Bump the actions group with 2 updates

[dependabot]

Updates the requirements on altair and netcdf4 to permit the latest version.
Updates altair to 5.4.0

Release notes

Sourced from altair's releases.

Version 5.4.0

What's Changed

Enhancements

• Update Vega-Lite from version 5.17.0 to version 5.20.1; see Vega-Lite Release Notes. By @​binste in vega/altair#3479 and vega/altair#3525
• Remove several dependencies to make the package more lightweight:
  • feat: make pandas and NumPy optional dependencies, don't require PyArrow for plotting with Polars/Modin/cuDF by @​MarcoGorelli in vega/altair#3452
  • Remove toolz dependency by @​dangotbanned in vega/altair#3426
• feat: Improve the syntax for conditions with multiple predicates. See the documentation of alt.when for examples by @​dangotbanned in vega/altair#3427 and vega/altair#3492
• feat: Reimplement alt.expr as a class that is understood by IDEs by @​dangotbanned in vega/altair#3466
• feat: Support a wider range of iterables, i.e. many places in Altair now accept not only lists but np.array, pd.Series, tuples, etc. by @​dangotbanned in vega/altair#3501
• feat: Adds 4 new carbon themes, provide autocomplete for themes by @​dangotbanned in vega/altair#3516
• perf: Fix issues with Chart|LayerChart.encode, 1.32x speedup to infer_encoding_types by @​dangotbanned in vega/altair#3444

Various typing improvements:

• feat(typing): Adds public altair.typing module by @​dangotbanned in vega/altair#3515
• feat(typing): @deprecated versioning, IDE highlighting by @​dangotbanned in vega/altair#3455
• feat: Adds ChartType type and type guard is_chart_type. Change PurePath to Path type hints by @​dangotbanned in vega/altair#3420
• feat(typing): adds Map alias for Mapping[str, Any] by @​dangotbanned in vega/altair#3458
• feat(typing): Ban typing.Optional import using ruff by @​dangotbanned in vega/altair#3460
• feat(typing): Further simplify generated Literal aliases by @​dangotbanned in vega/altair#3469
• feat(typing): Fully annotate api.py by @​dangotbanned in vega/altair#3508

Bug Fixes

• fix(typing): Resolve mypy==1.11.0 issues in plugin_registry by @​dangotbanned in vega/altair#3487
• fix: solve mypy errors which are due to same object names in core.py and channels.py by @​binste in vega/altair#3414
• fix: remove remapped ruff rule PLR1701 by @​dangotbanned in vega/altair#3453
• fix(docs): @utils.use_signature formatting by @​dangotbanned in vega/altair#3450
• fix(typing): Ignore [arg-type] error in _deduplicate_enum_errors by @​dangotbanned in vega/altair#3475
• fix: Restrict static & runtime top-level imports by @​dangotbanned in vega/altair#3482
• fix: Avoid sphinx error "Code Execution failed:NameError: name 'format_locale' is not defined" by @​dangotbanned in vega/altair#3503
• fix: replace deprecated sphinx default by @​dangotbanned in vega/altair#3512
• fix(ruff): Bump ruff, fix RUF031 by @​dangotbanned in vega/altair#3529

Documentation

• docs: Versioning policy by @​dangotbanned in vega/altair#3488
• docs: Add example of reordering stacked bars by @​joelostblom in vega/altair#3395
• docs: Add example of how to create polar bar charts by @​joelostblom in vega/altair#3428
• docs: Add example of cumulative line chart with facet by @​dsmedia in vega/altair#3440
• docs: Add example with hover path and search box by @​dsmedia in vega/altair#3459
• docs: Add example for Bar Chart with Highlighting on Hover and Selection on Click by @​dangotbanned in vega/altair#3485
• docs: Link to Vega Theme Test in user guide by @​dangotbanned in vega/altair#3528
• docs: Fix and improve alt.Optional doc by @​dangotbanned in vega/altair#3449
• docs: Fix camel case of fillOpacity channel by @​timtroendle in vega/altair#3465
• docs: Fix CONTRIBUTING.md phrasing by @​dangotbanned in vega/altair#3477
• docs: Reduce number of items in header to 4 by @​binste in vega/altair#3401
• docs: Link to project board for roadmap by @​joelostblom in vega/altair#3404
• docs: Use raw strings with escape sequences by @​joelostblom in vega/altair#3411

... (truncated)

Commits

• f0b691e chore: bump version to 5.4.0
• 2fcb77e feat: Update Vega-Lite to 5.20.1 (#3525)
• e8edae6 refactor: Simplify unreachable compound chart cases (#3520)
• e402b3c ci(ruff): Enforce the default C901 complexity (#3531)
• ae7e702 chore: Remove filterwarnings from tests for cross-version pandas compatibilit...
• f0c1e0a feat: Support a wider range of iterables in SchemaBase.to_dict (#3501)
• 3e9faaa feat: Adds vega-themes.json using vl_convert (#3523)
• ee7fd19 feat(typing): Adds public altair.typing module (#3515)
• 6d69bfb fix(ruff): Bump ruff, fix RUF031 (#3529)
• f06fc6c docs: Link to Vega Theme Test in user guide (#3528)
• Additional commits viewable in compare view

Updates netcdf4 to 1.7.1.post2

Changelog

Sourced from netcdf4's changelog.

version 1.7.2 (not yet released)

• add static type hints (PR #1302)
• Expose nc_rc_set, nc_rc_get (via rc_set, rc_get module functions). (PR #1348)

version 1.7.1 (tag v1.7.1rel)

• include nc_complex source code from v0.2.0 tag (instead of using submodule).
• add aarch64 wheels.

version 1.7.0 (tag v1.7.0rel)

• add support for complex numbers via auto_complex keyword to Dataset (PR #1295)
• fix for deprecated Cython DEF and IF statements using compatibility header with shims for unavailable functionality (PR #1277)
• use szip as the library name on Windows (PR #1304)
• add support for MS-MPI MPI_Message detection (PR #1305)
• fix for issue #1306 - surprising result when indexing vlen str with non-contiguous indices.
• Fix bug in set_collective introduced in PR #1277 (collective mode was always set).

version 1.6.5 (tag v1.6.5rel)

• fix for issue #1271 (mask ignored if bool MA assinged to uint8 var)
• include information on specific object when reporting errors from netcdf-c
• python 3.12 wheels added, support for python 3.7 removed.

version 1.6.4 (tag v1.6.4rel)

• set path to SSL certificates internally, so https DAP URLs work with wheels (issue #1246, requires nc_rc_set function available starting with netcdf-c 4.9.1, plus bugfix in netcdf-c PR #2690). Added certifi as a dependency.
• Added isopen method to MFDataset object to check if underlying files are open.

version 1.6.3 (tag v1.6.3rel)

• Use nc_put_vars for strided writes for netcdf-c >= 4.6.2 (issue #1222).
• _Unsigned="false" should be same as not having _Unsigned set (issue #1232). _Unsigned now must be set to "true" or "True" for variable to be interpreted as unsigned, instead of just having _Unsigned be set (to anything).
• pypi wheels built with netcdf-c 4.9.1.

version 1.6.2 (tag v1.6.2rel)

• Added netCDF4.__has_set_alignment__ property to help identify if the underlying netcdf4 supports setting the HDF5 alignment.
• Slicing multi-dimensional variables with an all False boolean index array now returns an empty numpy array (instead of raising an exception - issue #1197).

... (truncated)

Commits

• 8d4fa64 update tag to rebuild windows wheel
• 553cf18 bump version to 1.7.1.post1
• 2b59eba Merge pull request #1339 from ocefpaf/numpy_20
• c10d769 Merge pull request #1325 from Unidata/dependabot/github_actions/actions/downl...
• 1610ccd Merge pull request #1327 from Unidata/dependabot/github_actions/actions/setup...
• b2a574e Merge pull request #1340 from ocefpaf/fix_download-artifact
• fd0b2b3 fix download-artifact
• b2e0b76 np2 was released
• 95dd776 Group dependabot's PRs
• 4a5161d update
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[leoschwarz]

Ignore for now, as both pins are due to bug (one confirmed fix)

[leoschwarz]

@dependabot ignore altair netCDF4

[leoschwarz]

@dependabot ignore these dependencies

[dependabot]

Superseded by #11.