chore(deps): bump the all group across 1 directory with 17 updates by dependabot[bot] · Pull Request #3022 · crytic/slither

dependabot · 2026-05-13T22:56:08Z

Bumps the all group with 17 updates in the / directory:

Package	From	To
astral-sh/setup-uv	`7.2.0`	`8.1.0`
cachix/install-nix-action	`31.9.0`	`31.10.6`
docker/setup-qemu-action	`3.7.0`	`4.0.0`
docker/setup-buildx-action	`3.12.0`	`4.0.0`
docker/metadata-action	`5.10.0`	`6.0.0`
docker/login-action	`3.7.0`	`4.1.0`
docker/build-push-action	`6.18.0`	`7.1.0`
actions/configure-pages	`5.0.0`	`6.0.0`
actions/upload-pages-artifact	`4.0.0`	`5.0.0`
actions/deploy-pages	`4.0.5`	`5.0.0`
astral-sh/ruff-action	`3.6.1`	`4.0.0`
DavidAnson/markdownlint-cli2-action	`22.0.0`	`23.2.0`
actions/upload-artifact	`6.0.0`	`7.0.1`
actions/download-artifact	`7.0.0`	`8.0.1`
pypa/gh-action-pypi-publish	`1.13.0`	`1.14.0`
sigstore/gh-action-sigstore-python	`3.2.0`	`3.3.0`
actions/setup-node	`6.2.0`	`6.4.0`

Updates astral-sh/setup-uv from 7.2.0 to 8.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.1.0 🌈 New input no-project

Changes

This add the a new boolean input no-project. It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

Add input no-project in combination with activate-environment @eifinger (#856)

🧰 Maintenance

fix: grant contents:write to validate-release job @eifinger (#860)

Add a release-gate step to the release workflow @zanieb (#859)

Draft commitish releases @eifinger (#858)

Add action-types.yml to instructions @eifinger (#857)

chore: update known checksums for 0.11.7 @github-actions[bot] (#853)

Refactor version resolving @eifinger (#852)

chore: update known checksums for 0.11.6 @github-actions[bot] (#850)

chore: update known checksums for 0.11.5 @github-actions[bot] (#845)

chore: update known checksums for 0.11.4 @github-actions[bot] (#843)

Add a release workflow @zanieb (#839)

chore: update known checksums for 0.11.3 @github-actions[bot] (#836)

📚 Documentation

Update ignore-nothing-to-cache documentation @eifinger (#833)

Pin setup-uv docs to v8 @eifinger (#829)

⬆️ Dependency updates

chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#855)

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

... (truncated)

Commits

0880764 fix: grant contents:write to validate-release job (#860)
717d6ab Add a release-gate step to the release workflow (#859)
5a911eb Draft commitish releases (#858)
080c31e Add action-types.yml to instructions (#857)
b3e97d2 Add input no-project in combination with activate-environment (#856)
7dd591d chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)
1541b77 chore: update known checksums for 0.11.7 (#853)
cdfb2ee Refactor version resolving (#852)
cb84d12 chore: update known checksums for 0.11.6 (#850)
1912cc6 chore: update known checksums for 0.11.5 (#845)
Additional commits viewable in compare view

Updates cachix/install-nix-action from 31.9.0 to 31.10.6

Release notes

Sourced from cachix/install-nix-action's releases.

v31.10.6

What's Changed

nix: 2.34.6 -> 2.34.7 by @github-actions[bot] in cachix/install-nix-action#275 GHSA-vh5x-56v6-4368: Fixes a coroutine stack-to-heap overflow via unbounded recursion in the NAR directory parser. Severity: High. GHSA-gr92-w2r5-qw5p: Fixes an absolute path traversal vulnerability when unpacking archives to disk. Severity: Moderate.

Full Changelog: cachix/install-nix-action@v31...v31.10.6

v31.10.5

What's Changed

nix: 2.34.5 -> 2.34.6 by @github-actions[bot] in cachix/install-nix-action#274

Full Changelog: cachix/install-nix-action@v31...v31.10.5

v31.10.4

What's Changed

nix: 2.34.4 -> 2.34.5 by @github-actions[bot] in cachix/install-nix-action#273 [SECURITY] Fixes a root privilege escalation vulnerability via sandbox escape GHSA-g3g9-5vj6-r3gj

Full Changelog: cachix/install-nix-action@v31.10.3...v31.10.4

v31.10.3

What's Changed

nix: 2.34.2 -> 2.34.4 by @github-actions[bot] in cachix/install-nix-action#271

Full Changelog: cachix/install-nix-action@v31...v31.10.3

v31.10.2

What's Changed

nix: 2.34.1 -> 2.34.2 by @github-actions[bot] in cachix/install-nix-action#270

Full Changelog: cachix/install-nix-action@v31...v31.10.2

v31.10.1

What's Changed

nix: 2.34.0 -> 2.34.1 by @github-actions[bot] in cachix/install-nix-action#269 Fixes a bug introduced in 2.34.0 that made the Nix daemon fail to load authentication keys configured by cachix-action.

Full Changelog: cachix/install-nix-action@v31.10.0...v31.10.1

v31.10.0

What's Changed

nix: 2.33.3 -> 2.34.0 by @github-actions[bot] in cachix/install-nix-action#267 Release notes: https://discourse.nixos.org/t/nix-2-34-0-released/75818

⚠️ Nix 2.34.0 contains a regression that, under certain scenarios (a trusted-user + a client-side netrc-file), breaks authentication with private caches that rely on netrc files. This regression affects cachix/cachix-action.

... (truncated)

Commits

8aa0397 Merge pull request #275 from cachix/create-pull-request/patch
21d0b78 nix: 2.34.6 -> 2.34.7
ab73962 Merge pull request #274 from cachix/create-pull-request/patch
41e4d4a nix: 2.34.5 -> 2.34.6
6165592 Merge pull request #273 from cachix/create-pull-request/patch
b9f700d nix: 2.34.4 -> 2.34.5
96951a3 Merge pull request #271 from cachix/create-pull-request/patch
6281169 nix: 2.34.2 -> 2.34.4
51f3067 Revert "ci: use 25.11 for channel tests"
15118c1 ci: use 25.11 for channel tests
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.0.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.0.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/metadata-action from 5.10.0 to 6.0.0

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/metadata-action#605

List inputs now preserve # inside values while still supporting full-line # comments by @crazy-max in docker/metadata-action#607

Switch to ESM and update config/test wiring by @crazy-max in docker/metadata-action#602

Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588

Bump @actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599

Bump @actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597

Bump @docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600

Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

Commits

030e881 Merge pull request #607 from crazy-max/allow-comments
4b529ac chore: update generated content
b0082b3 preserve comments in list input values with commentNoInfix
7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
281c9b0 chore: update generated content
5f43b3b test: stabilize github mock setup since ESM
9d53276 github class moved since actions-toolkit v0.77.0
eaa3d39 chore(deps): Bump @docker/actions-toolkit from 0.68.0 to 0.77.0
6b695f7 Merge pull request #605 from crazy-max/node24
a1afadc node 24 as default runtime
Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates docker/build-push-action from 6.18.0 to 7.1.0

Release notes

Sourced from docker/build-push-action's releases.

v7.1.0

Git context query format support by @crazy-max in docker/build-push-action#1505

Bump @docker/actions-toolkit from 0.79.0 to 0.87.0 by @crazy-max in docker/build-push-action#1505

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/build-push-action#1500

Bump fast-xml-parser from 5.4.2 to 5.5.7 in docker/build-push-action#1489

Bump flatted from 3.3.3 to 3.4.2 in docker/build-push-action#1491

Bump glob from 10.3.12 to 10.5.0 in docker/build-push-action#1490

Bump handlebars from 4.7.8 to 4.7.9 in docker/build-push-action#1497

Bump lodash from 4.17.23 to 4.18.1 in docker/build-push-action#1510

Bump picomatch from 4.0.3 to 4.0.4 in docker/build-push-action#1496

Bump undici from 6.23.0 to 6.24.1 in docker/build-push-action#1486

Bump vite from 7.3.1 to 7.3.2 in docker/build-push-action#1509

Full Changelog: docker/build-push-action@v7.0.0...v7.1.0

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits

bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
46580d2 chore: update generated content
3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
2d8f2a1 chore: update generated content
919ac7b fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Updates actions/configure-pages from 5.0.0 to 6.0.0

Release notes

Sourced from actions/configure-pages's releases.

v6.0.0

Changelog

upgrade to node 24 @salmanmkc (#186)

Upgrade IA Publish @Jcambass (#165)

Add workflow file for publishing releases to immutable action package @Jcambass (#163)

pin draft release version @YiMysty (#162)

Bump espree from 9.6.1 to 10.1.0 @dependabot (#160)

Bump eslint-config-prettier from 8.8.0 to 9.1.0 @dependabot (#143)

Be more friendly to Dependabot @yoannchaudet (#158)

Bump eslint-plugin-github from 4.10.2 to 5.0.1 @dependabot (#154)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group @dependabot (#156)

Bump undici from 5.28.3 to 5.28.4 @dependabot (#145)

See details of all code changes since previous release.

Commits

45bfe01 Merge pull request #186 from salmanmkc/node24
d8770c2 Update Node version from 20 to 24 in action.yml
cb8a1a3 upgrade to node 24
d560657 Merge pull request #165 from actions/Jcambass-patch-1
35e0ac4 Upgrade IA Publish
1dfbcbf Merge pull request #163 from actions/Jcambass-patch-1
2f4f988 Add workflow file for publishing releases to immutable action package
0d7570c Merge pull request #162 from actions/pin-draft-release-verssion
3ea1966 pin draft release version
aabcbc4 Merge pull request #160 from actions/dependabot/npm_and_yarn/espree-10.1.0
Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 4.0.0 to 5.0.0

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

Update upload-artifact action to version 7 @Tom-van-Woudenberg (#139)

feat: add include-hidden-files input @jonchurch (#137)

See details of all code changes since previous release.

Commits

fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
fe9d4b7 Merge branch 'main' into patch-1
0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
57f0e84 Update action.yml
4a90348 v7 --> hash
56f665a Update upload-artifact action to version 7
f7615f5 Add include-hidden-files input
See full diff in compare view

Updates actions/deploy-pages from 4.0.5 to 5.0.0

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

Update Node.js version to 24.x @salmanmkc (#404)

Add workflow file for publishing releases to immutable action package @Jcambass (#374)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @dependabot (#360)

Make the rebuild dist workflow work nicer with Dependabot @yoannchaudet (#361)

Bump the non-breaking-changes group across 1 directory with 3 updates @dependabot (#358)

Delete repeated sentence @garethsb (#359)

Update README.md @tsusdere (#348)

Bump the non-breaking-changes group with 4 updates @dependabot (#341)

Remove error message for file permissions @TooManyBees (#340)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

cd2ce8f Merge pull request #404 from salmanmkc/node24
bbe2a95 Update Node.js version to 24.x
854d7aa Merge pull request #374 from actions/Jcambass-patch-1
306bb81 Add workflow file for publishing releases to immutable action package
b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
7273294 Bump braces in the npm_and_yarn group across 1 directory
963791f Merge pull request #361 from actions/dependabot-friendly
51bb29d Make the rebuild dist workflow safer for Dependabot
89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
Additional commits viewable in compare view

Updates astral-sh/ruff-action from 3.6.1 to 4.0.0

Release notes

Sourced from astral-sh/ruff-action's releases.

v4.0.0 🌈 Immutable releases, node24 and manifest-file

This is the first immutable release of ruff-action 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This action now also supports the mainfest-file input which lets you define custom ruff versions and custom download locations.

Last but not least this action now runs on node24. This might be a breaking change on very old self-hosted runners.

🚨 Breaking changes

Migrate to ESMBundler and node 24 @eifinger (#345)

🚀 Enhancements

Add manifest-file input @eifinger (#352)

🧰 Maintenance

chore: update known checksums for 0.15.10 @github-actions[bot] (#351)

Add a release workflow @zanieb (#349)

chore: update known checksums for 0.15.9 @github-actions[bot] (#348)

chore: update known checksums for 0.15.8 @github-actions[bot] (#344)

chore: update known checksums for 0.15.7 @github-actions[bot] (#342)

chore: update known checksums for 0.15.6 @github-actions[bot] (#337)

chore: update known checksums for 0.15.5 @github-actions[bot] (#331)

chore: update known checksums for 0.15.4 @github-actions[bot] (#328)

chore: update known checksums for 0.15.2 @github-actions[bot] (#325)

chore: update known checksums for 0.15.1 @github-actions[bot] (#323)

chore: update known checksums for 0.15.0 @github-actions[bot] (#320)

⬆️ Dependency updates

Bump release-drafter/release-drafter from 6.2.0 to 7.2.0 @dependabot[bot] (#350)

Bump eifinger/actionlint-action from 1.10.0 to 1.10.2 @dependabot[bot] (#347)

Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.2 @dependabot[bot] (#333)

Commits

0ce1b0b refactor version resolving (#353)
9b8caf6 Add manifest-file input (#352)
535554d Bump release-drafter/release-drafter from 6.2.0 to 7.2.0 (#350)
2186c6e chore: update known checksums for 0.15.10 (#351)
26892db Add a release workflow (

Bumps the all group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.2.0` | `8.1.0` | | [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `31.9.0` | `31.10.6` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.18.0` | `7.1.0` | | [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [astral-sh/ruff-action](https://github.com/astral-sh/ruff-action) | `3.6.1` | `4.0.0` | | [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) | `22.0.0` | `23.2.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.1` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) | `3.2.0` | `3.3.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.4.0` | Updates `astral-sh/setup-uv` from 7.2.0 to 8.1.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@61cb8a9...0880764) Updates `cachix/install-nix-action` from 31.9.0 to 31.10.6 - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md) - [Commits](cachix/install-nix-action@4e002c8...8aa0397) Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...ce36039) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...4d04d5d) Updates `docker/metadata-action` from 5.10.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@c299e40...030e881) Updates `docker/login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...4907a6d) Updates `docker/build-push-action` from 6.18.0 to 7.1.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@2634353...bcafcac) Updates `actions/configure-pages` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@983d773...45bfe01) Updates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@7b1f4a7...fc324d3) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@d6db901...cd2ce8f) Updates `astral-sh/ruff-action` from 3.6.1 to 4.0.0 - [Release notes](https://github.com/astral-sh/ruff-action/releases) - [Commits](astral-sh/ruff-action@4919ec5...0ce1b0b) Updates `DavidAnson/markdownlint-cli2-action` from 22.0.0 to 23.2.0 - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](DavidAnson/markdownlint-cli2-action@07035fd...ded1f94) Updates `actions/upload-artifact` from 6.0.0 to 7.0.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...043fb46) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...3e5f45b) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210) Updates `sigstore/gh-action-sigstore-python` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](sigstore/gh-action-sigstore-python@a5caf34...04cffa1) Updates `actions/setup-node` from 6.2.0 to 6.4.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@6044e13...48b55a0) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: cachix/install-nix-action dependency-version: 31.10.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/build-push-action dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/configure-pages dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: astral-sh/ruff-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: 23.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/upload-artifact dependency-version: 7.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: sigstore/gh-action-sigstore-python dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/setup-node dependency-version: 6.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 13, 2026

dependabot Bot requested a review from elopez as a code owner May 13, 2026 22:56

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels May 13, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the all group across 1 directory with 17 updates#3022

chore(deps): bump the all group across 1 directory with 17 updates#3022
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/master/all-0ee61ac575

dependabot Bot commented on behalf of github May 13, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 13, 2026

v8.1.0 🌈 New input no-project

Changes

🚀 Enhancements

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

New format for manifest-file

No more major and minor tags

v31.10.6

What's Changed

v31.10.5

What's Changed

v31.10.4

What's Changed

v31.10.3

What's Changed

v31.10.2

What's Changed

v31.10.1

What's Changed

v31.10.0

What's Changed

v4.0.0

v4.0.0

v6.0.0

v4.1.0

v4.0.0

v7.1.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0

v6.0.0

Changelog

v5.0.0

Changelog

v5.0.0

Changelog

v4.0.0 🌈 Immutable releases, node24 and manifest-file

This is the first immutable release of ruff-action 🥳

🚨 Breaking changes

🚀 Enhancements

🧰 Maintenance

⬆️ Dependency updates

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

v8.1.0 🌈 New input `no-project`

This is the first immutable release of `setup-uv` 🥳

New format for `manifest-file`

This is the first immutable release of `ruff-action` 🥳