chore(deps): update github-actions-updates

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
codecov/codecov-action	action	patch	v5.5.1 → v5.5.4
pypa/gh-action-pypi-publish	action	minor	v1.13.0 → v1.14.0
release-drafter/release-drafter	action	minor	v6.1.0 → v6.4.0

---

Release Notes

codecov/codecov-action (codecov/codecov-action)

v5.5.4

Compare Source

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

• Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @​thomasrockhu-codecov in #​1926
• chore(release): 5.5.4 by @​thomasrockhu-codecov in #​1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

Compare Source

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in #​1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in #​1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

v5.5.2

Compare Source

What's Changed

Full Changelog: https://github.com/codecov/codecov-action/compare/v5.5.1..v5.5.2

pypa/gh-action-pypi-publish (pypa/gh-action-pypi-publish)

v1.14.0

Compare Source

Audit your supply chain regularly!

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #​397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #​388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #​395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#​391) and @​webknjaz💰 added infra for using type annotations in the project (#​381).

💪 New Contributors

• @​him2him2 made their first contribution in #​395
• @​whitequark made their first contribution in #​397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

release-drafter/release-drafter (release-drafter/release-drafter)

v6.4.0

Compare Source

What's Changed

New

• feat: Add support to excluded-paths (#​1522) @​guimorg
• feat: add include-pre-releases to action inputs (#​1525) @​cchanche

Maintenance

• revert: deprecate include-pre-releases (#​1523) @​cchanche

Full Changelog: release-drafter/release-drafter@v6.3.0...v6.4.0

v6.3.0

Compare Source

What's Changed

New

• feat: deprecate include-pre-releases in favor of prerelease (#​1515) @​christopherklint97

Maintenance

• chore: use probot logger instead of @​actions/core (#​1520) @​cchanche

Dependency Updates

8 changes

• chore: update lockfile (#​1521) @​cchanche
• build(deps-dev): bump brace-expansion from 1.1.11 to 1.1.12 (#​1494) @​dependabot[bot]
• build(deps): bump js-yaml (#​1493) @​dependabot[bot]
• build(deps-dev): bump node-fetch from 2.6.7 to 2.7.0 (#​1485) @​dependabot[bot]
• build(deps-dev): bump @​vercel/ncc from 0.34.0 to 0.38.4 (#​1484) @​dependabot[bot]
• build(deps): bump deepmerge from 4.2.2 to 4.3.1 (#​1482) @​dependabot[bot]
• build(deps): bump jws from 3.2.2 to 3.2.3 (#​1495) @​dependabot[bot]
• build(deps): bump lodash from 4.17.21 to 4.17.23 (#​1489) @​dependabot[bot]

Full Changelog: release-drafter/release-drafter@v6.2.0...v6.3.0

v6.2.0

Compare Source

What's Changed

New

• Add config option for history-limit (#​1470) @​gjvoosten
• Add 'commits-since' configuration option for release drafts (#​1451) @​slawekjaranowski

Maintenance

• build: support OIDC for npmjs publishing (#​1480) @​cchanche

Documentation

• Update README.md (#​1434) @​kunaljubce

Full Changelog: release-drafter/release-drafter@v6.1.1...v6.2.0

v6.1.1

Compare Source

What's Changed

Bug Fixes

• Honor Version Template (#​1459) @​ChronosMasterOfAllTime

Documentation

• docs: Add missing action inputs to README (#​1472) @​sasamuku

Full Changelog: release-drafter/release-drafter@v6.1.0...v6.1.1

---

Configuration

📅 Schedule: (in timezone Europe/Berlin)

• Branch creation
  • "before 4am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[claude]

Security & Bug Review

No bugs or security vulnerabilities identified.

This PR updates codecov/codecov-action from v5.5.1 to v5.5.2, a patch version bump.

Analysis:

• Change scope: Single line version update in GitHub Actions workflow
• Risk level: Low - patch version updates typically contain bug fixes and minor improvements
• Security: No security-related concerns identified with this update
• CI/CD status: All checks passing (pre-commit, mypy, tests across Python 3.10-3.13, typeguard, xdoctest, docs-build)
• Usage context: The action is used correctly with proper secret token passing, appropriate file specification, and runs in isolated coverage job after tests complete

Recommendation:

✅ Safe to merge - This is a routine maintenance update with all quality gates passing.

[claude]

Code Review - PR #836

Status: ✅ No bugs or security issues found

Summary

This PR updates codecov/codecov-action from v5.5.1 to v5.5.2 - a patch version bump for the code coverage reporting GitHub Action.

Security Assessment

• ✅ Official codecov action from trusted source
• ✅ Patch version update (low risk)
• ✅ No changes to authentication or secrets handling
• ✅ All CI/CD checks passing

Code Quality

• ✅ Isolated change to single workflow file
• ✅ No source code modifications
• ✅ Standard dependency maintenance

Recommendation: Safe to merge.

---

Automated review by Claude Code