Bump actions/setup-python from 6.2.0 to 6.3.0#2
Conversation
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a309ff8...ece7cb0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
azero
left a comment
There was a problem hiding this comment.
Reviewed the complete workflow diff, commit history (including the main update), and upstream actions/setup-python v6.3.0 release at final head 6bfe0b8. No blocking correctness, compatibility, licensing, privacy, or security findings. The action remains pinned to the exact official v6.3.0 commit, permissions remain contents: read, and upstream includes Windows pip-cache error handling plus dependency security updates. No code fixes were needed; the branch was refreshed with main in merge commit 6bfe0b8 after PR #1 merged. Exact-head local validation: editable dev install; Ruff lint and format checks; pytest (1,294 passed, 2 skipped); sdist and wheel build. All GitHub CI jobs for Python 3.10-3.14 are green. Remaining risk is limited to upstream cache-key behavior changes, which are covered by the project CI matrix. Recommended action: squash-merge.
Bumps actions/setup-python from 6.2.0 to 6.3.0.
Release notes
Sourced from actions/setup-python's releases.
Commits
ece7cb0Fix pip cache error handling on Windows. (#1040)1d18d7aUpdate advanced-usage.md (#811)d2b357aUpdate dependency versions and test workflow configuration (#1322)8f639b1Merge pull request #1324 from jasongin/update-actions-cache-5.1.06731c2bResolve high-severity audit issues0cb1a84Add RHEL support and include Linux distro in cache keys (#1323)dc6eab6Update dist6f4b74bStrict equalityfa8bde1Bump@actions/cacheto 5.1.0, log cache write deniedc8813baUpgrade@actionsdependencies and update licenses (#1303)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)