upgrade [@vercel/ncc](https://github.com/vercel/ncc) from 0.38.1 to 0.38.3 by [@dependabot](https://github.com/dependabot) in [#1016](actions/setup-python#1016) - Upgrade [@actions/glob](https://github.com/actions/glob) from 0.4.0 to 0.5.0 by [@dependabot](https://github.com/dependabot) in [#1015](actions/setup-python#1015) #### New Contributors - [@colesbury](https://github.com/colesbury) made their first contribution in [#973](actions/setup-python#973) - [@mahabaleshwars](https://github.com/mahabaleshwars) made their first contribution in [#1043](actions/setup-python#1043) **Full Changelog**: <actions/setup-python@v5...v5.5.0> ### [`v5.4.0`](https://github.com/actions/setup-python/releases/tag/v5.4.0) [Compare Source](actions/setup-python@v5.3.0...v5.4.0) #### What's Changed ##### Enhancements: - Update cache error message by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#968](actions/setup-python#968) - Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 by [@priya-kinthali](https://github.com/priya-kinthali) in [#985](actions/setup-python#985) - Configure Dependabot settings by [@HarithaVattikuti](https://github.com/HarithaVattikuti) in [#1008](actions/setup-python#1008) ##### Documentation changes: - Readme update - recommended permissions by [@benwells](https://github.com/benwells) in [#1009](actions/setup-python#1009) - Improve Advanced Usage examples by [@lrq3000](https://github.com/lrq3000) in [#645](actions/setup-python#645) ##### Dependency updates: - Upgrade `undici` from 5.28.4 to 5.28.5 by [@dependabot](https://github.com/dependabot) in [#1012](actions/setup-python#1012) - Upgrade `urllib3` from 1.25.9 to 1.26.19 in /**tests**/data by [@dependabot](https://github.com/dependabot) in [#895](actions/setup-python#895) - Upgrade `actions/publish-immutable-action` from 0.0.3 to 0.0.4 by [@dependabot](https://github.com/dependabot) in [#1014](actions/setup-python#1014) - Upgrade `@actions/http-client` from 2.2.1 to 2.2.3 by [@dependabot](https://github.com/dependabot) in [#1020](actions/setup-python#1020) - Upgrade `requests` from 2.24.0 to 2.32.2 in /**tests**/data by [@dependabot](https://github.com/dependabot) in [#1019](actions/setup-python#1019) - Upgrade `@actions/cache` to `^4.0.0` by [@priyagupta108](https://github.com/priyagupta108) in [#1007](actions/setup-python#1007) #### New Contributors - [@benwells](https://github.com/benwells) made their first contribution in [#1009](actions/setup-python#1009) - [@HarithaVattikuti](https://github.com/HarithaVattikuti) made their first contribution in [#1008](actions/setup-python#1008) - [@lrq3000](https://github.com/lrq3000) made their first contribution in [#645](actions/setup-python#645) **Full Changelog**: <actions/setup-python@v5...v5.4.0> ### [`v5.3.0`](https://github.com/actions/setup-python/releases/tag/v5.3.0) [Compare Source](actions/setup-python@v5.2.0...v5.3.0) #### What's Changed - Add workflow file for publishing releases to immutable action package by [@Jcambass](https://github.com/Jcambass) in [#941](actions/setup-python#941) - Upgrade IA publish by [@Jcambass](https://github.com/Jcambass) in [#943](actions/setup-python#943) ##### Bug Fixes: - Normalise Line Endings to Ensure Cross-Platform Consistency by [@priya-kinthali](https://github.com/priya-kinthali) in [#938](actions/setup-python#938) - Revise `isGhes` logic by [@jww3](https://github.com/jww3) in [#963](actions/setup-python#963) - Bump pillow from 7.2 to 10.2.0 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#956](actions/setup-python#956) ##### Enhancements: - Enhance workflows and documentation updates by [@priya-kinthali](https://github.com/priya-kinthali) in [#965](actions/setup-python#965) - Bump default versions to latest by [@jeffwidman](https://github.com/jeffwidman) in [#905](actions/setup-python#905) #### New Contributors - [@Jcambass](https://github.com/Jcambass) made their first contribution in [#941](actions/setup-python#941) - [@jww3](https://github.com/jww3) made their first contribution in [#963](actions/setup-python#963) **Full Changelog**: <actions/setup-python@v5...v5.3.0> ### [`v5.2.0`](https://github.com/actions/setup-python/releases/tag/v5.2.0) [Compare Source](actions/setup-python@v5.1.1...v5.2.0) #### What's Changed ##### Bug fixes: - Add `.zip` extension to Windows package downloads for `Expand-Archive` Compatibility by [@priyagupta108](https://github.com/priyagupta108) in [#916](actions/setup-python#916) This addresses compatibility issues on Windows self-hosted runners by ensuring that the filenames for Python and PyPy package downloads explicitly include the .zip extension, allowing the Expand-Archive command to function correctly. - Add arch to cache key by [@Zxilly](https://github.com/Zxilly) in [#896](actions/setup-python#896) This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. ##### Documentation changes: - Fix display of emojis in contributors doc by [@sciencewhiz](https://github.com/sciencewhiz) in [#899](actions/setup-python#899) - Documentation update for caching poetry dependencies by [@gowridurgad](https://github.com/gowridurgad) in [#908](actions/setup-python#908) ##### Dependency updates: - Bump [@iarna/toml](https://github.com/iarna/toml) version from 2.2.5 to 3.0.0 by [@priya-kinthali](https://github.com/priya-kinthali) in [#912](actions/setup-python#912) - Bump pyinstaller from 3.6 to 5.13.1 by [@aparnajyothi-y](https://github.com/aparnajyothi-y) in [#923](actions/setup-python#923) #### New Contributors - [@sciencewhiz](https://github.com/sciencewhiz) made their first contribution in [#899](actions/setup-python#899) - [@priyagupta108](https://github.com/priyagupta108) made their first contribution in [#916](actions/setup-python#916) - [@Zxilly](https://github.com/Zxilly) made their first contribution in [#896](actions/setup-python#896) - [@aparnajyothi-y](https://github.com/aparnajyothi-y) made their first contribution in [#923](actions/setup-python#923) **Full Changelog**: <actions/setup-python@v5...v5.2.0> ### [`v5.1.1`](https://github.com/actions/setup-python/releases/tag/v5.1.1) [Compare Source](actions/setup-python@v5.1.0...v5.1.1) #### What's Changed ##### Bug fixes: - fix(ci): update all failing workflows by [@mayeut](https://github.com/mayeut) in [#863](actions/setup-python#863) This update ensures compatibility and optimal performance of workflows on the latest macOS version. ##### Documentation changes: - Documentation update for cache by [@gowridurgad](https://github.com/gowridurgad) in [#873](actions/setup-python#873) ##### Dependency updates: - Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by [@dependabot](https://github.com/dependabot) in [#893](actions/setup-python#893) #### New Contributors - [@gowridurgad](https://github.com/gowridurgad) made their first contribution in [#873](actions/setup-python#873) **Full Changelog**: <actions/setup-python@v5...v5.1.1> ### [`v5.1.0`](https://github.com/actions/setup-python/releases/tag/v5.1.0) [Compare Source](actions/setup-python@v5.0.0...v5.1.0) #### What's Changed - Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by [@Shegox](https://github.com/Shegox) in [#766](actions/setup-python#766). - Dependency updates by [@dependabot](https://github.com/dependabot) and [@HarithaVattikuti](https://github.com/HarithaVattikuti) in [#817](actions/setup-python#817) - Documentation changes for version in README by [@basnijholt](https://github.com/basnijholt) in [#776](actions/setup-python#776) - Documentation changes for link in README by [@ukd1](https://github.com/ukd1) in [#793](actions/setup-python#793) - Documentation changes for link in Advanced Usage by [@Jamim](https://github.com/Jamim) in [#782](actions/setup-python#782) - Documentation changes for avoiding rate limit issues on GHES by [@priya-kinthali](https://github.com/priya-kinthali) in [#835](actions/setup-python#835) #### New Contributors - [@basnijholt](https://github.com/basnijholt) made their first contribution in [#776](actions/setup-python#776) - [@ukd1](https://github.com/ukd1) made their first contribution in [#793](actions/setup-python#793) - [@Jamim](https://github.com/Jamim) made their first contribution in [#782](actions/setup-python#782) - [@Shegox](https://github.com/Shegox) made their first contribution in [#766](actions/setup-python#766) - [@priya-kinthali](https://github.com/priya-kinthali) made their first contribution in [#835](actions/setup-python#835) **Full Changelog**: <actions/setup-python@v5.0.0...v5.1.0> ### [`v5.0.0`](https://github.com/actions/setup-python/releases/tag/v5.0.0) [Compare Source](actions/setup-python@v4.9.1...v5.0.0) #### What's Changed In scope of this release, we update node version runtime from node16 to node20 ([#772](actions/setup-python#772)). Besides, we update dependencies to the latest versions. **Full Changelog**: <actions/setup-python@v4.8.0...v5.0.0> </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Co-authored-by: Renovate Bot <renovate-bot@internal.local> Co-committed-by: Renovate Bot <renovate-bot@internal.local>

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 8, 2026

dependabot bot requested a review from a team as a code owner January 8, 2026 06:38

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 8, 2026

aparnajyothi-y previously approved these changes Jan 19, 2026

View reviewed changes

dependabot bot force-pushed the dependabot/pip/__tests__/data/urllib3-2.6.3 branch from 41ecdea to 6e52e65 Compare January 19, 2026 10:44

check-failure fix

3c55796

aparnajyothi-y dismissed their stale review via 3c55796 January 19, 2026 11:53

check failure fix

6c8b335

dependabot bot force-pushed the dependabot/pip/__tests__/data/urllib3-2.6.3 branch from 6c8b335 to 6ddbc9d Compare January 21, 2026 11:28

mahabaleshwars added 2 commits January 21, 2026 17:06

Merge branch 'dependabot/pip/__tests__/data/urllib3-2.6.3' of https:/…

231c00c

…/github.com/actions/setup-python into dependabot/pip/__tests__/data/urllib3-2.6.3

fix for e2e-tests.yml failure and version update in packagejson

b68c327

mahabaleshwars approved these changes Jan 21, 2026

View reviewed changes

priya-kinthali approved these changes Jan 21, 2026

View reviewed changes

aparnajyothi-y approved these changes Jan 21, 2026

View reviewed changes

HarithaVattikuti approved these changes Jan 22, 2026

View reviewed changes

HarithaVattikuti merged commit a309ff8 into main Jan 22, 2026
1410 checks passed

HarithaVattikuti deleted the dependabot/pip/__tests__/data/urllib3-2.6.3 branch January 22, 2026 02:49

This was referenced Mar 11, 2026

Upgrade GitHub Actions for Node 24 compatibility google/civics_cdf_validator#522

Open

Upgrade GitHub Actions for Node 24 compatibility google/keep-sorted#120

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data#1264

Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data#1264
HarithaVattikuti merged 6 commits intomainfrom
dependabot/pip/tests/data/urllib3-2.6.3

dependabot bot commented on behalf of github Jan 8, 2026 •

edited

Loading

Uh oh!

aparnajyothi-y commented Jan 19, 2026

Uh oh!

aparnajyothi-y commented Jan 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

dependabot bot commented on behalf of github Jan 8, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

Changes

2.6.2

🚀 urllib3 is fundraising for HTTP/2 support

Changes

2.6.1

🚀 urllib3 is fundraising for HTTP/2 support

Changes

2.6.3 (2026-01-07)

2.6.2 (2025-12-11)

2.6.1 (2025-12-08)

Uh oh!

aparnajyothi-y commented Jan 19, 2026

Uh oh!

aparnajyothi-y commented Jan 21, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

dependabot bot commented on behalf of github Jan 8, 2026 •

edited

Loading