From a1d51ebfb328420d0ff07d77e28d4e38c3eaf4e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sun, 28 Jun 2026 21:02:48 +0000
Subject: [PATCH] [actions] (deps): Bump the dev-dependencies group across 1
 directory with 3 updates

Bumps the dev-dependencies group with 3 updates in the / directory: [py-cov-action/python-coverage-comment-action](https://github.com/py-cov-action/python-coverage-comment-action), [actions/checkout](https://github.com/actions/checkout) and [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python).


Updates `py-cov-action/python-coverage-comment-action` from 3.41 to 4.1
- [Release notes](https://github.com/py-cov-action/python-coverage-comment-action/releases)
- [Commits](https://github.com/py-cov-action/python-coverage-comment-action/compare/63f52f4fbbffada6e8dee8ec432de7e01df9ba79...5d8df5979747514c914e1c5a12335a7cf9a2745f)

Updates `actions/checkout` from 6 to 7
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v6...v7)

Updates `sigstore/gh-action-sigstore-python` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases)
- [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/gh-action-sigstore-python/compare/04cffa1d795717b140764e8b640de88853c92acc...5b79a39c381910c090341a2c9b0bf022c8b387e1)

---
updated-dependencies:
- dependency-name: py-cov-action/python-coverage-comment-action
  dependency-version: '4.1'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: actions/checkout
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dev-dependencies
- dependency-name: sigstore/gh-action-sigstore-python
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dev-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/coverage.yaml        | 2 +-
 .github/workflows/publish-to-pypi.yaml | 4 ++--
 .github/workflows/pyright.yaml         | 2 +-
 .github/workflows/pytest.yaml          | 6 +++---
 .github/workflows/ruff.yaml            | 2 +-
 5 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml
index 75bdf0d..c1a6e4a 100644
--- a/.github/workflows/coverage.yaml
+++ b/.github/workflows/coverage.yaml
@@ -17,7 +17,7 @@ jobs:
       actions: read
     steps:
     - name: Python Coverage Comment
-      uses: py-cov-action/python-coverage-comment-action@63f52f4fbbffada6e8dee8ec432de7e01df9ba79
+      uses: py-cov-action/python-coverage-comment-action@5d8df5979747514c914e1c5a12335a7cf9a2745f
       with:
         GITHUB_TOKEN: ${{ github.token }}
         GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }}
diff --git a/.github/workflows/publish-to-pypi.yaml b/.github/workflows/publish-to-pypi.yaml
index b627892..ea667db 100644
--- a/.github/workflows/publish-to-pypi.yaml
+++ b/.github/workflows/publish-to-pypi.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Set up Python
       uses: actions/setup-python@v6
       with:
@@ -71,7 +71,7 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: Sign the dists with Sigstore
-      uses: sigstore/gh-action-sigstore-python@04cffa1d795717b140764e8b640de88853c92acc #v3.3.0
+      uses: sigstore/gh-action-sigstore-python@5b79a39c381910c090341a2c9b0bf022c8b387e1 #v3.4.0
       with:
         inputs: >-
           ./dist/*.tar.gz
diff --git a/.github/workflows/pyright.yaml b/.github/workflows/pyright.yaml
index fb99257..b0da9d6 100644
--- a/.github/workflows/pyright.yaml
+++ b/.github/workflows/pyright.yaml
@@ -12,7 +12,7 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Set up Python
       uses: actions/setup-python@v6
       with:
diff --git a/.github/workflows/pytest.yaml b/.github/workflows/pytest.yaml
index 961ff89..e50b2d7 100644
--- a/.github/workflows/pytest.yaml
+++ b/.github/workflows/pytest.yaml
@@ -18,7 +18,7 @@ jobs:
         python-version: ["3.10", "3.11", "3.12", "3.13", "3.14"]
 
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Set up Python
       uses: actions/setup-python@v6
       with:
@@ -51,7 +51,7 @@ jobs:
       pull-requests: write
       contents: write
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - uses: actions/download-artifact@v8
       id: download
       with:
@@ -63,7 +63,7 @@ jobs:
         echo "[run]" >> .coveragerc
         echo "relative_files = true" >> .coveragerc
     - name: Python Coverage Comment
-      uses: py-cov-action/python-coverage-comment-action@63f52f4fbbffada6e8dee8ec432de7e01df9ba79
+      uses: py-cov-action/python-coverage-comment-action@5d8df5979747514c914e1c5a12335a7cf9a2745f
       with:
         GITHUB_TOKEN: ${{ github.token }}
         MERGE_COVERAGE_FILES: true
diff --git a/.github/workflows/ruff.yaml b/.github/workflows/ruff.yaml
index c3c1eea..ff87d99 100644
--- a/.github/workflows/ruff.yaml
+++ b/.github/workflows/ruff.yaml
@@ -12,7 +12,7 @@ jobs:
 
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v6
+    - uses: actions/checkout@v7
     - name: Set up Python
       uses: actions/setup-python@v6
       with: