pypa/cibuildwheel v2.23.2 #2348Description
Description
We just observed that, a few days ago, dependabot updated our GHA workflow unexpectedly as following:
https://github.com/scikit-learn/scikit-learn/pull/31125/files
Note that it changed the commit hash for v2.23.2 which was previously correct for another commit (without changing the version number): it changed the commit hash to 6c426a3 instead of keeping the correct d04cacb.
As this behavior (bug) is quite concerning from a security point of view, we were wondering what could explain this. Did you re-push the v2.23.2 tag several times?
We manually undid this change today to fix the problem here: