Updates December 2024

.github/workflows/cache-cleaner.yml

@@ -16,7 +16,7 @@ jobs:
       actions: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

.github/workflows/main.yml

@@ -34,7 +34,7 @@ jobs:
             python-version: "pypy3.10"
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

{{cookiecutter.project_slug}}/.github/workflows/bump-version.yml

@@ -55,7 +55,7 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

{{cookiecutter.project_slug}}/.github/workflows/cache-cleaner.yml

@@ -16,7 +16,7 @@ jobs:
       actions: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

{{cookiecutter.project_slug}}/.github/workflows/dependency-review.yml

@@ -17,7 +17,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block
@@ -30,4 +30,4 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Dependency Review
-        uses: actions/dependency-review-action@4081bf99e2866ebe428fc0477b69eb4fcda7220a # v4.4.0
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

{{cookiecutter.project_slug}}/.github/workflows/first-pull-request.yml

@@ -16,7 +16,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

{{cookiecutter.project_slug}}/.github/workflows/label.yml

@@ -23,7 +23,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

{{cookiecutter.project_slug}}/.github/workflows/main.yml

@@ -33,7 +33,7 @@ jobs:
           - "3.x"
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
       - name: Checkout Repository
@@ -65,7 +65,7 @@ jobs:
           - "3.13"
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
       - name: Checkout Repository
@@ -109,27 +109,24 @@ jobs:
         shell: bash -l {0}
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
       - name: Checkout Repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Setup Conda (Micromamba) with Python__PYTHON_VERSION__
-        uses: mamba-org/setup-micromamba@617811f69075e3fd3ae68ca64220ad065877f246 # v2.0.0
+        uses: mamba-org/setup-micromamba@06375d89d211a1232ef63355742e9e2e564bc7f7 # v2.0.2
         with:
           cache-downloads: true
           environment-file: environment-dev.yml
           create-args: >-
             python=__PYTHON_VERSION__
-      - name: Conda and Mamba versions
-        run: |
-          echo "micromamba $(micromamba --version)"
       - name: Install {{ cookiecutter.project_name }}
         run: |
           python -m pip install --no-deps .
       - name: Check versions
         run: |
-          conda list
+          micromamba list
           python -m pip check || true
       - name: Test with pytest
         run: |
@@ -154,7 +151,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: audit

{{cookiecutter.project_slug}}/.github/workflows/publish-pypi.yml

@@ -18,7 +18,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block
@@ -41,4 +41,4 @@ jobs:
         run: |
           python -m flit build
       - name: Publish distribution 📦 to PyPI
-        uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0
+        uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2

{{cookiecutter.project_slug}}/.github/workflows/scorecard.yml

@@ -29,7 +29,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

{{cookiecutter.project_slug}}/.github/workflows/tag-testpypi.yml

@@ -17,13 +17,13 @@ jobs:
       contents: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
       - name: Checkout Repository
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Create Release
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # 2.0.8
+        uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # 2.1.0
         env:
           # This token is provided by Actions, you do not need to create your own token
           GITHUB_TOKEN: __GITHUB_TOKEN__
@@ -42,7 +42,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block
@@ -65,7 +65,7 @@ jobs:
         run: |
           python -m flit build
       - name: Publish distribution 📦 to Test PyPI
-        uses: pypa/gh-action-pypi-publish@fb13cb306901256ace3dab689990e13a5550ffaa # v1.11.0
+        uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
         with:
           repository-url: https://test.pypi.org/legacy/
           skip-existing: true

{{cookiecutter.project_slug}}/.github/workflows/workflow-warning.yml

@@ -26,7 +26,7 @@ jobs:
       pull-requests: write
     steps:
       - name: Harden Runner
-        uses:  step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses:  step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           disable-sudo: true
           egress-policy: block

{{cookiecutter.project_slug}}/.pre-commit-config.yaml

@@ -6,9 +6,9 @@ repos:
     rev: v3.17.0
     hooks:
       - id: pyupgrade
-        args: [ '--py38-plus' ]
+        args: [ '--py39-plus' ]
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
       - id: end-of-file-fixer
@@ -22,7 +22,7 @@ repos:
       - id: check-yaml
         args: [ '--allow-multiple-documents' ]
   - repo: https://github.com/pappasam/toml-sort
-    rev: v0.23.1
+    rev: v0.24.2
     hooks:
       - id: toml-sort-fix
   - repo: https://github.com/pre-commit/pygrep-hooks
@@ -35,7 +35,7 @@ repos:
       - id: rst-inline-touching-normal
   {%- if cookiecutter.use_black == 'y' %}
   - repo: https://github.com/psf/black-pre-commit-mirror
-    rev: 24.8.0
+    rev: 24.10.0
     hooks:
       - id: black
         {% if cookiecutter.make_docs %}exclude: ^docs/{% endif %}
@@ -46,7 +46,7 @@ repos:
         {% if cookiecutter.make_docs %}exclude: ^docs/{% endif %}
   {%- endif %}
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.5.7
+    rev: v0.8.2
     hooks:
       - id: ruff
         args: [ '--fix' ]
@@ -62,7 +62,7 @@ repos:
     rev: v0.3.9
     hooks:
       - id: blackdoc
-        additional_dependencies: [ 'black==24.8.0' ]
+        additional_dependencies: [ 'black==24.10.0' ]
       - id: blackdoc-autoupdate-black
   {%- endif %}
   - repo: https://github.com/adrienverge/yamllint.git
@@ -76,7 +76,7 @@ repos:
       - id: numpydoc-validation
         exclude: {% if cookiecutter.make_docs %}^docs/|{% endif %}^tests/
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.29.1
+    rev: 0.30.0
     hooks:
       - id: check-github-workflows
       - id: check-readthedocs

{{cookiecutter.project_slug}}/environment-dev.yml

@@ -5,28 +5,31 @@ dependencies:
   - python >=3.9,<3.13
   # Dev tools and testing
   - pip >=24.3.1
+  {%- if cookiecutter.use_black == 'y' %}
+  - black ==24.10.0
+  - blackdoc ==0.3.9
+  {%- endif %}
   - bump-my-version >=0.28.0
-  - watchdog >=4.0.0
+  {%- if cookiecutter.command_line_interface|lower == 'click' %}
+  - click >=8.1.7
+  {%- endif %}
+  - coverage >=7.5.0
+  - coveralls >=4.0.1
   - flake8 >=7.1.1
   - flake8-rst-docstrings >=0.3.0
   - flit >=3.9.0,<4.0
-  - tox >=4.23.2
-  - coverage >=7.5.0
-  - coveralls >=4.0.1
-  {%- if cookiecutter.command_line_interface|lower == 'click' %}
-  - click >=8.1.7
-  {%- elif cookiecutter.command_line_interface|lower == 'typer' %}
-  - typer >=0.12.3
+  {%- if cookiecutter.use_black == 'y' %}
+  - isort ==5.13.2
   {%- endif %}
+  - numpydoc >=1.8.0
+  - pre-commit >=3.5.0
   {%- if cookiecutter.use_pytest == 'y' %}
   - pytest >=8.3.2
   - pytest-cov >=5.0.0
   {%- endif %}
-  {%- if cookiecutter.use_black == 'y' %}
-  - black ==24.10.0
-  - blackdoc ==0.3.9
-  - isort ==5.13.2
+  - ruff >=0.8.2
+  - tox >=4.23.2
+  {%- if cookiecutter.command_line_interface|lower == 'typer' %}
+  - typer >=0.12.3
   {%- endif %}
-  - numpydoc >=1.8.0
-  - pre-commit >=3.5.0
-  - ruff >=0.7.0
+  - watchdog >=4.0.0

{{cookiecutter.project_slug}}/environment-docs.yml

@@ -4,19 +4,23 @@ channels:
   - defaults
 dependencies:
   - python >=3.12,<3.13
-  - sphinx >=7.0.0
+  # Docs
+  {%- if cookiecutter.command_line_interface|lower == 'click' %}
+  - click >=8.1.7
+  {%- endif %}
   - pandoc
-  - sphinx-rtd-theme >=1.0
+  - sphinx >=7.0.0
   - sphinx-autoapi
+  {%- if cookiecutter.command_line_interface|lower == 'click' %}
+  - sphinx-click
+  {%- endif %}
   - sphinx-codeautolink
   - sphinx-copybutton
   {%- if cookiecutter.add_translations == 'y' %}
   - sphinx-intl
   {%- endif %}
   - sphinxcontrib-napoleon
-  {%- if cookiecutter.command_line_interface|lower == 'click' %}
-  - click >=8.1.7
-  - sphinx-click
-  {% elif cookiecutter.command_line_interface|lower == 'typer' %}
+  - sphinx-rtd-theme >=1.0
+  {%- if cookiecutter.command_line_interface|lower == 'typer' %}
   - typer >=0.12.3
-  {%- endif %}
+{% endif -%}