Bump actions/setup-python from 5 to 6 #4532
Conversation
dependabot
bot
added
dependencies
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
Greptile Summary
This PR updates the actions/setup-python GitHub Action from version 5 to version 6 across two workflow files in the Quilt repository's CI/CD pipeline. The changes are part of a Dependabot-generated dependency update that affects multiple Python setup steps in the workflows.
In .github/workflows/py-ci.yml, the update affects seven different CI jobs including the linter, isort checker, documentation generation, testing, and PyPI release jobs. Each job that sets up Python now uses actions/setup-python@v6 instead of v5. Similarly, in .github/workflows/test-quilt3-admin-codegen.yaml, the single Python setup step is updated to use version 6.
The new version brings several enhancements including support for a pip-version parameter, improved reading of .python-version files, Pipfile version parsing support, and various bug fixes for PyPy and GraalPy environments. The update also includes security improvements through dependency updates that fix vulnerabilities in form-data and setuptools components.
This change integrates with Quilt's existing CI infrastructure by maintaining all current functionality while providing access to the latest features and security patches. The workflows will continue to function identically from a user perspective, but with improved reliability and security under the hood.
Confidence score: 5/5
- This PR is safe to merge with minimal risk as it only updates a well-maintained GitHub Action to its latest stable version
- Score reflects the routine nature of dependency updates and the comprehensive testing infrastructure that will validate the change
- No files require special attention as this is a straightforward action version bump with backward compatibility
2 files reviewed, no comments
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/github_actions/actions/setup-python-6
branch
from
a8359af to
96ca201
Compare
sir-sigurd
deleted the
dependabot/github_actions/actions/setup-python-6
branch
Bumps actions/setup-python from 5 to 6.
Release notes
Sourced from actions/setup-python's releases.
... (truncated)
Commits
e797f83Upgrade to node 24 (#1164)3d1e2d2Revert "Enhance cache-dependency-path handling to support files outside the w...65b0712Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...5b668cfBump actions/checkout from 4 to 5 (#1181)f62a0e2Change missing cache directory error to warning (#1182)9322b3cUpgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...fbeb884Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)03bb615Bump idna from 2.9 to 3.7 in /tests/data (#843)36da51dAdd version parsing from Pipfile (#1067)3c6f142update documentation (#1156)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)