actions/setup-uv
5
0
Fork 0
mirror of https://github.com/astral-sh/setup-uv.git synced 2025-12-15 11:07:14 +00:00
Code Activity
368 Commits 26 Branches 96 Tags
30ce38e20653a26dd16caa082b010cec334ccf56
Commit Graph

368 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Allan Lewis
30ce38e206 Correct description of cache-dependency-glob (#676) 
As per the sole commit:

> When `working-directory` is set, paths in `cache-dependency-glob` are
relative to it.
 2025-11-04 16:38:32 +01:00
github-actions[bot]
0d20755a23 chore: update known checksums for 0.9.7 (#671) 
chore: update known checksums for 0.9.7

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2025-10-31 10:15:52 +01:00
github-actions[bot]
8491d1d9a3 chore: update known checksums for 0.9.6 (#670) 
chore: update known checksums for 0.9.6

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2025-10-30 07:21:44 +01:00
Kevin Stillhammer
85856786d1 Bump dependencies (#664) v7.1.2 2025-10-26 15:59:34 +01:00
dependabot[bot]
22d500a65c Bump github/codeql-action from 4.30.8 to 4.30.9 (#652) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.30.8 to 4.30.9.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.30.9</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.30.9/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.30.9 - 17 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3205">#3205</a></li>
<li>Experimental: A new <code>setup-codeql</code> action has been added
which is similar to <code>init</code>, except it only installs the
CodeQL CLI and does not initialize a database. Do not use this in
production as it is part of an internal experiment and subject to change
at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3204">#3204</a></li>
</ul>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="16140ae1a1"><code>16140ae</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3213">#3213</a>
from github/update-v4.30.9-70205d3d1</li>
<li><a
href="30db5fee08"><code>30db5fe</code></a>
Update changelog for v4.30.9</li>
<li><a
href="70205d3d12"><code>70205d3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3211">#3211</a>
from github/mbg/init/starting-partial-config</li>
<li><a
href="697c209bfc"><code>697c209</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/init/starting-partial-config</li>
<li><a
href="1bd53ba38c"><code>1bd53ba</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3205">#3205</a>
from github/update-bundle/codeql-bundle-v2.23.3</li>
<li><a
href="cac4df0c79"><code>cac4df0</code></a>
Rebuild</li>
<li><a
href="77e5c0d0a2"><code>77e5c0d</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.3</li>
<li><a
href="97a4f751be"><code>97a4f75</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3204">#3204</a>
from github/mbg/setup-codeql</li>
<li><a
href="2d5512b361"><code>2d5512b</code></a>
Merge remote-tracking branch 'origin/main' into
mbg/init/starting-partial-config</li>
<li><a
href="fa7bdf0559"><code>fa7bdf0</code></a>
Call <code>getAnalysisKinds</code> a second time, and ignore exceptions
thrown during th...</li>
<li>Additional commits viewable in <a
href="f443b600d9...16140ae1a1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.30.8&new-version=4.30.9)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-24 16:28:47 +02:00
github-actions[bot]
14d557131d chore: update known checksums for 0.9.5 (#663) 
chore: update known checksums for 0.9.5

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2025-10-24 16:27:04 +02:00
Christoph Reiter
29cd2350cd Use tar for extracting the uv zip file on Windows too (#660) 
Use extractTar() instead of extractZip() which is very slow for some
reason (0.3s vs 10s)

Fixes #659
 2025-10-24 16:13:48 +02:00
github-actions[bot]
2ddd2b9cb3 chore: update known checksums for 0.9.4 (#651) 
chore: update known checksums for 0.9.4

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
v7.1.1 		2025-10-19 12:55:38 +02:00
Tom Gillam
b7bf78939d Fix "lowest" resolution strategy with lower-bound only (#649) 
- towards https://github.com/astral-sh/setup-uv/issues/648

Fix the bug described there, but this doesn't add the fast-path
optimisation suggested in that issue.
 2025-10-16 13:41:50 +02:00
Kevin Stillhammer
cb6c0a53d9 Change version in docs to v7 (#647) 2025-10-16 08:23:23 +02:00
Kevin Stillhammer
dffc6292f2 Use working-directory to detect empty workdir (#645) 
Fixes: #642
 2025-10-16 08:21:58 +02:00
github-actions[bot]
6e346e1653 chore: update known checksums for 0.9.3 (#644) 
chore: update known checksums for 0.9.3

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2025-10-16 07:45:10 +02:00
dependabot[bot]
3ccd0fd498 Bump github/codeql-action from 4.30.7 to 4.30.8 (#639) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.30.7 to 4.30.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.30.8</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.30.8/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.30.8 - 10 Oct 2025</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="f443b600d9"><code>f443b60</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3198">#3198</a>
from github/update-v4.30.8-527f0f324</li>
<li><a
href="7a2cb623ed"><code>7a2cb62</code></a>
Update changelog for v4.30.8</li>
<li><a
href="527f0f324a"><code>527f0f3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3195">#3195</a>
from github/dependabot/npm_and_yarn/npm-minor-37415c...</li>
<li><a
href="f402506f0f"><code>f402506</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3196">#3196</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="f5e53f9476"><code>f5e53f9</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3197">#3197</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="4e90a42a3e"><code>4e90a42</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3193">#3193</a>
from github/mbg/ff/tools-toolcache</li>
<li><a
href="413a4a4df1"><code>413a4a4</code></a>
Rebuild</li>
<li><a
href="452186448a"><code>4521864</code></a>
Bump github/codeql-action from 3 to 4 in /.github/workflows</li>
<li><a
href="eadf14bf6e"><code>eadf14b</code></a>
Bump ruby/setup-ruby</li>
<li><a
href="e1257b6fda"><code>e1257b6</code></a>
Rebuild</li>
<li>Additional commits viewable in <a
href="e296a93559...f443b600d9">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.30.7&new-version=4.30.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-14 13:40:58 +02:00
dependabot[bot]
ce6dbd84e1 Bump actions/setup-node from 5.0.0 to 6.0.0 (#641) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from
5.0.0 to 6.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v6.0.0</h2>
<h2>What's Changed</h2>
<p><strong>Breaking Changes</strong></p>
<ul>
<li>Limit automatic caching to npm, update workflows and documentation
by <a
href="https://github.com/priyagupta108"><code>@​priyagupta108</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1374">actions/setup-node#1374</a></li>
</ul>
<p><strong>Dependency Upgrades</strong></p>
<ul>
<li>Upgrade ts-jest from 29.1.2 to 29.4.1 and document breaking changes
in v5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1336">#1336</a></li>
<li>Upgrade prettier from 2.8.8 to 3.6.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1334">#1334</a></li>
<li>Upgrade actions/publish-action from 0.3.0 to 0.4.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1362">#1362</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v5...v6.0.0">https://github.com/actions/setup-node/compare/v5...v6.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="2028fbc5c2"><code>2028fbc</code></a>
Limit automatic caching to npm, update workflows and documentation (<a
href="https://redirect.github.com/actions/setup-node/issues/1374">#1374</a>)</li>
<li><a
href="13427813f7"><code>1342781</code></a>
Bump actions/publish-action from 0.3.0 to 0.4.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1362">#1362</a>)</li>
<li><a
href="89d709d423"><code>89d709d</code></a>
Bump prettier from 2.8.8 to 3.6.2 (<a
href="https://redirect.github.com/actions/setup-node/issues/1334">#1334</a>)</li>
<li><a
href="cd2651c462"><code>cd2651c</code></a>
Bump ts-jest from 29.1.2 to 29.4.1 (<a
href="https://redirect.github.com/actions/setup-node/issues/1336">#1336</a>)</li>
<li>See full diff in <a
href="a0853c2454...2028fbc5c2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=5.0.0&new-version=6.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-14 13:40:46 +02:00
dependabot[bot]
2382069a66 Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 (#634) 
Bumps
[eifinger/actionlint-action](https://github.com/eifinger/actionlint-action)
from 1.9.1 to 1.9.2.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="03ff1f78c0"><code>03ff1f7</code></a>
Bump actions/checkout to v5 (<a
href="https://redirect.github.com/eifinger/actionlint-action/issues/26">#26</a>)</li>
<li><a
href="5f8fad542a"><code>5f8fad5</code></a>
Replace haya14busa/action-update-semver</li>
<li><a
href="04e640ab28"><code>04e640a</code></a>
set default actionlint version to 1.7.8</li>
<li>See full diff in <a
href="23c85443d8...03ff1f78c0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=eifinger/actionlint-action&package-manager=github_actions&previous-version=1.9.1&new-version=1.9.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-13 13:30:22 +02:00
Kevin Stillhammer
b1daf91f4e Update lockfile with latest npm (#636) 2025-10-13 13:15:28 +02:00
Kevin Stillhammer
3259c6206f Bump deps (#633) v7.1.0 2025-10-12 20:47:54 +02:00
Kevin Stillhammer
bf8e8ed895 Split up documentation (#632) 
Closes: #558
 2025-10-12 20:27:08 +02:00
Copilot
9c6b5e9fb5 Add resolution-strategy input to support oldest compatible version selection (#631) 
Adds a new `resolution-strategy` input that allows users to choose
between installing the highest (default) or lowest compatible version
when resolving version ranges.
 2025-10-11 21:02:04 +02:00
Kevin Stillhammer
a5129e99f4 Add copilot-instructions.md (#630) 2025-10-11 19:18:50 +02:00
Kevin Stillhammer
d18bcc753a Add value of UV_PYTHON_INSTALL_DIR to path (#628) 
Closes: #610
 2025-10-11 18:42:06 +02:00
Kevin Stillhammer
bd1f875aba Set output venv when activate-environment is used (#627) 
Closes: #622
 2025-10-11 15:17:25 +02:00
github-actions[bot]
1a91c3851d chore: update known checksums for 0.9.2 (#626) 
Co-authored-by: woodruffw <woodruffw@users.noreply.github.com>
 2025-10-10 17:11:01 -04:00
github-actions[bot]
c79f606987 chore: update known checksums for 0.9.1 (#625) 
chore: update known checksums for 0.9.1

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2025-10-10 17:24:01 +02:00
Kevin Stillhammer
e0249f1599 Fall back to PR for updating known versions (#623) 2025-10-10 17:23:48 +02:00
Merlin
6d2eb15b49 Cache python installs (#621) 
This pull request introduces support for caching Python installs in the
GitHub Action, allowing users to cache not only dependencies but also
the Python interpreter itself.

This works by setting the `UV_PYTHON_INSTALL_DIR` to a subdirectory of
the dependency cache path so that Python installs are directed there.

Fixes #135

---------

Co-authored-by: Kevin Stillhammer <kevin.stillhammer@gmail.com>
 2025-10-09 22:47:24 +02:00
dependabot[bot]
3495667518 Bump github/codeql-action from 3.30.6 to 4.30.7 (#614) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.30.6 to 4.30.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.30.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.30.7/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.7 - 06 Oct 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.7/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e296a93559"><code>e296a93</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3183">#3183</a>
from github/update-v4.30.7-55283843c</li>
<li><a
href="93c16735fa"><code>93c1673</code></a>
Update changelog for v4.30.7</li>
<li><a
href="55283843ca"><code>5528384</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3169">#3169</a>
from github/mario-campos/node24</li>
<li><a
href="b66db86c84"><code>b66db86</code></a>
Hoist CHANGELOG note back to &quot;UNRELEASED&quot; section.</li>
<li><a
href="b2e22323e2"><code>b2e2232</code></a>
Merge remote-tracking branch 'origin/main' into mario-campos/node24</li>
<li><a
href="065c6cfb78"><code>065c6cf</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3174">#3174</a>
from github/mbg/fix/start-proxy-matrix</li>
<li><a
href="7fb8378d93"><code>7fb8378</code></a>
Re-throw exception in <code>createStatusReportBase</code> when in test
mode</li>
<li><a
href="dddf033776"><code>dddf033</code></a>
Revert changes to build.mjs</li>
<li><a
href="54ae8ba5b1"><code>54ae8ba</code></a>
Simplify PR check by reverting changes to <code>@types/node</code>.</li>
<li><a
href="65e9e640ee"><code>65e9e64</code></a>
Make <code>matrix</code> available to <code>start-proxy</code>
action</li>
<li>Additional commits viewable in <a
href="64d10c1313...e296a93559">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.6&new-version=4.30.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-09 07:56:50 +02:00
Kevin Stillhammer
eb1897b8dc Bump dependencies (#613) v7.0 v7.0.0 2025-10-07 21:44:39 +02:00
dependabot[bot]
d78d791822 Bump github/codeql-action from 3.30.5 to 3.30.6 (#605) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.30.5 to 3.30.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="64d10c1313"><code>64d10c1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3172">#3172</a>
from github/update-v3.30.6-10feb5d2a</li>
<li><a
href="909610e8a8"><code>909610e</code></a>
Update changelog for v3.30.6</li>
<li><a
href="10feb5d2a2"><code>10feb5d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3167">#3167</a>
from github/mbg/upload-sarif/find-then-filter</li>
<li><a
href="4182ea3d4e"><code>4182ea3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3168">#3168</a>
from github/update-bundle/codeql-bundle-v2.23.2</li>
<li><a
href="34afe5b7b1"><code>34afe5b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3171">#3171</a>
from github/mbg/start-proxy/telemetry</li>
<li><a
href="096fe67f97"><code>096fe67</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.2</li>
<li><a
href="b4964014ad"><code>b496401</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3170">#3170</a>
from github/mbg/start-proxy/remove-update-workflow</li>
<li><a
href="d573787cca"><code>d573787</code></a>
Report registry types that are configured for CodeQL in
<code>start-proxy</code> telemetry</li>
<li><a
href="15916800df"><code>1591680</code></a>
Send a basic status report in <code>start-proxy</code> Action if it
succeeds</li>
<li><a
href="cb5a2849ac"><code>cb5a284</code></a>
Send status report when <code>start-proxy</code> fails</li>
<li>Additional commits viewable in <a
href="3599b3baa1...64d10c1313">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.5&new-version=3.30.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-07 21:28:28 +02:00
Kevin Stillhammer
535dc2664c Respect UV_CACHE_DIR and cache-dir (#612) 
Fixes: #583
 2025-10-07 16:08:30 +02:00
Kevin Stillhammer
f610be5ff9 Use --force when pruning cache (#611) 
To prevent waiting forever on other running uv processes
 2025-10-07 09:42:14 +02:00
Kevin Stillhammer
3deccc0075 Use node24 instead of node20 (#608) 2025-10-07 08:44:57 +02:00
Kevin Stillhammer
d9ee7e2f26 Remove deprecated input server-url (#607) 2025-10-03 19:48:56 +02:00
dependabot[bot]
59a0868fea Bump github/codeql-action from 3.30.3 to 3.30.5 (#594) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.30.3 to 3.30.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.8 - 08 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="3599b3baa1"><code>3599b3b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3161">#3161</a>
from github/update-v3.30.5-0a67bd46a</li>
<li><a
href="2ca0085e58"><code>2ca0085</code></a>
Update changelog for v3.30.5</li>
<li><a
href="0a67bd46a0"><code>0a67bd4</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3160">#3160</a>
from github/mbg/fix/upload-sarif</li>
<li><a
href="8e34f2f3bf"><code>8e34f2f</code></a>
Add changelog</li>
<li><a
href="0b7fc56648"><code>0b7fc56</code></a>
Fix <code>upload-sarif</code> not uploading non-<code>.sarif</code>
files</li>
<li><a
href="94a9b7a110"><code>94a9b7a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3155">#3155</a>
from github/mbg/node/no-install-in-actions</li>
<li><a
href="a0ae9ba202"><code>a0ae9ba</code></a>
Log what the script is doing</li>
<li><a
href="b27a8ef21f"><code>b27a8ef</code></a>
Exit if running in an Actions workflow</li>
<li><a
href="65925679a3"><code>6592567</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3139">#3139</a>
from github/henrymercer/fix-log-message</li>
<li><a
href="fa64a7dee6"><code>fa64a7d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3154">#3154</a>
from github/mbg/node/check-up-to-date-deps</li>
<li>Additional commits viewable in <a
href="192325c861...3599b3baa1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.3&new-version=3.30.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 20:53:45 +02:00
dependabot[bot]
c952556164 Bump @renovatebot/pep440 from 4.2.0 to 4.2.1 (#581) 
Bumps [@renovatebot/pep440](https://github.com/renovatebot/pep440) from
4.2.0 to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/renovatebot/pep440/releases"><code>@​renovatebot/pep440</code>'s
releases</a>.</em></p>
<blockquote>
<h2>4.2.1</h2>
<h2><a
href="https://github.com/renovatebot/pep440/compare/4.2.0...4.2.1">4.2.1</a>
(2025-09-18)</h2>
<h3>Build System</h3>
<ul>
<li>use oidc for publish (<a
href="02515aedb7">02515ae</a>)</li>
</ul>
<h3>Continuous Integration</h3>
<ul>
<li>revert change (<a
href="e41926aecd">e41926a</a>)</li>
<li>Update codecov-action hash to
39a2af19d997be74586469d4062e173ecae614f6 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/960">#960</a>)
(<a
href="43cb5f8f75">43cb5f8</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/959">#959</a>)
(<a
href="c6721211ef">c672121</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/965">#965</a>)
(<a
href="424fe8a869">424fe8a</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/969">#969</a>)
(<a
href="1a297fab44">1a297fa</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/972">#972</a>)
(<a
href="8f39aacdd8">8f39aac</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/979">#979</a>)
(<a
href="504fa6f22a">504fa6f</a>)</li>
<li><strong>deps:</strong> update codecov/codecov-action action to
v5.5.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/963">#963</a>)
(<a
href="50ee8be556">50ee8be</a>)</li>
<li><strong>deps:</strong> update codecov/codecov-action action to
v5.5.1 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/971">#971</a>)
(<a
href="50b7d0b1aa">50b7d0b</a>)</li>
<li><strong>deps:</strong> update dependency <code>@​eslint/js</code> to
v9.33.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/957">#957</a>)
(<a
href="468994c416">468994c</a>)</li>
<li><strong>deps:</strong> update dependency <code>@​eslint/js</code> to
v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/977">#977</a>)
(<a
href="42f5851a14">42f5851</a>)</li>
<li><strong>deps:</strong> update dependency <code>@​types/node</code>
to v20.19.10 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/956">#956</a>)
(<a
href="075fa2f3dd">075fa2f</a>)</li>
<li><strong>deps:</strong> update dependency <code>@​types/node</code>
to v20.19.11 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/964">#964</a>)
(<a
href="a37b049b7d">a37b049</a>)</li>
<li><strong>deps:</strong> update dependency <code>@​types/node</code>
to v20.19.12 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/975">#975</a>)
(<a
href="04979bbeb8">04979bb</a>)</li>
<li><strong>deps:</strong> update dependency <code>@​types/node</code>
to v20.19.13 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/976">#976</a>)
(<a
href="1b7cace42e">1b7cace</a>)</li>
<li><strong>deps:</strong> update dependency eslint to v9.33.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/958">#958</a>)
(<a
href="d55913a7fb">d55913a</a>)</li>
<li><strong>deps:</strong> update dependency eslint to v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/978">#978</a>)
(<a
href="a1356fd607">a1356fd</a>)</li>
<li><strong>deps:</strong> update dependency semantic-release to v24.2.8
(<a
href="https://redirect.github.com/renovatebot/pep440/issues/981">#981</a>)
(<a
href="33102f7d33">33102f7</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.39.1 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/962">#962</a>)
(<a
href="0c01e3be4d">0c01e3b</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.40.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/966">#966</a>)
(<a
href="1577c38d37">1577c38</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.41.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/970">#970</a>)
(<a
href="1336ccae66">1336cca</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.42.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/974">#974</a>)
(<a
href="ef8eb35e02">ef8eb35</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.43.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/980">#980</a>)
(<a
href="230fdf203d">230fdf2</a>)</li>
<li><strong>deps:</strong> update linters to v9.34.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/968">#968</a>)
(<a
href="417c499fd3">417c499</a>)</li>
<li><strong>deps:</strong> update pnpm to v10.15.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/967">#967</a>)
(<a
href="89e8dd7e31">89e8dd7</a>)</li>
<li><strong>deps:</strong> update pnpm to v10.15.1 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/973">#973</a>)
(<a
href="e288af8bed">e288af8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e41926aecd"><code>e41926a</code></a>
ci: revert change</li>
<li><a
href="02515aedb7"><code>02515ae</code></a>
build: use oidc for publish</li>
<li><a
href="33102f7d33"><code>33102f7</code></a>
chore(deps): update dependency semantic-release to v24.2.8 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/981">#981</a>)</li>
<li><a
href="230fdf203d"><code>230fdf2</code></a>
chore(deps): update dependency typescript-eslint to v8.43.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/980">#980</a>)</li>
<li><a
href="504fa6f22a"><code>504fa6f</code></a>
chore(deps): lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/979">#979</a>)</li>
<li><a
href="a1356fd607"><code>a1356fd</code></a>
chore(deps): update dependency eslint to v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/978">#978</a>)</li>
<li><a
href="42f5851a14"><code>42f5851</code></a>
chore(deps): update dependency <code>@​eslint/js</code> to v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/977">#977</a>)</li>
<li><a
href="1b7cace42e"><code>1b7cace</code></a>
chore(deps): update dependency <code>@​types/node</code> to v20.19.13
(<a
href="https://redirect.github.com/renovatebot/pep440/issues/976">#976</a>)</li>
<li><a
href="04979bbeb8"><code>04979bb</code></a>
chore(deps): update dependency <code>@​types/node</code> to v20.19.12
(<a
href="https://redirect.github.com/renovatebot/pep440/issues/975">#975</a>)</li>
<li><a
href="ef8eb35e02"><code>ef8eb35</code></a>
chore(deps): update dependency typescript-eslint to v8.42.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/974">#974</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/renovatebot/pep440/compare/4.2.0...4.2.1">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a>
Actions), a new releaser for <code>@​renovatebot/pep440</code> since
your current version.</p>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@renovatebot/pep440&package-manager=npm_and_yarn&previous-version=4.2.0&new-version=4.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-02 20:53:30 +02:00
Kevin Stillhammer
51c3328db2 Fix test-uv-no-modify-path (#604) 2025-10-02 20:52:56 +02:00
Kevin Stillhammer
f2859da213 Respect UV_NO_MODIFY_PATH (#603) 
Fixes: #519
 2025-10-02 17:54:15 +02:00
James Braza
f9c6974d8b Warn when UV_CACHE_DIR has changed (#601) 
Closes https://github.com/astral-sh/setup-uv/issues/592
 2025-10-02 17:50:15 +02:00
Kevin Stillhammer
82f21a54fe Don't assume all test passed if cancelled (#599) 2025-09-30 20:05:38 +02:00
Kevin Stillhammer
d8a37f6566 Shortcut to latest version for minimum version specifier (#598) 
This is faster than downloading all available versions from GitHub to
determine the highest matching version.

Fixes: #585
 2025-09-30 19:55:27 +02:00
Kevin Stillhammer
d0cc045d04 Always show prune cache output (#597) v6.8 v6 v6.8.0 2025-09-30 17:05:27 +02:00
dependabot[bot]
2841f9f5c1 Bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 (#571) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.1.2 to 0.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add support for <code>color</code> input by <a
href="https://github.com/birjj"><code>@​birjj</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/37">zizmorcore/zizmor-action#37</a></li>
<li>Adding option for GitHub annotations by <a
href="https://github.com/abdelq"><code>@​abdelq</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/45">zizmorcore/zizmor-action#45</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/birjj"><code>@​birjj</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/37">zizmorcore/zizmor-action#37</a></li>
<li><a href="https://github.com/abdelq"><code>@​abdelq</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/45">zizmorcore/zizmor-action#45</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.1.2...v0.2.0">https://github.com/zizmorcore/zizmor-action/compare/v0.1.2...v0.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e673c3917a"><code>e673c39</code></a>
Adding option for GitHub annotations (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/45">#45</a>)</li>
<li><a
href="2d5a33f24d"><code>2d5a33f</code></a>
chore: add missing license (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/44">#44</a>)</li>
<li><a
href="a016d81e77"><code>a016d81</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/39">#39</a>)</li>
<li><a
href="a8fb1d7e7d"><code>a8fb1d7</code></a>
feat: add support for <code>color</code> input (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/37">#37</a>)</li>
<li><a
href="09680325f5"><code>0968032</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/35">#35</a>)</li>
<li><a
href="7f2abfff74"><code>7f2abff</code></a>
README: bump pins (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/33">#33</a>)</li>
<li>See full diff in <a
href="5ca5fc7a47...e673c3917a">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.1.2&new-version=0.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-26 12:26:17 +02:00
James Duley
e554b93b80 Add **/*.py.lock to cache-dependency-glob (#590) 
This means uv scripts will be covered by default

Fixes https://github.com/astral-sh/setup-uv/issues/586
 2025-09-26 12:26:03 +02:00
eifinger
c7d85d9988 chore: update known versions for 0.8.20 2025-09-23 06:29:52 +00:00
Kevin Stillhammer
07f2cb5db9 persist credentials for version update (#584) 2025-09-23 08:28:27 +02:00
Christian Clauss
208b0c0ee4 README.md: Fix Python versions and update checkout action (#572) 2025-09-16 09:59:44 +02:00
Kevin Stillhammer
b75a909f75 bump deps (#569) v6.7 v6.7.0 2025-09-14 13:04:41 +00:00
dependabot[bot]
ffff8aa2b5 Bump github/codeql-action from 3.29.11 to 3.30.3 (#566) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.29.11 to 3.30.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.3</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.1</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.1/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.0</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.0/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.8 - 08 Aug 2025</h2>
<ul>
<li>Fix an issue where the Action would autodetect unsupported languages
such as HTML. <a
href="https://redirect.github.com/github/codeql-action/pull/3015">#3015</a></li>
</ul>
<h2>3.29.7 - 07 Aug 2025</h2>
<p>This release rolls back 3.29.6 to address issues with language
autodetection. It is identical to 3.29.5.</p>
<h2>3.29.6 - 07 Aug 2025</h2>
<ul>
<li>The <code>cleanup-level</code> input to the <code>analyze</code>
Action is now deprecated. The CodeQL Action has written a limited amount
of intermediate results to the database since version 2.2.5, and now
automatically manages cleanup. <a
href="https://redirect.github.com/github/codeql-action/pull/2999">#2999</a></li>
<li>Update default CodeQL bundle version to 2.22.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3000">#3000</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="192325c861"><code>192325c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3104">#3104</a>
from github/update-v3.30.3-b660efdcf</li>
<li><a
href="e68956d90b"><code>e68956d</code></a>
Update changelog for v3.30.3</li>
<li><a
href="b660efdcfd"><code>b660efd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3103">#3103</a>
from github/mbg/fix/category-check</li>
<li><a
href="e49458befe"><code>e49458b</code></a>
Fix <code>runInterpretResultsFor</code> using the wrong
<code>AnalysisConfig</code> for <code>category</code> fix</li>
<li><a
href="f374a62c8b"><code>f374a62</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3098">#3098</a>
from github/kaspersv/increase-overlay-base-size-limit</li>
<li><a
href="5efa438e92"><code>5efa438</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3101">#3101</a>
from github/mbg/public-repo-notice-in-pr-template</li>
<li><a
href="8a84a62542"><code>8a84a62</code></a>
Overlay: Increase size limit for cached overlay base database</li>
<li><a
href="eb50a881d8"><code>eb50a88</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3097">#3097</a>
from github/redsun82/only-dump-sarif</li>
<li><a
href="4c534612bf"><code>4c53461</code></a>
Tweak sarif dump log</li>
<li><a
href="dae3742b0a"><code>dae3742</code></a>
Dump soon to be uploaded SARIF on request</li>
<li>Additional commits viewable in <a
href="3c3833e0f8...192325c861">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.29.11&new-version=3.30.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-14 14:58:58 +02:00
dependabot[bot]
95d0e233fa Bump actions/setup-node from 4.4.0 to 5.0.0 (#551) 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from
4.4.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Upgrade action to use node24 by <a
href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li>
</ul>
<p>Make sure your runner is updated to this version or newer to use this
release. v2.327.1 <a
href="https://github.com/actions/runner/releases/tag/v2.327.1">Release
Notes</a></p>
<h3>Dependency Upgrades</h3>
<ul>
<li>Upgrade <code>@​octokit/request-error</code> and
<code>@​actions/github</code> by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1227">actions/setup-node#1227</a></li>
<li>Upgrade uuid from 9.0.1 to 11.1.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1273">actions/setup-node#1273</a></li>
<li>Upgrade undici from 5.28.5 to 5.29.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1295">actions/setup-node#1295</a></li>
<li>Upgrade form-data to bring in fix for critical vulnerability by <a
href="https://github.com/gowridurgad"><code>@​gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-node/pull/1332">actions/setup-node#1332</a></li>
<li>Upgrade actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1345">actions/setup-node#1345</a></li>
</ul>
<h3>Enhancement:</h3>
<ul>
<li>Enhance caching in setup-node with automatic package manager
detection by <a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/priya-kinthali"><code>@​priya-kinthali</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1348">actions/setup-node#1348</a></li>
<li><a href="https://github.com/salmanmkc"><code>@​salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1325">actions/setup-node#1325</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v5.0.0">https://github.com/actions/setup-node/compare/v4...v5.0.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a0853c2454"><code>a0853c2</code></a>
Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/actions/setup-node/issues/1345">#1345</a>)</li>
<li><a
href="b7234cc9fe"><code>b7234cc</code></a>
Upgrade action to use node24 (<a
href="https://redirect.github.com/actions/setup-node/issues/1325">#1325</a>)</li>
<li><a
href="d7a11313b5"><code>d7a1131</code></a>
Enhance caching in setup-node with automatic package manager detection
(<a
href="https://redirect.github.com/actions/setup-node/issues/1348">#1348</a>)</li>
<li><a
href="5e2628c959"><code>5e2628c</code></a>
Bumps form-data (<a
href="https://redirect.github.com/actions/setup-node/issues/1332">#1332</a>)</li>
<li><a
href="65beceff8e"><code>65becef</code></a>
Bump undici from 5.28.5 to 5.29.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1295">#1295</a>)</li>
<li><a
href="7e24a656e1"><code>7e24a65</code></a>
Bump uuid from 9.0.1 to 11.1.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1273">#1273</a>)</li>
<li><a
href="08f58d1471"><code>08f58d1</code></a>
Bump <code>@​octokit/request-error</code> and
<code>@​actions/github</code> (<a
href="https://redirect.github.com/actions/setup-node/issues/1227">#1227</a>)</li>
<li>See full diff in <a
href="49933ea528...a0853c2454">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/setup-node&package-manager=github_actions&previous-version=4.4.0&new-version=5.0.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-14 14:57:21 +02:00
Kevin Stillhammer
dc724a12b6 Add inputs restore-cache and save-cache (#568) 
Closes: #555
 2025-09-14 14:55:08 +02:00