b1daf91f4e
Update lockfile with latest npm ( #636 )
2025-10-13 13:15:28 +02:00
3259c6206f
Bump deps ( #633 )
2025-10-12 20:47:54 +02:00
bf8e8ed895
Split up documentation ( #632 )
...
Closes : #558
2025-10-12 20:27:08 +02:00
9c6b5e9fb5
Add resolution-strategy input to support oldest compatible version selection ( #631 )
...
Adds a new `resolution-strategy` input that allows users to choose
between installing the highest (default) or lowest compatible version
when resolving version ranges.
2025-10-11 21:02:04 +02:00
a5129e99f4
Add copilot-instructions.md ( #630 )
2025-10-11 19:18:50 +02:00
d18bcc753a
Add value of UV_PYTHON_INSTALL_DIR to path ( #628 )
...
Closes : #610
2025-10-11 18:42:06 +02:00
bd1f875aba
Set output venv when activate-environment is used ( #627 )
...
Closes : #622
2025-10-11 15:17:25 +02:00
1a91c3851d
chore: update known checksums for 0.9.2 ( #626 )
...
Co-authored-by: woodruffw <woodruffw@users.noreply.github.com >
2025-10-10 17:11:01 -04:00
c79f606987
chore: update known checksums for 0.9.1 ( #625 )
...
chore: update known checksums for 0.9.1
Co-authored-by: eifinger <eifinger@users.noreply.github.com >
2025-10-10 17:24:01 +02:00
e0249f1599
Fall back to PR for updating known versions ( #623 )
2025-10-10 17:23:48 +02:00
6d2eb15b49
Cache python installs ( #621 )
...
This pull request introduces support for caching Python installs in the
GitHub Action, allowing users to cache not only dependencies but also
the Python interpreter itself.
This works by setting the `UV_PYTHON_INSTALL_DIR` to a subdirectory of
the dependency cache path so that Python installs are directed there.
Fixes #135
---------
Co-authored-by: Kevin Stillhammer <kevin.stillhammer@gmail.com >
2025-10-09 22:47:24 +02:00
3495667518
Bump github/codeql-action from 3.30.6 to 4.30.7 ( #614 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 3.30.6 to 4.30.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.30.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169 ">#3169</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v4.30.7/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.7</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.7 - 06 Oct 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.7/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>4.30.7 - 06 Oct 2025</h2>
<ul>
<li>[v4+ only] The CodeQL Action now runs on Node.js v24. <a
href="https://redirect.github.com/github/codeql-action/pull/3169 ">#3169</a></li>
</ul>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168 ">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160 ">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099 ">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100 ">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107 ">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130 ">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118 ">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084 ">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064 ">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077 ">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054 ">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044 ">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/e296a935590eb16afc0c0108289f68c87e2a89a5 "><code>e296a93</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3183 ">#3183</a>
from github/update-v4.30.7-55283843c</li>
<li><a
href="https://github.com/github/codeql-action/commit/93c16735fa0c27d771c77818dac729edc5a9cd19 "><code>93c1673</code></a>
Update changelog for v4.30.7</li>
<li><a
href="https://github.com/github/codeql-action/commit/55283843ca9b4d67ebda238e93f97913b6d527ca "><code>5528384</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3169 ">#3169</a>
from github/mario-campos/node24</li>
<li><a
href="https://github.com/github/codeql-action/commit/b66db86c847a6b3b82d6036b8ef090a869d23fcd "><code>b66db86</code></a>
Hoist CHANGELOG note back to "UNRELEASED" section.</li>
<li><a
href="https://github.com/github/codeql-action/commit/b2e22323e27f51736ac514773cfc66b169432101 "><code>b2e2232</code></a>
Merge remote-tracking branch 'origin/main' into mario-campos/node24</li>
<li><a
href="https://github.com/github/codeql-action/commit/065c6cfb7809de8db2167a953b5b622491cda914 "><code>065c6cf</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3174 ">#3174</a>
from github/mbg/fix/start-proxy-matrix</li>
<li><a
href="https://github.com/github/codeql-action/commit/7fb8378d93a9c48917835b918be8813792a0dd26 "><code>7fb8378</code></a>
Re-throw exception in <code>createStatusReportBase</code> when in test
mode</li>
<li><a
href="https://github.com/github/codeql-action/commit/dddf033776a9a0e008719a5c64a93dcac144838f "><code>dddf033</code></a>
Revert changes to build.mjs</li>
<li><a
href="https://github.com/github/codeql-action/commit/54ae8ba5b132f38656616b37ff939c55700d519b "><code>54ae8ba</code></a>
Simplify PR check by reverting changes to <code>@types/node</code>.</li>
<li><a
href="https://github.com/github/codeql-action/commit/65e9e640eee8bd9544d635018b785e3902144ccd "><code>65e9e64</code></a>
Make <code>matrix</code> available to <code>start-proxy</code>
action</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/64d10c13136e1c5bce3e5fbde8d4906eeaafc885...e296a935590eb16afc0c0108289f68c87e2a89a5 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-09 07:56:50 +02:00
eb1897b8dc
Bump dependencies ( #613 )
2025-10-07 21:44:39 +02:00
d78d791822
Bump github/codeql-action from 3.30.5 to 3.30.6 ( #605 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 3.30.5 to 3.30.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.6</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168 ">#3168</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.6/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.6 - 02 Oct 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.2. <a
href="https://redirect.github.com/github/codeql-action/pull/3168 ">#3168</a></li>
</ul>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160 ">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099 ">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100 ">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107 ">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130 ">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118 ">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084 ">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064 ">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077 ">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054 ">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044 ">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/64d10c13136e1c5bce3e5fbde8d4906eeaafc885 "><code>64d10c1</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3172 ">#3172</a>
from github/update-v3.30.6-10feb5d2a</li>
<li><a
href="https://github.com/github/codeql-action/commit/909610e8a847f0bd00aec15db1ca9e69b006b832 "><code>909610e</code></a>
Update changelog for v3.30.6</li>
<li><a
href="https://github.com/github/codeql-action/commit/10feb5d2a2535fc4a649a440d3cc1605adc4b401 "><code>10feb5d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3167 ">#3167</a>
from github/mbg/upload-sarif/find-then-filter</li>
<li><a
href="https://github.com/github/codeql-action/commit/4182ea3d4e571a0ef1fe400e2be7dac377d0bfab "><code>4182ea3</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3168 ">#3168</a>
from github/update-bundle/codeql-bundle-v2.23.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/34afe5b7b14d3606c13bf651daa19ddd8a0f7266 "><code>34afe5b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3171 ">#3171</a>
from github/mbg/start-proxy/telemetry</li>
<li><a
href="https://github.com/github/codeql-action/commit/096fe67f97e494ef06346b2edba7862069e6f879 "><code>096fe67</code></a>
Merge branch 'main' into update-bundle/codeql-bundle-v2.23.2</li>
<li><a
href="https://github.com/github/codeql-action/commit/b4964014adc5c667e691999fa475b29d2634750c "><code>b496401</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3170 ">#3170</a>
from github/mbg/start-proxy/remove-update-workflow</li>
<li><a
href="https://github.com/github/codeql-action/commit/d573787cca00bdd533d895012a2af0dad5f2e66a "><code>d573787</code></a>
Report registry types that are configured for CodeQL in
<code>start-proxy</code> telemetry</li>
<li><a
href="https://github.com/github/codeql-action/commit/15916800df051ff24b89c0f961260e8bea28d85f "><code>1591680</code></a>
Send a basic status report in <code>start-proxy</code> Action if it
succeeds</li>
<li><a
href="https://github.com/github/codeql-action/commit/cb5a2849ac05d53b82c70a5feb2a56a85feb20d4 "><code>cb5a284</code></a>
Send status report when <code>start-proxy</code> fails</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/3599b3baa15b485a2e49ef411a7a4bb2452e7f93...64d10c13136e1c5bce3e5fbde8d4906eeaafc885 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-07 21:28:28 +02:00
535dc2664c
Respect UV_CACHE_DIR and cache-dir ( #612 )
...
Fixes : #583
2025-10-07 16:08:30 +02:00
f610be5ff9
Use --force when pruning cache ( #611 )
...
To prevent waiting forever on other running uv processes
2025-10-07 09:42:14 +02:00
3deccc0075
Use node24 instead of node20 ( #608 )
2025-10-07 08:44:57 +02:00
d9ee7e2f26
Remove deprecated input server-url ( #607 )
2025-10-03 19:48:56 +02:00
59a0868fea
Bump github/codeql-action from 3.30.3 to 3.30.5 ( #594 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 3.30.3 to 3.30.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.5</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160 ">#3160</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.5/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.4</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099 ">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100 ">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107 ">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130 ">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118 ">#3118</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.4/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.5 - 26 Sep 2025</h2>
<ul>
<li>We fixed a bug that was introduced in <code>3.30.4</code> with
<code>upload-sarif</code> which resulted in files without a
<code>.sarif</code> extension not getting uploaded. <a
href="https://redirect.github.com/github/codeql-action/pull/3160 ">#3160</a></li>
</ul>
<h2>3.30.4 - 25 Sep 2025</h2>
<ul>
<li>We have improved the CodeQL Action's ability to validate that the
workflow it is used in does not use different versions of the CodeQL
Action for different workflow steps. Mixing different versions of the
CodeQL Action in the same workflow is unsupported and can lead to
unpredictable results. A warning will now be emitted from the
<code>codeql-action/init</code> step if different versions of the CodeQL
Action are detected in the workflow file. Additionally, an error will
now be thrown by the other CodeQL Action steps if they load a
configuration file that was generated by a different version of the
<code>codeql-action/init</code> step. <a
href="https://redirect.github.com/github/codeql-action/pull/3099 ">#3099</a>
and <a
href="https://redirect.github.com/github/codeql-action/pull/3100 ">#3100</a></li>
<li>We added support for reducing the size of dependency caches for Java
analyses, which will reduce cache usage and speed up workflows. This
will be enabled automatically at a later time. <a
href="https://redirect.github.com/github/codeql-action/pull/3107 ">#3107</a></li>
<li>You can now run the latest CodeQL nightly bundle by passing
<code>tools: nightly</code> to the <code>init</code> action. In general,
the nightly bundle is unstable and we only recommend running it when
directed by GitHub staff. <a
href="https://redirect.github.com/github/codeql-action/pull/3130 ">#3130</a></li>
<li>Update default CodeQL bundle version to 2.23.1. <a
href="https://redirect.github.com/github/codeql-action/pull/3118 ">#3118</a></li>
</ul>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084 ">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064 ">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077 ">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054 ">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044 ">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.8 - 08 Aug 2025</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/3599b3baa15b485a2e49ef411a7a4bb2452e7f93 "><code>3599b3b</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3161 ">#3161</a>
from github/update-v3.30.5-0a67bd46a</li>
<li><a
href="https://github.com/github/codeql-action/commit/2ca0085e584affd600efbd3930bc90e48dbacb46 "><code>2ca0085</code></a>
Update changelog for v3.30.5</li>
<li><a
href="https://github.com/github/codeql-action/commit/0a67bd46a0f456ddad9e4b732137f519280275db "><code>0a67bd4</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3160 ">#3160</a>
from github/mbg/fix/upload-sarif</li>
<li><a
href="https://github.com/github/codeql-action/commit/8e34f2f3bf0f3f0b192913b0e0f234372329699b "><code>8e34f2f</code></a>
Add changelog</li>
<li><a
href="https://github.com/github/codeql-action/commit/0b7fc5664842c1a6bb23c4ef64b85438afcb76c5 "><code>0b7fc56</code></a>
Fix <code>upload-sarif</code> not uploading non-<code>.sarif</code>
files</li>
<li><a
href="https://github.com/github/codeql-action/commit/94a9b7a1101a1320dcadcbda5e7fd9a1e6abaaca "><code>94a9b7a</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3155 ">#3155</a>
from github/mbg/node/no-install-in-actions</li>
<li><a
href="https://github.com/github/codeql-action/commit/a0ae9ba2026911d58db9df06e6b074d8ef6c24c9 "><code>a0ae9ba</code></a>
Log what the script is doing</li>
<li><a
href="https://github.com/github/codeql-action/commit/b27a8ef21f72b5c541232d50400874a3f0a374b9 "><code>b27a8ef</code></a>
Exit if running in an Actions workflow</li>
<li><a
href="https://github.com/github/codeql-action/commit/65925679a36e83b45b5f1673869dabf891669742 "><code>6592567</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3139 ">#3139</a>
from github/henrymercer/fix-log-message</li>
<li><a
href="https://github.com/github/codeql-action/commit/fa64a7dee67e389b18445aa15d26426512d9ab97 "><code>fa64a7d</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3154 ">#3154</a>
from github/mbg/node/check-up-to-date-deps</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/192325c86100d080feab897ff886c34abd4c83a3...3599b3baa15b485a2e49ef411a7a4bb2452e7f93 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-02 20:53:45 +02:00
c952556164
Bump @renovatebot/pep440 from 4.2.0 to 4.2.1 ( #581 )
...
Bumps [@renovatebot/pep440](https://github.com/renovatebot/pep440 ) from
4.2.0 to 4.2.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/renovatebot/pep440/releases "><code>@renovatebot/pep440</code>'s
releases</a>.</em></p>
<blockquote>
<h2>4.2.1</h2>
<h2><a
href="https://github.com/renovatebot/pep440/compare/4.2.0...4.2.1 ">4.2.1</a>
(2025-09-18)</h2>
<h3>Build System</h3>
<ul>
<li>use oidc for publish (<a
href="https://github.com/renovatebot/pep440/commit/02515aedb743bf94687ce60d48d401058b1bf9ba ">02515ae</a>)</li>
</ul>
<h3>Continuous Integration</h3>
<ul>
<li>revert change (<a
href="https://github.com/renovatebot/pep440/commit/e41926aecdd073adfe8e54161d6e525a7571d0cb ">e41926a</a>)</li>
<li>Update codecov-action hash to
39a2af19d997be74586469d4062e173ecae614f6 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/960 ">#960</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/43cb5f8f75f845711cedf5bbba8c061bffebaa74 ">43cb5f8</a>)</li>
</ul>
<h3>Miscellaneous Chores</h3>
<ul>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/959 ">#959</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/c6721211efce32cd837d2174df6df6db1b901a50 ">c672121</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/965 ">#965</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/424fe8a8692e4273aba8502fd4c23c4c60096c89 ">424fe8a</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/969 ">#969</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/1a297fab44a59f4526e797c0db3d76d32a20097f ">1a297fa</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/972 ">#972</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/8f39aacdd8b243a5a02cf1de8193dde022319ada ">8f39aac</a>)</li>
<li><strong>deps:</strong> lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/979 ">#979</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/504fa6f22a945f91fe3bd73793f9e31765f3a240 ">504fa6f</a>)</li>
<li><strong>deps:</strong> update codecov/codecov-action action to
v5.5.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/963 ">#963</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/50ee8be5561428dbbecf08e96aebc5d81b213b80 ">50ee8be</a>)</li>
<li><strong>deps:</strong> update codecov/codecov-action action to
v5.5.1 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/971 ">#971</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/50b7d0b1aadc7b6ee200d0364dc405aad48be083 ">50b7d0b</a>)</li>
<li><strong>deps:</strong> update dependency <code>@eslint/js</code> to
v9.33.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/957 ">#957</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/468994c41686827fb04ae76db1af249297405d83 ">468994c</a>)</li>
<li><strong>deps:</strong> update dependency <code>@eslint/js</code> to
v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/977 ">#977</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/42f5851a1416a7dd3cc6e82c6a5e6e4906e234ce ">42f5851</a>)</li>
<li><strong>deps:</strong> update dependency <code>@types/node</code>
to v20.19.10 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/956 ">#956</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/075fa2f3dd02b4aeb28f277de17dd59601ec5e59 ">075fa2f</a>)</li>
<li><strong>deps:</strong> update dependency <code>@types/node</code>
to v20.19.11 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/964 ">#964</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/a37b049b7db4ec41c7d8283a0e138e4734724063 ">a37b049</a>)</li>
<li><strong>deps:</strong> update dependency <code>@types/node</code>
to v20.19.12 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/975 ">#975</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/04979bbeb87a4465eeffcc97a42bf7fae0f0af56 ">04979bb</a>)</li>
<li><strong>deps:</strong> update dependency <code>@types/node</code>
to v20.19.13 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/976 ">#976</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/1b7cace42e229703154ba3129358bb85f439f0df ">1b7cace</a>)</li>
<li><strong>deps:</strong> update dependency eslint to v9.33.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/958 ">#958</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/d55913a7fb0d28572c63096f79c1f1aa9108d204 ">d55913a</a>)</li>
<li><strong>deps:</strong> update dependency eslint to v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/978 ">#978</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/a1356fd60794453c95910ea325253c373bed07d0 ">a1356fd</a>)</li>
<li><strong>deps:</strong> update dependency semantic-release to v24.2.8
(<a
href="https://redirect.github.com/renovatebot/pep440/issues/981 ">#981</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/33102f7d33bb4d0d9ad90a5abcea0666128e8092 ">33102f7</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.39.1 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/962 ">#962</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/0c01e3be4d84ef291e75ed3904f1bf9d7f05d3b2 ">0c01e3b</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.40.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/966 ">#966</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/1577c38d37c0a587ac9f16a59121136a993adca9 ">1577c38</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.41.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/970 ">#970</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/1336ccae66d1dd4c65299b66f8e29867e5c45f6b ">1336cca</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.42.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/974 ">#974</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/ef8eb35e02b8d3dba27a617feb82c7817f596dce ">ef8eb35</a>)</li>
<li><strong>deps:</strong> update dependency typescript-eslint to
v8.43.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/980 ">#980</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/230fdf203d93126b3f828a52dac9a58a51816543 ">230fdf2</a>)</li>
<li><strong>deps:</strong> update linters to v9.34.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/968 ">#968</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/417c499fd358d8328ee09f975a7c23df3a016598 ">417c499</a>)</li>
<li><strong>deps:</strong> update pnpm to v10.15.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/967 ">#967</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/89e8dd7e31de4c063a99e3b5d8c5c378f42bcd07 ">89e8dd7</a>)</li>
<li><strong>deps:</strong> update pnpm to v10.15.1 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/973 ">#973</a>)
(<a
href="https://github.com/renovatebot/pep440/commit/e288af8bed00ca02d0136b8260cd764890072ac8 ">e288af8</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/renovatebot/pep440/commit/e41926aecdd073adfe8e54161d6e525a7571d0cb "><code>e41926a</code></a>
ci: revert change</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/02515aedb743bf94687ce60d48d401058b1bf9ba "><code>02515ae</code></a>
build: use oidc for publish</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/33102f7d33bb4d0d9ad90a5abcea0666128e8092 "><code>33102f7</code></a>
chore(deps): update dependency semantic-release to v24.2.8 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/981 ">#981</a>)</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/230fdf203d93126b3f828a52dac9a58a51816543 "><code>230fdf2</code></a>
chore(deps): update dependency typescript-eslint to v8.43.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/980 ">#980</a>)</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/504fa6f22a945f91fe3bd73793f9e31765f3a240 "><code>504fa6f</code></a>
chore(deps): lock file maintenance (<a
href="https://redirect.github.com/renovatebot/pep440/issues/979 ">#979</a>)</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/a1356fd60794453c95910ea325253c373bed07d0 "><code>a1356fd</code></a>
chore(deps): update dependency eslint to v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/978 ">#978</a>)</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/42f5851a1416a7dd3cc6e82c6a5e6e4906e234ce "><code>42f5851</code></a>
chore(deps): update dependency <code>@eslint/js</code> to v9.35.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/977 ">#977</a>)</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/1b7cace42e229703154ba3129358bb85f439f0df "><code>1b7cace</code></a>
chore(deps): update dependency <code>@types/node</code> to v20.19.13
(<a
href="https://redirect.github.com/renovatebot/pep440/issues/976 ">#976</a>)</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/04979bbeb87a4465eeffcc97a42bf7fae0f0af56 "><code>04979bb</code></a>
chore(deps): update dependency <code>@types/node</code> to v20.19.12
(<a
href="https://redirect.github.com/renovatebot/pep440/issues/975 ">#975</a>)</li>
<li><a
href="https://github.com/renovatebot/pep440/commit/ef8eb35e02b8d3dba27a617feb82c7817f596dce "><code>ef8eb35</code></a>
chore(deps): update dependency typescript-eslint to v8.42.0 (<a
href="https://redirect.github.com/renovatebot/pep440/issues/974 ">#974</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/renovatebot/pep440/compare/4.2.0...4.2.1 ">compare
view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a
href="https://www.npmjs.com/~GitHub ">https://www.npmjs.com/~GitHub </a>
Actions), a new releaser for <code>@renovatebot/pep440</code> since
your current version.</p>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-10-02 20:53:30 +02:00
51c3328db2
Fix test-uv-no-modify-path ( #604 )
2025-10-02 20:52:56 +02:00
f2859da213
Respect UV_NO_MODIFY_PATH ( #603 )
...
Fixes : #519
2025-10-02 17:54:15 +02:00
f9c6974d8b
Warn when UV_CACHE_DIR has changed ( #601 )
...
Closes https://github.com/astral-sh/setup-uv/issues/592
2025-10-02 17:50:15 +02:00
82f21a54fe
Don't assume all test passed if cancelled ( #599 )
2025-09-30 20:05:38 +02:00
d8a37f6566
Shortcut to latest version for minimum version specifier ( #598 )
...
This is faster than downloading all available versions from GitHub to
determine the highest matching version.
Fixes : #585
2025-09-30 19:55:27 +02:00
d0cc045d04
Always show prune cache output ( #597 )
2025-09-30 17:05:27 +02:00
2841f9f5c1
Bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 ( #571 )
...
Bumps
[zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action )
from 0.1.2 to 0.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/zizmorcore/zizmor-action/releases ">zizmorcore/zizmor-action's
releases</a>.</em></p>
<blockquote>
<h2>v0.2.0</h2>
<h2>What's Changed</h2>
<ul>
<li>feat: add support for <code>color</code> input by <a
href="https://github.com/birjj "><code>@birjj</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/37 ">zizmorcore/zizmor-action#37</a></li>
<li>Adding option for GitHub annotations by <a
href="https://github.com/abdelq "><code>@abdelq</code></a> in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/45 ">zizmorcore/zizmor-action#45</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/birjj "><code>@birjj</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/37 ">zizmorcore/zizmor-action#37</a></li>
<li><a href="https://github.com/abdelq "><code>@abdelq</code></a> made
their first contribution in <a
href="https://redirect.github.com/zizmorcore/zizmor-action/pull/45 ">zizmorcore/zizmor-action#45</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/zizmorcore/zizmor-action/compare/v0.1.2...v0.2.0 ">https://github.com/zizmorcore/zizmor-action/compare/v0.1.2...v0.2.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/e673c3917a1aef3c65c972347ed84ccd013ecda4 "><code>e673c39</code></a>
Adding option for GitHub annotations (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/45 ">#45</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/2d5a33f24d267bf01caf142277eb9de2a9836a2d "><code>2d5a33f</code></a>
chore: add missing license (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/44 ">#44</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/a016d81e77496751b5c04eb1e8f00214bd396553 "><code>a016d81</code></a>
chore(deps): bump github/codeql-action in the github-actions group (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/39 ">#39</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/a8fb1d7e7d9fdb877a9986d8a9ca6e07c2106e21 "><code>a8fb1d7</code></a>
feat: add support for <code>color</code> input (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/37 ">#37</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/09680325f5c32870436745dc185db3342a55e097 "><code>0968032</code></a>
chore(deps): bump the github-actions group with 2 updates (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/35 ">#35</a>)</li>
<li><a
href="https://github.com/zizmorcore/zizmor-action/commit/7f2abfff7488a44086dba64ed2f5a9b431508079 "><code>7f2abff</code></a>
README: bump pins (<a
href="https://redirect.github.com/zizmorcore/zizmor-action/issues/33 ">#33</a>)</li>
<li>See full diff in <a
href="https://github.com/zizmorcore/zizmor-action/compare/5ca5fc7a4779c5263a3ffa0e1f693009994446d1...e673c3917a1aef3c65c972347ed84ccd013ecda4 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-26 12:26:17 +02:00
e554b93b80
Add **/*.py.lock to cache-dependency-glob ( #590 )
...
This means uv scripts will be covered by default
Fixes https://github.com/astral-sh/setup-uv/issues/586
2025-09-26 12:26:03 +02:00
c7d85d9988
chore: update known versions for 0.8.20
2025-09-23 06:29:52 +00:00
07f2cb5db9
persist credentials for version update ( #584 )
2025-09-23 08:28:27 +02:00
208b0c0ee4
README.md: Fix Python versions and update checkout action ( #572 )
2025-09-16 09:59:44 +02:00
b75a909f75
bump deps ( #569 )
2025-09-14 13:04:41 +00:00
ffff8aa2b5
Bump github/codeql-action from 3.29.11 to 3.30.3 ( #566 )
...
Bumps [github/codeql-action](https://github.com/github/codeql-action )
from 3.29.11 to 3.30.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/releases ">github/codeql-action's
releases</a>.</em></p>
<blockquote>
<h2>v3.30.3</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.3/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.2</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084 ">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064 ">#3064</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.2/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.1</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077 ">#3077</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.1/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
<h2>v3.30.0</h2>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054 ">#3054</a></li>
</ul>
<p>See the full <a
href="https://github.com/github/codeql-action/blob/v3.30.0/CHANGELOG.md ">CHANGELOG.md</a>
for more information.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/github/codeql-action/blob/main/CHANGELOG.md ">github/codeql-action's
changelog</a>.</em></p>
<blockquote>
<h1>CodeQL Action Changelog</h1>
<p>See the <a
href="https://github.com/github/codeql-action/releases ">releases
page</a> for the relevant changes to the CodeQL CLI and language
packs.</p>
<h2>[UNRELEASED]</h2>
<p>No user facing changes.</p>
<h2>3.30.3 - 10 Sep 2025</h2>
<p>No user facing changes.</p>
<h2>3.30.2 - 09 Sep 2025</h2>
<ul>
<li>Fixed a bug which could cause language autodetection to fail. <a
href="https://redirect.github.com/github/codeql-action/pull/3084 ">#3084</a></li>
<li>Experimental: The <code>quality-queries</code> input that was added
in <code>3.29.2</code> as part of an internal experiment is now
deprecated and will be removed in an upcoming version of the CodeQL
Action. It has been superseded by a new <code>analysis-kinds</code>
input, which is part of the same internal experiment. Do not use this in
production as it is subject to change at any time. <a
href="https://redirect.github.com/github/codeql-action/pull/3064 ">#3064</a></li>
</ul>
<h2>3.30.1 - 05 Sep 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.23.0. <a
href="https://redirect.github.com/github/codeql-action/pull/3077 ">#3077</a></li>
</ul>
<h2>3.30.0 - 01 Sep 2025</h2>
<ul>
<li>Reduce the size of the CodeQL Action, speeding up workflows by
approximately 4 seconds. <a
href="https://redirect.github.com/github/codeql-action/pull/3054 ">#3054</a></li>
</ul>
<h2>3.29.11 - 21 Aug 2025</h2>
<ul>
<li>Update default CodeQL bundle version to 2.22.4. <a
href="https://redirect.github.com/github/codeql-action/pull/3044 ">#3044</a></li>
</ul>
<h2>3.29.10 - 18 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.9 - 12 Aug 2025</h2>
<p>No user facing changes.</p>
<h2>3.29.8 - 08 Aug 2025</h2>
<ul>
<li>Fix an issue where the Action would autodetect unsupported languages
such as HTML. <a
href="https://redirect.github.com/github/codeql-action/pull/3015 ">#3015</a></li>
</ul>
<h2>3.29.7 - 07 Aug 2025</h2>
<p>This release rolls back 3.29.6 to address issues with language
autodetection. It is identical to 3.29.5.</p>
<h2>3.29.6 - 07 Aug 2025</h2>
<ul>
<li>The <code>cleanup-level</code> input to the <code>analyze</code>
Action is now deprecated. The CodeQL Action has written a limited amount
of intermediate results to the database since version 2.2.5, and now
automatically manages cleanup. <a
href="https://redirect.github.com/github/codeql-action/pull/2999 ">#2999</a></li>
<li>Update default CodeQL bundle version to 2.22.3. <a
href="https://redirect.github.com/github/codeql-action/pull/3000 ">#3000</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/github/codeql-action/commit/192325c86100d080feab897ff886c34abd4c83a3 "><code>192325c</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3104 ">#3104</a>
from github/update-v3.30.3-b660efdcf</li>
<li><a
href="https://github.com/github/codeql-action/commit/e68956d90b7fe2260904652cd8de5d73563e4944 "><code>e68956d</code></a>
Update changelog for v3.30.3</li>
<li><a
href="https://github.com/github/codeql-action/commit/b660efdcfdfa893d74568cd884067ed18e8d6f88 "><code>b660efd</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3103 ">#3103</a>
from github/mbg/fix/category-check</li>
<li><a
href="https://github.com/github/codeql-action/commit/e49458befe579c5a1088aacda9f2ae384da104ff "><code>e49458b</code></a>
Fix <code>runInterpretResultsFor</code> using the wrong
<code>AnalysisConfig</code> for <code>category</code> fix</li>
<li><a
href="https://github.com/github/codeql-action/commit/f374a62c8bedef779582aeb425a68f7798f2078c "><code>f374a62</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3098 ">#3098</a>
from github/kaspersv/increase-overlay-base-size-limit</li>
<li><a
href="https://github.com/github/codeql-action/commit/5efa438e92992578d794ae4ceed960bf81011677 "><code>5efa438</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3101 ">#3101</a>
from github/mbg/public-repo-notice-in-pr-template</li>
<li><a
href="https://github.com/github/codeql-action/commit/8a84a62542ea24fd569eb5afdfb2507c25328ab9 "><code>8a84a62</code></a>
Overlay: Increase size limit for cached overlay base database</li>
<li><a
href="https://github.com/github/codeql-action/commit/eb50a881d87eb8488328fefe024ae2f6add8384f "><code>eb50a88</code></a>
Merge pull request <a
href="https://redirect.github.com/github/codeql-action/issues/3097 ">#3097</a>
from github/redsun82/only-dump-sarif</li>
<li><a
href="https://github.com/github/codeql-action/commit/4c534612bf77788909753a5602e96710156f5758 "><code>4c53461</code></a>
Tweak sarif dump log</li>
<li><a
href="https://github.com/github/codeql-action/commit/dae3742b0a3b9e08acc580e15ef74bdc454d650a "><code>dae3742</code></a>
Dump soon to be uploaded SARIF on request</li>
<li>Additional commits viewable in <a
href="https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...192325c86100d080feab897ff886c34abd4c83a3 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-14 14:58:58 +02:00
95d0e233fa
Bump actions/setup-node from 4.4.0 to 5.0.0 ( #551 )
...
Bumps [actions/setup-node](https://github.com/actions/setup-node ) from
4.4.0 to 5.0.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/setup-node/releases ">actions/setup-node's
releases</a>.</em></p>
<blockquote>
<h2>v5.0.0</h2>
<h2>What's Changed</h2>
<h3>Breaking Changes</h3>
<ul>
<li>Upgrade action to use node24 by <a
href="https://github.com/salmanmkc "><code>@salmanmkc</code></a> in <a
href="https://redirect.github.com/actions/setup-node/pull/1325 ">actions/setup-node#1325</a></li>
</ul>
<p>Make sure your runner is updated to this version or newer to use this
release. v2.327.1 <a
href="https://github.com/actions/runner/releases/tag/v2.327.1 ">Release
Notes</a></p>
<h3>Dependency Upgrades</h3>
<ul>
<li>Upgrade <code>@octokit/request-error</code> and
<code>@actions/github</code> by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1227 ">actions/setup-node#1227</a></li>
<li>Upgrade uuid from 9.0.1 to 11.1.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1273 ">actions/setup-node#1273</a></li>
<li>Upgrade undici from 5.28.5 to 5.29.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1295 ">actions/setup-node#1295</a></li>
<li>Upgrade form-data to bring in fix for critical vulnerability by <a
href="https://github.com/gowridurgad "><code>@gowridurgad</code></a> in
<a
href="https://redirect.github.com/actions/setup-node/pull/1332 ">actions/setup-node#1332</a></li>
<li>Upgrade actions/checkout from 4 to 5 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/actions/setup-node/pull/1345 ">actions/setup-node#1345</a></li>
</ul>
<h3>Enhancement:</h3>
<ul>
<li>Enhance caching in setup-node with automatic package manager
detection by <a
href="https://github.com/priya-kinthali "><code>@priya-kinthali</code></a>
in <a
href="https://redirect.github.com/actions/setup-node/pull/1348 ">actions/setup-node#1348</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/priya-kinthali "><code>@priya-kinthali</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1348 ">actions/setup-node#1348</a></li>
<li><a href="https://github.com/salmanmkc "><code>@salmanmkc</code></a>
made their first contribution in <a
href="https://redirect.github.com/actions/setup-node/pull/1325 ">actions/setup-node#1325</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/actions/setup-node/compare/v4...v5.0.0 ">https://github.com/actions/setup-node/compare/v4...v5.0.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/actions/setup-node/commit/a0853c24544627f65ddf259abe73b1d18a591444 "><code>a0853c2</code></a>
Bump actions/checkout from 4 to 5 (<a
href="https://redirect.github.com/actions/setup-node/issues/1345 ">#1345</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/b7234cc9fe124f0f4932554b4e5284543083ae7b "><code>b7234cc</code></a>
Upgrade action to use node24 (<a
href="https://redirect.github.com/actions/setup-node/issues/1325 ">#1325</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/d7a11313b581b306c961b506cfc8971208bb03f6 "><code>d7a1131</code></a>
Enhance caching in setup-node with automatic package manager detection
(<a
href="https://redirect.github.com/actions/setup-node/issues/1348 ">#1348</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/5e2628c959b9ade56971c0afcebbe5332d44b398 "><code>5e2628c</code></a>
Bumps form-data (<a
href="https://redirect.github.com/actions/setup-node/issues/1332 ">#1332</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/65beceff8e91358525397bdce9103d999507ab03 "><code>65becef</code></a>
Bump undici from 5.28.5 to 5.29.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1295 ">#1295</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/7e24a656e1c7a0d6f3eaef8d8e84ae379a5b035b "><code>7e24a65</code></a>
Bump uuid from 9.0.1 to 11.1.0 (<a
href="https://redirect.github.com/actions/setup-node/issues/1273 ">#1273</a>)</li>
<li><a
href="https://github.com/actions/setup-node/commit/08f58d1471bff7f3a07d167b4ad7df25d5fcfcb6 "><code>08f58d1</code></a>
Bump <code>@octokit/request-error</code> and
<code>@actions/github</code> (<a
href="https://redirect.github.com/actions/setup-node/issues/1227 ">#1227</a>)</li>
<li>See full diff in <a
href="https://github.com/actions/setup-node/compare/49933ea5288caeca8642d1e84afbd3f7d6820020...a0853c24544627f65ddf259abe73b1d18a591444 ">compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-09-14 14:57:21 +02:00
dc724a12b6
Add inputs restore-cache and save-cache ( #568 )
...
Closes : #555
2025-09-14 14:55:08 +02:00
f67343ac2e
Automatically push updated known versions ( #565 )
2025-09-11 09:12:35 +00:00
4dd9f52a47
chore: update known versions for 0.8.16/0.8.17 ( #562 )
...
chore: update known versions for 0.8.17
Co-authored-by: eifinger <1481961+eifinger@users.noreply.github.com >
2025-09-11 05:31:10 +00:00
e1e6fe7910
chore: update known versions for 0.8.15 ( #550 )
...
chore: update known versions for 0.8.15
Co-authored-by: eifinger <1481961+eifinger@users.noreply.github.com >
2025-09-04 05:53:47 +00:00
b1836110f7
chore(ci): address CI lint findings ( #545 )
...
This addresses all of zizmor's non-pedantic findings, and adds a
workflow to proactively flag any more that come in.
Key changes:
* I've hash-pinned all actions references. Dependabot will continue to
keep these updated and will update the hash comments as well.
* I've marked every `actions/checkout` with `persist-credentials: false`
except for one that actually needs persisted credentials (which I've
explicitly enabled with an explanatory comment)
* I've dropped some workflow-level permissions in favor of job-level
permissions that were already provisioned.
* I fixed two small template injections caused by expanding output
contexts. I think these were not exploitable in practice, but fixing
them is good for defense in depth (and makes spellcheck work nicely on
these steps).
---------
Signed-off-by: William Woodruff <william@astral.sh >
2025-09-02 13:29:06 +00:00
557e51de59
Bump dependencies ( #547 )
2025-09-01 14:18:46 +00:00
1b46e13ec8
Fix exclusions in cache-dependency-glob ( #546 )
...
Fixes : #537
2025-09-01 16:12:49 +02:00
26cf676705
chore: update known versions for 0.8.14 ( #543 )
...
chore: update known versions for 0.8.14
Co-authored-by: eifinger <1481961+eifinger@users.noreply.github.com >
2025-08-29 06:12:40 +00:00
4e1e303f7d
chore: update known versions for 0.8.13 ( #536 )
...
chore: update known versions for 0.8.13
Co-authored-by: eifinger <1481961+eifinger@users.noreply.github.com >
2025-08-22 06:43:16 +00:00
4959332f0f
Bump dependencies ( #532 )
2025-08-21 09:22:03 +00:00
adeb28643f
Add support for .tools-versions ( #531 )
...
Closes : #504
2025-08-21 11:15:28 +02:00
fce199e243
Add log message before long API calls to GitHub ( #530 )
...
Fixes : #457
2025-08-21 08:06:33 +00:00
f758a4a1eb
chore: update known versions for 0.8.12 ( #529 )
...
chore: update known versions for 0.8.12
Co-authored-by: eifinger <1481961+eifinger@users.noreply.github.com >
2025-08-19 22:07:30 +00:00
c0e7e93474
chore: update known versions for 0.8.11 ( #526 )
...
chore: update known versions for 0.8.11
Co-authored-by: eifinger <1481961+eifinger@users.noreply.github.com >
2025-08-14 20:07:29 +00:00
fda2399cb3
chore: update known versions for 0.8.10 ( #525 )
...
chore: update known versions for 0.8.10
Co-authored-by: eifinger <1481961+eifinger@users.noreply.github.com >
2025-08-14 07:07:10 +00:00
d9e0f98d3f
Improve error messages on GitHub API errors ( #518 )
...
Fixes : #513
2025-08-12 20:50:05 +00:00
Kevin Stillhammer