Skip to content

[CI] Cherry pick dependabot updates from #3019 excluding pypa/gh-action-pypi-publish#3023

Merged
jiayuasu merged 2 commits into
apache:masterfrom
jbampton:actions-updates
Jun 1, 2026
Merged

[CI] Cherry pick dependabot updates from #3019 excluding pypa/gh-action-pypi-publish#3023
jiayuasu merged 2 commits into
apache:masterfrom
jbampton:actions-updates

Conversation

@jbampton

@jbampton jbampton commented Jun 1, 2026

Copy link
Copy Markdown
Member

Did you read the Contributor Guide?

Is this PR related to a ticket?

  • No:
    • this is a CI update. The PR name follows the format [CI] my subject

What changes were proposed in this PR?

Bumps 8 of 9 actions updates excluding one that fails the ASF allowlist workflow

refs #3019

https://github.com/apache/sedona/actions/runs/26728594764/job/78768093166?pr=3019

Error: Found 1 action ref(s) not on the ASF allowlist:
Error: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b is not on the ASF allowlist
Error: To resolve, open a PR in apache/infrastructure-actions to add the action or version to the allowlist: https://github.com/apache/infrastructure-actions#adding-a-new-action-to-the-allow-list

How was this patch tested?

prek run -a

All this runs on GitHub CI.

Did this PR include necessary documentation updates?

  • No, this PR does not affect any public API so no need to change the documentation.

dependabot Bot and others added 2 commits June 2, 2026 06:04
…ctory with 9 updates

Bumps the github-actions-dependencies group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [github/codeql-action](https://github.com/github/codeql-action) | `4.35.5` | `4.36.0` |
| [actions/cache](https://github.com/actions/cache) | `5.0.4` | `5.0.5` |
| [actions/setup-node](https://github.com/actions/setup-node) | `6.3.0` | `6.4.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.6.0` | `8.1.0` |
| [r-lib/actions](https://github.com/r-lib/actions) | `2.11.4` | `2.12.0` |
| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `7.0.0` | `7.0.1` |
| [j178/prek-action](https://github.com/j178/prek-action) | `2.0.3` | `2.0.4` |
| [pypa/cibuildwheel](https://github.com/pypa/cibuildwheel) | `3.4.0` | `3.4.1` |
| [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` |



Updates `github/codeql-action` from 4.35.5 to 4.36.0
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@9e0d7b8...7211b7c)

Updates `actions/cache` from 5.0.4 to 5.0.5
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@6682284...27d5ce7)

Updates `actions/setup-node` from 6.3.0 to 6.4.0
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@53b8394...48b55a0)

Updates `astral-sh/setup-uv` from 7.6.0 to 8.1.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@37802ad...0880764)

Updates `r-lib/actions` from 2.11.4 to 2.12.0
- [Release notes](https://github.com/r-lib/actions/releases)
- [Changelog](https://github.com/r-lib/actions/blob/v2-branch/NEWS.md)
- [Commits](r-lib/actions@v2.11.4...v2.12.0)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `j178/prek-action` from 2.0.3 to 2.0.4
- [Release notes](https://github.com/j178/prek-action/releases)
- [Commits](j178/prek-action@6ad8027...bdca6f1)

Updates `pypa/cibuildwheel` from 3.4.0 to 3.4.1
- [Release notes](https://github.com/pypa/cibuildwheel/releases)
- [Changelog](https://github.com/pypa/cibuildwheel/blob/main/docs/changelog.md)
- [Commits](pypa/cibuildwheel@ee02a15...8d2b08b)

Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.36.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: actions/cache
  dependency-version: 5.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: actions/setup-node
  dependency-version: 6.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions-dependencies
- dependency-name: r-lib/actions
  dependency-version: 2.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: j178/prek-action
  dependency-version: 2.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: pypa/cibuildwheel
  dependency-version: 3.4.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions-dependencies
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@jbampton jbampton requested a review from jiayuasu as a code owner June 1, 2026 20:17
@jbampton jbampton added the github_actions Pull requests that update GitHub Actions code label Jun 1, 2026
@jbampton jbampton added this to the sedona-1.9.1 milestone Jun 1, 2026
@jbampton jbampton added the dependencies Pull requests that update a dependency file label Jun 1, 2026

@jiayuasu jiayuasu left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@jiayuasu jiayuasu merged commit 92fac3f into apache:master Jun 1, 2026
50 checks passed
@jbampton jbampton deleted the actions-updates branch June 1, 2026 21:17
jiayuasu added a commit that referenced this pull request Jul 10, 2026
The Docs build on branch-1.9.0 hit a startup_failure because docs.yml
still referenced older action SHAs (setup-node, setup-uv, r-lib/actions,
upload-artifact, cache) that are no longer on the ASF Actions allowlist.
Backport the docs.yml action-pin bumps from #3023 (92fac3f) so they
match the versions already running on master. docs.yml is now identical
to master's.

(cherry picked from commit 3f13d534f366f3e0956586ed99b7456fea6b6a44)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants