Bump the actions group with 2 updates

[dependabot]

Bumps the actions group with 2 updates: pypa/cibuildwheel and actions/attest-build-provenance.

Updates pypa/cibuildwheel from 2.19.2 to 2.20.0

Release notes

Sourced from pypa/cibuildwheel's releases.

Version 2.20.0

• 🌟 CPython 3.13 wheels are now built by default - without the CIBW_PRERELEASE_PYTHONS flag. It's time to build and upload these wheels to PyPI! This release includes CPython 3.13.0rc1, which is guaranteed to be ABI compatible with the final release. Free-threading is still behind a flag/config option. (#1950)
• ✨ Provide a CIBW_ALLOW_EMPTY environment variable as an alternative to the command line flag. (#1937)
• 🐛 Don't use uv on PyPy3.8 on Windows, it stopped working starting in 0.2.25. Note that PyPy 3.8 is EoL. (#1868)
• 🛠 Set the VSCMD_ARG_TGT_ARCH variable based on target arch. (#1876)
• 🛠 Undo cleaner output on pytest 8-8.2 now that 8.3 is out. (#1943)
• 📚 Update examples to use Python 3.12 on host (cibuildwheel will require Python 3.11+ on the host machine starting in October 2024) (#1919)

Changelog

Sourced from pypa/cibuildwheel's changelog.

---

title: Changelog

Changelog

v2.20.0

• 🌟 CPython 3.13 wheels are now built by default - without the CIBW_PRERELEASE_PYTHONS flag. It's time to build and upload these wheels to PyPI! This release includes CPython 3.13.0rc1, which is guaranteed to be ABI compatible with the final release. Free-threading is still behind a flag/config option. (#1950)
• ✨ Provide a CIBW_ALLOW_EMPTY environment variable as an alternative to the command line flag. (#1937)
• 🐛 Don't use uv on PyPy3.8 on Windows, it stopped working starting in 0.2.25. Note that PyPy 3.8 is EoL. (#1868)
• 🛠 Set the VSCMD_ARG_TGT_ARCH variable based on target arch. (#1876)
• 🛠 Undo cleaner output on pytest 8-8.2 now that 8.3 is out. (#1943)
• 📚 Update examples to use Python 3.12 on host (cibuildwheel will require Python 3.11+ on the host machine starting in October 2024) (#1919)

v2.19.2

• 🐛 Update manylinux2014 pins to versions that support past-EoL CentOS 7 mirrors. (#1917)
• 🐛 Support --no-isolation with build[uv] build-frontend. (#1889)
• 🛠 Provide attestations for releases at https://github.com/pypa/cibuildwheel/attestations. (#1916)
• 🛠 Provide CPython 3.13.0b3. (#1913)
• 🛠 Remove some workarounds now that pip 21.1 is available. (#1891, #1892)
• 📚 Remove nosetest from our docs. (#1821)
• 📚 Document the macOS ARM workaround for 3.8 on GHA. (#1871)
• 📚 GitLab CI + macOS is now a supported platform with an example. (#1911)

v2.19.1

• 🐛 Don't require setup-python on GHA for Pyodide (#1868)
• 🐛 Specify full python path for uv (fixes issue in 0.2.10 & 0.2.11) (#1881)
• 🛠 Update for pip 24.1b2 on CPython 3.13. (#1879)
• 🛠 Fix a warning in our schema generation script. (#1866)
• 🛠 Cleaner output on pytest 8-8.2. (#1865)

v2.19.0

See the release post for more info on new features!

• 🌟 Add Pyodide platform. Set with --platform pyodide or CIBW_PLATFORM: pyodide on Linux with a host Python 3.12 to build WebAssembly wheels. Not accepted on PyPI currently, but usable directly in a website using Pyodide, for live docs, etc. (#1456, #1859)
• 🌟 Add build[uv] backend, which will take a pre-existing uv install (or install cibuildwheel[uv]) and use uv for all environment setup and installs on Python 3.8+. This is significantly faster in most cases. (#1856)
• ✨ Add free-threaded macOS builds and update CPython to 3.13.0b2. (#1854)
• 🐛 Issue copying a wheel to a non-existent output dir fixed. (#1851, #1862)
• 🐛 Better determinism for the test environment seeding. (#1835)
• 🛠 VIRTUAL_ENV variable now set. (#1842)
• 🛠 Remove a pip<21.3 workaround. (#1842)
• 🛠 Error handling was refactored to use exceptions. (#1719)
• 🛠 Hardcoded paths in tests avoided. (#1834)

... (truncated)

Commits

• bd033a4 Bump version: v2.20.0
• 9d023cf Build CPython 3.13 by default (#1950)
• 8a69dbd [Bot] Update dependencies (#1949)
• 147de6f [pre-commit.ci] pre-commit autoupdate (#1947)
• e217e44 [Bot] Update dependencies (#1946)
• 871ef6b tests: show xfail traceback summaries again (#1943)
• fac72f0 [pre-commit.ci] pre-commit autoupdate (#1944)
• d4c3321 feat: add CIBW_ALLOW_EMPTY environment variable (#1937)
• 5af5df4 [Bot] Update dependencies (#1935)
• 6c5cf87 docs: fix nox docs command (#1938)
• Additional commits viewable in compare view

Updates actions/attest-build-provenance from 1.3.3 to 1.4.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v1.4.0

What's Changed

• Bump predicate action from 1.1.0 to 1.1.1 by @​bdehamer in actions/attest-build-provenance#182
  • Fix for JWKS proxy bug
• Bump actions/attest from 1.3.3 to 1.4.0 by @​bdehamer in actions/attest-build-provenance#183
  • Add show-summary input
  • Format summary output as list

Full Changelog: actions/attest-build-provenance@v1.3.3...v1.4.0

Commits

• 210c191 bump actions/attest from 1.3.3 to 1.4.0 (#183)
• 1cb5f76 bump predicate action from 1.1.0 to 1.1.1 (#182)
• 9ff3713 Bump @​actions/attest from 1.3.0 to 1.3.1 (#181)
• 3630726 Bump @​types/node from 20.14.11 to 22.0.0 (#180)
• ba2fe9b Bump the npm-development group with 3 updates (#179)
• cae1693 Bump the npm-development group with 5 updates (#161)
• 456d685 Bump the npm-development group with 4 updates (#154)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[EwoutH]

CPython 3.13 wheels are now built by default - without the CIBW_PRERELEASE_PYTHONS flag. It's time to build and upload these wheels to PyPI! This release includes CPython 3.13.0rc1, which is guaranteed to be ABI compatible with the final release.

Important bump this one!

[lumberbot-app]

Owee, I'm MrMeeseeks, Look at me.

There seem to be a conflict, please backport manually. Here are approximate instructions:

1. Checkout backport branch and update it.

git checkout v3.9.x
git pull

2. Cherry pick the first parent branch of the this PR on top of the older branch:

git cherry-pick -x -m1 fd42e7d63577ef88694913268fe5a5ffd8539431

3. You will likely have some merge/cherry-pick conflict here, fix them and commit:

git commit -am 'Backport PR #28668: Bump the actions group with 2 updates'

4. Push to a named branch:

git push YOURFORK v3.9.x:auto-backport-of-pr-28668-on-v3.9.x

5. Create a PR against branch v3.9.x, I would have named this PR:

"Backport PR #28668 on branch v3.9.x (Bump the actions group with 2 updates)"

And apply the correct labels and milestones.

Congratulations — you did some good work! Hopefully your backport PR will be tested by the continuous integration and merged soon!

Remember to remove the Still Needs Manual Backport label once the PR gets merged.

If these instructions are inaccurate, feel free to suggest an improvement.