Sourced from py-cov-action/python-coverage-comment-action's releases.

v3.37

What's Changed

• feat: Handle Merge Queues by @​olivier-lacroix in py-cov-action/python-coverage-comment-action#592

New Contributors

• @​olivier-lacroix made their first contribution in py-cov-action/python-coverage-comment-action#592

Full Changelog: https://github.com/py-cov-action/python-coverage-comment-action/compare/v3.36...v3.37

v3.36

What's Changed

• Adds additional support for Github enterprise usecases & support for pull_request/closed trigger by @​daniel-anya in py-cov-action/python-coverage-comment-action#589

Full Changelog: https://github.com/py-cov-action/python-coverage-comment-action/compare/v3.35...v3.36

v3.35

What's Changed

• use three dot notation to calculate diff by @​ewjoachim & @​stickperson in py-cov-action/python-coverage-comment-action#573

Full Changelog: https://github.com/py-cov-action/python-coverage-comment-action/compare/v3.34...v3.35

• 0544a9c Merge pull request #592 from olivier-lacroix/feat/merge-queue
• 93c307d Handle Merge Queues
• 59e8544 chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.12.10 (#591)
• 47f98f1 Merge pull request #589 from py-cov-action/additional-support-for-gh-enterprise
• 370c909 Missing cleaner for event path
• 627d6dd Simplify extract_github_host
• 8f59450 Move logic of reading the event payload file to settings.py
• 19a6297 Add mention in the doc on supporting pull_request/closed
• 717fea2 Adds support for Github pages html url coverage report
• fdd2bd2 Updates extract_github_host function + test
• Additional commits viewable in compare view

Sourced from actions/checkout's releases.

v5.0.0

What's Changed

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226
• Prepare v5.0.0 release by @​salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: https://github.com/actions/checkout/compare/v4...v5.0.0

v4.3.0

What's Changed

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236
• Prepare release v4.3.0 by @​salmanmkc in actions/checkout#2237

New Contributors

• @​motss made their first contribution in actions/checkout#1971
• @​mouismail made their first contribution in actions/checkout#1977
• @​benwells made their first contribution in actions/checkout#2043
• @​nebuk89 made their first contribution in actions/checkout#2194
• @​salmanmkc made their first contribution in actions/checkout#2236

Full Changelog: https://github.com/actions/checkout/compare/v4...v4.3.0

v4.2.2

What's Changed

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

Full Changelog: https://github.com/actions/checkout/compare/v4.2.1...v4.2.2

v4.2.1

What's Changed

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

New Contributors

• @​Jcambass made their first contribution in actions/checkout#1919

Full Changelog: https://github.com/actions/checkout/compare/v4.2.0...v4.2.1

... (truncated)

Sourced from actions/checkout's changelog.

Changelog

V5.0.0

• Update actions checkout to use node 24 by @​salmanmkc in actions/checkout#2226

V4.3.0

• docs: update README.md by @​motss in actions/checkout#1971
• Add internal repos for checking out multiple repositories by @​mouismail in actions/checkout#1977
• Documentation update - add recommended permissions to Readme by @​benwells in actions/checkout#2043
• Adjust positioning of user email note and permissions heading by @​joshmgross in actions/checkout#2044
• Update README.md by @​nebuk89 in actions/checkout#2194
• Update CODEOWNERS for actions by @​TingluoHuang in actions/checkout#2224
• Update package dependencies by @​salmanmkc in actions/checkout#2236

v4.2.2

• url-helper.ts now leverages well-known environment variables by @​jww3 in actions/checkout#1941
• Expand unit test coverage for isGhes by @​jww3 in actions/checkout#1946

v4.2.1

• Check out other refs/* by commit if provided, fall back to ref by @​orhantoy in actions/checkout#1924

v4.2.0

• Add Ref and Commit outputs by @​lucacome in actions/checkout#1180
• Dependency updates by @​dependabot- actions/checkout#1777, actions/checkout#1872

v4.1.7

• Bump the minor-npm-dependencies group across 1 directory with 4 updates by @​dependabot in actions/checkout#1739
• Bump actions/checkout from 3 to 4 by @​dependabot in actions/checkout#1697
• Check out other refs/* by commit by @​orhantoy in actions/checkout#1774
• Pin actions/checkout's own workflows to a known, good, stable version. by @​jww3 in actions/checkout#1776

v4.1.6

• Check platform to set archive extension appropriately by @​cory-miller in actions/checkout#1732

v4.1.5

• Update NPM dependencies by @​cory-miller in actions/checkout#1703
• Bump github/codeql-action from 2 to 3 by @​dependabot in actions/checkout#1694
• Bump actions/setup-node from 1 to 4 by @​dependabot in actions/checkout#1696
• Bump actions/upload-artifact from 2 to 4 by @​dependabot in actions/checkout#1695
• README: Suggest user.email to be 41898282+github-actions[bot]@users.noreply.github.com by @​cory-miller in actions/checkout#1707

v4.1.4

• Disable extensions.worktreeConfig when disabling sparse-checkout by @​jww3 in actions/checkout#1692
• Add dependabot config by @​cory-miller in actions/checkout#1688
• Bump the minor-actions-dependencies group with 2 updates by @​dependabot in actions/checkout#1693
• Bump word-wrap from 1.2.3 to 1.2.5 by @​dependabot in actions/checkout#1643

v4.1.3

... (truncated)

• 08c6903 Prepare v5.0.0 release (#2238)
• 9f26565 Update actions checkout to use node 24 (#2226)
• See full diff in compare view

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

• Add support for pip-version by @​priyagupta108 in actions/setup-python#1129
• Enhance reading from .python-version by @​krystof-k in actions/setup-python#787
• Add version parsing from Pipfile by @​aradkdj in actions/setup-python#1067

Bug fixes:

• Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @​aparnajyothi-y in actions/setup-python#1183
• Change missing cache directory error to warning by @​aparnajyothi-y in actions/setup-python#1182
• Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @​aparnajyothi-y in actions/setup-python#1122
• Include python version in PyPy python-version output by @​cdce8p in actions/setup-python#1110
• Update docs: clarification on pip authentication with setup-python by @​priya-kinthali in actions/setup-python#1156

Dependency updates:

• Upgrade idna from 2.9 to 3.7 in /tests/data by @​dependabot[bot] in actions/setup-python#843
• Upgrade form-data to fix critical vulnerabilities #182 & #183 by @​aparnajyothi-y in actions/setup-python#1163
• Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @​aparnajyothi-y in actions/setup-python#1165
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-python#1181
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in actions/setup-python#1095

New Contributors

• @​krystof-k made their first contribution in actions/setup-python#787
• @​cdce8p made their first contribution in actions/setup-python#1110
• @​aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: https://github.com/actions/setup-python/compare/v5...v6.0.0

v5.6.0

What's Changed

• Workflow updates related to Ubuntu 20.04 by @​aparnajyothi-y in actions/setup-python#1065
• Fix for Candidate Not Iterable Error by @​aparnajyothi-y in actions/setup-python#1082
• Upgrade semver and @​types/semver by @​dependabot in actions/setup-python#1091
• Upgrade prettier from 2.8.8 to 3.5.3 by @​dependabot in actions/setup-python#1046
• Upgrade ts-jest from 29.1.2 to 29.3.2 by @​dependabot in actions/setup-python#1081

Full Changelog: https://github.com/actions/setup-python/compare/v5...v5.6.0

v5.5.0

What's Changed

Enhancements:

• Support free threaded Python versions like '3.13t' by @​colesbury in actions/setup-python#973
• Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade @​action/cache from 4.0.0 to 4.0.3 by @​priya-kinthali in actions/setup-python#1056
• Add support for .tool-versions file in setup-python by @​mahabaleshwars in actions/setup-python#1043

Bug fixes:

• Fix architecture for pypy on Linux ARM64 by @​mayeut in actions/setup-python#1011 This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.

... (truncated)

• e797f83 Upgrade to node 24 (#1164)
• 3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
• 65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
• 5b668cf Bump actions/checkout from 4 to 5 (#1181)
• f62a0e2 Change missing cache directory error to warning (#1182)
• 9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
• fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
• 03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
• 36da51d Add version parsing from Pipfile (#1067)
• 3c6f142 update documentation (#1156)
• Additional commits viewable in compare view

Sourced from actions/download-artifact's releases.

v5.0.0

What's Changed

• Update README.md by @​nebuk89 in actions/download-artifact#407
• BREAKING fix: inconsistent path behavior for single artifact downloads by ID by @​GrantBirki in actions/download-artifact#416

v5.0.0

🚨 Breaking Change

This release fixes an inconsistency in path behavior for single artifact downloads by ID. If you're downloading single artifacts by ID, the output path may change.

What Changed

Previously, single artifact downloads behaved differently depending on how you specified the artifact:

• By name: name: my-artifact → extracted to path/ (direct)
• By ID: artifact-ids: 12345 → extracted to path/my-artifact/ (nested)

Now both methods are consistent:

• By name: name: my-artifact → extracted to path/ (unchanged)
• By ID: artifact-ids: 12345 → extracted to path/ (fixed - now direct)

Migration Guide

✅ No Action Needed If:

• You download artifacts by name
• You download multiple artifacts by ID
• You already use merge-multiple: true as a workaround

⚠️ Action Required If:

You download single artifacts by ID and your workflows expect the nested directory structure.

Before v5 (nested structure):

- uses: actions/download-artifact@v4
  with:
    artifact-ids: 12345
    path: dist
# Files were in: dist/my-artifact/

Where my-artifact is the name of the artifact you previously uploaded

To maintain old behavior (if needed):

</tr></table> 

... (truncated)

• 634f93c Merge pull request #416 from actions/single-artifact-id-download-path
• b19ff43 refactor: resolve download path correctly in artifact download tests (mainly ...
• e262cbe bundle dist
• bff23f9 update docs
• fff8c14 fix download path logic when downloading a single artifact by id
• 448e3f8 Merge pull request #407 from actions/nebuk89-patch-1
• 47225c4 Update README.md
• See full diff in compare view

Sourced from pypa/gh-action-pypi-publish's releases.

v1.13.0

[!important] 🚨 This release includes fixes for GHSA-vxmw-7h4f-hqxh discovered by @​woodruffw💰. We've also integrated Zizmor to catch similar issues in the future and you should too.

✨ New Stuff

@​woodruffw💰 updated the README to no longer mention the attestations feature being experimental in #347: it's been rather stable for a year already 🎉 He also added more diagnostic output which includes printing out the GitHub Environment claim via #371 and warning about the unsupported reusable workflows configurations #306, when using Trusted Publishing.

[!tip] The official support for reusable workflows is currently blocked on changes to PyPI. To get updates about progress on the action side, you may want to subscribe to #166. At PyCon US 2025 Sprints, @​facutuesca💰, @​miketheman💰, @​woodruffw💰 and I💰 spent several hours IRL brainstorming how to fix this and migrate projects that happen to rely on an obscure corner case with reusable workflows that temporarily allows them to function by accident. The result of that discussion is posted @ pypi/warehouse#11096. Note that this is a volunteer-led effort and there is no ETA. If you need this soon, make your employer sponsor the PSF and maybe they'll be able to hire somebody for this work on Warehouse.

In addition to that, @​konstin💰 sent #378 to pin actions/setup-python to a SHA hash. This makes pypi-publish compatible with new GitHub policies that allow organizations to mandate hash-pinning actions used in workflows.

🛠️ Internal Dependencies

@​webknjaz💰 made a bunch of updates to the action runtime which includes bumping it to Python 3.13 in #331 and updating the dependency tree across the board. pip-with-requires-python is no longer being installed (#332). Some related bumps were contributed by @​woodruffw💰 (#359) and @​kurtmckee💰 sent a contributor-facing PR, bumping the linting configuration via #335.

💪 New Contributors

• @​kurtmckee made their first contribution in #335
• @​konstin made their first contribution in #378

🪞 Full Diff: https://github.com/pypa/gh-action-pypi-publish/compare/v1.12.4...v1.13.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

• ed0c539 📦📌 Bump the pinned dependency tree
• 77db1b7 Merge branch PR #306, GHSA-vxmw-7h4f-hqxh fix and PR #378 into unstable/v1
• 280b3a1 Alias typing as t in imports
• e380240 Use object in place of typing.Any in annotations
• e50bff6 Deduplicate claim ref lookup
• decbc9a Hint people to subscribe to #166 for notifications
• 8208ad3 Ask not to report bugs with reusable workflow
• ff0fef5 🧪 Scope WPS202 suppression to specific files
• 1293b8c Use yamllint disable line length lint
• ed01280 Linter (different rule)
• Additional commits viewable in compare view

Sourced from jakebailey/pyright-action's releases.

v2.3.3

• Fix lint (4599f31)
• Replace jest-path-serializer (1349f1a)
• Fix deps (f701448)
• fmt (ec50111)
• Update engines (41972b7)
• Update github actions (#180) (86e183a)
• Update actions/checkout action to v5 (#190) (8b711b9)
• Update deps (9631dc2)
• Update deps (fa0d678)
• Update github actions (#163) (623784a)
• Fix eslint (73a65bd)
• Update deps (dee7200)
• Update deps (ea37d1c)
• Update nvmrc (fb32d81)
• Update eslint (b0c5af5)
• Update deps (f4851c1)
• Update actions/cache action to v4.2.0 (#159) (57f6678)
• Update codecov/codecov-action action to v5 (#154) (f572338)
• Update github actions (#146) (b7d7f8e)
• Update deps (b721321)
• Update deps (4156862)
• Update github actions (#121) (ec480a0)
• Update deps (bfe39b3)

• 6cabc0f Release v2.3.3
• 4599f31 Fix lint
• 1349f1a Replace jest-path-serializer
• f701448 Fix deps
• ec50111 fmt
• 41972b7 Update engines
• 86e183a Update github actions (#180)
• 8b711b9 Update actions/checkout action to v5 (#190)
• 9631dc2 Update deps
• fa0d678 Update deps
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions