Bump the "dependencies" group with 2 updates across multiple ecosystems

[dependabot]

Bumps the dependencies group with 3 updates: actions/checkout, actions/setup-python and actions/attest-build-provenance.

Updates actions/checkout from 6.0.1 to 6.0.2

Release notes

Sourced from actions/checkout's releases.

v6.0.2

What's Changed

• Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set by @​TingluoHuang in actions/checkout#2355
• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Full Changelog: actions/checkout@v6.0.1...v6.0.2

Changelog

Sourced from actions/checkout's changelog.

v6.0.2

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in actions/checkout#2356

Commits

• de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
• 064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
• See full diff in compare view

Updates actions/setup-python from 6.1.0 to 6.2.0

Release notes

Sourced from actions/setup-python's releases.

v6.2.0

What's Changed

Dependency Upgrades

• Upgrade dependencies to Node 24 compatible versions by @​salmanmkc in actions/setup-python#1259
• Upgrade urllib3 from 2.5.0 to 2.6.3 in /__tests__/data by @​dependabot in actions/setup-python#1253 and actions/setup-python#1264

Full Changelog: actions/setup-python@v6...v6.2.0

Commits

• a309ff8 Bump urllib3 from 2.6.0 to 2.6.3 in /tests/data (#1264)
• bfe8cc5 Upgrade @​actions dependencies to Node 24 compatible versions (#1259)
• 4f41a90 Bump urllib3 from 2.5.0 to 2.6.0 in /tests/data (#1253)
• See full diff in compare view

Updates actions/attest-build-provenance from 3.1.0 to 3.2.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v3.2.0

What's Changed

• Bump @​actions/core from 1.11.1 to 2.0.1 by @​dependabot[bot] in actions/attest-build-provenance#776
• Add more documentation on Artifact Metadata Storage Records by @​malancas in actions/attest-build-provenance#797
• Update actions/attest to latest version v3.2.0 by @​malancas in actions/attest-build-provenance#812

Full Changelog: actions/attest-build-provenance@v3.1.0...v3.2.0

Commits

• 96278af Update actions/attest to latest version v3.2.0 (#812)
• 6865550 Add more documentation on Artifact Metadata Storage Records (#797)
• 98f3aa9 Bump @​actions/core from 1.11.1 to 2.0.1 (#776)
• 63e6444 Bump github/codeql-action in the actions-minor group (#782)
• 3bc61af Bump the npm-development group with 2 updates (#795)
• 405d0ea Bump the npm-development group with 3 updates (#783)
• See full diff in compare view

Bumps the dependencies group with 2 updates: tox and setuptools.

Updates tox from 4.33.0 to 4.34.1

Release notes

Sourced from tox's releases.

4.34.1

What's Changed

• fix: wheel corruption when running parallel tox processes by @​gaborbernat in tox-dev/tox#3667

Full Changelog: tox-dev/tox@4.34.0...4.34.1

4.34.0

What's Changed

• feat: Support depenedcy groups with self references by @​Czaki in tox-dev/tox#3666

Full Changelog: tox-dev/tox@4.33.0...4.34.0

Changelog

Sourced from tox's changelog.

v4.34.1 (2026-01-09)

Bugfixes - 4.34.1

- Fix wheel corruption errors when the build backend updates the file in place - by :user:`gaborbernat`. (:issue:`3667`)
v4.34.0 (2026-01-08)
Features - 4.34.0

• Support installing extras from the current project in dependency groups. -- by :user:czaki. (:issue:3561)

Commits

• abd774e release 4.34.1
• 96658e0 fix: use copy instead of hard link for session package views (#3667)
• 078a0f8 release 4.34.0
• e8a7c03 feat: Support depenedcy groups with self references (#3666)
• 8a69efd Update weekly.yaml
• See full diff in compare view

Updates setuptools from 80.9.0 to 80.10.2

Changelog

Sourced from setuptools's changelog.

v80.10.2

Bugfixes

• Update vendored dependencies. (#5159)

Misc

• #5115, #5128

v80.10.1

Misc

• #5152

v80.10.0

Features

• Remove post-release tags on setuptools' own build. (#4530)
• Refreshed vendored dependencies. (#5139)

Misc

• #5033

Commits

• 5cf2d08 Bump version: 80.10.1 → 80.10.2
• 852cd5e Merge pull request #5166 from pypa/bugfix/5159-vendor-bin-free
• 11115ee Suppress deprecation warning.
• 5cf9185 Update vendored dependencies.
• cf59f41 Delete all binaries generated by vendored package install.
• 89a5981 Add missing newsfragments
• c0114af Postpone deprecation warnings related to PEP 639 to 2027-Feb-18 (#5115)
• de07603 Revert "[CI] Constraint transient test dependency on pyobjc" (#5128)
• 3afd5d6 Revert "[CI] Constraint transient test dependency on pyobjc"
• adfb0c9 Bump version: 80.10.0 → 80.10.1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions