Skip to content

chore(deps): bump actions/setup-python from 5 to 6 #6054

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hanabi1224 merged 1 commit into from
Sep 9, 2025
Merged

chore(deps): bump actions/setup-python from 5 to 6 #6054

hanabi1224 merged 1 commit into from
Sep 9, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 8, 2025
edited by coderabbitai bot
Loading

Bumps actions/setup-python from 5 to 6.

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

Bug fixes:

Dependency updates:

New Contributors

Full Changelog: actions/setup-python@v5...v6.0.0

v5.6.0

What's Changed

Full Changelog: actions/setup-python@v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

Bug fixes:

... (truncated)

Commits
  • e797f83 Upgrade to node 24 (#1164)
  • 3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
  • 65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
  • 5b668cf Bump actions/checkout from 4 to 5 (#1181)
  • f62a0e2 Change missing cache directory error to warning (#1182)
  • 9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
  • fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
  • 03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
  • 36da51d Add version parsing from Pipfile (#1067)
  • 3c6f142 update documentation (#1156)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

  • Chores
    • Upgraded the Python setup action in the linting workflow to the latest major version, retaining Python 3.12.
    • Improves CI reliability, compatibility, and security for script linting.
    • No impact on application features, performance, or user experience; build and release behavior unchanged.
    • Reduces maintenance overhead and aligns with upstream action support policies.

@dependabot
chore(deps): bump actions/setup-python from 5 to 6
c7f6808 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Sep 8, 2025
@dependabot dependabot bot requested a review from a team as a code owner September 8, 2025 19:30
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Sep 8, 2025
@dependabot dependabot bot requested review from LesnyRumcajs and sudo-shashank and removed request for a team September 8, 2025 19:30
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 8, 2025
edited
Loading

Walkthrough

Bumped the actions/setup-python version from v5 to v6 in the python-lint job within .github/workflows/scripts-lint.yml. No other workflow modifications.

Changes

Cohort / File(s) Summary of Changes
CI workflow version bump
\.github/workflows/scripts-lint.yml``		 Updated uses: actions/setup-python@v5 to uses: actions/setup-python@v6 in the python-lint job; Python version remains 3.12.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested reviewers

  • hanabi1224
  • sudo-shashank
  • LesnyRumcajs

Tip

👮 Agentic pre-merge checks are now available in preview!

Pro plan users can now enable pre-merge checks in their settings to enforce checklists before merging PRs.

  - Custom agentic checks – Define your own rules using CodeRabbit’s advanced agentic capabilities to enforce organization-specific policies and workflows. For example, you can instruct CodeRabbit’s agent to verify that API documentation is updated whenever API schema files are modified in a PR. Note: Upto 5 custom checks are currently allowed during the preview period. Pricing for this feature will be announced in a few weeks.
  - Built-in checks – Quickly apply ready-made checks to enforce title conventions, require pull request descriptions that follow templates, validate linked issues for compliance, and more.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)
  • Failed to retrieve linked issues from the platform client.
✨ Finishing Touches
🧪 Generate unit tests
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch dependabot/github_actions/actions/setup-python-6

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Sep 8, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (1)
.github/workflows/scripts-lint.yml (1)

43-46: Optional: tighten toolchain and speed up installs.

Consider pinning to latest patch, modern pip, and (when you add a requirements file) enabling pip cache.

Apply this diff:

-      - uses: actions/setup-python@v6
-        with:
-          python-version: "3.12"
+      - uses: actions/setup-python@v6
+        with:
+          python-version: "3.12"
+          check-latest: true
+          pip-version: "latest"
+          # Optional (once you have requirements/lock files in repo):
+          # cache: pip
+          # cache-dependency-path: |
+          #   requirements*.txt
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a3de8a5 and c7f6808.

📒 Files selected for processing (1)
  • .github/workflows/scripts-lint.yml (1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (7)
  • GitHub Check: Build forest binaries on Linux AMD64
  • GitHub Check: All lint checks
  • GitHub Check: tests
  • GitHub Check: tests-release
  • GitHub Check: Build MacOS
  • GitHub Check: cargo-publish-dry-run
  • GitHub Check: Build Ubuntu
🔇 Additional comments (2)
.github/workflows/scripts-lint.yml (2)

43-45: LGTM on v6 bump.

The upgrade to actions/setup-python@v6 in python-lint looks correct.

43-46: Verify runner compatibility (Node 24).

If any jobs run on self-hosted runners, ensure runner version ≥ 2.327.1 due to the Node 24 engine in setup-python v6. GitHub-hosted runners are already compatible.

@hanabi1224 hanabi1224 enabled auto-merge September 9, 2025 00:15
@hanabi1224 hanabi1224 added this pull request to the merge queue Sep 9, 2025
Merged via the queue into main with commit f760ae5 Sep 9, 2025
41 of 60 checks passed
@hanabi1224 hanabi1224 deleted the dependabot/github_actions/actions/setup-python-6 branch September 9, 2025 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@hanabi1224 hanabi1224 hanabi1224 approved these changes

@sudo-shashank sudo-shashank sudo-shashank approved these changes

@LesnyRumcajs LesnyRumcajs Awaiting requested review from LesnyRumcajs LesnyRumcajs is a code owner automatically assigned from ChainSafe/forest

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hanabi1224 @sudo-shashank