chore: apply updates from template with cruft update

.cruft.json

@@ -1,6 +1,6 @@
 {
   "template": "https://github.com/bruno-fs/cookiecutter-hypermodern-python",
-  "commit": "a516f7058ca67b612d08a933885c2bfa85d1f9e2",
+  "commit": "c6eb54be973f72077cc15aadf5eb43a9ebd7978c",
   "checkout": null,
   "context": {
     "cookiecutter": {

.github/dependabot.yml

@@ -5,32 +5,32 @@ updates:
     schedule:
       interval: weekly
     groups:
-      version-updates:
+      github-actions-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      github-actions-security-updates:
         applies-to: security-updates
         dependency-type: development
   - package-ecosystem: pip
     directory: "/.github/workflows"
     schedule:
       interval: weekly
     groups:
-      version-updates:
+      workflow-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      workflow-security-updates:
         applies-to: security-updates
         dependency-type: development
   - package-ecosystem: pip
     directory: "/docs"
     schedule:
       interval: weekly
     groups:
-      version-updates:
+      doc-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      doc-security-updates:
         applies-to: security-updates
         dependency-type: production
   - package-ecosystem: pip
@@ -41,9 +41,9 @@ updates:
     allow:
       - dependency-type: "all"
     groups:
-      version-updates:
+      pip-version-updates:
         applies-to: version-updates
         dependency-type: development
-      security-updates:
+      pip-security-updates:
         applies-to: security-updates
         dependency-type: production

.github/workflows/constraints.txt

@@ -1,5 +1,5 @@
-pip==24.0
+pip==24.1.2
 nox==2024.4.15
 nox-poetry==1.0.3
 poetry==1.8.3
-virtualenv==20.26.2
+virtualenv==20.26.3

.github/workflows/release.yml

@@ -39,7 +39,7 @@ jobs:
       - name: Detect and tag new version
         id: check-version
         if: steps.check-parent-commit.outputs.sha
-        uses: salsify/[email protected].1
+        uses: salsify/[email protected].3
         with:
           version-command: |
             bash -o pipefail -c "poetry version | awk '{ print \$2 }'"
@@ -57,21 +57,21 @@ jobs:
 
       - name: Publish package on PyPI
         if: steps.check-version.outputs.tag
-        uses: pypa/gh-action-pypi-publish@v1.8.6
+        uses: pypa/gh-action-pypi-publish@v1.9.0
         with:
           user: __token__
           password: ${{ secrets.PYPI_TOKEN }}
 
       - name: Publish package on TestPyPI
         if: "! steps.check-version.outputs.tag"
-        uses: pypa/gh-action-pypi-publish@v1.8.6
+        uses: pypa/gh-action-pypi-publish@v1.9.0
         with:
           user: __token__
           password: ${{ secrets.TEST_PYPI_TOKEN }}
           repository_url: https://test.pypi.org/legacy/
 
       - name: Publish the release notes
-        uses: release-drafter/release-drafter@v5.23.0
+        uses: release-drafter/release-drafter@v6.0.0
         with:
           publish: ${{ steps.check-version.outputs.tag != '' }}
           tag: ${{ steps.check-version.outputs.tag }}

.github/workflows/tests.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches: [main, master]
   pull_request:
+    branches: [main, master]
 
 jobs:
   tests:
@@ -226,4 +227,4 @@ jobs:
           nox --session=coverage -- xml
 
       - name: Upload coverage report
-        uses: codecov/codecov-action@v3.1.4
+        uses: codecov/codecov-action@v4.5.0

.safety-policy.yml

@@ -0,0 +1,4 @@
+security:
+  ignore-vulnerabilities:
+    "70612":
+      reason: Not a bug. This is the same as marking python as unsafe due to the existence of 'eval'. See https://bugzilla.redhat.com/show_bug.cgi?id=1677653