Bump dependencies (#613)

Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 3.30.5 to 3.30.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="64d10c1313"><code>64d10c1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3172">#3172</a>
from github/update-v3.30.6-10feb5d2a</li>
<li><a
href="909610e8a8"><code>909610e</code></a>
Update changelog for v3.30.6</li>
<li><a
href="10feb5d2a2"><code>10feb5d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3167">#3167</a>
from github/mbg/upload-sarif/find-then-filter</li>
<li><a
href="4182ea3d4e"><code>4182ea3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3168">#3168</a>
from github/update-bundle/codeql-bundle-v2.23.2</li>
<li><a
href="34afe5b7b1"><code>34afe5b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3171">#3171</a>
from github/mbg/start-proxy/telemetry</li>
<li><a
href="096fe67f97"><code>096fe67</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.2</li>
<li><a
href="b4964014ad"><code>b496401</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3170">#3170</a>
from github/mbg/start-proxy/remove-update-workflow</li>
<li><a
href="d573787cca"><code>d573787</code></a>
Report registry types that are configured for CodeQL in
<code>start-proxy</code> telemetry</li>
<li><a
href="15916800df"><code>1591680</code></a>
Send a basic status report in <code>start-proxy</code> Action if it
succeeds</li>
<li><a
href="cb5a2849ac"><code>cb5a284</code></a>
Send status report when <code>start-proxy</code> fails</li>
<li>Additional commits viewable in <a
href="3599b3baa1...64d10c1313">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=3.30.5&new-version=3.30.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/actionlint.yaml

@@ -7,3 +7,7 @@ self-hosted-runner:
 # organization. `null` means disabling configuration variables check.
 # Empty array means no configuration variable is allowed.
 config-variables: null
+paths:
+  .github/workflows/test.yml:
+    ignore:
+      - 'invalid runner name.+'

.github/workflows/codeql-analysis.yml

@@ -47,7 +47,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/init@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
         with:
           languages: ${{ matrix.language }}
           source-root: src
@@ -59,7 +59,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/autobuild@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -73,4 +73,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@192325c86100d080feab897ff886c34abd4c83a3 # v3.30.3
+        uses: github/codeql-action/analyze@64d10c13136e1c5bce3e5fbde8d4906eeaafc885 # v3.30.6

.github/workflows/test.yml

@@ -30,7 +30,7 @@ jobs:
         uses: zizmorcore/zizmor-action@e673c3917a1aef3c65c972347ed84ccd013ecda4 # v0.2.0
       - uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
         with:
-          node-version: "20"
+          node-version: "24"
       - run: |
           npm install
       - run: |
@@ -72,82 +72,138 @@ jobs:
         env:
           UVX_PATH: ${{ steps.setup-uv.outputs.uvx-path }}
 
+  test-uv-no-modify-path:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Install with UV_NO_MODIFY_PATH set
+        id: setup-uv
+        uses: ./
+        env:
+          UV_NO_MODIFY_PATH: 1
+      - run: |
+          "${UV_PATH}" sync
+        working-directory: __tests__/fixtures/uv-project
+        shell: bash
+        env:
+          UV_PATH: ${{ steps.setup-uv.outputs.uv-path }}
+      - name: uv is not on PATH
+        run: |
+          if command -v uv; then
+              echo "uv should not be on PATH"
+              exit 1
+          fi
+
   test-specific-version:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        uv-version: ["0.3.0", "0.3.2", "0.3", "0.3.x", ">=0.3.0"]
+        input:
+          - version-input: "0.3.0"
+            expected-version: "0.3.0"
+          - version-input: "0.3.2"
+            expected-version: "0.3.2"
+          - version-input: "0.3"
+            expected-version: "0.3.5"
+          - version-input: "0.3.x"
+            expected-version: "0.3.5"
+          - version-input: ">=0.4.25,<0.5"
+            expected-version: "0.4.30"
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - name: Install version ${{ matrix.uv-version }}
-        uses: ./
-        with:
-          version: ${{ matrix.uv-version }}
-      - run: uv sync
-        working-directory: __tests__/fixtures/uv-project
-
-  test-semver-range:
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, selfhosted-ubuntu-arm64 ]
-    runs-on: ${{ matrix.os }}
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-      - name: Install version 0.3
+      - name: Install version ${{ matrix.input.version-input }}
         id: setup-uv
         uses: ./
         with:
-          version: "0.3"
+          version: ${{ matrix.input.version-input }}
       - name: Correct version gets installed
         run: |
-          if [ "$(uv --version)" != "uv 0.3.5" ]; then
+          if [ "$(uv --version)" != "uv ${{ matrix.input.expected-version }}" ]; then
             echo "Wrong uv version: $(uv --version)"
             exit 1
           fi
       - name: Output has correct version
         run: |
-          if [ "$UV_VERSION" != "0.3.5" ]; then
+          if [ "$UV_VERSION" != "${{ matrix.input.expected-version }}" ]; then
             exit 1
           fi
         env:
           UV_VERSION: ${{ steps.setup-uv.outputs.uv-version }}
 
-  test-pep440-version:
+  test-latest-version:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        version-input: ["latest", ">=0.8"]
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - name: Install version 0.4.30
-        id: setup-uv
+      - name: Install version ${{ matrix.version-input }}
         uses: ./
         with:
-          version: ">=0.4.25,<0.5"
+          version: ${{ matrix.version-input }}
+      - name: Latest version gets installed
+        run: |
+          LATEST_VERSION=$(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28" /repos/astral-sh/uv/releases/latest | jq -r '.tag_name')
+          echo "Latest version is $LATEST_VERSION"
+          if [ "$(uv --version)" != "uv $LATEST_VERSION" ]; then
+              echo "Wrong uv version: $(uv --version)"
+              exit 1
+          fi
+        env:
+          GH_TOKEN: ${{ github.token }}
+
+  test-from-working-directory-version:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        input:
+          - working-directory: "__tests__/fixtures/pyproject-toml-project"
+            expected-version: "0.5.14"
+          - working-directory: "__tests__/fixtures/uv-toml-project"
+            expected-version: "0.5.15"
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Install version from ${{ matrix.input.working-directory }}
+        uses: ./
+        with:
+          working-directory: ${{ matrix.input.working-directory }}
       - name: Correct version gets installed
         run: |
-          if [ "$(uv --version)" != "uv 0.4.30" ]; then
+          if [ "$(uv --version)" != "uv ${{ matrix.input.expected-version }}" ]; then
             echo "Wrong uv version: $(uv --version)"
             exit 1
           fi
 
-  test-pyproject-file-version:
+  test-version-file-version:
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        input:
+          - version-file: "__tests__/fixtures/uv-in-requirements-txt-project/requirements.txt"
+            expected-version: "0.6.17"
+          - version-file: "__tests__/fixtures/uv-in-requirements-hash-txt-project/requirements.txt"
+            expected-version: "0.8.3"
+          - version-file: "__tests__/fixtures/.tool-versions"
+            expected-version: "0.5.15"
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with:
           persist-credentials: false
-      - name: Install version 0.5.14
-        id: setup-uv
+      - name: Install version from ${{ matrix.input.version-file }}
         uses: ./
         with:
-          working-directory: "__tests__/fixtures/pyproject-toml-project"
+          version-file: ${{ matrix.input.version-file }}
       - name: Correct version gets installed
         run: |
-          if [ "$(uv --version)" != "uv 0.5.14" ]; then
+          if [ "$(uv --version)" != "uv ${{ matrix.input.expected-version }}" ]; then
             echo "Wrong uv version: $(uv --version)"
             exit 1
           fi
@@ -165,78 +221,6 @@ jobs:
           working-directory: "__tests__/fixtures/malformed-pyproject-toml-project"
       - run: uv --help
 
-  test-uv-file-version:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-      - name: Install version 0.5.15
-        id: setup-uv
-        uses: ./
-        with:
-          working-directory: "__tests__/fixtures/uv-toml-project"
-      - name: Correct version gets installed
-        run: |
-          if [ "$(uv --version)" != "uv 0.5.15" ]; then
-            echo "Wrong uv version: $(uv --version)"
-            exit 1
-          fi
-
-  test-version-file-version:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-      - name: Install from requirements file
-        id: setup-uv
-        uses: ./
-        with:
-          version-file: "__tests__/fixtures/uv-in-requirements-txt-project/requirements.txt"
-      - name: Correct version gets installed
-        run: |
-          if [ "$(uv --version)" != "uv 0.6.17" ]; then
-            echo "Wrong uv version: $(uv --version)"
-            exit 1
-          fi
-
-  test-version-file-hash-version:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-      - name: Install from requirements file
-        id: setup-uv
-        uses: ./
-        with:
-          version-file: "__tests__/fixtures/uv-in-requirements-hash-txt-project/requirements.txt"
-      - name: Correct version gets installed
-        run: |
-          if [ "$(uv --version)" != "uv 0.8.3" ]; then
-            echo "Wrong uv version: $(uv --version)"
-            exit 1
-          fi
-
-  test-tool-versions-file-version:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
-          persist-credentials: false
-      - name: Install from .tools-versions file
-        id: setup-uv
-        uses: ./
-        with:
-          version-file: "__tests__/fixtures/.tool-versions"
-      - name: Correct version gets installed
-        run: |
-          if [ "$(uv --version)" != "uv 0.5.15" ]; then
-            echo "Wrong uv version: $(uv --version)"
-            exit 1
-          fi
-
   test-checksum:
     runs-on: ${{ matrix.inputs.os }}
     strategy:
@@ -615,6 +599,7 @@ jobs:
       - name: Setup with cache
         uses: ./
         with:
+          enable-cache: true
           cache-suffix: ${{ github.run_id }}-${{ github.run_attempt }}-test-cache-local
       - run: |
           if [ "$UV_CACHE_DIR" != "${{ matrix.inputs.expected-cache-dir }}" ]; then
@@ -623,6 +608,25 @@ jobs:
           fi
         shell: bash
 
+  test-cache-local-cache-disabled:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Setup without cache
+        uses: ./
+        with:
+          enable-cache: false
+
+      - name: Check UV_CACHE_DIR is not set
+        run: |
+          if [ -n "$UV_CACHE_DIR" ]; then
+            echo "UV_CACHE_DIR should not be set when cache is disabled: $UV_CACHE_DIR"
+            exit 1
+          fi
+        shell: bash
+
   test-setup-cache-local:
     runs-on: selfhosted-ubuntu-arm64
     steps:
@@ -790,20 +794,59 @@ jobs:
             exit 1
           fi
 
+  test-cache-prune-force:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Setup uv
+        uses: ./
+        with:
+          cache-suffix: ${{ github.run_id }}-${{ github.run_attempt }}-test-cache-prune-force
+      - name: Create long running python script
+        run: |
+          echo 'import time' > __tests__/fixtures/uv-project/long-running.py
+          echo 'time.sleep(300)' >> __tests__/fixtures/uv-project/long-running.py
+      - run: uv run long-running.py &
+        working-directory: __tests__/fixtures/uv-project
+
+  test-cache-dir-from-file:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          persist-credentials: false
+      - name: Verify uv cache dir is not populated
+        run: |
+          if [ -f "/tmp/pyproject-toml-defined-cache-path/CACHEDIR.TAG" ]; then
+            echo "Cache dir should not exist"
+            exit 1
+          fi
+      - name: Setup uv
+        uses: ./
+        with:
+          working-directory: __tests__/fixtures/cache-dir-defined-project
+      - run: uv sync
+        working-directory: __tests__/fixtures/cache-dir-defined-project
+      - name: Verify uv cache dir is populated
+        run: |
+          if [ ! -f "/tmp/pyproject-toml-defined-cache-path/CACHEDIR.TAG" ]; then
+            echo "Cache dir should exist"
+            exit 1
+          fi
+
   all-tests-passed:
     runs-on: ubuntu-latest
     needs:
       - lint
       - test-default-version
+      - test-uv-no-modify-path
       - test-specific-version
-      - test-semver-range
-      - test-pep440-version
-      - test-pyproject-file-version
+      - test-latest-version
+      - test-from-working-directory-version
       - test-malformed-pyproject-file-fallback
-      - test-uv-file-version
       - test-version-file-version
-      - test-version-file-hash-version
-      - test-tool-versions-file-version
       - test-checksum
       - test-with-explicit-token
       - test-uvx
@@ -813,6 +856,7 @@ jobs:
       - test-activate-environment
       - test-musl
       - test-cache-local
+      - test-cache-local-cache-disabled
       - test-setup-cache
       - test-restore-cache
       - test-setup-cache-requirements-txt
@@ -832,10 +876,12 @@ jobs:
       - test-custom-manifest-file
       - test-absolute-path
       - test-relative-path
+      - test-cache-prune-force
+      - test-cache-dir-from-file
     if: always()
     steps:
       - name: All tests passed
         run: |
-          echo "All jobs passed: ${{ !contains(needs.*.result, 'failure') }}"
+          echo "All jobs passed: ${{ !(contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) }}"
           # shellcheck disable=SC2242
-          exit ${{ contains(needs.*.result, 'failure') && 1 || 0 }}
+          exit ${{ (contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')) && 1 || 0 }}

README.md

@@ -316,11 +316,18 @@ By default, the cache will be saved.
 
 ### Local cache path
 
-This action controls where uv stores its cache on the runner's filesystem by setting `UV_CACHE_DIR`.
+If caching is enabled, this action controls where uv stores its cache on the runner's filesystem
+by setting `UV_CACHE_DIR`.
+
 It defaults to `setup-uv-cache` in the `TMP` dir, `D:\a\_temp\uv-tool-dir` on Windows and
 `/tmp/setup-uv-cache` on Linux/macOS. You can change the default by specifying the path with the
 `cache-local-path` input.
 
+> [!NOTE]
+> If the environment variable `UV_CACHE_DIR` is already set this action will not override it.
+> If you configured [cache-dir](https://docs.astral.sh/uv/reference/settings/#cache-dir) in your
+> config file then it is also respected and this action will not set `UV_CACHE_DIR`.
+
 ```yaml
 - name: Define a custom uv cache path
   uses: astral-sh/setup-uv@v6

__tests__/fixtures/cache-dir-defined-project/pyproject.toml

@@ -0,0 +1,16 @@
+[project]
+name = "uv-project"
+version = "0.1.0"
+description = "Add your description here"
+readme = "README.md"
+requires-python = ">=3.12"
+dependencies = [
+    "ruff>=0.6.2",
+]
+
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[tool.uv]
+cache-dir = "/tmp/pyproject-toml-defined-cache-path"

__tests__/fixtures/cache-dir-defined-project/src/uv_project/__init__.py

@@ -0,0 +1,2 @@
+def hello() -> str:
+    return "Hello from uv-project!"

__tests__/fixtures/cache-dir-defined-project/uv.lock

@@ -0,0 +1,38 @@
+version = 1
+requires-python = ">=3.12"
+
+[[package]]
+name = "ruff"
+version = "0.6.2"
+source = { registry = "https://pypi.org/simple" }
+sdist = { url = "https://files.pythonhosted.org/packages/23/f4/279d044f66b79261fd37df76bf72b64471afab5d3b7906a01499c4451910/ruff-0.6.2.tar.gz", hash = "sha256:239ee6beb9e91feb8e0ec384204a763f36cb53fb895a1a364618c6abb076b3be", size = 2460281 }
+wheels = [
+    { url = "https://files.pythonhosted.org/packages/72/4b/47dd7a69287afb4069fa42c198e899463605460a58120196711bfcf0446b/ruff-0.6.2-py3-none-linux_armv6l.whl", hash = "sha256:5c8cbc6252deb3ea840ad6a20b0f8583caab0c5ef4f9cca21adc5a92b8f79f3c", size = 9695871 },
+    { url = "https://files.pythonhosted.org/packages/ae/c3/8aac62ac4638c14a740ee76a755a925f2d0d04580ab790a9887accb729f6/ruff-0.6.2-py3-none-macosx_10_12_x86_64.whl", hash = "sha256:17002fe241e76544448a8e1e6118abecbe8cd10cf68fde635dad480dba594570", size = 9459354 },
+    { url = "https://files.pythonhosted.org/packages/2f/cf/77fbd8d4617b9b9c503f9bffb8552c4e3ea1a58dc36975e7a9104ffb0f85/ruff-0.6.2-py3-none-macosx_11_0_arm64.whl", hash = "sha256:3dbeac76ed13456f8158b8f4fe087bf87882e645c8e8b606dd17b0b66c2c1158", size = 9163871 },
+    { url = "https://files.pythonhosted.org/packages/05/1c/765192bab32b79efbb498b06f0b9dcb3629112b53b8777ae1d19b8209e09/ruff-0.6.2-py3-none-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:094600ee88cda325988d3f54e3588c46de5c18dae09d683ace278b11f9d4d534", size = 10096250 },
+    { url = "https://files.pythonhosted.org/packages/08/d0/86f3cb0f6934c99f759c232984a5204d67a26745cad2d9edff6248adf7d2/ruff-0.6.2-py3-none-manylinux_2_17_armv7l.manylinux2014_armv7l.whl", hash = "sha256:316d418fe258c036ba05fbf7dfc1f7d3d4096db63431546163b472285668132b", size = 9475376 },
+    { url = "https://files.pythonhosted.org/packages/cd/cc/4c8d0e225b559a3fae6092ec310d7150d3b02b4669e9223f783ef64d82c0/ruff-0.6.2-py3-none-manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d72b8b3abf8a2d51b7b9944a41307d2f442558ccb3859bbd87e6ae9be1694a5d", size = 10295634 },
+    { url = "https://files.pythonhosted.org/packages/db/96/d2699cfb1bb5a01c68122af43454c76c31331e1c8a9bd97d653d7c82524b/ruff-0.6.2-py3-none-manylinux_2_17_ppc64.manylinux2014_ppc64.whl", hash = "sha256:2aed7e243be68487aa8982e91c6e260982d00da3f38955873aecd5a9204b1d66", size = 11024941 },
+    { url = "https://files.pythonhosted.org/packages/8b/a9/6ecd66af8929e0f2a1ed308a4137f3521789f28f0eb97d32c2ca3aa7000c/ruff-0.6.2-py3-none-manylinux_2_17_ppc64le.manylinux2014_ppc64le.whl", hash = "sha256:d371f7fc9cec83497fe7cf5eaf5b76e22a8efce463de5f775a1826197feb9df8", size = 10606894 },
+    { url = "https://files.pythonhosted.org/packages/e4/73/2ee4cd19f44992fedac1cc6db9e3d825966072f6dcbd4032f21cbd063170/ruff-0.6.2-py3-none-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:a8f310d63af08f583363dfb844ba8f9417b558199c58a5999215082036d795a1", size = 11552886 },
+    { url = "https://files.pythonhosted.org/packages/60/4c/c0f1cd35ce4a93c54a6bb1ee6934a3a205fa02198dd076678193853ceea1/ruff-0.6.2-py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7db6880c53c56addb8638fe444818183385ec85eeada1d48fc5abe045301b2f1", size = 10264945 },
+    { url = "https://files.pythonhosted.org/packages/c4/89/e45c9359b9cdd4245512ea2b9f2bb128a997feaa5f726fc9e8c7a66afadf/ruff-0.6.2-py3-none-musllinux_1_2_aarch64.whl", hash = "sha256:1175d39faadd9a50718f478d23bfc1d4da5743f1ab56af81a2b6caf0a2394f23", size = 10100007 },
+    { url = "https://files.pythonhosted.org/packages/06/74/0bd4e0a7ed5f6908df87892f9bf60a2356c0fd74102d8097298bd9b4f346/ruff-0.6.2-py3-none-musllinux_1_2_armv7l.whl", hash = "sha256:5b939f9c86d51635fe486585389f54582f0d65b8238e08c327c1534844b3bb9a", size = 9559267 },
+    { url = "https://files.pythonhosted.org/packages/54/03/3dc6dc9419f276f05805bf888c279e3e0b631284abd548d9e87cebb93aec/ruff-0.6.2-py3-none-musllinux_1_2_i686.whl", hash = "sha256:d0d62ca91219f906caf9b187dea50d17353f15ec9bb15aae4a606cd697b49b4c", size = 9905304 },
+    { url = "https://files.pythonhosted.org/packages/5c/5b/d6a72a6a6bbf097c09de468326ef5fa1c9e7aa5e6e45979bc0d984b0dbe7/ruff-0.6.2-py3-none-musllinux_1_2_x86_64.whl", hash = "sha256:7438a7288f9d67ed3c8ce4d059e67f7ed65e9fe3aa2ab6f5b4b3610e57e3cb56", size = 10341480 },
+    { url = "https://files.pythonhosted.org/packages/79/a9/0f2f21fe15ba537c46598f96aa9ae4a3d4b9ec64926664617ca6a8c772f4/ruff-0.6.2-py3-none-win32.whl", hash = "sha256:279d5f7d86696df5f9549b56b9b6a7f6c72961b619022b5b7999b15db392a4da", size = 7961901 },
+    { url = "https://files.pythonhosted.org/packages/b0/80/fff12ffe11853d9f4ea3e5221e6dd2e93640a161c05c9579833e09ad40a7/ruff-0.6.2-py3-none-win_amd64.whl", hash = "sha256:d9f3469c7dd43cd22eb1c3fc16926fb8258d50cb1b216658a07be95dd117b0f2", size = 8783320 },
+    { url = "https://files.pythonhosted.org/packages/56/91/577cdd64cce5e74d3f8b5ecb93f29566def569c741eb008aed4f331ef821/ruff-0.6.2-py3-none-win_arm64.whl", hash = "sha256:f28fcd2cd0e02bdf739297516d5643a945cc7caf09bd9bcb4d932540a5ea4fa9", size = 8225886 },
+]
+
+[[package]]
+name = "uv-project"
+version = "0.1.0"
+source = { editable = "." }
+dependencies = [
+    { name = "ruff" },
+]
+
+[package.metadata]
+requires-dist = [{ name = "ruff" }]

action.yml

@@ -21,10 +21,6 @@ inputs:
   checksum:
     description: "The checksum of the uv version to install"
     required: false
-  server-url:
-    description: "(Deprecated) The server url to use when downloading uv"
-    required: false
-    default: "https://github.com"
   github-token:
     description:
       "Used to increase the rate limit when retrieving versions and downloading uv."
@@ -88,7 +84,7 @@ outputs:
   cache-hit:
     description: "A boolean value to indicate a cache entry was found"
 runs:
-  using: "node20"
+  using: "node24"
   main: "dist/setup/index.js"
   post: "dist/save-cache/index.js"
   post-if: success()

dist/setup/index.js

@@ -128998,17 +128998,17 @@ function tryGetFromToolCache(arch, version) {
     const installedPath = tc.find(constants_1.TOOL_CACHE_NAME, resolvedVersion, arch);
     return { installedPath, version: resolvedVersion };
 }
-async function downloadVersionFromGithub(serverUrl, platform, arch, version, checkSum, githubToken) {
+async function downloadVersionFromGithub(platform, arch, version, checkSum, githubToken) {
     const artifact = `uv-${arch}-${platform}`;
     const extension = getExtension(platform);
-    const downloadUrl = `${serverUrl}/${constants_1.OWNER}/${constants_1.REPO}/releases/download/${version}/${artifact}${extension}`;
+    const downloadUrl = `https://github.com/${constants_1.OWNER}/${constants_1.REPO}/releases/download/${version}/${artifact}${extension}`;
     return await downloadVersion(downloadUrl, artifact, platform, arch, version, checkSum, githubToken);
 }
 async function downloadVersionFromManifest(manifestUrl, platform, arch, version, checkSum, githubToken) {
     const downloadUrl = await (0, version_manifest_1.getDownloadUrl)(manifestUrl, version, arch, platform);
     if (!downloadUrl) {
         core.info(`manifest-file does not contain version ${version}, arch ${arch}, platform ${platform}. Falling back to GitHub releases.`);
-        return await downloadVersionFromGithub("https://github.com", platform, arch, version, checkSum, githubToken);
+        return await downloadVersionFromGithub(platform, arch, version, checkSum, githubToken);
     }
     return await downloadVersion(downloadUrl, `uv-${arch}-${platform}`, platform, arch, version, checkSum, githubToken);
 }
@@ -129037,20 +129037,29 @@ function getExtension(platform) {
 async function resolveVersion(versionInput, manifestFile, githubToken) {
     core.debug(`Resolving version: ${versionInput}`);
     let version;
+    const isSimpleMinimumVersionSpecifier = versionInput.includes(">") && !versionInput.includes(",");
+    if (isSimpleMinimumVersionSpecifier) {
+        core.info("Found minimum version specifier, using latest version");
+    }
     if (manifestFile) {
         version =
-            versionInput === "latest"
+            versionInput === "latest" || isSimpleMinimumVersionSpecifier
                 ? await (0, version_manifest_1.getLatestKnownVersion)(manifestFile)
                 : versionInput;
     }
     else {
         version =
-            versionInput === "latest"
+            versionInput === "latest" || isSimpleMinimumVersionSpecifier
                 ? await getLatestVersion(githubToken)
                 : versionInput;
     }
     if (tc.isExplicitVersion(version)) {
         core.debug(`Version ${version} is an explicit version.`);
+        if (isSimpleMinimumVersionSpecifier) {
+            if (!pep440.satisfies(version, versionInput)) {
+                throw new Error(`No version found for ${versionInput}`);
+            }
+        }
         return version;
     }
     const availableVersions = await getAvailableVersions(githubToken);
@@ -129378,6 +129387,8 @@ const core = __importStar(__nccwpck_require__(37484));
 const exec = __importStar(__nccwpck_require__(95236));
 const restore_cache_1 = __nccwpck_require__(95391);
 const download_version_1 = __nccwpck_require__(28255);
+const config_file_1 = __nccwpck_require__(27846);
+const constants_1 = __nccwpck_require__(56156);
 const inputs_1 = __nccwpck_require__(9612);
 const platforms_1 = __nccwpck_require__(98361);
 const resolve_1 = __nccwpck_require__(36772);
@@ -129399,8 +129410,9 @@ async function run() {
         setupPython();
         await activateEnvironment();
         addMatchers();
-        setCacheDir(inputs_1.cacheLocalPath);
+        setCacheDir();
         core.setOutput("uv-version", setupResult.version);
+        core.saveState(constants_1.STATE_UV_VERSION, setupResult.version);
         core.info(`Successfully installed uv version ${setupResult.version}`);
         if (inputs_1.enableCache) {
             await (0, restore_cache_1.restoreCache)();
@@ -129431,14 +129443,7 @@ async function setupUv(platform, arch, checkSum, githubToken) {
             version: toolCacheResult.version,
         };
     }
-    let downloadVersionResult;
-    if (inputs_1.serverUrl !== "https://github.com") {
-        core.warning("The input server-url is deprecated. Please use manifest-file instead.");
-        downloadVersionResult = await (0, download_version_1.downloadVersionFromGithub)(inputs_1.serverUrl, platform, arch, resolvedVersion, checkSum, githubToken);
-    }
-    else {
-        downloadVersionResult = await (0, download_version_1.downloadVersionFromManifest)(inputs_1.manifestFile, platform, arch, resolvedVersion, checkSum, githubToken);
-    }
+    const downloadVersionResult = await (0, download_version_1.downloadVersionFromManifest)(inputs_1.manifestFile, platform, arch, resolvedVersion, checkSum, githubToken);
     return {
         uvDir: downloadVersionResult.cachedToolDir,
         version: downloadVersionResult.version,
@@ -129464,18 +129469,33 @@ async function determineVersion(manifestFile) {
 }
 function addUvToPathAndOutput(cachedPath) {
     core.setOutput("uv-path", `${cachedPath}${path.sep}uv`);
+    core.saveState(constants_1.STATE_UV_PATH, `${cachedPath}${path.sep}uv`);
     core.setOutput("uvx-path", `${cachedPath}${path.sep}uvx`);
-    core.addPath(cachedPath);
-    core.info(`Added ${cachedPath} to the path`);
+    if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+        core.info("UV_NO_MODIFY_PATH is set, not modifying PATH");
+    }
+    else {
+        core.addPath(cachedPath);
+        core.info(`Added ${cachedPath} to the path`);
+    }
 }
 function addToolBinToPath() {
     if (inputs_1.toolBinDir !== undefined) {
         core.exportVariable("UV_TOOL_BIN_DIR", inputs_1.toolBinDir);
         core.info(`Set UV_TOOL_BIN_DIR to ${inputs_1.toolBinDir}`);
-        core.addPath(inputs_1.toolBinDir);
-        core.info(`Added ${inputs_1.toolBinDir} to the path`);
+        if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+            core.info(`UV_NO_MODIFY_PATH is set, not adding ${inputs_1.toolBinDir} to path`);
+        }
+        else {
+            core.addPath(inputs_1.toolBinDir);
+            core.info(`Added ${inputs_1.toolBinDir} to the path`);
+        }
     }
     else {
+        if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+            core.info("UV_NO_MODIFY_PATH is set, not adding user local bin to path");
+            return;
+        }
         if (process.env.XDG_BIN_HOME !== undefined) {
             core.addPath(process.env.XDG_BIN_HOME);
             core.info(`Added ${process.env.XDG_BIN_HOME} to the path`);
@@ -129504,6 +129524,9 @@ function setupPython() {
 }
 async function activateEnvironment() {
     if (inputs_1.activateEnvironment) {
+        if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+            throw new Error("UV_NO_MODIFY_PATH and activate-environment cannot be used together.");
+        }
         const execArgs = ["venv", ".venv", "--directory", inputs_1.workingDirectory];
         core.info("Activating python venv...");
         await exec.exec("uv", execArgs);
@@ -129515,9 +129538,16 @@ async function activateEnvironment() {
         core.exportVariable("VIRTUAL_ENV", path.resolve(`${inputs_1.workingDirectory}${path.sep}.venv`));
     }
 }
-function setCacheDir(cacheLocalPath) {
-    core.exportVariable("UV_CACHE_DIR", cacheLocalPath);
-    core.info(`Set UV_CACHE_DIR to ${cacheLocalPath}`);
+function setCacheDir() {
+    if (inputs_1.enableCache) {
+        const cacheDirFromConfig = (0, config_file_1.getConfigValueFromTomlFile)("", "cache-dir");
+        if (cacheDirFromConfig !== undefined) {
+            core.info("Using cache-dir from uv config file, not modifying UV_CACHE_DIR");
+            return;
+        }
+        core.exportVariable("UV_CACHE_DIR", inputs_1.cacheLocalPath);
+        core.info(`Set UV_CACHE_DIR to ${inputs_1.cacheLocalPath}`);
+    }
 }
 function addMatchers() {
     if (inputs_1.addProblemMatchers) {
@@ -129528,6 +129558,67 @@ function addMatchers() {
 run();
 
 
+/***/ }),
+
+/***/ 27846:
+/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
+
+"use strict";
+
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.getConfigValueFromTomlFile = getConfigValueFromTomlFile;
+const node_fs_1 = __importDefault(__nccwpck_require__(73024));
+const toml = __importStar(__nccwpck_require__(27106));
+function getConfigValueFromTomlFile(filePath, key) {
+    if (!node_fs_1.default.existsSync(filePath) || !filePath.endsWith(".toml")) {
+        return undefined;
+    }
+    const fileContent = node_fs_1.default.readFileSync(filePath, "utf-8");
+    if (filePath.endsWith("pyproject.toml")) {
+        const tomlContent = toml.parse(fileContent);
+        return tomlContent?.tool?.uv?.[key];
+    }
+    const tomlContent = toml.parse(fileContent);
+    return tomlContent[key];
+}
+
+
 /***/ }),
 
 /***/ 56156:
@@ -129536,10 +129627,12 @@ run();
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.TOOL_CACHE_NAME = exports.OWNER = exports.REPO = void 0;
+exports.STATE_UV_VERSION = exports.STATE_UV_PATH = exports.TOOL_CACHE_NAME = exports.OWNER = exports.REPO = void 0;
 exports.REPO = "uv";
 exports.OWNER = "astral-sh";
 exports.TOOL_CACHE_NAME = "uv";
+exports.STATE_UV_PATH = "uv-path";
+exports.STATE_UV_VERSION = "uv-version";
 
 
 /***/ }),
@@ -129615,9 +129708,10 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.addProblemMatchers = exports.manifestFile = exports.githubToken = exports.serverUrl = exports.toolDir = exports.toolBinDir = exports.ignoreEmptyWorkdir = exports.ignoreNothingToCache = exports.pruneCache = exports.cacheDependencyGlob = exports.cacheLocalPath = exports.cacheSuffix = exports.saveCache = exports.restoreCache = exports.enableCache = exports.checkSum = exports.activateEnvironment = exports.pythonVersion = exports.versionFile = exports.version = exports.workingDirectory = void 0;
+exports.addProblemMatchers = exports.manifestFile = exports.githubToken = exports.toolDir = exports.toolBinDir = exports.ignoreEmptyWorkdir = exports.ignoreNothingToCache = exports.pruneCache = exports.cacheDependencyGlob = exports.cacheLocalPath = exports.cacheSuffix = exports.saveCache = exports.restoreCache = exports.enableCache = exports.checkSum = exports.activateEnvironment = exports.pythonVersion = exports.versionFile = exports.version = exports.workingDirectory = void 0;
 const node_path_1 = __importDefault(__nccwpck_require__(76760));
 const core = __importStar(__nccwpck_require__(37484));
+const config_file_1 = __nccwpck_require__(27846);
 exports.workingDirectory = core.getInput("working-directory");
 exports.version = core.getInput("version");
 exports.versionFile = getVersionFile();
@@ -129635,7 +129729,6 @@ exports.ignoreNothingToCache = core.getInput("ignore-nothing-to-cache") === "tru
 exports.ignoreEmptyWorkdir = core.getInput("ignore-empty-workdir") === "true";
 exports.toolBinDir = getToolBinDir();
 exports.toolDir = getToolDir();
-exports.serverUrl = core.getInput("server-url");
 exports.githubToken = core.getInput("github-token");
 exports.manifestFile = getManifestFile();
 exports.addProblemMatchers = core.getInput("add-problem-matchers") === "true";
@@ -129688,6 +129781,14 @@ function getCacheLocalPath() {
         const tildeExpanded = expandTilde(cacheLocalPathInput);
         return resolveRelativePath(tildeExpanded);
     }
+    const cacheDirFromConfig = getCacheDirFromConfig();
+    if (cacheDirFromConfig !== undefined) {
+        return cacheDirFromConfig;
+    }
+    if (process.env.UV_CACHE_DIR !== undefined) {
+        core.info(`UV_CACHE_DIR is already set to ${process.env.UV_CACHE_DIR}`);
+        return process.env.UV_CACHE_DIR;
+    }
     if (process.env.RUNNER_ENVIRONMENT === "github-hosted") {
         if (process.env.RUNNER_TEMP !== undefined) {
             return `${process.env.RUNNER_TEMP}${node_path_1.default.sep}setup-uv-cache`;
@@ -129699,6 +129800,24 @@ function getCacheLocalPath() {
     }
     return `${process.env.HOME}${node_path_1.default.sep}.cache${node_path_1.default.sep}uv`;
 }
+function getCacheDirFromConfig() {
+    for (const filePath of [exports.versionFile, "uv.toml", "pyproject.toml"]) {
+        const resolvedPath = resolveRelativePath(filePath);
+        try {
+            const cacheDir = (0, config_file_1.getConfigValueFromTomlFile)(resolvedPath, "cache-dir");
+            if (cacheDir !== undefined) {
+                core.info(`Found cache-dir in ${resolvedPath}: ${cacheDir}`);
+                return cacheDir;
+            }
+        }
+        catch (err) {
+            const message = err.message;
+            core.warning(`Error while parsing ${filePath}: ${message}`);
+            return undefined;
+        }
+    }
+    return undefined;
+}
 function getCacheDependencyGlob() {
     const cacheDependencyGlobInput = core.getInput("cache-dependency-glob");
     if (cacheDependencyGlobInput !== "") {
@@ -129750,7 +129869,8 @@ const DEFAULTS = {
     baseUrl: "https://api.github.com",
     userAgent: "setup-uv",
 };
-exports.Octokit = core_1.Octokit.plugin(plugin_paginate_rest_1.paginateRest, plugin_rest_endpoint_methods_1.legacyRestEndpointMethods).defaults(function buildDefaults(options) {
+const OctokitWithPlugins = core_1.Octokit.plugin(plugin_paginate_rest_1.paginateRest, plugin_rest_endpoint_methods_1.legacyRestEndpointMethods);
+exports.Octokit = OctokitWithPlugins.defaults(function buildDefaults(options) {
     return {
         ...DEFAULTS,
         ...options,
@@ -129864,67 +129984,6 @@ async function isMuslOs() {
 }
 
 
-/***/ }),
-
-/***/ 9931:
-/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
-
-"use strict";
-
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || (function () {
-    var ownKeys = function(o) {
-        ownKeys = Object.getOwnPropertyNames || function (o) {
-            var ar = [];
-            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
-            return ar;
-        };
-        return ownKeys(o);
-    };
-    return function (mod) {
-        if (mod && mod.__esModule) return mod;
-        var result = {};
-        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
-        __setModuleDefault(result, mod);
-        return result;
-    };
-})();
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.getRequiredVersionFromConfigFile = getRequiredVersionFromConfigFile;
-const node_fs_1 = __importDefault(__nccwpck_require__(73024));
-const toml = __importStar(__nccwpck_require__(27106));
-function getRequiredVersionFromConfigFile(filePath) {
-    if (!filePath.endsWith(".toml")) {
-        return undefined;
-    }
-    const fileContent = node_fs_1.default.readFileSync(filePath, "utf-8");
-    if (filePath.endsWith("pyproject.toml")) {
-        const tomlContent = toml.parse(fileContent);
-        return tomlContent?.tool?.uv?.["required-version"];
-    }
-    const tomlContent = toml.parse(fileContent);
-    return tomlContent["required-version"];
-}
-
-
 /***/ }),
 
 /***/ 4569:
@@ -130044,7 +130103,7 @@ Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports.getUvVersionFromFile = getUvVersionFromFile;
 const node_fs_1 = __importDefault(__nccwpck_require__(73024));
 const core = __importStar(__nccwpck_require__(37484));
-const config_file_1 = __nccwpck_require__(9931);
+const config_file_1 = __nccwpck_require__(27846);
 const requirements_file_1 = __nccwpck_require__(4569);
 const tool_versions_file_1 = __nccwpck_require__(4895);
 function getUvVersionFromFile(filePath) {
@@ -130057,7 +130116,7 @@ function getUvVersionFromFile(filePath) {
     try {
         uvVersion = (0, tool_versions_file_1.getUvVersionFromToolVersions)(filePath);
         if (uvVersion === undefined) {
-            uvVersion = (0, config_file_1.getRequiredVersionFromConfigFile)(filePath);
+            uvVersion = (0, config_file_1.getConfigValueFromTomlFile)(filePath, "required-version");
         }
         if (uvVersion === undefined) {
             uvVersion = (0, requirements_file_1.getUvVersionFromRequirementsFile)(filePath);
@@ -133856,7 +133915,7 @@ class RequestError extends Error {
 
 
 // pkg/dist-src/version.js
-var dist_bundle_VERSION = "0.0.0-development";
+var dist_bundle_VERSION = "10.0.5";
 
 // pkg/dist-src/defaults.js
 var defaults_default = {
@@ -134227,7 +134286,7 @@ var createTokenAuth = function createTokenAuth2(token) {
 
 
 ;// CONCATENATED MODULE: ./node_modules/@octokit/core/dist-src/version.js
-const version_VERSION = "7.0.3";
+const version_VERSION = "7.0.5";
 
 
 ;// CONCATENATED MODULE: ./node_modules/@octokit/core/dist-src/index.js
@@ -134801,7 +134860,7 @@ __nccwpck_require__.d(__webpack_exports__, {
 });
 
 ;// CONCATENATED MODULE: ./node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
-const VERSION = "16.0.0";
+const VERSION = "16.1.0";
 
 //# sourceMappingURL=version.js.map
 
@@ -135615,11 +135674,20 @@ const Endpoints = {
     removeSelectedRepoFromOrgSecret: [
       "DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"
     ],
+    repositoryAccessForOrg: [
+      "GET /organizations/{org}/dependabot/repository-access"
+    ],
+    setRepositoryAccessDefaultLevel: [
+      "PUT /organizations/{org}/dependabot/repository-access/default-level"
+    ],
     setSelectedReposForOrgSecret: [
       "PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories"
     ],
     updateAlert: [
       "PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"
+    ],
+    updateRepositoryAccessForOrg: [
+      "PATCH /organizations/{org}/dependabot/repository-access"
     ]
   },
   dependencyGraph: {
@@ -135725,6 +135793,9 @@ const Endpoints = {
     addAssignees: [
       "POST /repos/{owner}/{repo}/issues/{issue_number}/assignees"
     ],
+    addBlockedByDependency: [
+      "POST /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocked_by"
+    ],
     addLabels: ["POST /repos/{owner}/{repo}/issues/{issue_number}/labels"],
     addSubIssue: [
       "POST /repos/{owner}/{repo}/issues/{issue_number}/sub_issues"
@@ -135751,10 +135822,17 @@ const Endpoints = {
     getEvent: ["GET /repos/{owner}/{repo}/issues/events/{event_id}"],
     getLabel: ["GET /repos/{owner}/{repo}/labels/{name}"],
     getMilestone: ["GET /repos/{owner}/{repo}/milestones/{milestone_number}"],
+    getParent: ["GET /repos/{owner}/{repo}/issues/{issue_number}/parent"],
     list: ["GET /issues"],
     listAssignees: ["GET /repos/{owner}/{repo}/assignees"],
     listComments: ["GET /repos/{owner}/{repo}/issues/{issue_number}/comments"],
     listCommentsForRepo: ["GET /repos/{owner}/{repo}/issues/comments"],
+    listDependenciesBlockedBy: [
+      "GET /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocked_by"
+    ],
+    listDependenciesBlocking: [
+      "GET /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocking"
+    ],
     listEvents: ["GET /repos/{owner}/{repo}/issues/{issue_number}/events"],
     listEventsForRepo: ["GET /repos/{owner}/{repo}/issues/events"],
     listEventsForTimeline: [
@@ -135781,6 +135859,9 @@ const Endpoints = {
     removeAssignees: [
       "DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees"
     ],
+    removeDependencyBlockedBy: [
+      "DELETE /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocked_by/{issue_id}"
+    ],
     removeLabel: [
       "DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}"
     ],
@@ -135883,6 +135964,9 @@ const Endpoints = {
     convertMemberToOutsideCollaborator: [
       "PUT /orgs/{org}/outside_collaborators/{username}"
     ],
+    createArtifactStorageRecord: [
+      "POST /orgs/{org}/artifacts/metadata/storage-record"
+    ],
     createInvitation: ["POST /orgs/{org}/invitations"],
     createIssueType: ["POST /orgs/{org}/issue-types"],
     createOrUpdateCustomProperties: ["PATCH /orgs/{org}/properties/schema"],
@@ -135894,15 +135978,15 @@ const Endpoints = {
     ],
     createWebhook: ["POST /orgs/{org}/hooks"],
     delete: ["DELETE /orgs/{org}"],
+    deleteAttestationsBulk: ["POST /orgs/{org}/attestations/delete-request"],
+    deleteAttestationsById: [
+      "DELETE /orgs/{org}/attestations/{attestation_id}"
+    ],
+    deleteAttestationsBySubjectDigest: [
+      "DELETE /orgs/{org}/attestations/digest/{subject_digest}"
+    ],
     deleteIssueType: ["DELETE /orgs/{org}/issue-types/{issue_type_id}"],
     deleteWebhook: ["DELETE /orgs/{org}/hooks/{hook_id}"],
-    enableOrDisableSecurityProductOnAllOrgRepos: [
-      "POST /orgs/{org}/{security_product}/{enablement}",
-      {},
-      {
-        deprecated: "octokit.rest.orgs.enableOrDisableSecurityProductOnAllOrgRepos() is deprecated, see https://docs.github.com/rest/orgs/orgs#enable-or-disable-a-security-feature-for-an-organization"
-      }
-    ],
     get: ["GET /orgs/{org}"],
     getAllCustomProperties: ["GET /orgs/{org}/properties/schema"],
     getCustomProperty: [
@@ -135922,7 +136006,13 @@ const Endpoints = {
     ],
     list: ["GET /organizations"],
     listAppInstallations: ["GET /orgs/{org}/installations"],
+    listArtifactStorageRecords: [
+      "GET /orgs/{org}/artifacts/{subject_digest}/metadata/storage-records"
+    ],
     listAttestations: ["GET /orgs/{org}/attestations/{subject_digest}"],
+    listAttestationsBulk: [
+      "POST /orgs/{org}/attestations/bulk-list{?per_page,before,after}"
+    ],
     listBlockedUsers: ["GET /orgs/{org}/blocks"],
     listCustomPropertiesValuesForRepos: ["GET /orgs/{org}/properties/values"],
     listFailedInvitations: ["GET /orgs/{org}/failed_invitations"],
@@ -136117,6 +136207,44 @@ const Endpoints = {
       "PATCH /orgs/{org}/private-registries/{secret_name}"
     ]
   },
+  projects: {
+    addItemForOrg: ["POST /orgs/{org}/projectsV2/{project_number}/items"],
+    addItemForUser: ["POST /users/{user_id}/projectsV2/{project_number}/items"],
+    deleteItemForOrg: [
+      "DELETE /orgs/{org}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    deleteItemForUser: [
+      "DELETE /users/{user_id}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    getFieldForOrg: [
+      "GET /orgs/{org}/projectsV2/{project_number}/fields/{field_id}"
+    ],
+    getFieldForUser: [
+      "GET /users/{user_id}/projectsV2/{project_number}/fields/{field_id}"
+    ],
+    getForOrg: ["GET /orgs/{org}/projectsV2/{project_number}"],
+    getForUser: ["GET /users/{user_id}/projectsV2/{project_number}"],
+    getOrgItem: ["GET /orgs/{org}/projectsV2/{project_number}/items/{item_id}"],
+    getUserItem: [
+      "GET /users/{user_id}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    listFieldsForOrg: ["GET /orgs/{org}/projectsV2/{project_number}/fields"],
+    listFieldsForUser: [
+      "GET /users/{user_id}/projectsV2/{project_number}/fields"
+    ],
+    listForOrg: ["GET /orgs/{org}/projectsV2"],
+    listForUser: ["GET /users/{username}/projectsV2"],
+    listItemsForOrg: ["GET /orgs/{org}/projectsV2/{project_number}/items"],
+    listItemsForUser: [
+      "GET /users/{user_id}/projectsV2/{project_number}/items"
+    ],
+    updateItemForOrg: [
+      "PATCH /orgs/{org}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    updateItemForUser: [
+      "PATCH /users/{user_id}/projectsV2/{project_number}/items/{item_id}"
+    ]
+  },
   pulls: {
     checkIfMerged: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/merge"],
     create: ["POST /repos/{owner}/{repo}/pulls"],
@@ -136695,8 +136823,14 @@ const Endpoints = {
     listLocationsForAlert: [
       "GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations"
     ],
+    listOrgPatternConfigs: [
+      "GET /orgs/{org}/secret-scanning/pattern-configurations"
+    ],
     updateAlert: [
       "PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"
+    ],
+    updateOrgPatternConfigs: [
+      "PATCH /orgs/{org}/secret-scanning/pattern-configurations"
     ]
   },
   securityAdvisories: {
@@ -136806,6 +136940,15 @@ const Endpoints = {
     ],
     createPublicSshKeyForAuthenticatedUser: ["POST /user/keys"],
     createSshSigningKeyForAuthenticatedUser: ["POST /user/ssh_signing_keys"],
+    deleteAttestationsBulk: [
+      "POST /users/{username}/attestations/delete-request"
+    ],
+    deleteAttestationsById: [
+      "DELETE /users/{username}/attestations/{attestation_id}"
+    ],
+    deleteAttestationsBySubjectDigest: [
+      "DELETE /users/{username}/attestations/digest/{subject_digest}"
+    ],
     deleteEmailForAuthenticated: [
       "DELETE /user/emails",
       {},
@@ -136850,6 +136993,9 @@ const Endpoints = {
     ],
     list: ["GET /users"],
     listAttestations: ["GET /users/{username}/attestations/{subject_digest}"],
+    listAttestationsBulk: [
+      "POST /users/{username}/attestations/bulk-list{?per_page,before,after}"
+    ],
     listBlockedByAuthenticated: [
       "GET /user/blocks",
       {},

dist/update-known-versions/index.js

@@ -65748,10 +65748,12 @@ run();
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.TOOL_CACHE_NAME = exports.OWNER = exports.REPO = void 0;
+exports.STATE_UV_VERSION = exports.STATE_UV_PATH = exports.TOOL_CACHE_NAME = exports.OWNER = exports.REPO = void 0;
 exports.REPO = "uv";
 exports.OWNER = "astral-sh";
 exports.TOOL_CACHE_NAME = "uv";
+exports.STATE_UV_PATH = "uv-path";
+exports.STATE_UV_VERSION = "uv-version";
 
 
 /***/ }),
@@ -65800,7 +65802,8 @@ const DEFAULTS = {
     baseUrl: "https://api.github.com",
     userAgent: "setup-uv",
 };
-exports.Octokit = core_1.Octokit.plugin(plugin_paginate_rest_1.paginateRest, plugin_rest_endpoint_methods_1.legacyRestEndpointMethods).defaults(function buildDefaults(options) {
+const OctokitWithPlugins = core_1.Octokit.plugin(plugin_paginate_rest_1.paginateRest, plugin_rest_endpoint_methods_1.legacyRestEndpointMethods);
+exports.Octokit = OctokitWithPlugins.defaults(function buildDefaults(options) {
     return {
         ...DEFAULTS,
         ...options,
@@ -68593,7 +68596,7 @@ class RequestError extends Error {
 
 
 // pkg/dist-src/version.js
-var dist_bundle_VERSION = "0.0.0-development";
+var dist_bundle_VERSION = "10.0.5";
 
 // pkg/dist-src/defaults.js
 var defaults_default = {
@@ -68964,7 +68967,7 @@ var createTokenAuth = function createTokenAuth2(token) {
 
 
 ;// CONCATENATED MODULE: ./node_modules/@octokit/core/dist-src/version.js
-const version_VERSION = "7.0.3";
+const version_VERSION = "7.0.5";
 
 
 ;// CONCATENATED MODULE: ./node_modules/@octokit/core/dist-src/index.js
@@ -69538,7 +69541,7 @@ __nccwpck_require__.d(__webpack_exports__, {
 });
 
 ;// CONCATENATED MODULE: ./node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js
-const VERSION = "16.0.0";
+const VERSION = "16.1.0";
 
 //# sourceMappingURL=version.js.map
 
@@ -70352,11 +70355,20 @@ const Endpoints = {
     removeSelectedRepoFromOrgSecret: [
       "DELETE /orgs/{org}/dependabot/secrets/{secret_name}/repositories/{repository_id}"
     ],
+    repositoryAccessForOrg: [
+      "GET /organizations/{org}/dependabot/repository-access"
+    ],
+    setRepositoryAccessDefaultLevel: [
+      "PUT /organizations/{org}/dependabot/repository-access/default-level"
+    ],
     setSelectedReposForOrgSecret: [
       "PUT /orgs/{org}/dependabot/secrets/{secret_name}/repositories"
     ],
     updateAlert: [
       "PATCH /repos/{owner}/{repo}/dependabot/alerts/{alert_number}"
+    ],
+    updateRepositoryAccessForOrg: [
+      "PATCH /organizations/{org}/dependabot/repository-access"
     ]
   },
   dependencyGraph: {
@@ -70462,6 +70474,9 @@ const Endpoints = {
     addAssignees: [
       "POST /repos/{owner}/{repo}/issues/{issue_number}/assignees"
     ],
+    addBlockedByDependency: [
+      "POST /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocked_by"
+    ],
     addLabels: ["POST /repos/{owner}/{repo}/issues/{issue_number}/labels"],
     addSubIssue: [
       "POST /repos/{owner}/{repo}/issues/{issue_number}/sub_issues"
@@ -70488,10 +70503,17 @@ const Endpoints = {
     getEvent: ["GET /repos/{owner}/{repo}/issues/events/{event_id}"],
     getLabel: ["GET /repos/{owner}/{repo}/labels/{name}"],
     getMilestone: ["GET /repos/{owner}/{repo}/milestones/{milestone_number}"],
+    getParent: ["GET /repos/{owner}/{repo}/issues/{issue_number}/parent"],
     list: ["GET /issues"],
     listAssignees: ["GET /repos/{owner}/{repo}/assignees"],
     listComments: ["GET /repos/{owner}/{repo}/issues/{issue_number}/comments"],
     listCommentsForRepo: ["GET /repos/{owner}/{repo}/issues/comments"],
+    listDependenciesBlockedBy: [
+      "GET /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocked_by"
+    ],
+    listDependenciesBlocking: [
+      "GET /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocking"
+    ],
     listEvents: ["GET /repos/{owner}/{repo}/issues/{issue_number}/events"],
     listEventsForRepo: ["GET /repos/{owner}/{repo}/issues/events"],
     listEventsForTimeline: [
@@ -70518,6 +70540,9 @@ const Endpoints = {
     removeAssignees: [
       "DELETE /repos/{owner}/{repo}/issues/{issue_number}/assignees"
     ],
+    removeDependencyBlockedBy: [
+      "DELETE /repos/{owner}/{repo}/issues/{issue_number}/dependencies/blocked_by/{issue_id}"
+    ],
     removeLabel: [
       "DELETE /repos/{owner}/{repo}/issues/{issue_number}/labels/{name}"
     ],
@@ -70620,6 +70645,9 @@ const Endpoints = {
     convertMemberToOutsideCollaborator: [
       "PUT /orgs/{org}/outside_collaborators/{username}"
     ],
+    createArtifactStorageRecord: [
+      "POST /orgs/{org}/artifacts/metadata/storage-record"
+    ],
     createInvitation: ["POST /orgs/{org}/invitations"],
     createIssueType: ["POST /orgs/{org}/issue-types"],
     createOrUpdateCustomProperties: ["PATCH /orgs/{org}/properties/schema"],
@@ -70631,15 +70659,15 @@ const Endpoints = {
     ],
     createWebhook: ["POST /orgs/{org}/hooks"],
     delete: ["DELETE /orgs/{org}"],
+    deleteAttestationsBulk: ["POST /orgs/{org}/attestations/delete-request"],
+    deleteAttestationsById: [
+      "DELETE /orgs/{org}/attestations/{attestation_id}"
+    ],
+    deleteAttestationsBySubjectDigest: [
+      "DELETE /orgs/{org}/attestations/digest/{subject_digest}"
+    ],
     deleteIssueType: ["DELETE /orgs/{org}/issue-types/{issue_type_id}"],
     deleteWebhook: ["DELETE /orgs/{org}/hooks/{hook_id}"],
-    enableOrDisableSecurityProductOnAllOrgRepos: [
-      "POST /orgs/{org}/{security_product}/{enablement}",
-      {},
-      {
-        deprecated: "octokit.rest.orgs.enableOrDisableSecurityProductOnAllOrgRepos() is deprecated, see https://docs.github.com/rest/orgs/orgs#enable-or-disable-a-security-feature-for-an-organization"
-      }
-    ],
     get: ["GET /orgs/{org}"],
     getAllCustomProperties: ["GET /orgs/{org}/properties/schema"],
     getCustomProperty: [
@@ -70659,7 +70687,13 @@ const Endpoints = {
     ],
     list: ["GET /organizations"],
     listAppInstallations: ["GET /orgs/{org}/installations"],
+    listArtifactStorageRecords: [
+      "GET /orgs/{org}/artifacts/{subject_digest}/metadata/storage-records"
+    ],
     listAttestations: ["GET /orgs/{org}/attestations/{subject_digest}"],
+    listAttestationsBulk: [
+      "POST /orgs/{org}/attestations/bulk-list{?per_page,before,after}"
+    ],
     listBlockedUsers: ["GET /orgs/{org}/blocks"],
     listCustomPropertiesValuesForRepos: ["GET /orgs/{org}/properties/values"],
     listFailedInvitations: ["GET /orgs/{org}/failed_invitations"],
@@ -70854,6 +70888,44 @@ const Endpoints = {
       "PATCH /orgs/{org}/private-registries/{secret_name}"
     ]
   },
+  projects: {
+    addItemForOrg: ["POST /orgs/{org}/projectsV2/{project_number}/items"],
+    addItemForUser: ["POST /users/{user_id}/projectsV2/{project_number}/items"],
+    deleteItemForOrg: [
+      "DELETE /orgs/{org}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    deleteItemForUser: [
+      "DELETE /users/{user_id}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    getFieldForOrg: [
+      "GET /orgs/{org}/projectsV2/{project_number}/fields/{field_id}"
+    ],
+    getFieldForUser: [
+      "GET /users/{user_id}/projectsV2/{project_number}/fields/{field_id}"
+    ],
+    getForOrg: ["GET /orgs/{org}/projectsV2/{project_number}"],
+    getForUser: ["GET /users/{user_id}/projectsV2/{project_number}"],
+    getOrgItem: ["GET /orgs/{org}/projectsV2/{project_number}/items/{item_id}"],
+    getUserItem: [
+      "GET /users/{user_id}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    listFieldsForOrg: ["GET /orgs/{org}/projectsV2/{project_number}/fields"],
+    listFieldsForUser: [
+      "GET /users/{user_id}/projectsV2/{project_number}/fields"
+    ],
+    listForOrg: ["GET /orgs/{org}/projectsV2"],
+    listForUser: ["GET /users/{username}/projectsV2"],
+    listItemsForOrg: ["GET /orgs/{org}/projectsV2/{project_number}/items"],
+    listItemsForUser: [
+      "GET /users/{user_id}/projectsV2/{project_number}/items"
+    ],
+    updateItemForOrg: [
+      "PATCH /orgs/{org}/projectsV2/{project_number}/items/{item_id}"
+    ],
+    updateItemForUser: [
+      "PATCH /users/{user_id}/projectsV2/{project_number}/items/{item_id}"
+    ]
+  },
   pulls: {
     checkIfMerged: ["GET /repos/{owner}/{repo}/pulls/{pull_number}/merge"],
     create: ["POST /repos/{owner}/{repo}/pulls"],
@@ -71432,8 +71504,14 @@ const Endpoints = {
     listLocationsForAlert: [
       "GET /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}/locations"
     ],
+    listOrgPatternConfigs: [
+      "GET /orgs/{org}/secret-scanning/pattern-configurations"
+    ],
     updateAlert: [
       "PATCH /repos/{owner}/{repo}/secret-scanning/alerts/{alert_number}"
+    ],
+    updateOrgPatternConfigs: [
+      "PATCH /orgs/{org}/secret-scanning/pattern-configurations"
     ]
   },
   securityAdvisories: {
@@ -71543,6 +71621,15 @@ const Endpoints = {
     ],
     createPublicSshKeyForAuthenticatedUser: ["POST /user/keys"],
     createSshSigningKeyForAuthenticatedUser: ["POST /user/ssh_signing_keys"],
+    deleteAttestationsBulk: [
+      "POST /users/{username}/attestations/delete-request"
+    ],
+    deleteAttestationsById: [
+      "DELETE /users/{username}/attestations/{attestation_id}"
+    ],
+    deleteAttestationsBySubjectDigest: [
+      "DELETE /users/{username}/attestations/digest/{subject_digest}"
+    ],
     deleteEmailForAuthenticated: [
       "DELETE /user/emails",
       {},
@@ -71587,6 +71674,9 @@ const Endpoints = {
     ],
     list: ["GET /users"],
     listAttestations: ["GET /users/{username}/attestations/{subject_digest}"],
+    listAttestationsBulk: [
+      "POST /users/{username}/attestations/bulk-list{?per_page,before,after}"
+    ],
     listBlockedByAuthenticated: [
       "GET /user/blocks",
       {},

package-lock.json

@@ -15,22 +15,22 @@
         "@actions/glob": "^0.5.0",
         "@actions/io": "^1.1.3",
         "@actions/tool-cache": "^2.0.2",
-        "@octokit/core": "^7.0.3",
+        "@octokit/core": "^7.0.5",
         "@octokit/plugin-paginate-rest": "^13.1.1",
-        "@octokit/plugin-rest-endpoint-methods": "^16.0.0",
-        "@renovatebot/pep440": "^4.2.0",
+        "@octokit/plugin-rest-endpoint-methods": "^16.1.0",
+        "@renovatebot/pep440": "^4.2.1",
         "smol-toml": "^1.4.2",
         "undici": "^7.16.0"
       },
       "devDependencies": {
         "@biomejs/biome": "2.2.4",
         "@types/js-yaml": "^4.0.9",
-        "@types/node": "^24.3.1",
+        "@types/node": "^24.7.0",
         "@types/semver": "^7.7.1",
-        "@vercel/ncc": "^0.38.3",
+        "@vercel/ncc": "^0.38.4",
         "jest": "^30.1.3",
         "js-yaml": "^4.1.0",
-        "ts-jest": "^29.4.1",
+        "ts-jest": "^29.4.4",
         "typescript": "^5.9.2"
       }
     },
@@ -1611,16 +1611,16 @@
       }
     },
     "node_modules/@octokit/core": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.3.tgz",
-      "integrity": "sha512-oNXsh2ywth5aowwIa7RKtawnkdH6LgU1ztfP9AIUCQCvzysB+WeU8o2kyyosDPwBZutPpjZDKPQGIzzrfTWweQ==",
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.5.tgz",
+      "integrity": "sha512-t54CUOsFMappY1Jbzb7fetWeO0n6K0k/4+/ZpkS+3Joz8I4VcvY9OiEBFRYISqaI2fq5sCiPtAjRDOzVYG8m+Q==",
       "license": "MIT",
       "dependencies": {
         "@octokit/auth-token": "^6.0.0",
-        "@octokit/graphql": "^9.0.1",
-        "@octokit/request": "^10.0.2",
-        "@octokit/request-error": "^7.0.0",
-        "@octokit/types": "^14.0.0",
+        "@octokit/graphql": "^9.0.2",
+        "@octokit/request": "^10.0.4",
+        "@octokit/request-error": "^7.0.1",
+        "@octokit/types": "^15.0.0",
         "before-after-hook": "^4.0.0",
         "universal-user-agent": "^7.0.0"
       },
@@ -1628,33 +1628,78 @@
         "node": ">= 20"
       }
     },
-    "node_modules/@octokit/endpoint": {
-      "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.0.tgz",
-      "integrity": "sha512-hoYicJZaqISMAI3JfaDr1qMNi48OctWuOih1m80bkYow/ayPw6Jj52tqWJ6GEoFTk1gBqfanSoI1iY99Z5+ekQ==",
+    "node_modules/@octokit/core/node_modules/@octokit/openapi-types": {
+      "version": "26.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+      "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/core/node_modules/@octokit/types": {
+      "version": "15.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+      "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/types": "^14.0.0",
+        "@octokit/openapi-types": "^26.0.0"
+      }
+    },
+    "node_modules/@octokit/endpoint": {
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.1.tgz",
+      "integrity": "sha512-7P1dRAZxuWAOPI7kXfio88trNi/MegQ0IJD3vfgC3b+LZo1Qe6gRJc2v0mz2USWWJOKrB2h5spXCzGbw+fAdqA==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/types": "^15.0.0",
         "universal-user-agent": "^7.0.2"
       },
       "engines": {
         "node": ">= 20"
       }
     },
-    "node_modules/@octokit/graphql": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.1.tgz",
-      "integrity": "sha512-j1nQNU1ZxNFx2ZtKmL4sMrs4egy5h65OMDmSbVyuCzjOcwsHq6EaYjOTGXPQxgfiN8dJ4CriYHk6zF050WEULg==",
+    "node_modules/@octokit/endpoint/node_modules/@octokit/openapi-types": {
+      "version": "26.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+      "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/endpoint/node_modules/@octokit/types": {
+      "version": "15.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+      "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/request": "^10.0.2",
-        "@octokit/types": "^14.0.0",
+        "@octokit/openapi-types": "^26.0.0"
+      }
+    },
+    "node_modules/@octokit/graphql": {
+      "version": "9.0.2",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.2.tgz",
+      "integrity": "sha512-iz6KzZ7u95Fzy9Nt2L8cG88lGRMr/qy1Q36ih/XVzMIlPDMYwaNLE/ENhqmIzgPrlNWiYJkwmveEetvxAgFBJw==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/request": "^10.0.4",
+        "@octokit/types": "^15.0.0",
         "universal-user-agent": "^7.0.0"
       },
       "engines": {
         "node": ">= 20"
       }
     },
+    "node_modules/@octokit/graphql/node_modules/@octokit/openapi-types": {
+      "version": "26.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+      "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/graphql/node_modules/@octokit/types": {
+      "version": "15.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+      "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/openapi-types": "^26.0.0"
+      }
+    },
     "node_modules/@octokit/openapi-types": {
       "version": "25.1.0",
       "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz",
@@ -1677,12 +1722,12 @@
       }
     },
     "node_modules/@octokit/plugin-rest-endpoint-methods": {
-      "version": "16.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-16.0.0.tgz",
-      "integrity": "sha512-kJVUQk6/dx/gRNLWUnAWKFs1kVPn5O5CYZyssyEoNYaFedqZxsfYs7DwI3d67hGz4qOwaJ1dpm07hOAD1BXx6g==",
+      "version": "16.1.0",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-16.1.0.tgz",
+      "integrity": "sha512-nCsyiKoGRnhH5LkH8hJEZb9swpqOcsW+VXv1QoyUNQXJeVODG4+xM6UICEqyqe9XFr6LkL8BIiFCPev8zMDXPw==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/types": "^14.1.0"
+        "@octokit/types": "^15.0.0"
       },
       "engines": {
         "node": ">= 20"
@@ -1691,15 +1736,30 @@
         "@octokit/core": ">=6"
       }
     },
-    "node_modules/@octokit/request": {
-      "version": "10.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.2.tgz",
-      "integrity": "sha512-iYj4SJG/2bbhh+iIpFmG5u49DtJ4lipQ+aPakjL9OKpsGY93wM8w06gvFbEQxcMsZcCvk5th5KkIm2m8o14aWA==",
+    "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/openapi-types": {
+      "version": "26.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+      "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/plugin-rest-endpoint-methods/node_modules/@octokit/types": {
+      "version": "15.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+      "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/endpoint": "^11.0.0",
-        "@octokit/request-error": "^7.0.0",
-        "@octokit/types": "^14.0.0",
+        "@octokit/openapi-types": "^26.0.0"
+      }
+    },
+    "node_modules/@octokit/request": {
+      "version": "10.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.5.tgz",
+      "integrity": "sha512-TXnouHIYLtgDhKo+N6mXATnDBkV05VwbR0TtMWpgTHIoQdRQfCSzmy/LGqR1AbRMbijq/EckC/E3/ZNcU92NaQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/endpoint": "^11.0.1",
+        "@octokit/request-error": "^7.0.1",
+        "@octokit/types": "^15.0.0",
         "fast-content-type-parse": "^3.0.0",
         "universal-user-agent": "^7.0.2"
       },
@@ -1708,17 +1768,47 @@
       }
     },
     "node_modules/@octokit/request-error": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.0.tgz",
-      "integrity": "sha512-KRA7VTGdVyJlh0cP5Tf94hTiYVVqmt2f3I6mnimmaVz4UG3gQV/k4mDJlJv3X67iX6rmN7gSHCF8ssqeMnmhZg==",
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.1.tgz",
+      "integrity": "sha512-CZpFwV4+1uBrxu7Cw8E5NCXDWFNf18MSY23TdxCBgjw1tXXHvTrZVsXlW8hgFTOLw8RQR1BBrMvYRtuyaijHMA==",
       "license": "MIT",
       "dependencies": {
-        "@octokit/types": "^14.0.0"
+        "@octokit/types": "^15.0.0"
       },
       "engines": {
         "node": ">= 20"
       }
     },
+    "node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": {
+      "version": "26.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+      "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/request-error/node_modules/@octokit/types": {
+      "version": "15.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+      "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/openapi-types": "^26.0.0"
+      }
+    },
+    "node_modules/@octokit/request/node_modules/@octokit/openapi-types": {
+      "version": "26.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+      "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==",
+      "license": "MIT"
+    },
+    "node_modules/@octokit/request/node_modules/@octokit/types": {
+      "version": "15.0.0",
+      "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+      "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@octokit/openapi-types": "^26.0.0"
+      }
+    },
     "node_modules/@octokit/types": {
       "version": "14.1.0",
       "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.1.0.tgz",
@@ -1776,10 +1866,9 @@
       }
     },
     "node_modules/@renovatebot/pep440": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/@renovatebot/pep440/-/pep440-4.2.0.tgz",
-      "integrity": "sha512-hT7WcjHbZdx3U9iRKuGwgm1l2wFS+FrWEdX+EQ5i+VAI6tWdcktFtdwDTNIqSwklOW1Vng55om8c4RrPHCmiIQ==",
-      "license": "Apache-2.0",
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/@renovatebot/pep440/-/pep440-4.2.1.tgz",
+      "integrity": "sha512-2FK1hF93Fuf1laSdfiEmJvSJPVIDHEUTz68D3Fi9s0IZrrpaEcj6pTFBTbYvsgC5du4ogrtf5re7yMMvrKNgkw==",
       "engines": {
         "node": "^20.9.0 || ^22.11.0 || ^24",
         "pnpm": "^10.0.0"
@@ -1911,12 +2000,12 @@
       "license": "MIT"
     },
     "node_modules/@types/node": {
-      "version": "24.4.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.4.0.tgz",
-      "integrity": "sha512-gUuVEAK4/u6F9wRLznPUU4WGUacSEBDPoC2TrBkw3GAnOLHBL45QdfHOXp1kJ4ypBGLxTOB+t7NJLpKoC3gznQ==",
+      "version": "24.7.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.7.0.tgz",
+      "integrity": "sha512-IbKooQVqUBrlzWTi79E8Fw78l8k1RNtlDDNWsFZs7XonuQSJ8oNYfEeclhprUldXISRMLzBpILuKgPlIxm+/Yw==",
       "license": "MIT",
       "dependencies": {
-        "undici-types": "~7.11.0"
+        "undici-types": "~7.14.0"
       }
     },
     "node_modules/@types/node-fetch": {
@@ -2260,10 +2349,11 @@
       ]
     },
     "node_modules/@vercel/ncc": {
-      "version": "0.38.3",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.3.tgz",
-      "integrity": "sha512-rnK6hJBS6mwc+Bkab+PGPs9OiS0i/3kdTO+CkI8V0/VrW3vmz7O2Pxjw/owOlmo6PKEIxRSeZKv/kuL9itnpYA==",
+      "version": "0.38.4",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.4.tgz",
+      "integrity": "sha512-8LwjnlP39s08C08J5NstzriPvW1SP8Zfpp1BvC2sI35kPeZnHfxVkCwu4/+Wodgnd60UtT1n8K8zw+Mp7J9JmQ==",
       "dev": true,
+      "license": "MIT",
       "bin": {
         "ncc": "dist/ncc/cli.js"
       }
@@ -5228,9 +5318,9 @@
       "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
     },
     "node_modules/ts-jest": {
-      "version": "29.4.1",
-      "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.1.tgz",
-      "integrity": "sha512-SaeUtjfpg9Uqu8IbeDKtdaS0g8lS6FT6OzM3ezrDfErPJPHNDo/Ey+VFGP1bQIDfagYDLyRpd7O15XpG1Es2Uw==",
+      "version": "29.4.4",
+      "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.4.tgz",
+      "integrity": "sha512-ccVcRABct5ZELCT5U0+DZwkXMCcOCLi2doHRrKy1nK/s7J7bch6TzJMsrY09WxgUUIP/ITfmcDS8D2yl63rnXw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5367,9 +5457,9 @@
       }
     },
     "node_modules/undici-types": {
-      "version": "7.11.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.11.0.tgz",
-      "integrity": "sha512-kt1ZriHTi7MU+Z/r9DOdAI3ONdaR3M3csEaRc6ewa4f4dTvX4cQCbJ4NkEn0ohE4hHtq85+PhPSTY+pO/1PwgA==",
+      "version": "7.14.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz",
+      "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA==",
       "license": "MIT"
     },
     "node_modules/universal-user-agent": {
@@ -6904,36 +6994,81 @@
       "integrity": "sha512-P4YJBPdPSpWTQ1NU4XYdvHvXJJDxM6YwpS0FZHRgP7YFkdVxsWcpWGy/NVqlAA7PcPCnMacXlRm1y2PFZRWL/w=="
     },
     "@octokit/core": {
-      "version": "7.0.3",
-      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.3.tgz",
-      "integrity": "sha512-oNXsh2ywth5aowwIa7RKtawnkdH6LgU1ztfP9AIUCQCvzysB+WeU8o2kyyosDPwBZutPpjZDKPQGIzzrfTWweQ==",
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/core/-/core-7.0.5.tgz",
+      "integrity": "sha512-t54CUOsFMappY1Jbzb7fetWeO0n6K0k/4+/ZpkS+3Joz8I4VcvY9OiEBFRYISqaI2fq5sCiPtAjRDOzVYG8m+Q==",
       "requires": {
         "@octokit/auth-token": "^6.0.0",
-        "@octokit/graphql": "^9.0.1",
-        "@octokit/request": "^10.0.2",
-        "@octokit/request-error": "^7.0.0",
-        "@octokit/types": "^14.0.0",
+        "@octokit/graphql": "^9.0.2",
+        "@octokit/request": "^10.0.4",
+        "@octokit/request-error": "^7.0.1",
+        "@octokit/types": "^15.0.0",
         "before-after-hook": "^4.0.0",
         "universal-user-agent": "^7.0.0"
+      },
+      "dependencies": {
+        "@octokit/openapi-types": {
+          "version": "26.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+          "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA=="
+        },
+        "@octokit/types": {
+          "version": "15.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+          "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+          "requires": {
+            "@octokit/openapi-types": "^26.0.0"
+          }
+        }
       }
     },
     "@octokit/endpoint": {
-      "version": "11.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.0.tgz",
-      "integrity": "sha512-hoYicJZaqISMAI3JfaDr1qMNi48OctWuOih1m80bkYow/ayPw6Jj52tqWJ6GEoFTk1gBqfanSoI1iY99Z5+ekQ==",
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/endpoint/-/endpoint-11.0.1.tgz",
+      "integrity": "sha512-7P1dRAZxuWAOPI7kXfio88trNi/MegQ0IJD3vfgC3b+LZo1Qe6gRJc2v0mz2USWWJOKrB2h5spXCzGbw+fAdqA==",
       "requires": {
-        "@octokit/types": "^14.0.0",
+        "@octokit/types": "^15.0.0",
         "universal-user-agent": "^7.0.2"
+      },
+      "dependencies": {
+        "@octokit/openapi-types": {
+          "version": "26.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+          "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA=="
+        },
+        "@octokit/types": {
+          "version": "15.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+          "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+          "requires": {
+            "@octokit/openapi-types": "^26.0.0"
+          }
+        }
       }
     },
     "@octokit/graphql": {
-      "version": "9.0.1",
-      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.1.tgz",
-      "integrity": "sha512-j1nQNU1ZxNFx2ZtKmL4sMrs4egy5h65OMDmSbVyuCzjOcwsHq6EaYjOTGXPQxgfiN8dJ4CriYHk6zF050WEULg==",
+      "version": "9.0.2",
+      "resolved": "https://registry.npmjs.org/@octokit/graphql/-/graphql-9.0.2.tgz",
+      "integrity": "sha512-iz6KzZ7u95Fzy9Nt2L8cG88lGRMr/qy1Q36ih/XVzMIlPDMYwaNLE/ENhqmIzgPrlNWiYJkwmveEetvxAgFBJw==",
       "requires": {
-        "@octokit/request": "^10.0.2",
-        "@octokit/types": "^14.0.0",
+        "@octokit/request": "^10.0.4",
+        "@octokit/types": "^15.0.0",
         "universal-user-agent": "^7.0.0"
+      },
+      "dependencies": {
+        "@octokit/openapi-types": {
+          "version": "26.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+          "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA=="
+        },
+        "@octokit/types": {
+          "version": "15.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+          "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+          "requires": {
+            "@octokit/openapi-types": "^26.0.0"
+          }
+        }
       }
     },
     "@octokit/openapi-types": {
@@ -6950,31 +7085,76 @@
       }
     },
     "@octokit/plugin-rest-endpoint-methods": {
-      "version": "16.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-16.0.0.tgz",
-      "integrity": "sha512-kJVUQk6/dx/gRNLWUnAWKFs1kVPn5O5CYZyssyEoNYaFedqZxsfYs7DwI3d67hGz4qOwaJ1dpm07hOAD1BXx6g==",
+      "version": "16.1.0",
+      "resolved": "https://registry.npmjs.org/@octokit/plugin-rest-endpoint-methods/-/plugin-rest-endpoint-methods-16.1.0.tgz",
+      "integrity": "sha512-nCsyiKoGRnhH5LkH8hJEZb9swpqOcsW+VXv1QoyUNQXJeVODG4+xM6UICEqyqe9XFr6LkL8BIiFCPev8zMDXPw==",
       "requires": {
-        "@octokit/types": "^14.1.0"
+        "@octokit/types": "^15.0.0"
+      },
+      "dependencies": {
+        "@octokit/openapi-types": {
+          "version": "26.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+          "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA=="
+        },
+        "@octokit/types": {
+          "version": "15.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+          "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+          "requires": {
+            "@octokit/openapi-types": "^26.0.0"
+          }
+        }
       }
     },
     "@octokit/request": {
-      "version": "10.0.2",
-      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.2.tgz",
-      "integrity": "sha512-iYj4SJG/2bbhh+iIpFmG5u49DtJ4lipQ+aPakjL9OKpsGY93wM8w06gvFbEQxcMsZcCvk5th5KkIm2m8o14aWA==",
+      "version": "10.0.5",
+      "resolved": "https://registry.npmjs.org/@octokit/request/-/request-10.0.5.tgz",
+      "integrity": "sha512-TXnouHIYLtgDhKo+N6mXATnDBkV05VwbR0TtMWpgTHIoQdRQfCSzmy/LGqR1AbRMbijq/EckC/E3/ZNcU92NaQ==",
       "requires": {
-        "@octokit/endpoint": "^11.0.0",
-        "@octokit/request-error": "^7.0.0",
-        "@octokit/types": "^14.0.0",
+        "@octokit/endpoint": "^11.0.1",
+        "@octokit/request-error": "^7.0.1",
+        "@octokit/types": "^15.0.0",
         "fast-content-type-parse": "^3.0.0",
         "universal-user-agent": "^7.0.2"
+      },
+      "dependencies": {
+        "@octokit/openapi-types": {
+          "version": "26.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+          "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA=="
+        },
+        "@octokit/types": {
+          "version": "15.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+          "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+          "requires": {
+            "@octokit/openapi-types": "^26.0.0"
+          }
+        }
       }
     },
     "@octokit/request-error": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.0.tgz",
-      "integrity": "sha512-KRA7VTGdVyJlh0cP5Tf94hTiYVVqmt2f3I6mnimmaVz4UG3gQV/k4mDJlJv3X67iX6rmN7gSHCF8ssqeMnmhZg==",
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.1.tgz",
+      "integrity": "sha512-CZpFwV4+1uBrxu7Cw8E5NCXDWFNf18MSY23TdxCBgjw1tXXHvTrZVsXlW8hgFTOLw8RQR1BBrMvYRtuyaijHMA==",
       "requires": {
-        "@octokit/types": "^14.0.0"
+        "@octokit/types": "^15.0.0"
+      },
+      "dependencies": {
+        "@octokit/openapi-types": {
+          "version": "26.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz",
+          "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA=="
+        },
+        "@octokit/types": {
+          "version": "15.0.0",
+          "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz",
+          "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==",
+          "requires": {
+            "@octokit/openapi-types": "^26.0.0"
+          }
+        }
       }
     },
     "@octokit/types": {
@@ -7017,9 +7197,9 @@
       }
     },
     "@renovatebot/pep440": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/@renovatebot/pep440/-/pep440-4.2.0.tgz",
-      "integrity": "sha512-hT7WcjHbZdx3U9iRKuGwgm1l2wFS+FrWEdX+EQ5i+VAI6tWdcktFtdwDTNIqSwklOW1Vng55om8c4RrPHCmiIQ=="
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/@renovatebot/pep440/-/pep440-4.2.1.tgz",
+      "integrity": "sha512-2FK1hF93Fuf1laSdfiEmJvSJPVIDHEUTz68D3Fi9s0IZrrpaEcj6pTFBTbYvsgC5du4ogrtf5re7yMMvrKNgkw=="
     },
     "@sinclair/typebox": {
       "version": "0.34.38",
@@ -7136,11 +7316,11 @@
       "dev": true
     },
     "@types/node": {
-      "version": "24.4.0",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.4.0.tgz",
-      "integrity": "sha512-gUuVEAK4/u6F9wRLznPUU4WGUacSEBDPoC2TrBkw3GAnOLHBL45QdfHOXp1kJ4ypBGLxTOB+t7NJLpKoC3gznQ==",
+      "version": "24.7.0",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.7.0.tgz",
+      "integrity": "sha512-IbKooQVqUBrlzWTi79E8Fw78l8k1RNtlDDNWsFZs7XonuQSJ8oNYfEeclhprUldXISRMLzBpILuKgPlIxm+/Yw==",
       "requires": {
-        "undici-types": "~7.11.0"
+        "undici-types": "~7.14.0"
       }
     },
     "@types/node-fetch": {
@@ -7344,9 +7524,9 @@
       "optional": true
     },
     "@vercel/ncc": {
-      "version": "0.38.3",
-      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.3.tgz",
-      "integrity": "sha512-rnK6hJBS6mwc+Bkab+PGPs9OiS0i/3kdTO+CkI8V0/VrW3vmz7O2Pxjw/owOlmo6PKEIxRSeZKv/kuL9itnpYA==",
+      "version": "0.38.4",
+      "resolved": "https://registry.npmjs.org/@vercel/ncc/-/ncc-0.38.4.tgz",
+      "integrity": "sha512-8LwjnlP39s08C08J5NstzriPvW1SP8Zfpp1BvC2sI35kPeZnHfxVkCwu4/+Wodgnd60UtT1n8K8zw+Mp7J9JmQ==",
       "dev": true
     },
     "abort-controller": {
@@ -9358,9 +9538,9 @@
       "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw=="
     },
     "ts-jest": {
-      "version": "29.4.1",
-      "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.1.tgz",
-      "integrity": "sha512-SaeUtjfpg9Uqu8IbeDKtdaS0g8lS6FT6OzM3ezrDfErPJPHNDo/Ey+VFGP1bQIDfagYDLyRpd7O15XpG1Es2Uw==",
+      "version": "29.4.4",
+      "resolved": "https://registry.npmjs.org/ts-jest/-/ts-jest-29.4.4.tgz",
+      "integrity": "sha512-ccVcRABct5ZELCT5U0+DZwkXMCcOCLi2doHRrKy1nK/s7J7bch6TzJMsrY09WxgUUIP/ITfmcDS8D2yl63rnXw==",
       "dev": true,
       "requires": {
         "bs-logger": "^0.2.6",
@@ -9423,9 +9603,9 @@
       "integrity": "sha512-QEg3HPMll0o3t2ourKwOeUAZ159Kn9mx5pnzHRQO8+Wixmh88YdZRiIwat0iNzNNXn0yoEtXJqFpyW7eM8BV7g=="
     },
     "undici-types": {
-      "version": "7.11.0",
-      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.11.0.tgz",
-      "integrity": "sha512-kt1ZriHTi7MU+Z/r9DOdAI3ONdaR3M3csEaRc6ewa4f4dTvX4cQCbJ4NkEn0ohE4hHtq85+PhPSTY+pO/1PwgA=="
+      "version": "7.14.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.14.0.tgz",
+      "integrity": "sha512-QQiYxHuyZ9gQUIrmPo3IA+hUl4KYk8uSA7cHrcKd/l3p1OTpZcM0Tbp9x7FAtXdAYhlasd60ncPpgu6ihG6TOA=="
     },
     "universal-user-agent": {
       "version": "7.0.3",

package.json

@@ -27,22 +27,22 @@
     "@actions/glob": "^0.5.0",
     "@actions/io": "^1.1.3",
     "@actions/tool-cache": "^2.0.2",
-    "@octokit/core": "^7.0.3",
+    "@octokit/core": "^7.0.5",
     "@octokit/plugin-paginate-rest": "^13.1.1",
-    "@octokit/plugin-rest-endpoint-methods": "^16.0.0",
-    "@renovatebot/pep440": "^4.2.0",
+    "@octokit/plugin-rest-endpoint-methods": "^16.1.0",
+    "@renovatebot/pep440": "^4.2.1",
     "smol-toml": "^1.4.2",
     "undici": "^7.16.0"
   },
   "devDependencies": {
     "@biomejs/biome": "2.2.4",
     "@types/js-yaml": "^4.0.9",
-    "@types/node": "^24.3.1",
+    "@types/node": "^24.7.0",
     "@types/semver": "^7.7.1",
-    "@vercel/ncc": "^0.38.3",
+    "@vercel/ncc": "^0.38.4",
     "jest": "^30.1.3",
     "js-yaml": "^4.1.0",
-    "ts-jest": "^29.4.1",
+    "ts-jest": "^29.4.4",
     "typescript": "^5.9.2"
   }
 }

src/download/download-version.ts

@@ -2,6 +2,7 @@ import { promises as fs } from "node:fs";
 import * as path from "node:path";
 import * as core from "@actions/core";
 import * as tc from "@actions/tool-cache";
+import type { Endpoints } from "@octokit/types";
 import * as pep440 from "@renovatebot/pep440";
 import { OWNER, REPO, TOOL_CACHE_NAME } from "../utils/constants";
 import { Octokit } from "../utils/octokit";
@@ -12,6 +13,9 @@ import {
   getLatestKnownVersion as getLatestVersionInManifest,
 } from "./version-manifest";
 
+type Release =
+  Endpoints["GET /repos/{owner}/{repo}/releases"]["response"]["data"][number];
+
 export function tryGetFromToolCache(
   arch: Architecture,
   version: string,
@@ -28,7 +32,6 @@ export function tryGetFromToolCache(
 }
 
 export async function downloadVersionFromGithub(
-  serverUrl: string,
   platform: Platform,
   arch: Architecture,
   version: string,
@@ -37,7 +40,7 @@ export async function downloadVersionFromGithub(
 ): Promise<{ version: string; cachedToolDir: string }> {
   const artifact = `uv-${arch}-${platform}`;
   const extension = getExtension(platform);
-  const downloadUrl = `${serverUrl}/${OWNER}/${REPO}/releases/download/${version}/${artifact}${extension}`;
+  const downloadUrl = `https://github.com/${OWNER}/${REPO}/releases/download/${version}/${artifact}${extension}`;
   return await downloadVersion(
     downloadUrl,
     artifact,
@@ -68,7 +71,6 @@ export async function downloadVersionFromManifest(
       `manifest-file does not contain version ${version}, arch ${arch}, platform ${platform}. Falling back to GitHub releases.`,
     );
     return await downloadVersionFromGithub(
-      "https://github.com",
       platform,
       arch,
       version,
@@ -135,19 +137,29 @@ export async function resolveVersion(
 ): Promise<string> {
   core.debug(`Resolving version: ${versionInput}`);
   let version: string;
+  const isSimpleMinimumVersionSpecifier =
+    versionInput.includes(">") && !versionInput.includes(",");
+  if (isSimpleMinimumVersionSpecifier) {
+    core.info("Found minimum version specifier, using latest version");
+  }
   if (manifestFile) {
     version =
-      versionInput === "latest"
+      versionInput === "latest" || isSimpleMinimumVersionSpecifier
         ? await getLatestVersionInManifest(manifestFile)
         : versionInput;
   } else {
     version =
-      versionInput === "latest"
+      versionInput === "latest" || isSimpleMinimumVersionSpecifier
         ? await getLatestVersion(githubToken)
         : versionInput;
   }
   if (tc.isExplicitVersion(version)) {
     core.debug(`Version ${version} is an explicit version.`);
+    if (isSimpleMinimumVersionSpecifier) {
+      if (!pep440.satisfies(version, versionInput)) {
+        throw new Error(`No version found for ${versionInput}`);
+      }
+    }
     return version;
   }
   const availableVersions = await getAvailableVersions(githubToken);
@@ -178,13 +190,14 @@ async function getAvailableVersions(githubToken: string): Promise<string[]> {
   }
 }
 
-async function getReleaseTagNames(
-  octokit: InstanceType<typeof Octokit>,
-): Promise<string[]> {
-  const response = await octokit.paginate(octokit.rest.repos.listReleases, {
-    owner: OWNER,
-    repo: REPO,
-  });
+async function getReleaseTagNames(octokit: Octokit): Promise<string[]> {
+  const response: Release[] = await octokit.paginate(
+    octokit.rest.repos.listReleases,
+    {
+      owner: OWNER,
+      repo: REPO,
+    },
+  );
   const releaseTagNames = response.map((release) => release.tag_name);
   if (releaseTagNames.length === 0) {
     throw Error(
@@ -225,7 +238,7 @@ async function getLatestVersion(githubToken: string) {
   return latestRelease.tag_name;
 }
 
-async function getLatestRelease(octokit: InstanceType<typeof Octokit>) {
+async function getLatestRelease(octokit: Octokit) {
   const { data: latestRelease } = await octokit.rest.repos.getLatestRelease({
     owner: OWNER,
     repo: REPO,

src/save-cache.ts

@@ -2,10 +2,12 @@ import * as fs from "node:fs";
 import * as cache from "@actions/cache";
 import * as core from "@actions/core";
 import * as exec from "@actions/exec";
+import * as pep440 from "@renovatebot/pep440";
 import {
   STATE_CACHE_KEY,
   STATE_CACHE_MATCHED_KEY,
 } from "./cache/restore-cache";
+import { STATE_UV_PATH, STATE_UV_VERSION } from "./utils/constants";
 import {
   cacheLocalPath,
   enableCache,
@@ -52,14 +54,22 @@ async function saveCache(): Promise<void> {
     await pruneCache();
   }
 
-  core.info(`Saving cache path: ${cacheLocalPath}`);
-  if (!fs.existsSync(cacheLocalPath) && !ignoreNothingToCache) {
+  let actualCachePath = cacheLocalPath;
+  if (process.env.UV_CACHE_DIR && process.env.UV_CACHE_DIR !== cacheLocalPath) {
+    core.warning(
+      `The environment variable UV_CACHE_DIR has been changed to "${process.env.UV_CACHE_DIR}", by an action or step running after astral-sh/setup-uv. This can lead to unexpected behavior. If you expected this to happen set the cache-local-path input to "${process.env.UV_CACHE_DIR}" instead of "${cacheLocalPath}".`,
+    );
+    actualCachePath = process.env.UV_CACHE_DIR;
+  }
+
+  core.info(`Saving cache path: ${actualCachePath}`);
+  if (!fs.existsSync(actualCachePath) && !ignoreNothingToCache) {
     throw new Error(
-      `Cache path ${cacheLocalPath} does not exist on disk. This likely indicates that there are no dependencies to cache. Consider disabling the cache input if it is not needed.`,
+      `Cache path ${actualCachePath} does not exist on disk. This likely indicates that there are no dependencies to cache. Consider disabling the cache input if it is not needed.`,
     );
   }
   try {
-    await cache.saveCache([cacheLocalPath], cacheKey);
+    await cache.saveCache([actualCachePath], cacheKey);
     core.info(`cache saved with the key: ${cacheKey}`);
   } catch (e) {
     if (
@@ -77,13 +87,19 @@ async function saveCache(): Promise<void> {
 }
 
 async function pruneCache(): Promise<void> {
+  const forceSupported = pep440.gte(core.getState(STATE_UV_VERSION), "0.8.24");
+
   const options: exec.ExecOptions = {
     silent: false,
   };
   const execArgs = ["cache", "prune", "--ci"];
+  if (forceSupported) {
+    execArgs.push("--force");
+  }
 
   core.info("Pruning cache...");
-  await exec.exec("uv", execArgs, options);
+  const uvPath = core.getState(STATE_UV_PATH);
+  await exec.exec(uvPath, execArgs, options);
 }
 
 run();

src/setup-uv.ts

@@ -4,11 +4,12 @@ import * as core from "@actions/core";
 import * as exec from "@actions/exec";
 import { restoreCache } from "./cache/restore-cache";
 import {
-  downloadVersionFromGithub,
   downloadVersionFromManifest,
   resolveVersion,
   tryGetFromToolCache,
 } from "./download/download-version";
+import { getConfigValueFromTomlFile } from "./utils/config-file";
+import { STATE_UV_PATH, STATE_UV_VERSION } from "./utils/constants";
 import {
   activateEnvironment as activateEnvironmentInput,
   addProblemMatchers,
@@ -19,7 +20,6 @@ import {
   ignoreEmptyWorkdir,
   manifestFile,
   pythonVersion,
-  serverUrl,
   toolBinDir,
   toolDir,
   versionFile as versionFileInput,
@@ -54,9 +54,10 @@ async function run(): Promise<void> {
     setupPython();
     await activateEnvironment();
     addMatchers();
-    setCacheDir(cacheLocalPath);
+    setCacheDir();
 
     core.setOutput("uv-version", setupResult.version);
+    core.saveState(STATE_UV_VERSION, setupResult.version);
     core.info(`Successfully installed uv version ${setupResult.version}`);
 
     if (enableCache) {
@@ -98,29 +99,14 @@ async function setupUv(
     };
   }
 
-  let downloadVersionResult: { version: string; cachedToolDir: string };
-  if (serverUrl !== "https://github.com") {
-    core.warning(
-      "The input server-url is deprecated. Please use manifest-file instead.",
-    );
-    downloadVersionResult = await downloadVersionFromGithub(
-      serverUrl,
-      platform,
-      arch,
-      resolvedVersion,
-      checkSum,
-      githubToken,
-    );
-  } else {
-    downloadVersionResult = await downloadVersionFromManifest(
-      manifestFile,
-      platform,
-      arch,
-      resolvedVersion,
-      checkSum,
-      githubToken,
-    );
-  }
+  const downloadVersionResult = await downloadVersionFromManifest(
+    manifestFile,
+    platform,
+    arch,
+    resolvedVersion,
+    checkSum,
+    githubToken,
+  );
 
   return {
     uvDir: downloadVersionResult.cachedToolDir,
@@ -163,18 +149,31 @@ async function determineVersion(
 
 function addUvToPathAndOutput(cachedPath: string): void {
   core.setOutput("uv-path", `${cachedPath}${path.sep}uv`);
+  core.saveState(STATE_UV_PATH, `${cachedPath}${path.sep}uv`);
   core.setOutput("uvx-path", `${cachedPath}${path.sep}uvx`);
-  core.addPath(cachedPath);
-  core.info(`Added ${cachedPath} to the path`);
+  if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+    core.info("UV_NO_MODIFY_PATH is set, not modifying PATH");
+  } else {
+    core.addPath(cachedPath);
+    core.info(`Added ${cachedPath} to the path`);
+  }
 }
 
 function addToolBinToPath(): void {
   if (toolBinDir !== undefined) {
     core.exportVariable("UV_TOOL_BIN_DIR", toolBinDir);
     core.info(`Set UV_TOOL_BIN_DIR to ${toolBinDir}`);
-    core.addPath(toolBinDir);
-    core.info(`Added ${toolBinDir} to the path`);
+    if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+      core.info(`UV_NO_MODIFY_PATH is set, not adding ${toolBinDir} to path`);
+    } else {
+      core.addPath(toolBinDir);
+      core.info(`Added ${toolBinDir} to the path`);
+    }
   } else {
+    if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+      core.info("UV_NO_MODIFY_PATH is set, not adding user local bin to path");
+      return;
+    }
     if (process.env.XDG_BIN_HOME !== undefined) {
       core.addPath(process.env.XDG_BIN_HOME);
       core.info(`Added ${process.env.XDG_BIN_HOME} to the path`);
@@ -204,6 +203,11 @@ function setupPython(): void {
 
 async function activateEnvironment(): Promise<void> {
   if (activateEnvironmentInput) {
+    if (process.env.UV_NO_MODIFY_PATH !== undefined) {
+      throw new Error(
+        "UV_NO_MODIFY_PATH and activate-environment cannot be used together.",
+      );
+    }
     const execArgs = ["venv", ".venv", "--directory", workingDirectory];
 
     core.info("Activating python venv...");
@@ -221,9 +225,18 @@ async function activateEnvironment(): Promise<void> {
   }
 }
 
-function setCacheDir(cacheLocalPath: string): void {
-  core.exportVariable("UV_CACHE_DIR", cacheLocalPath);
-  core.info(`Set UV_CACHE_DIR to ${cacheLocalPath}`);
+function setCacheDir(): void {
+  if (enableCache) {
+    const cacheDirFromConfig = getConfigValueFromTomlFile("", "cache-dir");
+    if (cacheDirFromConfig !== undefined) {
+      core.info(
+        "Using cache-dir from uv config file, not modifying UV_CACHE_DIR",
+      );
+      return;
+    }
+    core.exportVariable("UV_CACHE_DIR", cacheLocalPath);
+    core.info(`Set UV_CACHE_DIR to ${cacheLocalPath}`);
+  }
 }
 
 function addMatchers(): void {

src/update-known-versions.ts

@@ -1,4 +1,5 @@
 import * as core from "@actions/core";
+import type { Endpoints } from "@octokit/types";
 import * as semver from "semver";
 import { updateChecksums } from "./download/checksum/update-known-checksums";
 import {
@@ -8,6 +9,9 @@ import {
 import { OWNER, REPO } from "./utils/constants";
 import { Octokit } from "./utils/octokit";
 
+type Release =
+  Endpoints["GET /repos/{owner}/{repo}/releases"]["response"]["data"][number];
+
 async function run(): Promise<void> {
   const checksumFilePath = process.argv.slice(2)[0];
   const versionsManifestFile = process.argv.slice(2)[1];
@@ -31,10 +35,13 @@ async function run(): Promise<void> {
     return;
   }
 
-  const releases = await octokit.paginate(octokit.rest.repos.listReleases, {
-    owner: OWNER,
-    repo: REPO,
-  });
+  const releases: Release[] = await octokit.paginate(
+    octokit.rest.repos.listReleases,
+    {
+      owner: OWNER,
+      repo: REPO,
+    },
+  );
   const checksumDownloadUrls: string[] = releases.flatMap((release) =>
     release.assets
       .filter((asset) => asset.name.endsWith(".sha256"))

src/utils/config-file.ts

@@ -0,0 +1,24 @@
+import fs from "node:fs";
+import * as toml from "smol-toml";
+
+export function getConfigValueFromTomlFile(
+  filePath: string,
+  key: string,
+): string | undefined {
+  if (!fs.existsSync(filePath) || !filePath.endsWith(".toml")) {
+    return undefined;
+  }
+  const fileContent = fs.readFileSync(filePath, "utf-8");
+
+  if (filePath.endsWith("pyproject.toml")) {
+    const tomlContent = toml.parse(fileContent) as {
+      tool?: { uv?: Record<string, string | undefined> };
+    };
+    return tomlContent?.tool?.uv?.[key];
+  }
+  const tomlContent = toml.parse(fileContent) as Record<
+    string,
+    string | undefined
+  >;
+  return tomlContent[key];
+}

src/utils/constants.ts

@@ -1,3 +1,5 @@
 export const REPO = "uv";
 export const OWNER = "astral-sh";
 export const TOOL_CACHE_NAME = "uv";
+export const STATE_UV_PATH = "uv-path";
+export const STATE_UV_VERSION = "uv-version";

src/utils/inputs.ts

@@ -1,5 +1,6 @@
 import path from "node:path";
 import * as core from "@actions/core";
+import { getConfigValueFromTomlFile } from "./config-file";
 
 export const workingDirectory = core.getInput("working-directory");
 export const version = core.getInput("version");
@@ -20,7 +21,6 @@ export const ignoreEmptyWorkdir =
   core.getInput("ignore-empty-workdir") === "true";
 export const toolBinDir = getToolBinDir();
 export const toolDir = getToolDir();
-export const serverUrl = core.getInput("server-url");
 export const githubToken = core.getInput("github-token");
 export const manifestFile = getManifestFile();
 export const addProblemMatchers =
@@ -83,6 +83,14 @@ function getCacheLocalPath(): string {
     const tildeExpanded = expandTilde(cacheLocalPathInput);
     return resolveRelativePath(tildeExpanded);
   }
+  const cacheDirFromConfig = getCacheDirFromConfig();
+  if (cacheDirFromConfig !== undefined) {
+    return cacheDirFromConfig;
+  }
+  if (process.env.UV_CACHE_DIR !== undefined) {
+    core.info(`UV_CACHE_DIR is already set to ${process.env.UV_CACHE_DIR}`);
+    return process.env.UV_CACHE_DIR;
+  }
   if (process.env.RUNNER_ENVIRONMENT === "github-hosted") {
     if (process.env.RUNNER_TEMP !== undefined) {
       return `${process.env.RUNNER_TEMP}${path.sep}setup-uv-cache`;
@@ -97,6 +105,24 @@ function getCacheLocalPath(): string {
   return `${process.env.HOME}${path.sep}.cache${path.sep}uv`;
 }
 
+function getCacheDirFromConfig(): string | undefined {
+  for (const filePath of [versionFile, "uv.toml", "pyproject.toml"]) {
+    const resolvedPath = resolveRelativePath(filePath);
+    try {
+      const cacheDir = getConfigValueFromTomlFile(resolvedPath, "cache-dir");
+      if (cacheDir !== undefined) {
+        core.info(`Found cache-dir in ${resolvedPath}: ${cacheDir}`);
+        return cacheDir;
+      }
+    } catch (err) {
+      const message = (err as Error).message;
+      core.warning(`Error while parsing ${filePath}: ${message}`);
+      return undefined;
+    }
+  }
+  return undefined;
+}
+
 function getCacheDependencyGlob(): string {
   const cacheDependencyGlobInput = core.getInput("cache-dependency-glob");
   if (cacheDependencyGlobInput !== "") {

src/utils/octokit.ts

@@ -1,8 +1,5 @@
+import type { OctokitOptions } from "@octokit/core";
 import { Octokit as Core } from "@octokit/core";
-import type {
-  Constructor,
-  OctokitOptions,
-} from "@octokit/core/dist-types/types";
 import {
   type PaginateInterface,
   paginateRest,
@@ -17,22 +14,21 @@ const DEFAULTS = {
   userAgent: "setup-uv",
 };
 
-export const Octokit: typeof Core &
-  Constructor<
-    {
-      paginate: PaginateInterface;
-    } & ReturnType<typeof legacyRestEndpointMethods>
-  > = Core.plugin(paginateRest, legacyRestEndpointMethods).defaults(
-  function buildDefaults(options: OctokitOptions): OctokitOptions {
-    return {
-      ...DEFAULTS,
-      ...options,
-      request: {
-        fetch: customFetch,
-        ...options.request,
-      },
-    };
-  },
-);
+const OctokitWithPlugins = Core.plugin(paginateRest, legacyRestEndpointMethods);
 
-export type Octokit = InstanceType<typeof Octokit>;
+export const Octokit = OctokitWithPlugins.defaults(function buildDefaults(
+  options: OctokitOptions,
+): OctokitOptions {
+  return {
+    ...DEFAULTS,
+    ...options,
+    request: {
+      fetch: customFetch,
+      ...options.request,
+    },
+  };
+});
+
+export type Octokit = InstanceType<typeof OctokitWithPlugins> & {
+  paginate: PaginateInterface;
+};

src/version/config-file.ts

@@ -1,22 +0,0 @@
-import fs from "node:fs";
-import * as toml from "smol-toml";
-
-export function getRequiredVersionFromConfigFile(
-  filePath: string,
-): string | undefined {
-  if (!filePath.endsWith(".toml")) {
-    return undefined;
-  }
-  const fileContent = fs.readFileSync(filePath, "utf-8");
-
-  if (filePath.endsWith("pyproject.toml")) {
-    const tomlContent = toml.parse(fileContent) as {
-      tool?: { uv?: { "required-version"?: string } };
-    };
-    return tomlContent?.tool?.uv?.["required-version"];
-  }
-  const tomlContent = toml.parse(fileContent) as {
-    "required-version"?: string;
-  };
-  return tomlContent["required-version"];
-}

src/version/resolve.ts

@@ -1,6 +1,6 @@
 import fs from "node:fs";
 import * as core from "@actions/core";
-import { getRequiredVersionFromConfigFile } from "./config-file";
+import { getConfigValueFromTomlFile } from "../utils/config-file";
 import { getUvVersionFromRequirementsFile } from "./requirements-file";
 import { getUvVersionFromToolVersions } from "./tool-versions-file";
 
@@ -14,7 +14,7 @@ export function getUvVersionFromFile(filePath: string): string | undefined {
   try {
     uvVersion = getUvVersionFromToolVersions(filePath);
     if (uvVersion === undefined) {
-      uvVersion = getRequiredVersionFromConfigFile(filePath);
+      uvVersion = getConfigValueFromTomlFile(filePath, "required-version");
     }
     if (uvVersion === undefined) {
       uvVersion = getUvVersionFromRequirementsFile(filePath);

tsconfig.json

@@ -1,12 +1,12 @@
 {
   "compilerOptions": {
     "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */,
-    "module": "commonjs" /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */,
+    "module": "nodenext" /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */,
     "noImplicitAny": true /* Raise error on expressions and declarations with an implied 'any' type. */,
     "outDir": "./lib" /* Redirect output structure to the directory. */,
     "rootDir": "./src" /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */,
     "strict": true /* Enable all strict type-checking options. */,
-    "target": "ES2022" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
+    "target": "ES2024" /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
   },
   "exclude": ["node_modules", "**/*.test.ts"]
 }