From acc9ea67434f46706eee9f4d2dc1e06f2dff2602 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Feb 2026 17:46:38 +0000
Subject: [PATCH 1/6] Bump codecov/codecov-action from 3 to 5

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v3...v5)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4952caf..cf6b26e 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -55,7 +55,7 @@ jobs:
         run: python -m build
 
       - name: Upload coverage
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
         if: matrix.python-version == '3.8'
         with:
           env_vars: PYTHON

From aa1b105cf20251031749da66a453e93bdc2b7929 Mon Sep 17 00:00:00 2001
From: Natty Linden <natty@lindenlab.com>
Date: Thu, 5 Feb 2026 18:01:45 +0000
Subject: [PATCH 2/6] Try building on runners that are still available
 [dependabot skip]

---
 .github/workflows/ci.yaml | 28 +++++++++++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index cf6b26e..5987e26 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -15,7 +15,7 @@ jobs:
       image: ${{ matrix.container-image }}
     env:
       PYTHON: ${{ matrix.python-version }}
-    runs-on: [ubuntu-20.04]
+    runs-on: [ubuntu-latest]
     strategy:
       # Finish the other builds even if one fails.
       fail-fast: false
@@ -24,6 +24,8 @@ jobs:
         include:
           - python-version: '2.7'
             container-image: python:2.7
+          - python-version: '3.7'
+            container-image: python:3.7
     steps:
       - uses: actions/checkout@v4
         with:
@@ -38,6 +40,30 @@ jobs:
         with:
           python-version: ${{ matrix.python-version }}
 
+      - name: Let git run in the containerized workspace
+        if: matrix.container-image
+        run: |
+          set -euxo pipefail
+
+          # Actions will create the workspace directory as runner (uid 1001) on
+          # the "real" agent host before it runs the container. actions/checkout
+          # will set `safe.directory` so it can check out the project as the
+          # container user to runner's workspace directory, but it does so with
+          # a temporary $HOME set, so `safe.directory` appears unset by the time
+          # we're in another step. For containers with git 2.30.2+, like
+          # python:3.7, that means git operations will exit with a "dubious
+          # ownership" error.
+          id -u
+          ls -lAd "$GITHUB_WORKSPACE"
+          ls -lA "$GITHUB_WORKSPACE"
+          git config --get-all safe.directory || true
+
+          # Set safe.directory on the workspace so that setuptools-scm can
+          # identify the version of the package we're packaging.
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+        shell: bash
+
       - name: Install python dependencies
         run: |
           pip install wheel build tox

From b3f73f50600836ef27eb1896b1aac7c0954d3996 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Feb 2026 12:00:54 -0800
Subject: [PATCH 3/6] Bump actions/setup-python from 5 to 6 (#12)

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5987e26..769a460 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -33,7 +33,7 @@ jobs:
           # most recent version tag.
           fetch-depth: 0
 
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         # Only set up Python if we're running directly on an agent. If we're in
         # a container, the image should already provide the intended Python.
         if: '! matrix.container-image'

From 4746749b21d45ecb91fdb317d9ef2fd0291ab0b6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Feb 2026 12:07:37 -0800
Subject: [PATCH 4/6] Bump actions/checkout from 4 to 6 (#15)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 769a460..bd49ad4 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -27,7 +27,7 @@ jobs:
           - python-version: '3.7'
             container-image: python:3.7
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           # Fetch all the history so setuptools_scm can version relative to the
           # most recent version tag.

From fdd3c888cfbe6f3701cba0ab501549b0e19b66e4 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Feb 2026 12:09:11 -0800
Subject: [PATCH 5/6] Bump actions/upload-artifact from 4 to 6 (#16)

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index bd49ad4..82087dd 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -89,7 +89,7 @@ jobs:
           # fail_ci_if_error: true
           files: .coverage.${{ steps.pyenv.outputs.value }}.xml
 
-      - uses: actions/upload-artifact@v4
+      - uses: actions/upload-artifact@v6
         if: matrix.python-version == '2.7' || matrix.python-version == '3.8'
         with:
           name: dist-${{ matrix.python-version }}

From 05e57445b8861a17f61a9ed895ef6d29af2bee57 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 5 Feb 2026 12:09:25 -0800
Subject: [PATCH 6/6] Bump actions/download-artifact from 4 to 7 (#17)

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/ci.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 82087dd..b31c073 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -103,7 +103,7 @@ jobs:
       id-token: write
     if: github.event_name != 'pull_request'
     steps:
-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v7
 
       - name: Organize files for upload
         run: |