chore(deps): Update GitHub Actions#25
Conversation
|
Warning Rate limit exceeded
To continue reviewing without waiting, purchase usage credits in the billing tab. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (9)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
21a08da to
d4f75cd
Compare
d4f75cd to
d75dcaf
Compare
|



Summary
Why
Scheduled patch update, bug fixes and security patches with no API changes.
Changes
This PR contains the following updates:
4e32cdb→5cce3ccv1.0.7→v1.0.16v4.2.2→v4.3.1d3f86a1v5.3.0→v5.6.0v4.5.0→v4.6.2ea165f8e4db846→38f3f10v6.0.1→v6.8.0671740a→b9fd7d1v3.0.2→v3.0.3v3.28.0→v3.35.3v2.1.8→v2.1.13aa5489c→e427ad8v9.15.2→v9.21.1v2.14.0→v2.19.1v2.12.0→v2.19.1v2.10.1→v2.19.1Warning
Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
Impact
Acceptance Criteria
Testing
Notes
Release Notes
Infisical/secrets-action (Infisical/secrets-action)
v1.0.16Compare Source
What's Changed
New Contributors
Full Changelog: Infisical/secrets-action@v1.0.15...v1.0.16
v1.0.15Compare Source
What's Changed
Full Changelog: Infisical/secrets-action@v1.0.14...v1.0.15
v1.0.14Compare Source
What's Changed
Full Changelog: Infisical/secrets-action@v1.0.13...v1.0.14
v1.0.13Compare Source
What's Changed
Full Changelog: Infisical/secrets-action@v1.0.12...v1.0.13
v1.0.12Compare Source
What's Changed
New Contributors
Full Changelog: Infisical/secrets-action@v1.0.11...v1.0.12
v1.0.11Compare Source
What's Changed
New Contributors
Full Changelog: Infisical/secrets-action@v1.0.10...v1.0.11
v1.0.10Compare Source
What's Changed
New Contributors
Full Changelog: Infisical/secrets-action@v1.0.9...v1.0.10
v1.0.9Compare Source
What's Changed
Full Changelog: Infisical/secrets-action@v1.0.8...v1.0.9
v1.0.8Compare Source
What's Changed
New Contributors
Full Changelog: Infisical/secrets-action@v1.0.7...v1.0.8
actions/checkout (actions/checkout)
v4.3.1Compare Source
v4.3.0Compare Source
actions/setup-python (actions/setup-python)
v5.6.0Compare Source
What's Changed
Full Changelog: actions/setup-python@v5...v5.6.0
v5.5.0Compare Source
What's Changed
Enhancements:
Bug fixes:
This update maps arm64 to aarch64 for Linux ARM64 PyPy installations.
Dependency updates:
New Contributors
Full Changelog: actions/setup-python@v5...v5.5.0
v5.4.0Compare Source
What's Changed
Enhancements:
Documentation changes:
Dependency updates:
undicifrom 5.28.4 to 5.28.5 by @dependabot in #1012urllib3from 1.25.9 to 1.26.19 in /tests/data by @dependabot in #895actions/publish-immutable-actionfrom 0.0.3 to 0.0.4 by @dependabot in #1014@actions/http-clientfrom 2.2.1 to 2.2.3 by @dependabot in #1020requestsfrom 2.24.0 to 2.32.2 in /tests/data by @dependabot in #1019@actions/cacheto^4.0.0by @priyagupta108 in #1007New Contributors
Full Changelog: actions/setup-python@v5...v5.4.0
actions/upload-artifact (actions/upload-artifact)
v4.6.2Compare Source
What's Changed
New Contributors
Full Changelog: actions/upload-artifact@v4...v4.6.2
v4.6.1Compare Source
What's Changed
Full Changelog: actions/upload-artifact@v4...v4.6.1
v4.6.0Compare Source
What's Changed
Full Changelog: actions/upload-artifact@v4...v4.6.0
astral-sh/setup-uv (astral-sh/setup-uv)
v6.8.0: 🌈 Add **/*.py.lock to cache-dependency-globCompare Source
Changes
Thanks to @parched the default
cache-dependency-globnow also find all lock files generated byuv lock --script🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
v6.7.0: 🌈 New inputsrestore-cacheandsave-cacheCompare Source
Changes
This release adds fine-grained control over the caching steps.
restore-cache(trueby default) can be set tofalseto skip restoring the cache while still allowing to save the cache.save-cache(trueby default) can be set tofalseto skip saving the cache.Skipping cache saving can be useful if you know, that you will never use this version of the cache again and don't want to waste storage space:
🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates
v6.6.1: 🌈 Fix exclusions in cache-dependency-globCompare Source
Changes
Exclusions with a leading
!in the cache-dependency-glob did not work and got fixed with this release. Thank you @KnisterPeter for raising this!🐛 Bug fixes
🧰 Maintenance
v6.6.0: 🌈 Support for .tools-versionsCompare Source
Changes
This release adds support for asdf
.tool-versionsin theversion-fileinput🐛 Bug fixes
🚀 Enhancements
🧰 Maintenance
v6.5.0: 🌈 Better error messages, bug fixes and copilot agent settingsCompare Source
Changes
This release brings better error messages in case the GitHub API is impacted, fixes a few bugs and allows to disable problem matchers for better use in Copilot Agent workspaces.
🐛 Bug fixes
🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
v6.4.3: 🌈 fix relative paths starting with dotsCompare Source
🐛 Bug fixes
v6.4.2: 🌈 Interpret relative inputs as under working-directoryCompare Source
Changes
This release will interpret relative paths in inputs as relative
to the value of
working-directory(default is${{ github.workspace }}) .This means the following configuration
will look for the
cache-dependency-globunder/my/path/uv.lock🐛 Bug fixes
🧰 Maintenance
v6.4.1: 🌈 Hotfix: Ignore deps starting with uv when finding uv versionCompare Source
Changes
Thank you @phpmypython for raising a PR to fix this issue!
🐛 Bug fixes
v6.4.0: 🌈 Add inputversion-fileCompare Source
Changes
You can now use the
version-fileinput to specify a file that contains the version of uv to install.This can either be a
pyproject.tomloruv.tomlfile which defines arequired-versionoruv defined as a dependency in
pyproject.tomlorrequirements.txt.🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
v6.3.1: 🌈 Do not warn when version not in manifest-fileCompare Source
Changes
This is a hotfix to change the warning messages that a version could not be found in the local manifest-file to info level.
A
setup-uvrelease contains a version-manifest.json file with infos in all availableuvreleases. When a newuvversion is released this is not contained in this file until the file gets updated and a newsetup-uvrelease is made.We will overhaul this process in the future but for now the spamming of warnings is removed.
🐛 Bug fixes
🧰 Maintenance
v6.3.0: 🌈 Use latest version from manifest-fileCompare Source
Changes
If a manifest-file is supplied the default value of the version input (latest) will get the latest version available in the manifest. That might not be the actual latest version available in the official uv repo.
🚀 Enhancements
v6.2.1: 🌈 Fix "No such file or directory version-manifest.json"Compare Source
Changes
Release v6.2.0 contained a bug that slipped through the automated test. The action tried to look for the default version-manifest.json in the root of the repostory using this action instead of relative to the action itself.
🐛 Bug fixes
v6.2.0: 🌈 New input manifest-fileCompare Source
Changes
This release adds a new input
manifest-file.The
manifest-fileinput allows you to specify a JSON manifest that lists available uv versions,architectures, and their download URLs. By default, this action uses the manifest file contained
in this repository, which is automatically updated with each release of uv.
The manifest file contains an array of objects, each describing a version,
architecture, platform, and the corresponding download URL.
You can supply a custom manifest file URL to define additional versions,
architectures, or different download URLs.
This is useful if you maintain your own uv builds or want to override the default sources.
For example:
[ { "version": "0.7.12-alpha.1", "artifactName": "uv-x86_64-unknown-linux-gnu.tar.gz", "arch": "x86_64", "platform": "unknown-linux-gnu", "downloadUrl": "https://release.pyx.dev/0.7.12-alpha.1/uv-x86_64-unknown-linux-gnu.tar.gz" }, ... ]🚀 Enhancements
activate-environment@zanieb (#439)🧰 Maintenance
v6.1.0: 🌈Compare Source
Changes
This release adds the input
server-urlwhich defaults tohttps://github.com. You can set this to a custom url to control where this action downloads the uv release from. This is useful for users of gitea and comparable solutions.@sebadevo pointed out that we don't invalidate the cache when the
prune-cacheinput is changed. This leads to unnessecarily big caches. The input is now used to compute the cache key, properly invalidating the cache when it is changed.🐛 Bug fixes
🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
dorny/paths-filter (dorny/paths-filter)
v3.0.3Compare Source
github/codeql-action (github/codeql-action)
v3.35.3Compare Source
GETrequests instead ofHEADfor better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853v3.35.2Compare Source
CODEQL_ACTION_CLEANUP_TRAP_CACHESenvironment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing thetrap-caching: falseinput to theinitAction. #3795Configuration
📅 Schedule: Branch creation - "after 10pm every weekday,before 5am every weekday,every weekend" in timezone America/New_York, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.