ci: bump the actions group with 2 updates

[dependabot]

Bumps the actions group with 2 updates: hynek/build-and-inspect-python-package and astral-sh/setup-uv.

Updates hynek/build-and-inspect-python-package from 2.13.0 to 2.14.0

Release notes

Sourced from hynek/build-and-inspect-python-package's releases.

v2.14.0

Changed

• Update tools such that they work on Python 3.14 (which is now 3.x on GitHub Actions). #182

• The action now ignores UV_PYTHON coming from the outside. #184

Changelog

Sourced from hynek/build-and-inspect-python-package's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

2.14.0

Changed

• Update tools such that they work on Python 3.14 (which is now 3.x on GitHub Actions). #182

• The action now ignores UV_PYTHON coming from the outside. #184

2.13.0

Added

• New output: package_name is the name of the built package as stored in metadata. #162

• The package name is now part of the action summary which is helpful when you build more than one package from a repository. #169

Changed

• All GitHub actions are now pinned to exact hashes for better reproducibility and mild security improvements[^st].

[^st]: Chosen prefix SHA-1 hash collision attacks exist. Against serious attackers, this is but security theater.

2.12.0

Changed

• This release only updates the tools we use. It's important for being able to handle packaging metadata 2.4, as published by recent versions of Hatchling, though. #161

2.11.0

Added

• New output: package_version is the version of the package that was built.

... (truncated)

Commits

• efb823f v2.14.0
• fea7251 Update changelog
• f79f62d Unset UV_PYTHON (#184)
• 5207127 Group dependabot
• 2667f72 Update actions (#183)
• 4d00193 Automated dependency upgrades (#182)
• 946ff2a Automated dependency upgrades (#177)
• bc052a7 [pre-commit.ci] pre-commit autoupdate (#178)
• a2e9b60 Automated dependency upgrades (#176)
• 8dba707 Automated dependency upgrades (#172)
• Additional commits viewable in compare view

Updates astral-sh/setup-uv from 6.8.0 to 7.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.1.0 🌈 Support all the use cases

Changes

Support all the use cases!!! ... well, that we know of.

This release adds support for some use cases that most users don't encounter but are useful for e.g. people running Gitea.

The input resolution-strategy lets you use the lowest possible version of uv from a version range. Useful if you want to test your tool with different versions of uv.

If you use activate-environment the path to the activated venv is now also exposed under the output venv.

Downloaded python installations can now also be uploaded to the GitHub Actions cache backend. Useful if you are running in act and have configured your own backend and don't want to download python again, and again over a slow internet connection.

Finally the path to installed python interpreters is now added to the PATH on Windows.

🚀 Enhancements

• Add resolution-strategy input to support oldest compatible version selection @copilot-swe-agent[bot] (#631)
• Add value of UV_PYTHON_INSTALL_DIR to path @​eifinger (#628)
• Set output venv when activate-environment is used @​eifinger (#627)
• Cache python installs @​merlinz01 (#621)

🧰 Maintenance

• Add copilot-instructions.md @​eifinger (#630)
• chore: update known checksums for 0.9.2 @github-actions[bot] (#626)
• chore: update known checksums for 0.9.1 @github-actions[bot] (#625)
• Fall back to PR for updating known versions @​eifinger (#623)

📚 Documentation

• Split up documentation @​eifinger (#632)

⬆️ Dependency updates

• Bump deps @​eifinger (#633)
• Bump github/codeql-action from 3.30.6 to 4.30.7 @dependabot[bot] (#614)

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

... (truncated)

Commits

• 3259c62 Bump deps (#633)
• bf8e8ed Split up documentation (#632)
• 9c6b5e9 Add resolution-strategy input to support oldest compatible version selection ...
• a5129e9 Add copilot-instructions.md (#630)
• d18bcc7 Add value of UV_PYTHON_INSTALL_DIR to path (#628)
• bd1f875 Set output venv when activate-environment is used (#627)
• 1a91c38 chore: update known checksums for 0.9.2 (#626)
• c79f606 chore: update known checksums for 0.9.1 (#625)
• e0249f1 Fall back to PR for updating known versions (#623)
• 6d2eb15 Cache python installs (#621)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud