mirror of
https://github.com/astral-sh/setup-uv.git
synced 2025-12-11 11:04:47 +00:00
64f7f4e15f
Like https://github.com/astral-sh/ruff-action/pull/276 🙂 This also adds cooldown stanzas to the Dependabot updater rules: this ensures that we only receive dependency bumps once they're at least a week old, which should reduce the window of opportunity for an attacker who temporarily compromises popular packages (like with "Shai-Hulud" last week). Signed-off-by: William Woodruff <william@astral.sh>