From 7b5cf8bd707bacd0ea9d96d4c286bb57b87c81b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Mar 2026 07:18:06 -0400 Subject: [PATCH 01/18] Bump actions/cache from 5.0.3 to 5.0.4 (#1179) Bumps [actions/cache](https://github.com/actions/cache) from 5.0.3 to 5.0.4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v5.0.3...v5.0.4) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a83c499..42367c6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,7 +28,7 @@ jobs: uses: actions/setup-python@v6.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} - - uses: actions/cache@v5.0.3 + - uses: actions/cache@v5.0.4 timeout-minutes: 5 with: path: | @@ -66,7 +66,7 @@ jobs: with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: ${{ matrix.WINDOWS.ARCH }} - - uses: actions/cache@v5.0.3 + - uses: actions/cache@v5.0.4 timeout-minutes: 5 with: path: | @@ -110,7 +110,7 @@ jobs: uses: actions/setup-python@v6.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} - - uses: actions/cache@v5.0.3 + - uses: actions/cache@v5.0.4 timeout-minutes: 5 with: path: | From 824e3b57dbfe0646f287bb0f5c5d33833c5ea334 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Mar 2026 07:18:27 -0400 Subject: [PATCH 02/18] Bump dawidd6/action-download-artifact from 18 to 19 (#1178) Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 18 to 19. - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](https://github.com/dawidd6/action-download-artifact/compare/1f8785ff7a5130826f848e7f72725c85d241860f...8a338493df3d275e4a7a63bcff3b8fe97e51a927) --- updated-dependencies: - dependency-name: dawidd6/action-download-artifact dependency-version: '19' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pypi-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index c8e30e1..ccd5780 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -40,7 +40,7 @@ jobs: echo "PYPI_URL=https://test.pypi.org/legacy/" >> $GITHUB_ENV if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'testpypi' - - uses: dawidd6/action-download-artifact@1f8785ff7a5130826f848e7f72725c85d241860f # v18 + - uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: path: tmpdist/ run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }} From 3191062a810ffb79aa48810f92371b1345bfa3b1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Mar 2026 23:25:55 -0400 Subject: [PATCH 03/18] Bump itoa from 1.0.17 to 1.0.18 in /src/_bcrypt (#1180) Bumps [itoa](https://github.com/dtolnay/itoa) from 1.0.17 to 1.0.18. - [Release notes](https://github.com/dtolnay/itoa/releases) - [Commits](https://github.com/dtolnay/itoa/compare/1.0.17...1.0.18) --- updated-dependencies: - dependency-name: itoa dependency-version: 1.0.18 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 2c830cc..6926d63 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -212,9 +212,9 @@ dependencies = [ [[package]] name = "itoa" -version = "1.0.17" +version = "1.0.18" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "92ecc6618181def0457392ccd0ee51198e065e016d1d527a7ac1b6dc7c1f09d2" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" [[package]] name = "leb128fmt" From 5b68e8c7e4d8544fc1bceee665d5f8d0fe1e38e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 06:48:10 -0500 Subject: [PATCH 04/18] Bump libc from 0.2.183 to 0.2.184 in /src/_bcrypt (#1181) Bumps [libc](https://github.com/rust-lang/libc) from 0.2.183 to 0.2.184. - [Release notes](https://github.com/rust-lang/libc/releases) - [Changelog](https://github.com/rust-lang/libc/blob/0.2.184/CHANGELOG.md) - [Commits](https://github.com/rust-lang/libc/compare/0.2.183...0.2.184) --- updated-dependencies: - dependency-name: libc dependency-version: 0.2.184 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 6926d63..856f8a9 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -224,9 +224,9 @@ checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" [[package]] name = "libc" -version = "0.2.183" +version = "0.2.184" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b5b646652bf6661599e1da8901b3b9522896f01e736bad5f723fe7a3a27f899d" +checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af" [[package]] name = "log" From 36cb18913dcade8fa1dea15967e647c0604526c1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 23:13:41 -0500 Subject: [PATCH 05/18] Bump dawidd6/action-download-artifact from 19 to 20 (#1182) Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 19 to 20. - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](https://github.com/dawidd6/action-download-artifact/compare/8a338493df3d275e4a7a63bcff3b8fe97e51a927...8305c0f1062bb0d184d09ef4493ecb9288447732) --- updated-dependencies: - dependency-name: dawidd6/action-download-artifact dependency-version: '20' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pypi-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index ccd5780..ebf1bd7 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -40,7 +40,7 @@ jobs: echo "PYPI_URL=https://test.pypi.org/legacy/" >> $GITHUB_ENV if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'testpypi' - - uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 + - uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20 with: path: tmpdist/ run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }} From e32f6b2b8599f8907b5aa66dbe7227c0ba06b33c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 23:14:00 -0500 Subject: [PATCH 06/18] Bump pyo3 from 0.28.2 to 0.28.3 in /src/_bcrypt (#1183) Bumps [pyo3](https://github.com/pyo3/pyo3) from 0.28.2 to 0.28.3. - [Release notes](https://github.com/pyo3/pyo3/releases) - [Changelog](https://github.com/PyO3/pyo3/blob/main/CHANGELOG.md) - [Commits](https://github.com/pyo3/pyo3/compare/v0.28.2...v0.28.3) --- updated-dependencies: - dependency-name: pyo3 dependency-version: 0.28.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 856f8a9..1cddfa9 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -282,9 +282,9 @@ dependencies = [ [[package]] name = "pyo3" -version = "0.28.2" +version = "0.28.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cf85e27e86080aafd5a22eae58a162e133a589551542b3e5cee4beb27e54f8e1" +checksum = "91fd8e38a3b50ed1167fb981cd6fd60147e091784c427b8f7183a7ee32c31c12" dependencies = [ "libc", "once_cell", @@ -296,18 +296,18 @@ dependencies = [ [[package]] name = "pyo3-build-config" -version = "0.28.2" +version = "0.28.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8bf94ee265674bf76c09fa430b0e99c26e319c945d96ca0d5a8215f31bf81cf7" +checksum = "e368e7ddfdeb98c9bca7f8383be1648fd84ab466bf2bc015e94008db6d35611e" dependencies = [ "target-lexicon", ] [[package]] name = "pyo3-ffi" -version = "0.28.2" +version = "0.28.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "491aa5fc66d8059dd44a75f4580a2962c1862a1c2945359db36f6c2818b748dc" +checksum = "7f29e10af80b1f7ccaf7f69eace800a03ecd13e883acfacc1e5d0988605f651e" dependencies = [ "libc", "pyo3-build-config", @@ -315,9 +315,9 @@ dependencies = [ [[package]] name = "pyo3-macros" -version = "0.28.2" +version = "0.28.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f5d671734e9d7a43449f8480f8b38115df67bef8d21f76837fa75ee7aaa5e52e" +checksum = "df6e520eff47c45997d2fc7dd8214b25dd1310918bbb2642156ef66a67f29813" dependencies = [ "proc-macro2", "pyo3-macros-backend", @@ -327,9 +327,9 @@ dependencies = [ [[package]] name = "pyo3-macros-backend" -version = "0.28.2" +version = "0.28.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "22faaa1ce6c430a1f71658760497291065e6450d7b5dc2bcf254d49f66ee700a" +checksum = "c4cdc218d835738f81c2338f822078af45b4afdf8b2e33cbb5916f108b813acb" dependencies = [ "heck", "proc-macro2", From a6780ab5e8b975d37c2c1aefb064752214fc3960 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 2 Apr 2026 23:14:44 -0500 Subject: [PATCH 07/18] Bump indexmap from 2.13.0 to 2.13.1 in /src/_bcrypt (#1184) Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.13.0 to 2.13.1. - [Changelog](https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md) - [Commits](https://github.com/indexmap-rs/indexmap/compare/2.13.0...2.13.1) --- updated-dependencies: - dependency-name: indexmap dependency-version: 2.13.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 1cddfa9..598644b 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -191,9 +191,9 @@ checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" [[package]] name = "indexmap" -version = "2.13.0" +version = "2.13.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7714e70437a7dc3ac8eb7e6f8df75fd8eb422675fc7678aff7364301092b1017" +checksum = "45a8a2b9cb3e0b0c1803dbb0758ffac5de2f425b23c28f518faabd9d805342ff" dependencies = [ "equivalent", "hashbrown 0.16.1", From b0ed4e270a5a5367d8711da239642c47c8b43fe1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 5 Apr 2026 22:25:00 -0500 Subject: [PATCH 08/18] Bump semver from 1.0.27 to 1.0.28 in /src/_bcrypt (#1185) Bumps [semver](https://github.com/dtolnay/semver) from 1.0.27 to 1.0.28. - [Release notes](https://github.com/dtolnay/semver/releases) - [Commits](https://github.com/dtolnay/semver/compare/1.0.27...1.0.28) --- updated-dependencies: - dependency-name: semver dependency-version: 1.0.28 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 598644b..64b5df3 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -355,9 +355,9 @@ checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" [[package]] name = "semver" -version = "1.0.27" +version = "1.0.28" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" [[package]] name = "serde" From e9589fa89ca59da3587d449871cb2fd728deeda0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Apr 2026 23:20:44 -0400 Subject: [PATCH 09/18] Bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#1186) Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.13.0 to 1.14.0. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e...cef221092ed1bacb1cc03d23a2d87d1d172e277b) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pypi-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index ebf1bd7..c048fc9 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -49,7 +49,7 @@ jobs: find tmpdist/ -type f -name 'bcrypt*' -exec mv {} dist/ \; - name: Publish package distributions to PyPI - uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e # v1.13.0 + uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b # v1.14.0 with: repository-url: ${{ env.PYPI_URL }} skip-existing: true From 0292aea343554117fc44bd8190b730f4a4fede8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 9 Apr 2026 23:17:40 -0400 Subject: [PATCH 10/18] Bump indexmap from 2.13.1 to 2.14.0 in /src/_bcrypt (#1187) Bumps [indexmap](https://github.com/indexmap-rs/indexmap) from 2.13.1 to 2.14.0. - [Changelog](https://github.com/indexmap-rs/indexmap/blob/main/RELEASES.md) - [Commits](https://github.com/indexmap-rs/indexmap/compare/2.13.1...2.14.0) --- updated-dependencies: - dependency-name: indexmap dependency-version: 2.14.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 64b5df3..16f4caa 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -173,9 +173,9 @@ dependencies = [ [[package]] name = "hashbrown" -version = "0.16.1" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100" +checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51" [[package]] name = "heck" @@ -191,12 +191,12 @@ checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" [[package]] name = "indexmap" -version = "2.13.1" +version = "2.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "45a8a2b9cb3e0b0c1803dbb0758ffac5de2f425b23c28f518faabd9d805342ff" +checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" dependencies = [ "equivalent", - "hashbrown 0.16.1", + "hashbrown 0.17.0", "serde", "serde_core", ] From 711c85c11e05dd4d55a88439ed83202712028b62 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Apr 2026 06:37:44 -0400 Subject: [PATCH 11/18] Bump actions/upload-artifact from 7.0.0 to 7.0.1 (#1188) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/bbbca2ddaa5d8feaa63e36b76fdaad77386f024f...043fb46d1a93c77aae656e7c1c64a875d1fc6a0a) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/wheel-builder.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 52af63b..47adc83 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -36,7 +36,7 @@ jobs: run: .venv/bin/pip install -U pip build - name: Make sdist run: .venv/bin/python -m build --sdist - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: "bcrypt-sdist" path: dist/bcrypt* @@ -122,7 +122,7 @@ jobs: - run: mkdir bcrypt-wheelhouse - run: mv wheelhouse/bcrypt*.whl bcrypt-wheelhouse/ - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.MANYLINUX.NAME }}-${{ matrix.PYTHON.VERSION }}${{ matrix.PYTHON.ABI_VERSION }}" path: bcrypt-wheelhouse/ @@ -197,7 +197,7 @@ jobs: - run: mkdir bcrypt-wheelhouse - run: mv wheelhouse/bcrypt*.whl bcrypt-wheelhouse/ - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: "bcrypt-${{ github.event.inputs.version }}-macOS-${{ matrix.PYTHON.VERSION }}${{ matrix.PYTHON.ABI_VERSION }}" path: bcrypt-wheelhouse/ @@ -249,7 +249,7 @@ jobs: # TODO: can we setup another python and test in the same job? this would catch bad linking problems (e.g. build and test on py36, but then install py38 and see if it works - run: mkdir bcrypt-wheelhouse - run: move wheelhouse\bcrypt*.whl bcrypt-wheelhouse\ - - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 with: name: "bcrypt-${{ github.event.inputs.version }}-${{ matrix.WINDOWS.ARCH }}-${{ matrix.PYTHON.VERSION }}${{ matrix.PYTHON.ABI_VERSION }}" path: bcrypt-wheelhouse\ From 701c92451fbe10307179780a3bf4753d8f0b7fe9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 02:07:17 -0400 Subject: [PATCH 12/18] Bump actions/cache from 5.0.4 to 5.0.5 (#1189) Bumps [actions/cache](https://github.com/actions/cache) from 5.0.4 to 5.0.5. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v5.0.4...v5.0.5) --- updated-dependencies: - dependency-name: actions/cache dependency-version: 5.0.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 42367c6..b72e1ca 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -28,7 +28,7 @@ jobs: uses: actions/setup-python@v6.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} - - uses: actions/cache@v5.0.4 + - uses: actions/cache@v5.0.5 timeout-minutes: 5 with: path: | @@ -66,7 +66,7 @@ jobs: with: python-version: ${{ matrix.PYTHON.VERSION }} architecture: ${{ matrix.WINDOWS.ARCH }} - - uses: actions/cache@v5.0.4 + - uses: actions/cache@v5.0.5 timeout-minutes: 5 with: path: | @@ -110,7 +110,7 @@ jobs: uses: actions/setup-python@v6.2.0 with: python-version: ${{ matrix.PYTHON.VERSION }} - - uses: actions/cache@v5.0.4 + - uses: actions/cache@v5.0.5 timeout-minutes: 5 with: path: | From 8eb60376c035060dcf3ac66ec9ce662911f114b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 14 Apr 2026 02:11:48 -0400 Subject: [PATCH 13/18] Bump libc from 0.2.184 to 0.2.185 in /src/_bcrypt (#1190) Bumps [libc](https://github.com/rust-lang/libc) from 0.2.184 to 0.2.185. - [Release notes](https://github.com/rust-lang/libc/releases) - [Changelog](https://github.com/rust-lang/libc/blob/0.2.185/CHANGELOG.md) - [Commits](https://github.com/rust-lang/libc/compare/0.2.184...0.2.185) --- updated-dependencies: - dependency-name: libc dependency-version: 0.2.185 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 16f4caa..a83969f 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -224,9 +224,9 @@ checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" [[package]] name = "libc" -version = "0.2.184" +version = "0.2.185" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48f5d2a454e16a5ea0f4ced81bd44e4cfc7bd3a507b61887c99fd3538b28e4af" +checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f" [[package]] name = "log" From 2081502b794e9aabfe7acc86b5d84d530d19792e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 15 Apr 2026 05:51:23 -0400 Subject: [PATCH 14/18] Bump bitflags from 2.11.0 to 2.11.1 in /src/_bcrypt (#1191) Bumps [bitflags](https://github.com/bitflags/bitflags) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/bitflags/bitflags/releases) - [Changelog](https://github.com/bitflags/bitflags/blob/main/CHANGELOG.md) - [Commits](https://github.com/bitflags/bitflags/compare/2.11.0...2.11.1) --- updated-dependencies: - dependency-name: bitflags dependency-version: 2.11.1 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index a83969f..28526cf 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -52,9 +52,9 @@ dependencies = [ [[package]] name = "bitflags" -version = "2.11.0" +version = "2.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "843867be96c8daad0d758b57df9392b6d8d271134fce549de6ce169ff98a92af" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" [[package]] name = "block-buffer" From 0b2c6c43be4ba12b181cf48353309a8492c1cab1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Apr 2026 06:35:11 -0400 Subject: [PATCH 15/18] Bump typenum from 1.19.0 to 1.20.0 in /src/_bcrypt (#1192) Bumps [typenum](https://github.com/paholg/typenum) from 1.19.0 to 1.20.0. - [Release notes](https://github.com/paholg/typenum/releases) - [Changelog](https://github.com/paholg/typenum/blob/main/CHANGELOG.md) - [Commits](https://github.com/paholg/typenum/compare/v1.19.0...v1.20.0) --- updated-dependencies: - dependency-name: typenum dependency-version: 1.20.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- src/_bcrypt/Cargo.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/_bcrypt/Cargo.lock b/src/_bcrypt/Cargo.lock index 28526cf..0f4036c 100644 --- a/src/_bcrypt/Cargo.lock +++ b/src/_bcrypt/Cargo.lock @@ -437,9 +437,9 @@ checksum = "adb6935a6f5c20170eeceb1a3835a49e12e19d792f6dd344ccc76a985ca5a6ca" [[package]] name = "typenum" -version = "1.19.0" +version = "1.20.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" +checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de" [[package]] name = "unicode-ident" From 4253f26b460eeb075e567a417d8983cb1e5fab4c Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 25 Apr 2026 15:31:01 -0500 Subject: [PATCH 16/18] drop support for win arm64 due to the unreliability of github runners (#1196) --- .github/workflows/ci.yml | 4 ---- .github/workflows/wheel-builder.yml | 1 - 2 files changed, 5 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b72e1ca..b341aa7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,14 +49,10 @@ jobs: WINDOWS: - {ARCH: 'x86', WINDOWS: 'win32', RUST_TRIPLE: 'i686-pc-windows-msvc', RUNNER: 'windows-latest'} - {ARCH: 'x64', WINDOWS: 'win64', RUST_TRIPLE: 'x86_64-pc-windows-msvc', RUNNER: 'windows-latest'} - - {ARCH: 'arm64', WINDOWS: 'win-arm64', RUST_TRIPLE: 'aarch64-pc-windows-msvc', RUNNER: 'windows-11-arm'} PYTHON: - {VERSION: "3.8", NOXSESSION: "tests"} - {VERSION: "3.14", NOXSESSION: "tests"} - {VERSION: "3.14t", NOXSESSION: "tests"} - exclude: - - WINDOWS: {ARCH: 'arm64', WINDOWS: 'win-arm64', RUST_TRIPLE: 'aarch64-pc-windows-msvc'} - PYTHON: {VERSION: "3.8", NOXSESSION: "tests"} name: "Python ${{ matrix.PYTHON.VERSION }} on ${{ matrix.WINDOWS.WINDOWS }}" steps: - uses: actions/checkout@v6.0.2 diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 47adc83..487a47f 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -211,7 +211,6 @@ jobs: WINDOWS: - {ARCH: 'x86', RUST_TRIPLE: 'i686-pc-windows-msvc', RUNNER: 'windows-latest'} - {ARCH: 'x64', RUST_TRIPLE: 'x86_64-pc-windows-msvc', RUNNER: 'windows-latest'} - - {ARCH: 'arm64', RUST_TRIPLE: 'aarch64-pc-windows-msvc', RUNNER: 'windows-11-arm'} PYTHON: - {VERSION: "3.11", ABI_VERSION: "cp38"} - {VERSION: "3.11", ABI_VERSION: "cp39"} From 449a83c458135e9aa53a8f9a1ee935ed91dfab6d Mon Sep 17 00:00:00 2001 From: Paul Kehrer Date: Sat, 25 Apr 2026 15:43:26 -0500 Subject: [PATCH 17/18] test to see if we don't need node20 any more (#1195) --- .github/workflows/ci.yml | 3 +-- .github/workflows/wheel-builder.yml | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b341aa7..e1c4d89 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -129,7 +129,6 @@ jobs: image: ghcr.io/pyca/cryptography-runner-${{ matrix.IMAGE.IMAGE }} volumes: - /staticnodehost:/staticnodecontainer:rw,rshared - - /staticnodehost/20:/__e/node20:ro,rshared - /staticnodehost/24:/__e/node24:ro,rshared strategy: fail-fast: false @@ -139,7 +138,7 @@ jobs: - {IMAGE: "alpine:aarch64", NOXSESSION: "tests", RUNNER: "ubuntu-24.04-arm"} name: "${{ matrix.IMAGE.NOXSESSION }} on ${{ matrix.IMAGE.IMAGE }}" steps: - - name: Ridiculous-er workaround for static node20 + - name: Ridiculous-er workaround for static node run: | cp -R /staticnode/* /staticnodecontainer/ - name: Ridiculous alpine workaround for actions support on arm64 diff --git a/.github/workflows/wheel-builder.yml b/.github/workflows/wheel-builder.yml index 487a47f..bd04448 100644 --- a/.github/workflows/wheel-builder.yml +++ b/.github/workflows/wheel-builder.yml @@ -86,10 +86,9 @@ jobs: image: ghcr.io/pyca/${{ matrix.MANYLINUX.CONTAINER }} volumes: - /staticnodehost:/staticnodecontainer:rw,rshared - - /staticnodehost/20:/__e/node20:ro,rshared - /staticnodehost/24:/__e/node24:ro,rshared steps: - - name: Ridiculous-er workaround for static node20 + - name: Ridiculous-er workaround for static node run: | cp -R /staticnode/* /staticnodecontainer/ - name: Ridiculous alpine workaround for actions support on arm64 From da696bb414fd5531e844f4f145c4d56c9528db9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 Apr 2026 01:29:47 -0700 Subject: [PATCH 18/18] Bump dawidd6/action-download-artifact from 20 to 21 (#1197) Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 20 to 21. - [Release notes](https://github.com/dawidd6/action-download-artifact/releases) - [Commits](https://github.com/dawidd6/action-download-artifact/compare/8305c0f1062bb0d184d09ef4493ecb9288447732...b6e2e70617bc3265edd6dab6c906732b2f1ae151) --- updated-dependencies: - dependency-name: dawidd6/action-download-artifact dependency-version: '21' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/pypi-publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml index c048fc9..6764060 100644 --- a/.github/workflows/pypi-publish.yml +++ b/.github/workflows/pypi-publish.yml @@ -40,7 +40,7 @@ jobs: echo "PYPI_URL=https://test.pypi.org/legacy/" >> $GITHUB_ENV if: github.event_name == 'workflow_dispatch' && github.event.inputs.environment == 'testpypi' - - uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20 + - uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21 with: path: tmpdist/ run_id: ${{ github.event.inputs.run_id || github.event.workflow_run.id }}