Bump the actions group across 1 directory with 2 updates

[dependabot[bot]]

Bumps the actions group with 2 updates in the / directory: scientific-python/upload-nightly-action and actions/create-github-app-token.

Updates scientific-python/upload-nightly-action from 0.6.1 to 0.6.2

Release notes

Sourced from scientific-python/upload-nightly-action's releases.

0.6.2

0.6.2 updates to use anaconda-client v1.13.0 and Python 3.13. The entire lock file is updated to pick up any security fixes.

What's Changed

• DOC: Clarify service is Anaconda.org by @​matthewfeickert in scientific-python/upload-nightly-action#116
• MNT: Update to anaconda-client v1.13.0 and project version v0.6.2 by @​matthewfeickert in scientific-python/upload-nightly-action#126

Internal and testing

• CI: Use a non-default path to run the upload action by @​matthewfeickert in scientific-python/upload-nightly-action#100
• CI: Use 'uv tool run' for build and twine by @​matthewfeickert in scientific-python/upload-nightly-action#101
• CI: Use pixi for all stages of testing by @​matthewfeickert in scientific-python/upload-nightly-action#102
• DEP: Changing dependabot to be monthly by @​bsipocz in scientific-python/upload-nightly-action#114

Full Changelog: https://github.com/scientific-python/upload-nightly-action/compare/0.6.1...0.6.2

Commits

• b36e8c0 MNT: Update to anaconda-client v1.13.0 and project version v0.6.2 (#126)
• 7093839 Build(deps): Bump the actions group with 2 updates (#122)
• 07ba11e Build(deps): Bump the actions group with 3 updates (#121)
• a715c4f Build(deps): Bump the actions group with 2 updates (#118)
• c7f3f25 DOC: Clarify service is Anaconda.org (#116)
• c7296da Build(deps): Bump the actions group with 2 updates (#115)
• 3eda6b5 DEP: Changing dependabot to be monthly (#114)
• 075f05d Build(deps): Bump the actions group with 3 updates (#113)
• dbe0cec Build(deps): Bump astral-sh/setup-uv in the actions group (#109)
• d296150 Build(deps): Bump astral-sh/setup-uv in the actions group (#108)
• Additional commits viewable in compare view

Updates actions/create-github-app-token from 1 to 2

Release notes

Sourced from actions/create-github-app-token's releases.

v2.0.0

2.0.0 (2025-04-03)

• feat!: remove deprecated inputs (#213) (5cc811b)

BREAKING CHANGES

• Removed deprecated inputs (app_id, private_key, skip_token_revoke) and made app-id and private-key required in the action configuration.

v1.12.0

1.12.0 (2025-03-27)

Features

• permissions (#168) (0e0aa99)

v1.11.7

1.11.7 (2025-03-20)

Bug Fixes

• deps: bump undici from 5.28.4 to 7.5.0 (#214) (a24b46a)

v1.11.6

1.11.6 (2025-03-03)

Bug Fixes

• deps: bump the production-dependencies group with 2 updates (#210) (1ff1dea)

v1.11.5

1.11.5 (2025-02-15)

Bug Fixes

... (truncated)

Commits

• 3ff1caa build(release): 2.0.2 [skip ci]
• eaef294 fix: improve log messages for token creation (#226)
• 86e2496 build(release): 2.0.1 [skip ci]
• 2411bfc fix(deps): bump the production-dependencies group across 1 directory with 2 u...
• f17d09a build(deps-dev): bump the development-dependencies group with 3 updates (#225)
• e250d17 ci(update-permission-inputs): add permissions (#230)
• ed258b4 Rename workflow
• 5c652ca Update update-inputs.yml
• 60ee75d ci(update-inputs): create initial version (#229)
• 064492a build(release): 2.0.0 [skip ci]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions