chore(deps): bump the github-actions group across 1 directory with 2 updates

[dependabot]

Bumps the github-actions group with 2 updates in the / directory: cda-tum/mqt-workflows and actions/attest-build-provenance.

Updates cda-tum/mqt-workflows from 1.4.7 to 1.5.0

Release notes

Sourced from cda-tum/mqt-workflows's releases.

MQT Reusable Workflows 1.5.0 Release

👀 What Changed

This release mainly brings an update to cibuildwheel. See https://cibuildwheel.pypa.io/en/stable/changelog/#v2220 for a changelog. The following change is affecting MQT projects and will require adaptations:

🌟 Added a new CIBW_ENABLE/enable feature that replaces CIBW_FREETHREADED_SUPPORT/free-threaded-support and CIBW_PRERELEASE_PYTHONS with a system that supports both. In cibuildwheel 3, this will also include a PyPy setting and the deprecated options will be removed.

The free-threaded-support option should be changed to the corresponing enable option. Specifically,

[tool.cibuildwheel]
# Enable free-threaded support
enable = ["cpython-freethreading"]

See https://cibuildwheel.pypa.io/en/stable/options/#enable for more details.

Cibuildwheel now also supports PEP 735 dependency groups, which are already available in uv as well. Thus, projects might switch over to using them. See https://cibuildwheel.pypa.io/en/stable/options/#test-groups for more details.

Finally, this release updates the setup-uv and the codecov-action to new major versions whose (breaking) changes should not cause any issues for our repositories.

⬆️ Dependencies

• Bump the github-actions group with 2 updates @​dependabot (#50)
• Bump codecov/codecov-action from 4 to 5 in the github-actions group @​dependabot (#49)

Full Changelog: munich-quantum-toolkit/workflows@v1.4.8...v1.5.0

MQT Reusable Workflows 1.4.8 Release

👀 What Changed

🤖 CI

• 🔧 also detect common other Python test changes @​burgholzer (#48)

⬆️ Dependencies

• 🔧 also detect common other Python test changes @​burgholzer (#48)

Full Changelog: munich-quantum-toolkit/workflows@v1.4.7...v1.4.8

Commits

• 658aecd Bump the github-actions group with 2 updates (#50)
• fd1dd5a Bump codecov/codecov-action from 4 to 5 in the github-actions group (#49)
• 2259ee3 🔧 also detect common other Python test changes (#48)
• See full diff in compare view

Updates actions/attest-build-provenance from 1.4.4 to 2.0.0

Release notes

Sourced from actions/attest-build-provenance's releases.

v2.0.0

The attest-build-provenance action now supports attesting multiple subjects simultaneously. When identifying multiple subjects with the subject-path input a single attestation is created with references to each of the supplied subjects, rather than generating separate attestations for each artifact. This reduces the number of attestations that you need to create and manage.

What's Changed

• Bump cross-spawn from 7.0.3 to 7.0.6 by @​dependabot in actions/attest-build-provenance#319
• Prepare v2.0.0 release by @​bdehamer in actions/attest-build-provenance#321
  • Bump actions/attest from 1.4.1 to 2.0.0 (w/ multi-subject attestation support)

Full Changelog: actions/attest-build-provenance@v1.4.4...v2.0.0

Commits

• 619dbb2 bump actions/attest to v2.0.0 (#321)
• 90d4930 Bump the npm-development group with 3 updates (#329)
• fb315c1 Bump the npm-development group with 5 updates (#323)
• a379071 Bump cross-spawn from 7.0.3 to 7.0.6 (#319)
• dada0c3 Bump the npm-development group across 1 directory with 5 updates (#317)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[DRovara]

@dependabot squash and merge