Skip to content

chore(deps): bump the actions group across 1 directory with 5 updates#170

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-4d91c028e1
Open

chore(deps): bump the actions group across 1 directory with 5 updates#170
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/github_actions/actions-4d91c028e1

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 6, 2026

Bumps the actions group with 5 updates in the / directory:

Package From To
astral-sh/setup-uv 7.6.0 8.1.0
CodSpeedHQ/action 4.14.0 4.15.0
prefix-dev/setup-pixi 0.8.8 0.9.5
j178/prek-action 2.0.2 2.0.3
peter-evans/create-pull-request 7.0.8 8.1.1

Updates astral-sh/setup-uv from 7.6.0 to 8.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.1.0 🌈 New input no-project

Changes

This add the a new boolean input no-project. It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

  • Add input no-project in combination with activate-environment @​eifinger (#856)

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

  • chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#855)

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

... (truncated)

Commits
  • 0880764 fix: grant contents:write to validate-release job (#860)
  • 717d6ab Add a release-gate step to the release workflow (#859)
  • 5a911eb Draft commitish releases (#858)
  • 080c31e Add action-types.yml to instructions (#857)
  • b3e97d2 Add input no-project in combination with activate-environment (#856)
  • 7dd591d chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)
  • 1541b77 chore: update known checksums for 0.11.7 (#853)
  • cdfb2ee Refactor version resolving (#852)
  • cb84d12 chore: update known checksums for 0.11.6 (#850)
  • 1912cc6 chore: update known checksums for 0.11.5 (#845)
  • Additional commits viewable in compare view

Updates CodSpeedHQ/action from 4.14.0 to 4.15.0

Release notes

Sourced from CodSpeedHQ/action's releases.

v4.15.0

Release Notes

This release adds first support for macOS walltime.

Please note that profiling and other instruments are not yet available on macOS and will come in a later update.

Minimum integration versions

🚀 Features

🧪 Testing

⚙️ Internals

Install codspeed-runner 4.15.0

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CodSpeedHQ/codspeed/releases/download/v4.15.0/codspeed-runner-installer.sh | sh

Download codspeed-runner 4.15.0

File Platform Checksum
codspeed-runner-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
codspeed-runner-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
codspeed-runner-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum

Full Runner Changelog: https://github.com/CodSpeedHQ/codspeed/blob/main/CHANGELOG.md

... (truncated)

Commits

Updates prefix-dev/setup-pixi from 0.8.8 to 0.9.5

Release notes

Sourced from prefix-dev/setup-pixi's releases.

v0.9.4

What's Changed

✨ New features

👷🏻 CI

⬆️ Dependency updates

New Contributors

Full Changelog: prefix-dev/setup-pixi@v0.9.3...v0.9.4

v0.9.3

What's Changed

✨ New features

📝 Documentation

⬆️ Dependency updates

Full Changelog: prefix-dev/setup-pixi@v0.9.2...v0.9.3

v0.9.2

What's Changed

✨ New features

Full Changelog: prefix-dev/setup-pixi@v0.9.1...v0.9.2

v0.9.1

What's Changed

... (truncated)

Commits
  • 1b2de7f chore(deps): bump dependencies (#259)
  • 6ef6983 chore(deps): bump the nodejs group with 10 dependencies (#257)
  • e6477eb chore(deps): bump Quantco/ui-actions from 1.0.18 to 1.0.19 in the gh-actions ...
  • 33be5ba chore(deps): bump the nodejs group with 7 updates (#250)
  • 72f90fe chore(deps): bump the gh-actions group across 1 directory with 3 updates (#253)
  • c0d7209 Fix broken authentication documentation link (#252)
  • f1fb10f docs: Mention cooldown in dependabot config (#247)
  • a0af7a2 Implement working directory setup (#236)
  • 51b9803 chore(deps): bump the nodejs group with 10 updates (#244)
  • 54b8d30 chore(deps): bump the gh-actions group with 5 updates (#243)
  • Additional commits viewable in compare view

Updates j178/prek-action from 2.0.2 to 2.0.3

Release notes

Sourced from j178/prek-action's releases.

v2.0.3

What's Changed

Full Changelog: j178/prek-action@v2...v2.0.3

Commits

Updates peter-evans/create-pull-request from 7.0.8 to 8.1.1

Release notes

Sourced from peter-evans/create-pull-request's releases.

Create Pull Request v8.1.1

What's Changed

Full Changelog: peter-evans/create-pull-request@v8.1.0...v8.1.1

Create Pull Request v8.1.0

What's Changed

New Contributors

Full Changelog: peter-evans/create-pull-request@v8.0.0...v8.1.0

Create Pull Request v8.0.0

What's new in v8

What's Changed

New Contributors

Full Changelog: peter-evans/create-pull-request@v7.0.11...v8.0.0

Create Pull Request v7.0.11

What's Changed

... (truncated)

Commits
  • 5f6978f fix: retry post-creation API calls on 422 eventual consistency errors (#4356)
  • d32e88d build(deps-dev): bump the npm group with 3 updates (#4349)
  • 8170bcc build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (#4344)
  • 0041819 build(deps): bump picomatch (#4339)
  • b993918 build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (#4334)
  • 36d7c84 build(deps-dev): bump undici from 6.23.0 to 6.24.0 (#4328)
  • a45d1fb build(deps): bump @​tootallnate/once and jest-environment-jsdom (#4323)
  • 3499eb6 build(deps): bump the github-actions group with 2 updates (#4316)
  • 3f3b473 build(deps): bump minimatch (#4311)
  • 6699836 build(deps-dev): bump the npm group with 2 updates (#4305)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the actions group across 1 directory with 5 updates
4d15263 
Bumps the actions group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.6.0` | `8.1.0` |
| [CodSpeedHQ/action](https://github.com/codspeedhq/action) | `4.14.0` | `4.15.0` |
| [prefix-dev/setup-pixi](https://github.com/prefix-dev/setup-pixi) | `0.8.8` | `0.9.5` |
| [j178/prek-action](https://github.com/j178/prek-action) | `2.0.2` | `2.0.3` |
| [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) | `7.0.8` | `8.1.1` |



Updates `astral-sh/setup-uv` from 7.6.0 to 8.1.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@v7.6...0880764)

Updates `CodSpeedHQ/action` from 4.14.0 to 4.15.0
- [Release notes](https://github.com/codspeedhq/action/releases)
- [Changelog](https://github.com/CodSpeedHQ/action/blob/main/CHANGELOG.md)
- [Commits](CodSpeedHQ/action@658a901...c381be0)

Updates `prefix-dev/setup-pixi` from 0.8.8 to 0.9.5
- [Release notes](https://github.com/prefix-dev/setup-pixi/releases)
- [Commits](prefix-dev/setup-pixi@19eac09...1b2de7f)

Updates `j178/prek-action` from 2.0.2 to 2.0.3
- [Release notes](https://github.com/j178/prek-action/releases)
- [Commits](j178/prek-action@cbc2f23...6ad8027)

Updates `peter-evans/create-pull-request` from 7.0.8 to 8.1.1
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](peter-evans/create-pull-request@271a8d0...5f6978f)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: CodSpeedHQ/action
  dependency-version: 4.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: prefix-dev/setup-pixi
  dependency-version: 0.9.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: j178/prek-action
  dependency-version: 2.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants