Update GitHub Actions to fix deprecation warnings and security alert#152
Merged
marchhare09 merged 1 commit intoMay 21, 2026
Merged
Conversation
marchhare09
force-pushed
the
fix-deprecated-github-actions
branch
11 times, most recently
from
f81cd4f to
2f2f230
Compare
GitHub Actions updates: - Upgrade actions/upload-artifact from v3 to v4 - Upgrade actions/download-artifact from v3 to v4 - Upgrade pypa/gh-action-pypi-publish from v1.5.0 to v1.14.0 - Update runners from ubuntu-20.04 to ubuntu-22.04 - Standardize copyright headers The v4 artifact actions require unique names for each upload and explicit merging when downloading multiple artifacts. Added unique names (wheels-py3, sdist) and merge-multiple flag to maintain existing behavior. Python version updates: - Drop Python 2.7 support (EOL since 2020) - Drop Python 3.6 and 3.7 support (EOL) - Update test matrix to: 3.8, 3.9, 3.10, 3.11 - Remove build_legacy and build_wheels_py27 jobs - Update tox.ini envlist and gh-actions mappings - Update setup.cfg: removed Python 2.7 dependencies (enum34, pathlib2), updated classifiers and python_requires to >=3.8 Note: Python 3.12+ support is deferred to a future PR. The pike/path.py module relies on private pathlib internals (_WindowsFlavour) that were removed in Python 3.12, requiring a more substantial refactor. The pypi-publish upgrade addresses Dependabot security alerts.
marchhare09
force-pushed
the
fix-deprecated-github-actions
branch
from
2f2f230 to
7b65b80
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Update GitHub Actions to fix deprecation warnings and security alerts, and drop support for EOL Python versions.
GitHub Actions Updates
actions/upload-artifactfrom v3 to v4actions/download-artifactfrom v3 to v4pypa/gh-action-pypi-publishfrom v1.5.0 to v1.14.0ubuntu-20.04toubuntu-22.04The v4 artifact actions require unique names for each upload and explicit merging when downloading multiple artifacts.Added unique artifact names (
wheels-py3,sdist) andmerge-multiple: trueflag to maintain existing behavior.The pypi-publish upgrade addresses Dependabot security alerts.
Python Version Updates
build_legacyandbuild_wheels_py27jobstox.inienvlist and gh-actions mappingssetup.cfg: removed Python 2.7 dependencies (enum34,pathlib2), updated classifiers andpython_requiresto>=3.8Future Work
Python 3.12+ support is deferred to a future PR. The
pike/path.pymodule relies on private pathlib internals (_WindowsFlavour) that were removed in Python 3.12, requiring a more substantial refactor.