Skip to content

Bump actions/setup-python from 4 to 5#3

Merged
nfx merged 1 commit into
mainfrom
dependabot/github_actions/actions/setup-python-5
Apr 23, 2024
Merged

Bump actions/setup-python from 4 to 5#3
nfx merged 1 commit into
mainfrom
dependabot/github_actions/actions/setup-python-5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 23, 2024

Copy link
Copy Markdown

Bumps actions/setup-python from 4 to 5.

Release notes

Sourced from actions/setup-python's releases.

v5.0.0

What's Changed

In scope of this release, we update node version runtime from node16 to node20 (actions/setup-python#772). Besides, we update dependencies to the latest versions.

Full Changelog: actions/setup-python@v4.8.0...v5.0.0

v4.8.0

What's Changed

In scope of this release we added support for GraalPy (actions/setup-python#694). You can use this snippet to set up GraalPy:

steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py

Besides, the release contains such changes as:

New Contributors

Full Changelog: actions/setup-python@v4...v4.8.0

v4.7.1

What's Changed

Full Changelog: actions/setup-python@v4...v4.7.1

v4.7.0

In scope of this release, the support for reading python version from pyproject.toml was added (actions/setup-python#669).

      - name: Setup Python
        uses: actions/setup-python@v4
</tr></table> 

... (truncated)

Commits
  • 82c7e63 Documentation changes for avoiding rate limit issues on GHES (#835)
  • 10aa35a feat: fallback to raw endpoint for manifest when rate limit is reached (#766)
  • 9a7ac94 Bump undici from 5.27.2 to 5.28.3 (#817)
  • 871daa9 Fix the "Specifying multiple Python/PyPy versions" link (#782)
  • 2f07895 Fix broken README.md link (#793)
  • e9d6f99 Replace setup-python@v4 by setup-python@v5 in README (#776)
  • 0a5c615 Update action to node20 (#772)
  • 0ae5836 Add example of GraalPy to docs (#773)
  • b64ffca update actions/checkout to v4 (#761)
  • 8d28961 Examples now use checkout@v4 (#738)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
dependabot Bot requested a review from nfx as a code owner April 23, 2024 19:10
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 23, 2024
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/github_actions/actions/setup-python-5 branch from c9e6d7f to cb4148c Compare April 23, 2024 19:18
@nfx
nfx merged commit e42cedc into main Apr 23, 2024
@nfx
nfx deleted the dependabot/github_actions/actions/setup-python-5 branch April 23, 2024 19:19
AdityaMandiwal pushed a commit that referenced this pull request Aug 21, 2025
Bumps [actions/setup-python](https://github.com/actions/setup-python)
from 4 to 5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-python/releases">actions/setup-python's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<p>In scope of this release, we update node version runtime from node16
to node20 (<a
href="https://redirect.github.com/actions/setup-python/pull/772">actions/setup-python#772</a>).
Besides, we update dependencies to the latest versions.</p>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v4.8.0...v5.0.0">https://github.com/actions/setup-python/compare/v4.8.0...v5.0.0</a></p>
<h2>v4.8.0</h2>
<h2>What's Changed</h2>
<p>In scope of this release we added support for GraalPy (<a
href="https://redirect.github.com/actions/setup-python/pull/694">actions/setup-python#694</a>).
You can use this snippet to set up GraalPy:</p>
<pre lang="yaml"><code>steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4 
  with:
    python-version: 'graalpy-22.3' 
- run: python my_script.py
</code></pre>
<p>Besides, the release contains such changes as:</p>
<ul>
<li>Trim python version when reading from file by <a
href="https://github.com/FerranPares"><code>@​FerranPares</code></a> in
<a
href="https://redirect.github.com/actions/setup-python/pull/628">actions/setup-python#628</a></li>
<li>Use non-deprecated versions in examples by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/724">actions/setup-python#724</a></li>
<li>Change deprecation comment to past tense by <a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/723">actions/setup-python#723</a></li>
<li>Bump <code>@​babel/traverse</code> from 7.9.0 to 7.23.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/743">actions/setup-python#743</a></li>
<li>advanced-usage.md: Encourage the use actions/checkout@v4 by <a
href="https://github.com/cclauss"><code>@​cclauss</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/729">actions/setup-python#729</a></li>
<li>Examples now use checkout@v4 by <a
href="https://github.com/simonw"><code>@​simonw</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/738">actions/setup-python#738</a></li>
<li>Update actions/checkout to v4 by <a
href="https://github.com/dmitry-shibanov"><code>@​dmitry-shibanov</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/761">actions/setup-python#761</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/FerranPares"><code>@​FerranPares</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/628">actions/setup-python#628</a></li>
<li><a href="https://github.com/timfel"><code>@​timfel</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/694">actions/setup-python#694</a></li>
<li><a
href="https://github.com/jeffwidman"><code>@​jeffwidman</code></a> made
their first contribution in <a
href="https://redirect.github.com/actions/setup-python/pull/724">actions/setup-python#724</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v4...v4.8.0">https://github.com/actions/setup-python/compare/v4...v4.8.0</a></p>
<h2>v4.7.1</h2>
<h2>What's Changed</h2>
<ul>
<li>Bump word-wrap from 1.2.3 to 1.2.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/actions/setup-python/pull/702">actions/setup-python#702</a></li>
<li>Add range validation for toml files by <a
href="https://github.com/dmitry-shibanov"><code>@​dmitry-shibanov</code></a>
in <a
href="https://redirect.github.com/actions/setup-python/pull/726">actions/setup-python#726</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-python/compare/v4...v4.7.1">https://github.com/actions/setup-python/compare/v4...v4.7.1</a></p>
<h2>v4.7.0</h2>
<p>In scope of this release, the support for reading python version from
pyproject.toml was added (<a
href="https://redirect.github.com/actions/setup-python/pull/669">actions/setup-python#669</a>).</p>
<pre lang="yaml"><code>      - name: Setup Python
        uses: actions/setup-python@v4
&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-python/commit/82c7e631bb3cdc910f68e0081d67478d79c6982d"><code>82c7e63</code></a>
Documentation changes for avoiding rate limit issues on GHES (<a
href="https://redirect.github.com/actions/setup-python/issues/835">#835</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/10aa35afd7f071e70ffaa122e3d7c6ffcb5f7ed1"><code>10aa35a</code></a>
feat: fallback to raw endpoint for manifest when rate limit is reached
(<a
href="https://redirect.github.com/actions/setup-python/issues/766">#766</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/9a7ac94420f42ee15fc60ab88d0dca4be1fd5757"><code>9a7ac94</code></a>
Bump undici from 5.27.2 to 5.28.3 (<a
href="https://redirect.github.com/actions/setup-python/issues/817">#817</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/871daa956ca9ea99f3c3e30acb424b7960676734"><code>871daa9</code></a>
Fix the &quot;Specifying multiple Python/PyPy versions&quot; link (<a
href="https://redirect.github.com/actions/setup-python/issues/782">#782</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/2f078955e4d0f34cc7a8b0108b2eb7bbe154438e"><code>2f07895</code></a>
Fix broken README.md link (<a
href="https://redirect.github.com/actions/setup-python/issues/793">#793</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/e9d6f990972a57673cdb72ec29e19d42ba28880f"><code>e9d6f99</code></a>
Replace setup-python@v4 by setup-python@v5 in README (<a
href="https://redirect.github.com/actions/setup-python/issues/776">#776</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/0a5c61591373683505ea898e09a3ea4f39ef2b9c"><code>0a5c615</code></a>
Update action to node20 (<a
href="https://redirect.github.com/actions/setup-python/issues/772">#772</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/0ae58361cdfd39e2950bed97a1e26aa20c3d8955"><code>0ae5836</code></a>
Add example of GraalPy to docs (<a
href="https://redirect.github.com/actions/setup-python/issues/773">#773</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/b64ffcaf5b410884ad320a9cfac8866006a109aa"><code>b64ffca</code></a>
update actions/checkout to v4 (<a
href="https://redirect.github.com/actions/setup-python/issues/761">#761</a>)</li>
<li><a
href="https://github.com/actions/setup-python/commit/8d2896179abf658742de432b3f203d2c2d86a587"><code>8d28961</code></a>
Examples now use checkout@v4 (<a
href="https://redirect.github.com/actions/setup-python/issues/738">#738</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/actions/setup-python/compare/v4...v5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-python&package-manager=github_actions&previous-version=4&new-version=5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mwojtyczka mwojtyczka mentioned this pull request Jul 1, 2026
2 tasks
vb-dbrks added a commit that referenced this pull request Jul 3, 2026
…ecret

Addresses Marcin's review comments on the MCP server plus a round of Genie
feedback from driving the tools end to end.

Write governance (#1-#3): the persisting tools no longer take a caller-supplied
destination. save_checks / apply_checks_and_save_to_table now take a bare output
name and the runner writes it into the caller's own SP-owned per-user schema
(dqx_mcp_<user>), granting only that caller access. This lets me delete the OBO
write pre-check entirely - it checked the caller's perms while the SP did the
write (false assurance), rejected MODIFY-granted non-owners, and classified UC
errors by string-matching. The SP now only ever writes where it owns.

Runner robustness (#5, #6): save_checks applies write mode via config.replace()
instead of attribute assignment (which silently no-op'd on file backends), with
an up-front append/overwrite whitelist; generate_rules validates each profile and
raises a clear InvalidParameterError on a missing name/column instead of a
KeyError deep in the runner.

Correctness & CI (#4, #7, #8): execute_sql follows next_chunk_index so wide
schemas and the temp-view sweep aren't silently truncated to the first chunk;
added basedpyright (make mcp-check, wired into push.yml) and fixed the type
errors it surfaced; pointed the integration-coverage source at the MCP packages
rather than the DQX library.

Docs (#9): moved deploy/prerequisites into the installation page and linked back.

Genie feedback (MCP-side wrappers): generate_rules_from_contract now accepts
inline contract_content (or a file), reads it as the caller and stages a copy to
a runner-readable volume - so a Workspace-file contract works even though the
runner SP has no access to it; list_available_checks takes a filter substring so
agents can search instead of scanning every entry; generate_rules flags that its
bounds are data-derived and should be reviewed.

Dropped the catalog secret: a UC catalog name isn't sensitive (access is governed
by UC grants, not by hiding the name), so the app reads DQX_CATALOG as a plain
config value set from the catalog_name deploy var (inline app config, no
app.yaml) - nothing to create or manage out of band.

Also fixed make mcp-integration for local runs (absolute UV_BUILD_CONSTRAINT,
mirroring mcp-deploy) and updated the integration test + fixture for the new tool
shapes. Extracted the runner's pure naming/validation helpers into naming.py so
they're unit-tested without Spark.
fedeflowers added a commit to fedeflowers/dqx that referenced this pull request Jul 4, 2026
…gle validation boundary

Move all check validation onto the CheckSpec Pydantic model via a
model_validator so Pydantic is the single typed validation boundary
(the maintainer's headline request), and resolve the ranked findings:

- Native validation (meta): criticality value, function resolution, and
  signature/argument validation now run in CheckSpec._validate_semantics
  (model_validator). ChecksValidator becomes a thin layer that calls
  model_validate per check and translates ValidationError to DQX messages.
- #1 user_metadata regression: widen to dict[str, Any] on CheckSpec, DQRule,
  and DQForEachColRule so non-string values (e.g. {"confidence": 0.95}) load
  as they did pre-migration; add a regression test.
- databrickslabs#2/databrickslabs#3 double validation & discarded spec: _validate_and_parse returns the
  parsed specs; ChecksDeserializer.deserialize reuses them instead of
  re-parsing the raw dict, giving a single typed pass.
- databrickslabs#4 error-shim fragility: add a test pinning the Pydantic error-type codes
  the translator branches on so a rename fails loudly (pydantic<3 already caps
  the major version).
- databrickslabs#6 loader divergence: route the Delta from_dataframe path through the same
  project_to_check_schema allow-list as the Lakebase path; add a guard test.
- databrickslabs#7 docstrings: replace double-backticks with italics per AGENTS.md.

databrickslabs#5 (extra="forbid") confirmed safe with no code change: all *ChecksStorageConfig
construction sites use explicit kwargs and the behavior is already locked by
existing config tests (test_storage_config_rejects_unknown_kwarg).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant