chore(deps): update actions/setup-python action to v6

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/setup-python	action	major	v5.6.0 → v6.2.0

---

Release Notes

actions/setup-python (actions/setup-python)

v6.2.0

Compare Source

v6.1.0

Compare Source

What's Changed

Enhancements:

• Add support for pip-install input by @​gowridurgad in #​1201
• Add graalpy early-access and windows builds by @​timfel in #​880

Dependency and Documentation updates:

• Enhanced wording and updated example usage for allow-prereleases by @​yarikoptic in #​979
• Upgrade urllib3 from 1.26.19 to 2.5.0 and document breaking changes in v6 by @​dependabot in #​1139
• Upgrade typescript from 5.4.2 to 5.9.3 and Documentation update by @​dependabot in #​1094
• Upgrade actions/publish-action from 0.3.0 to 0.4.0 & Documentation update for pip-install input by @​dependabot in #​1199
• Upgrade requests from 2.32.2 to 2.32.4 by @​dependabot in #​1130
• Upgrade prettier from 3.5.3 to 3.6.2 by @​dependabot in #​1234
• Upgrade @​types/node from 24.1.0 to 24.9.1 and update macos-13 to macos-15-intel by @​dependabot in #​1235

New Contributors

• @​yarikoptic made their first contribution in #​979

Full Changelog: actions/setup-python@v6...v6.1.0

v6.0.0

Compare Source

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in #​1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

• Add support for pip-version by @​priyagupta108 in #​1129
• Enhance reading from .python-version by @​krystof-k in #​787
• Add version parsing from Pipfile by @​aradkdj in #​1067

Bug fixes:

• Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @​aparnajyothi-y in #​1183
• Change missing cache directory error to warning by @​aparnajyothi-y in #​1182
• Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @​aparnajyothi-y in #​1122
• Include python version in PyPy python-version output by @​cdce8p in #​1110
• Update docs: clarification on pip authentication with setup-python by @​priya-kinthali in #​1156

Dependency updates:

• Upgrade idna from 2.9 to 3.7 in /tests/data by @​dependabot[bot] in #​843
• Upgrade form-data to fix critical vulnerabilities #​182 & #​183 by @​aparnajyothi-y in #​1163
• Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @​aparnajyothi-y in #​1165
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in #​1181
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in #​1095

New Contributors

• @​krystof-k made their first contribution in #​787
• @​cdce8p made their first contribution in #​1110
• @​aradkdj made their first contribution in #​1067

Full Changelog: actions/setup-python@v5...v6.0.0

v6

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[greptile-apps]

PR author is in the excluded authors list.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 093d97e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[wave-bugbot]

🌊 WAVE BugBot — 4 finding(s)

🔴 3 · 🟠 1

• 🔴 P0 .github/workflows/_checks.yml:57 CWE-89 — Unpinned action tag (@v1 vs commit SHA)
  Using a version tag (@v1) for an action can lead to security vulnerabilities if the action is updated in a way that introduces new risks. It's recommended to us
• 🔴 P0 .github/workflows/_checks.yml:57 CWE-89 — Unpinned action tag (@v1)
  Using a versioned tag like @v1 can lock you into an older version of the action. This increases the risk of vulnerabilities being introduced in newer versions.
• 🔴 P0 .github/workflows/_checks.yml:57 CWE-312 — Secrets echoed to logs
  The workflow does not appear to handle secrets securely. If any sensitive information is logged, it could be exposed to unauthorized users.
• 🟠 P1 .github/workflows/_checks.yml:57 CWE-89 — Unpinned Action tags
  Using a versioned tag like @v6.2.0 can lock you into an older version of the action. This increases the risk of vulnerabilities being introduced in newer versio

_{severity: critical · major · minor · info — local review · $0 inference · wave-dispatch · react 👍/👎 to tune}