astral-sh/setup-uv
0
0
Fork 0
mirror of https://github.com/astral-sh/setup-uv.git synced 2026-05-31 13:48:28 +02:00
Code Issues Packages Projects Releases Wiki Activity
502 Commits 32 Branches 110 Tags
main
Commit Graph

502 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
dependabot[bot] df42d4f6ba chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#891) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.5.5 to 0.5.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.6</h2>
<ul>
<li>1.25.2 is now available via the action</li>
<li>1.25.2 is now the default version of zizmor used by the action</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/5f14fd08f7cf1cb1609c1e344975f152c7ee938d"><code>5f14fd0</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/114">#114</a>)</li>
<li>See full diff in <a
href="https://github.com/zizmorcore/zizmor-action/compare/a16621b09c6db4281f81a93cb393b05dcd7b7165...5f14fd08f7cf1cb1609c1e344975f152c7ee938d">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.5.5&new-version=0.5.6)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-31 12:17:39 +02:00
Kevin Stillhammer b9c8c4c7ba feat: add download-from-astral-mirror input (#897) 
## Summary

Add a new boolean input `download-from-astral-mirror` (default: `true`)
that controls whether uv is downloaded from the Astral mirror or
directly from GitHub Releases.

When set to `false`, the mirror rewrite is skipped entirely and the
download goes straight to GitHub Releases.

Closes: #870
 2026-05-31 11:47:01 +02:00
dependabot[bot] 80cc27528e chore(deps): bump release-drafter/release-drafter from 7.2.0 to 7.3.0 (#884) 
Bumps
[release-drafter/release-drafter](https://github.com/release-drafter/release-drafter)
from 7.2.0 to 7.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/release-drafter/release-drafter/releases">release-drafter/release-drafter's
releases</a>.</em></p>
<blockquote>
<h2>v7.3.0</h2>
<h1>What's Changed</h1>
<h2>New</h2>
<ul>
<li>feat: recover recently merged PRs missed by associated PRs lag (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1604">#1604</a>)
<a href="https://github.com/jetersen"><code>@​jetersen</code></a></li>
<li>feat: switch release discovery to ref comparison and explicit
missing-baseline warnings (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1570">#1570</a>)
<a href="https://github.com/jetersen"><code>@​jetersen</code></a></li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>fix: restore prerelease-identifier on first run when no prior
releases exist (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1602">#1602</a>)
<a href="https://github.com/jrbeilke"><code>@​jrbeilke</code></a></li>
<li>fix: prevent using commitish like refs/pull (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1598">#1598</a>)
<a href="https://github.com/cchanche"><code>@​cchanche</code></a></li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>ci: rebuild dist after codegen so generated PRs include bundle
updates (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1605">#1605</a>)
<a href="https://github.com/jetersen"><code>@​jetersen</code></a></li>
<li>chore: update generated GraphQL types (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1600">#1600</a>)
@<a
href="https://github.com/apps/github-actions">github-actions[bot]</a></li>
<li>chore: clarify base repository pr filtering (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1599">#1599</a>)
<a href="https://github.com/cchanche"><code>@​cchanche</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>build(deps-dev): bump postcss from 8.5.8 to 8.5.12 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1597">#1597</a>)
@<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/release-drafter/release-drafter/compare/v7.2.1...v7.3.0">https://github.com/release-drafter/release-drafter/compare/v7.2.1...v7.3.0</a></p>
<h2>v7.2.1</h2>
<h1>What's Changed</h1>
<h2>Bug Fixes</h2>
<ul>
<li>fix: initial-commits-since in config not overwritten by input (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1593">#1593</a>)
<a href="https://github.com/sroebert"><code>@​sroebert</code></a></li>
<li>fix: clarify prerelease-identifier behavior and precedence in
configuration (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1594">#1594</a>)
<a href="https://github.com/neilime"><code>@​neilime</code></a></li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>chore: disable &quot;No version input...&quot; warning (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1595">#1595</a>)
<a href="https://github.com/cchanche"><code>@​cchanche</code></a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/release-drafter/release-drafter/compare/v7.2.0...v7.2.1">https://github.com/release-drafter/release-drafter/compare/v7.2.0...v7.2.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/c2e2804cc59f45f57076a99af580d0fedb697927"><code>c2e2804</code></a>
chore: release v7.3.0</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/0c28acd0bcb335f1f86b350a4283045eb03025b9"><code>0c28acd</code></a>
feat: recover recently merged PRs missed by associated PRs lag (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1604">#1604</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/3052ee00309feb828889940f8ea4fb642ff57f4e"><code>3052ee0</code></a>
fix: restore prerelease-identifier on first run when no prior releases
exist ...</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/0503d11169c6098c4ff53bb412ae8887b6fbb79c"><code>0503d11</code></a>
ci: rebuild dist after codegen so generated PRs include bundle updates
(<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1605">#1605</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/a553731db26761b6a6446a23e3a978949cba6e2b"><code>a553731</code></a>
chore: update generated GraphQL types (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1600">#1600</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/c5dd36151c0584427a1f10cb41d5ba73cebcdad4"><code>c5dd361</code></a>
ci: add warning on automatic codegen PRs</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/705c5afff81196e065284562dd78729d4bbdab7a"><code>705c5af</code></a>
ci: add maintenance label to automated codegen updates</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/acfaf4fa10f83604f93febbc544d5be415f0458e"><code>acfaf4f</code></a>
chore: clarify base repository pr filtering (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1599">#1599</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/d181a5a9df5268ebc5c1cdebeaef584ddbe14412"><code>d181a5a</code></a>
fix: prevent using commitish like refs/pull (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1598">#1598</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/f188d08e9e71d8903f02ca1c5e7aea645a815537"><code>f188d08</code></a>
feat: switch release discovery to ref comparison and explicit
missing-baselin...</li>
<li>Additional commits viewable in <a
href="https://github.com/release-drafter/release-drafter/compare/5de93583980a40bd78603b6dfdcda5b4df377b32...c2e2804cc59f45f57076a99af580d0fedb697927">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=release-drafter/release-drafter&package-manager=github_actions&previous-version=7.2.0&new-version=7.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-31 11:26:42 +02:00
Kevin Stillhammer 818affc359 fix: report unexpected cache save failures (#896) 
## Summary
- add top-level uncaughtException and unhandledRejection handlers for
the save-cache entrypoint
- report unexpected post-action failures through core.setFailed with
stack/context
- regenerate the committed save-cache bundle
 2026-05-31 11:25:35 +02:00
Kevin Stillhammer feda7fc6a9 fix: report unexpected setup failures (#895) 
## Summary
- add top-level uncaughtException and unhandledRejection handlers for
the setup entrypoint
- report unexpected failures through core.setFailed with stack/context
- regenerate the committed setup bundle
 2026-05-31 11:17:46 +02:00
eifinger-bot 8dc20b2aca fix: add timeout to fetch to prevent silent hangs (#883) 
Add `AbortSignal.timeout(5s)` to fetch requests to ensure they fail fast
instead of hanging indefinitely when network issues occur.
 2026-05-31 09:37:59 +02:00
github-actions[bot] e7108c6ccc chore: update known checksums for 0.11.17 (#892) 
chore: update known checksums for 0.11.17

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-29 11:10:08 +02:00
github-actions[bot] 12d13f90bc chore: update known checksums for 0.11.16 (#889) 
chore: update known checksums for 0.11.16

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-22 07:56:51 +02:00
dependabot[bot] 7470949a2c chore(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.5 (#888) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.5.3 to 0.5.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.5</h2>
<p>This is a no-op release.</p>
<h2>v0.5.4</h2>
<ul>
<li>1.25.0 is now available via the action</li>
<li>1.25.0 is now the default version of zizmor used by the action</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/a16621b09c6db4281f81a93cb393b05dcd7b7165"><code>a16621b</code></a>
Bump pins in README (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/112">#112</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/1c03e047a3633631b1e5648c48243045b1de0d25"><code>1c03e04</code></a>
chore(deps): bump github/codeql-action from 4.35.2 to 4.35.3 in the
github-ac...</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/b572f7b1a1c2d41efaab43d504f68d215c3cd727"><code>b572f7b</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/111">#111</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/06928c5dcba418c7d6108a4bd6e2d34cbf3c9377"><code>06928c5</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/109">#109</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/5ea8b96e1078453e04a1b81443890d9e7da5ddf3"><code>5ea8b96</code></a>
docs: Update link to GitHub docs (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/108">#108</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/849ac260951adeb7c02481da6c7e749b39f4ea6d"><code>849ac26</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/106">#106</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/814f9778aceea8641503a8cd8f0cffebc55d790c"><code>814f977</code></a>
Bump pins in README (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/103">#103</a>)</li>
<li>See full diff in <a
href="https://github.com/zizmorcore/zizmor-action/compare/b1d7e1fb5de872772f31590499237e7cce841e8e...a16621b09c6db4281f81a93cb393b05dcd7b7165">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.5.3&new-version=0.5.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-21 14:29:19 +02:00
github-actions[bot] ed07c76224 chore: update known checksums for 0.11.15 (#885) 
chore: update known checksums for 0.11.15

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-19 07:42:01 +02:00
dependabot[bot] ba17a16c0a chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 (#881) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.35.3 to 4.35.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.4</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>If multiple inputs are provided for the GitHub-internal
<code>analysis-kinds</code> input, only <code>code-scanning</code> will
be enabled. The <code>analysis-kinds</code> input is experimental, for
GitHub-internal use only, and may change without notice at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3892">#3892</a></li>
<li>Added an experimental change which, when running a Code Scanning
analysis for a PR with <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> enabled, prefers CodeQL CLI versions that have
a cached overlay-base database for the configured languages. This speeds
up analysis for a repository when there is not yet a cached overlay-base
database for the latest CLI version. We expect to roll this change out
to everyone in May. <a
href="https://redirect.github.com/github/codeql-action/pull/3880">#3880</a></li>
</ul>
<h2>4.35.4 - 07 May 2026</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>4.34.1 - 20 Mar 2026</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>4.34.0 - 20 Mar 2026</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>4.33.0 - 16 Mar 2026</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/68bde559dea0fdcac2102bfdf6230c5f70eb485e"><code>68bde55</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3885">#3885</a>
from github/update-v4.35.4-803d9e8c3</li>
<li><a
href="https://github.com/github/codeql-action/commit/9739ad2d182c072da0d01a6887f7f39620f71b1e"><code>9739ad2</code></a>
Update changelog for v4.35.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/803d9e8c3ca8b0dd2029a1da3b541a18b6bfb076"><code>803d9e8</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3883">#3883</a>
from github/mbg/test/macro-wrapper</li>
<li><a
href="https://github.com/github/codeql-action/commit/0fd9c7d1358a7404e46ed8165f12262f56bd1434"><code>0fd9c7d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3882">#3882</a>
from github/dependabot/github_actions/dot-github/wor...</li>
<li><a
href="https://github.com/github/codeql-action/commit/922d6fb888d665134eb982b150b8912dbd48e21a"><code>922d6fb</code></a>
Use <code>makeMacro</code> instead of <code>test.macro</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/df77e87896689b5c736433984c5df14d86c63d56"><code>df77e87</code></a>
Update test macro snippet</li>
<li><a
href="https://github.com/github/codeql-action/commit/6e3f985e4fc409a188c7701b68c4dec158c9ced3"><code>6e3f985</code></a>
Add wrapper for <code>test.macro</code></li>
<li><a
href="https://github.com/github/codeql-action/commit/e7a347dfb1bfb7a858347623fcb4f650effca6b5"><code>e7a347d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3881">#3881</a>
from github/update-bundle/codeql-bundle-v2.25.4</li>
<li><a
href="https://github.com/github/codeql-action/commit/17eabb2500031486a71e00ecbcb72c73804a6c9f"><code>17eabb2</code></a>
Rebuild</li>
<li><a
href="https://github.com/github/codeql-action/commit/aaef09c48db2dd7f0100363de1785963a34cd706"><code>aaef09c</code></a>
Bump ruby/setup-ruby</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/e46ed2cbd01164d986452f91f178727624ae40d7...68bde559dea0fdcac2102bfdf6230c5f70eb485e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.35.3&new-version=4.35.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-14 15:10:36 +02:00
Zsolt Dollenstein 853401723d Limit GitHub tokens to github.com download URLs (#878) 
This makes the Astral mirror slightly less special.
 2026-05-13 13:26:05 +02:00
Kevin Stillhammer 7568f55a9a increase libuv-workaround timeout to 100ms (#880) 
This should fix
https://github.com/astral-sh/setup-uv/issues/686#issuecomment-4389301919
 2026-05-13 08:28:39 +02:00
github-actions[bot] a81585cbb0 chore: update known checksums for 0.11.14 (#879) 
chore: update known checksums for 0.11.14

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-13 07:37:30 +02:00
github-actions[bot] 88aa608651 chore: update known checksums for 0.11.13 (#877) 
chore: update known checksums for 0.11.13

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-11 08:14:58 +02:00
github-actions[bot] 00714ea9dc chore: update known checksums for 0.11.12 (#876) 
chore: update known checksums for 0.11.12

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-09 08:17:00 +02:00
dependabot[bot] c4fec0d78d chore(deps): bump github/codeql-action from 4.32.2 to 4.35.3 (#875) 
Bumps [github/codeql-action](https://github.com/github/codeql-action)
from 4.32.2 to 4.35.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.35.3</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>v4.35.2</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<h2>v4.35.1</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>v4.35.0</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>v4.34.1</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>v4.34.0</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>v4.33.0</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
&quot;True/false&quot;, then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using advanced setup:</strong> Set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
</ul>
</li>
<li>
<p>Fixed <a
href="https://redirect.github.com/github/codeql-action/issues/3555">a
bug</a> which caused the CodeQL Action to fail loading repository
properties if a &quot;Multi select&quot; repository property was
configured for the repository. <a
href="https://redirect.github.com/github/codeql-action/pull/3557">#3557</a></p>
</li>
<li>
<p>The CodeQL Action now loads <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">custom
repository properties</a> on GitHub Enterprise Server, enabling the
customization of features such as
<code>github-codeql-disable-overlay</code> that was previously only
available on GitHub.com. <a
href="https://redirect.github.com/github/codeql-action/pull/3559">#3559</a></p>
</li>
<li>
<p>Once <a
href="https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries">private
package registries</a> can be configured with OIDC-based authentication
for organizations, the CodeQL Action will now be able to accept such
configurations. <a
href="https://redirect.github.com/github/codeql-action/pull/3563">#3563</a></p>
</li>
<li>
<p>Fixed the retry mechanism for database uploads. Previously this would
fail with the error &quot;Response body object should not be disturbed
or locked&quot;. <a
href="https://redirect.github.com/github/codeql-action/pull/3564">#3564</a></p>
</li>
<li>
<p>A warning is now emitted if the CodeQL Action detects a repository
property whose name suggests that it relates to the CodeQL Action, but
which is not one of the properties recognised by the current version of
the CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3570">#3570</a></p>
</li>
</ul>
<h2>v4.32.6</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3548">#3548</a></li>
</ul>
<h2>v4.32.5</h2>
<ul>
<li>Repositories owned by an organization can now set up the
<code>github-codeql-disable-overlay</code> custom repository property to
disable <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis for CodeQL</a>. First, create a custom repository
property with the name <code>github-codeql-disable-overlay</code> and
the type &quot;True/false&quot; in the organization's settings. Then in
the repository's settings, set this property to <code>true</code> to
disable improved incremental analysis. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>. This
feature is not yet available on GitHub Enterprise Server. <a
href="https://redirect.github.com/github/codeql-action/pull/3507">#3507</a></li>
<li>Added an experimental change so that when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> fails on a runner — potentially due to
insufficient disk space — the failure is recorded in the Actions cache
so that subsequent runs will automatically skip improved incremental
analysis until something changes (e.g. a larger runner is provisioned or
a new CodeQL version is released). We expect to roll this change out to
everyone in March. <a
href="https://redirect.github.com/github/codeql-action/pull/3487">#3487</a></li>
<li>The minimum memory check for improved incremental analysis is now
skipped for CodeQL 2.24.3 and later, which has reduced peak RAM usage.
<a
href="https://redirect.github.com/github/codeql-action/pull/3515">#3515</a></li>
<li>Reduced log levels for best-effort private package registry
connection check failures to reduce noise from workflow annotations. <a
href="https://redirect.github.com/github/codeql-action/pull/3516">#3516</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<ul>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4">2.25.4</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3881">#3881</a></li>
</ul>
<h2>4.35.3 - 01 May 2026</h2>
<ul>
<li><em>Upcoming breaking change</em>: Add a deprecation warning for
customers using CodeQL version 2.19.3 and earlier. These versions of
CodeQL were discontinued on 9 April 2026 alongside GitHub Enterprise
Server 3.15, and will be unsupported by the next minor release of the
CodeQL Action. <a
href="https://redirect.github.com/github/codeql-action/pull/3837">#3837</a></li>
<li>Configurations for private registries that use Cloudsmith or GCP
OIDC are now accepted. <a
href="https://redirect.github.com/github/codeql-action/pull/3850">#3850</a></li>
<li>Best-effort connection tests for private registries now use
<code>GET</code> requests instead of <code>HEAD</code> for better
compatibility with various registry implementations. For NuGet feeds,
the test is now always performed against the service index. <a
href="https://redirect.github.com/github/codeql-action/pull/3853">#3853</a></li>
<li>Fixed a bug where two diagnostics produced within the same
millisecond could overwrite each other on disk, causing one of them to
be lost. <a
href="https://redirect.github.com/github/codeql-action/pull/3852">#3852</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3">2.25.3</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3865">#3865</a></li>
</ul>
<h2>4.35.2 - 15 Apr 2026</h2>
<ul>
<li>The undocumented TRAP cache cleanup feature that could be enabled
using the <code>CODEQL_ACTION_CLEANUP_TRAP_CACHES</code> environment
variable is deprecated and will be removed in May 2026. If you are
affected by this, we recommend disabling TRAP caching by passing the
<code>trap-caching: false</code> input to the <code>init</code> Action.
<a
href="https://redirect.github.com/github/codeql-action/pull/3795">#3795</a></li>
<li>The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules. <a
href="https://redirect.github.com/github/codeql-action/pull/3789">#3789</a></li>
<li>Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal. <a
href="https://redirect.github.com/github/codeql-action/pull/3794">#3794</a></li>
<li>Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3807">#3807</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2">2.25.2</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3823">#3823</a></li>
</ul>
<h2>4.35.1 - 27 Mar 2026</h2>
<ul>
<li>Fix incorrect minimum required Git version for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a>: it should have been 2.36.0, not 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3781">#3781</a></li>
</ul>
<h2>4.35.0 - 27 Mar 2026</h2>
<ul>
<li>Reduced the minimum Git version required for <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> from 2.38.0 to 2.11.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3767">#3767</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1">2.25.1</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3773">#3773</a></li>
</ul>
<h2>4.34.1 - 20 Mar 2026</h2>
<ul>
<li>Downgrade default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3">2.24.3</a>
due to issues with a small percentage of Actions and JavaScript
analyses. <a
href="https://redirect.github.com/github/codeql-action/pull/3762">#3762</a></li>
</ul>
<h2>4.34.0 - 20 Mar 2026</h2>
<ul>
<li>Added an experimental change which disables TRAP caching when <a
href="https://redirect.github.com/github/roadmap/issues/1158">improved
incremental analysis</a> is enabled, since improved incremental analysis
supersedes TRAP caching. This will improve performance and reduce
Actions cache usage. We expect to roll this change out to everyone in
March. <a
href="https://redirect.github.com/github/codeql-action/pull/3569">#3569</a></li>
<li>We are rolling out improved incremental analysis to C/C++ analyses
that use build mode <code>none</code>. We expect this rollout to be
complete by the end of April 2026. <a
href="https://redirect.github.com/github/codeql-action/pull/3584">#3584</a></li>
<li>Update default CodeQL bundle version to <a
href="https://github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0">2.25.0</a>.
<a
href="https://redirect.github.com/github/codeql-action/pull/3585">#3585</a></li>
</ul>
<h2>4.33.0 - 16 Mar 2026</h2>
<ul>
<li>
<p>Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change. <a
href="https://redirect.github.com/github/codeql-action/pull/3562">#3562</a></p>
<p>To opt out of this change:</p>
<ul>
<li><strong>Repositories owned by an organization:</strong> Create a
custom repository property with the name
<code>github-codeql-file-coverage-on-prs</code> and the type
&quot;True/false&quot;, then set this property to <code>true</code> in
the repository's settings. For more information, see <a
href="https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization">Managing
custom properties for repositories in your organization</a>.
Alternatively, if you are using an advanced setup workflow, you can set
the <code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable
to <code>true</code> in your workflow.</li>
<li><strong>User-owned repositories using default setup:</strong> Switch
to an advanced setup workflow and set the
<code>CODEQL_ACTION_FILE_COVERAGE_ON_PRS</code> environment variable to
<code>true</code> in your workflow.</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/e46ed2cbd01164d986452f91f178727624ae40d7"><code>e46ed2c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3867">#3867</a>
from github/update-v4.35.3-8c6e48dbe</li>
<li><a
href="https://github.com/github/codeql-action/commit/b73d1d163446ca5e62b96698027210ab41df6a4a"><code>b73d1d1</code></a>
Add changelog entry for <a
href="https://redirect.github.com/github/codeql-action/issues/3853">#3853</a></li>
<li><a
href="https://github.com/github/codeql-action/commit/24e0bb00a931e2a5edb703ce3b22a70f3a3e800b"><code>24e0bb0</code></a>
Reorder changelog entries</li>
<li><a
href="https://github.com/github/codeql-action/commit/ec298daba71cf7592feacbd1c0887cddc0659f62"><code>ec298da</code></a>
Update changelog for v4.35.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/8c6e48dbe051ceb3015c19554831af1b43275f46"><code>8c6e48d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3865">#3865</a>
from github/update-bundle/codeql-bundle-v2.25.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/719098349ea5beae8aa364bf9b71ff1c8d937df2"><code>7190983</code></a>
Add changelog note</li>
<li><a
href="https://github.com/github/codeql-action/commit/2bb209555a024d051f6271c8a846b402497f9445"><code>2bb2095</code></a>
Update default bundle to codeql-bundle-v2.25.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/7851e55dc3be31ec4bcc3ef98453de2cb306e698"><code>7851e55</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3850">#3850</a>
from github/mbg/private-registry/cloudsmith-gcp</li>
<li><a
href="https://github.com/github/codeql-action/commit/262a15f6cf4c7a43d6a38ad76392e5e2d4977751"><code>262a15f</code></a>
Add generic non-printable chars test for OIDC configs</li>
<li><a
href="https://github.com/github/codeql-action/commit/a6109b1c07173a53ece3d179a925ff9644d1fabd"><code>a6109b1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3853">#3853</a>
from github/mbg/start-proxy/improved-checks</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...e46ed2cbd01164d986452f91f178727624ae40d7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github/codeql-action&package-manager=github_actions&previous-version=4.32.2&new-version=4.35.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-09 03:58:07 +02:00
github-actions[bot] 9d91aa17e1 chore: update known checksums for 0.11.11 (#873) 
chore: update known checksums for 0.11.11

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-07 09:14:04 +02:00
github-actions[bot] 363818fa0d chore: update known checksums for 0.11.9/0.11.10 (#871) 
chore: update known checksums for 0.11.9/0.11.10

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-05-06 08:13:20 +02:00
github-actions[bot] 05143d3dcd chore: update known checksums for 0.11.8 (#867) 
chore: update known checksums for 0.11.8

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-04-28 07:45:14 +02:00
dependabot[bot] 2ae9516c03 chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 (#866) 
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-27 09:31:20 -04:00
dependabot[bot] c0c76fcf76 chore(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 (#864) 
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action)
from 0.5.2 to 0.5.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.5.3</h2>
<h2>What's Changed</h2>
<ul>
<li><code>1.24.0</code> and <code>1.24.1</code> are now available via
the action</li>
<li><code>1.24.1</code> is now the default version of zizmor used by the
action</li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3">https://github.com/zizmorcore/zizmor-action/compare/v0.5.2...v0.5.3</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/b1d7e1fb5de872772f31590499237e7cce841e8e"><code>b1d7e1f</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/102">#102</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/a195b57475917ddcb70845e5ffe1c3a15dbbdedc"><code>a195b57</code></a>
Sync zizmor versions (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/100">#100</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/629d5d01fe5939a6aeae25c1bd1acd2cfa28e9b2"><code>629d5d0</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/99">#99</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/453d591467e8199b1d5c6883b6ec5c22a12aac72"><code>453d591</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/98">#98</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/ea2c18b942410df0b22bed3b94c361c407518d45"><code>ea2c18b</code></a>
Bump pins (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/97">#97</a>)</li>
<li>See full diff in <a
href="https://github.com/zizmorcore/zizmor-action/compare/71321a20a9ded102f6e9ce5718a2fcec2c4f70d8...b1d7e1fb5de872772f31590499237e7cce841e8e">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=zizmorcore/zizmor-action&package-manager=github_actions&previous-version=0.5.2&new-version=0.5.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-20 14:26:05 +02:00
dependabot[bot] dff86cf972 chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 (#863) 
Bumps
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
from 8.1.0 to 8.1.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v8.1.1</h2>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump the npm group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4305">peter-evans/create-pull-request#4305</a></li>
<li>build(deps): bump minimatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4311">peter-evans/create-pull-request#4311</a></li>
<li>build(deps): bump the github-actions group with 2 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4316">peter-evans/create-pull-request#4316</a></li>
<li>build(deps): bump <code>@​tootallnate/once</code> and
jest-environment-jsdom by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4323">peter-evans/create-pull-request#4323</a></li>
<li>build(deps-dev): bump undici from 6.23.0 to 6.24.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4328">peter-evans/create-pull-request#4328</a></li>
<li>build(deps-dev): bump flatted from 3.3.1 to 3.4.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4334">peter-evans/create-pull-request#4334</a></li>
<li>build(deps): bump picomatch by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4339">peter-evans/create-pull-request#4339</a></li>
<li>build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4344">peter-evans/create-pull-request#4344</a></li>
<li>build(deps-dev): bump the npm group with 3 updates by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4349">peter-evans/create-pull-request#4349</a></li>
<li>fix: retry post-creation API calls on 422 eventual consistency
errors by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/4356">peter-evans/create-pull-request#4356</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1">https://github.com/peter-evans/create-pull-request/compare/v8.1.0...v8.1.1</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/5f6978faf089d4d20b00c7766989d076bb2fc7f1"><code>5f6978f</code></a>
fix: retry post-creation API calls on 422 eventual consistency errors
(<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4356">#4356</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/d32e88dac789dcc7906e7d26f69f24116fa9c97d"><code>d32e88d</code></a>
build(deps-dev): bump the npm group with 3 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4349">#4349</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/8170bccad11c0df62542c04dcaefe36d342dfd39"><code>8170bcc</code></a>
build(deps-dev): bump handlebars from 4.7.8 to 4.7.9 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4344">#4344</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/00418193b417f888dbf1d993c5c0d31d27fdc7de"><code>0041819</code></a>
build(deps): bump picomatch (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4339">#4339</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/b993918c8536b6d44706130734d5456879762b27"><code>b993918</code></a>
build(deps-dev): bump flatted from 3.3.1 to 3.4.2 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4334">#4334</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/36d7c8468b48f9c2f8f29e260e82f10d4b90d2bd"><code>36d7c84</code></a>
build(deps-dev): bump undici from 6.23.0 to 6.24.0 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4328">#4328</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/a45d1fb447fcaf601166e405fd4f335cde1a8aa8"><code>a45d1fb</code></a>
build(deps): bump <code>@​tootallnate/once</code> and
jest-environment-jsdom (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4323">#4323</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/3499eb61835cc0015c0b786e203d74b1e8f55e43"><code>3499eb6</code></a>
build(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4316">#4316</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/3f3b473b8c148f5a7520efb4d1f9a70eea3d9d1f"><code>3f3b473</code></a>
build(deps): bump minimatch (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4311">#4311</a>)</li>
<li><a
href="https://github.com/peter-evans/create-pull-request/commit/6699836a213cf8b28c4f0408a404a6ac79d4458a"><code>6699836</code></a>
build(deps-dev): bump the npm group with 2 updates (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/4305">#4305</a>)</li>
<li>See full diff in <a
href="https://github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0...5f6978faf089d4d20b00c7766989d076bb2fc7f1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=8.1.0&new-version=8.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-20 09:50:35 +02:00
Kevin Stillhammer c0b7f63f92 Bump setup-uv references to v8.1.0 SHA in docs (#862) 
Update all `astral-sh/setup-uv@` references in documentation from
`cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0` to
`08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0`.

Files updated:
- `README.md`
- `docs/caching.md`
- `docs/customization.md`
- `docs/environment-and-tools.md`
- `docs/advanced-version-configuration.md`
 2026-04-17 09:25:20 +02:00
Kevin Stillhammer d854a6dce4 Add update-docs.yml workflow (#861) 2026-04-17 09:10:53 +02:00
Kevin Stillhammer 08807647e7 fix: grant contents:write to validate-release job (#860) 
## Problem

The release workflow fails at the `validate-release` job because `gh
release view` cannot find draft releases. This is because the job only
has `contents: read` permission, but GitHub requires `contents: write`
to view draft releases.

See failed run:
https://github.com/astral-sh/setup-uv/actions/runs/24528604608

## Fix

Bump `validate-release` job permissions from `contents: read` to
`contents: write`, matching the `release` job which already has this
permission.
v8.1.0 		2026-04-16 21:58:54 +02:00
Zanie Blue 717d6aba0f Add a release-gate step to the release workflow (#859) 2026-04-16 20:56:58 +02:00
Kevin Stillhammer 5a911eb3a3 Draft commitish releases (#858) 2026-04-16 20:26:15 +02:00
Kevin Stillhammer 080c31e04c Add action-types.yml to instructions (#857) 2026-04-16 20:19:09 +02:00
Kevin Stillhammer b3e97d2ba1 Add input no-project in combination with activate-environment (#856) 
Closes: #854
 2026-04-16 15:48:02 +02:00
dependabot[bot] 7dd591db95 chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855) 
Bumps
[release-drafter/release-drafter](https://github.com/release-drafter/release-drafter)
from 7.1.1 to 7.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/release-drafter/release-drafter/releases">release-drafter/release-drafter's
releases</a>.</em></p>
<blockquote>
<h2>v7.2.0</h2>
<h1>What's Changed</h1>
<h2>New</h2>
<ul>
<li>feat: allow always collapsing a category (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1444">#1444</a>)
<a href="https://github.com/mhanberg"><code>@​mhanberg</code></a></li>
</ul>
<h2>Bug Fixes</h2>
<ul>
<li>fix: improve advanced substitutions in replacers (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1555">#1555</a>)
<a href="https://github.com/jetersen"><code>@​jetersen</code></a></li>
<li>fix: support repo-only _extends and prevent .github/ path doubling
(<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1577">#1577</a>)
<a href="https://github.com/jetersen"><code>@​jetersen</code></a></li>
</ul>
<h2>Maintenance</h2>
<ul>
<li>chore(deps): update dependency typescript to 6.0.2 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1587">#1587</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update vitest to 4.1.4 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1585">#1585</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>ci(deps): update peter-evans/create-pull-request action to v8 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1588">#1588</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update dependency vite to 8.0.5 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1579">#1579</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update dependency nock to 14.0.12 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1583">#1583</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update dependency <code>@​types/node</code> to 24.12.2
(<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1582">#1582</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update dependency <code>@​biomejs/biome</code> to
2.4.10 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1581">#1581</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore: move codegen to monthly scheduled workflow (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1578">#1578</a>)
<a href="https://github.com/jetersen"><code>@​jetersen</code></a></li>
<li>chore: replace vite-tsconfig-paths plugin with native
resolve.tsconfigPaths (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1571">#1571</a>)
<a href="https://github.com/jetersen"><code>@​jetersen</code></a></li>
</ul>
<h2>Documentation</h2>
<ul>
<li>docs: fix autolabeler example tag (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1568">#1568</a>)
<a href="https://github.com/cchanche"><code>@​cchanche</code></a></li>
</ul>
<h2>Dependency Updates</h2>
<ul>
<li>build(deps): bump lodash and
<code>@​graphql-codegen/plugin-helpers</code> (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1589">#1589</a>)
@<a href="https://github.com/apps/dependabot">dependabot[bot]</a></li>
<li>fix(deps): update dependency <code>@​actions/github</code> to 9.1.0
(<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1586">#1586</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update dependency yaml to 2.8.3 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1580">#1580</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update node.js to v24.14.1 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1584">#1584</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
<li>chore(deps): update dependency <code>@​biomejs/biome</code> to
2.4.10 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1581">#1581</a>)
@<a href="https://github.com/apps/renovate">renovate[bot]</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0">https://github.com/release-drafter/release-drafter/compare/v7.1.1...v7.2.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/5de93583980a40bd78603b6dfdcda5b4df377b32"><code>5de9358</code></a>
7.2.0</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/e50d61c7deb94fc176ad7d31d7b71f60307829b2"><code>e50d61c</code></a>
chore: rebuild dist</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/d3a61d3b778db0d18c3511a1d8a5585188fdb99f"><code>d3a61d3</code></a>
chore: fix npm audit vulnerabilities</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/8bfa2791ec73890e3087b933c9db62d0a294a461"><code>8bfa279</code></a>
build(deps): bump lodash and
<code>@​graphql-codegen/plugin-helpers</code> (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1589">#1589</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/c2a8a67ac931b548feeee49fe78975bd87720a0e"><code>c2a8a67</code></a>
chore: remove engine-strict from .npmrc to fix Dependabot
resolution</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/e51e4adf1695870d57ae9cf3fa8cc37064d6304d"><code>e51e4ad</code></a>
chore(deps): update dependency typescript to 6.0.2 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1587">#1587</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/0e7bd548468b9ce7f0b082417f6ec32bc47173ae"><code>0e7bd54</code></a>
fix(deps): update dependency <code>@​actions/github</code> to 9.1.0 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1586">#1586</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/9c0b0a8cf19d3415f835a04b1987cd2451aaac85"><code>9c0b0a8</code></a>
chore(deps): update dependency yaml to 2.8.3 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1580">#1580</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/b27f820cbc98c923f216e773d35bc7f4e8efd9ed"><code>b27f820</code></a>
chore(deps): update vitest to 4.1.4 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1585">#1585</a>)</li>
<li><a
href="https://github.com/release-drafter/release-drafter/commit/eb9053430f473e03512e92caee9608b0db01ebd7"><code>eb90534</code></a>
ci(deps): update peter-evans/create-pull-request action to v8 (<a
href="https://redirect.github.com/release-drafter/release-drafter/issues/1588">#1588</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/release-drafter/release-drafter/compare/139054aeaa9adc52ab36ddf67437541f039b88e2...5de93583980a40bd78603b6dfdcda5b4df377b32">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=release-drafter/release-drafter&package-manager=github_actions&previous-version=7.1.1&new-version=7.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-16 13:02:19 +02:00
github-actions[bot] 1541b77626 chore: update known checksums for 0.11.7 (#853) 
chore: update known checksums for 0.11.7

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-04-16 08:00:01 +02:00
Kevin Stillhammer cdfb2ee6dd Refactor version resolving (#852) 2026-04-11 11:38:41 +02:00
github-actions[bot] cb84d12dc6 chore: update known checksums for 0.11.6 (#850) 
chore: update known checksums for 0.11.6

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-04-10 13:32:57 +02:00
github-actions[bot] 1912cc65f2 chore: update known checksums for 0.11.5 (#845) 
chore: update known checksums for 0.11.5

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-04-09 08:26:38 +02:00
github-actions[bot] a0b52019f1 chore: update known checksums for 0.11.4 (#843) 
chore: update known checksums for 0.11.4

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-04-08 07:42:52 +02:00
Zanie Blue 7b222e12b6 Add a release workflow (#839) 
Uses a release workflow with environment protection for publishing
releases instead of relying on user invocation.

The `release` environment can then be protected, e.g., requiring
approval from another team member. We can add a tag ruleset to prevent
tags from being created outside of the `release` environment.

I've never used Release drafter, but the workflow here differs from our
other projects in that the release process just marks the draft release
as final and adds the tag. The draft release is required, for
simplicity.
 2026-04-07 08:39:52 -05:00
github-actions[bot] 1c15d185f0 chore: update known checksums for 0.11.3 (#836) 
chore: update known checksums for 0.11.3

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-04-02 10:42:50 +02:00
Kevin Stillhammer d7fe1a5a18 Update ignore-nothing-to-cache documentation (#833) 
Add the error message so it can be found when searching for it

Helps issues like #831
 2026-03-31 09:27:10 +02:00
Kevin Stillhammer 16592cddee Pin setup-uv docs to v8 (#829) 
Update all README and docs examples to use the pinned v8 release SHA for
astral-sh/setup-uv, with a comment showing the release version for
clarity and best practices.
 2026-03-29 19:36:34 +02:00
Kevin Stillhammer cec208311d Shortcircuit latest version from manifest (#828) 
The first version is guaranteed to be the latest
v8.0.0 		2026-03-28 17:43:22 +01:00
Kevin Stillhammer 4dd8ab4520 Simplify inputs.ts (#827) 
Do not pass around inputs.
Its okay to freely work with core.getInput in this file
 2026-03-28 17:38:30 +01:00
Kevin Stillhammer 7fdbe7cf0c Remove update-major-minor-tags workflow (#826) 2026-03-28 16:29:52 +01:00
Kevin Stillhammer 485abd05e5 Bump release-drafter to v7.1.1 (#825) 2026-03-28 16:25:54 +01:00
Kevin Stillhammer f82eb19c06 Refactor inputs (#823) 
Don't load at import time and make it easier to test
 2026-03-28 16:23:26 +01:00
Kevin Stillhammer 868d1f74d9 Replace inline compile args with tsconfig (#824) 2026-03-28 16:19:09 +01:00
github-actions[bot] 447e6d02b1 chore: update known checksums for 0.11.2 (#821) 
chore: update known checksums for 0.11.2

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-03-27 07:12:16 +01:00
github-actions[bot] 5c62c59261 chore: update known checksums for 0.11.1 (#817) 
chore: update known checksums for 0.11.1

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-03-25 08:14:06 +01:00
github-actions[bot] e1a7373adb chore: update known checksums for 0.11.0 (#815) 
chore: update known checksums for 0.11.0

Co-authored-by: eifinger <eifinger@users.noreply.github.com>
 2026-03-24 07:42:01 +01:00
Kevin Stillhammer 89709315bb Remove deprecrated custom manifest (#813) 2026-03-23 09:15:51 +01:00