chore(deps): bump the all group across 1 directory with 17 updates by dependabot[bot] · Pull Request #3005 · crytic/slither

dependabot · 2026-04-15T22:55:41Z

Bumps the all group with 17 updates in the / directory:

Package	From	To
astral-sh/setup-uv	`7.2.0`	`8.0.0`
cachix/install-nix-action	`31.9.0`	`31.10.4`
cachix/cachix-action	`16`	`17`
docker/setup-qemu-action	`3.7.0`	`4.0.0`
docker/setup-buildx-action	`3.12.0`	`4.0.0`
docker/metadata-action	`5.10.0`	`6.0.0`
docker/login-action	`3.7.0`	`4.1.0`
docker/build-push-action	`6.18.0`	`7.0.0`
actions/configure-pages	`5.0.0`	`6.0.0`
actions/upload-pages-artifact	`4.0.0`	`5.0.0`
actions/deploy-pages	`4.0.5`	`5.0.0`
DavidAnson/markdownlint-cli2-action	`22.0.0`	`23.0.0`
actions/upload-artifact	`6.0.0`	`7.0.0`
actions/download-artifact	`7.0.0`	`8.0.1`
pypa/gh-action-pypi-publish	`1.13.0`	`1.14.0`
sigstore/gh-action-sigstore-python	`3.2.0`	`3.3.0`
actions/setup-node	`6.2.0`	`6.3.0`

Updates astral-sh/setup-uv from 7.2.0 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

Remove update-major-minor-tags workflow @eifinger (#826)

Remove deprecrated custom manifest @eifinger (#813)

🧰 Maintenance

Shortcircuit latest version from manifest @eifinger (#828)

Simplify inputs.ts @eifinger (#827)

Bump release-drafter to v7.1.1 @eifinger (#825)

Refactor inputs @eifinger (#823)

Replace inline compile args with tsconfig @eifinger (#824)

chore: update known checksums for 0.11.2 @github-actions[bot] (#821)

chore: update known checksums for 0.11.1 @github-actions[bot] (#817)

chore: update known checksums for 0.11.0 @github-actions[bot] (#815)

Fix latest-version workflow check @eifinger (#812)

chore: update known checksums for 0.10.11/0.10.12 @github-actions[bot] (#811)

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

We now default to download uv from releases.astral.sh. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

Fetch uv from Astral's mirror by default @zsol (#809)

🧰 Maintenance

Switch to ESM for source and test, use CommonJS for dist @eifinger (#806)

chore: update known checksums for 0.10.10 @github-actions[bot] (#804)

... (truncated)

Commits

cec2083 Shortcircuit latest version from manifest (#828)
4dd8ab4 Simplify inputs.ts (#827)
7fdbe7c Remove update-major-minor-tags workflow (#826)
485abd0 Bump release-drafter to v7.1.1 (#825)
f82eb19 Refactor inputs (#823)
868d1f7 Replace inline compile args with tsconfig (#824)
447e6d0 chore: update known checksums for 0.11.2 (#821)
5c62c59 chore: update known checksums for 0.11.1 (#817)
e1a7373 chore: update known checksums for 0.11.0 (#815)
8970931 Remove deprecrated custom manifest (#813)
Additional commits viewable in compare view

Updates cachix/install-nix-action from 31.9.0 to 31.10.4

Release notes

Sourced from cachix/install-nix-action's releases.

v31.10.4

What's Changed

nix: 2.34.4 -> 2.34.5 by @github-actions[bot] in cachix/install-nix-action#273 [SECURITY] Fixes a root privilege escalation vulnerability via sandbox escape GHSA-g3g9-5vj6-r3gj

Full Changelog: cachix/install-nix-action@v31.10.3...v31.10.4

v31.10.3

What's Changed

nix: 2.34.2 -> 2.34.4 by @github-actions[bot] in cachix/install-nix-action#271

Full Changelog: cachix/install-nix-action@v31...v31.10.3

v31.10.2

What's Changed

nix: 2.34.1 -> 2.34.2 by @github-actions[bot] in cachix/install-nix-action#270

Full Changelog: cachix/install-nix-action@v31...v31.10.2

v31.10.1

What's Changed

nix: 2.34.0 -> 2.34.1 by @github-actions[bot] in cachix/install-nix-action#269 Fixes a bug introduced in 2.34.0 that made the Nix daemon fail to load authentication keys configured by cachix-action.

Full Changelog: cachix/install-nix-action@v31.10.0...v31.10.1

v31.10.0

What's Changed

nix: 2.33.3 -> 2.34.0 by @github-actions[bot] in cachix/install-nix-action#267 Release notes: https://discourse.nixos.org/t/nix-2-34-0-released/75818

⚠️ Nix 2.34.0 contains a regression that, under certain scenarios (a trusted-user + a client-side netrc-file), breaks authentication with private caches that rely on netrc files. This regression affects cachix/cachix-action.

UPD: 2.34.1 has been released with a patch for the authentication issue

Full Changelog: cachix/install-nix-action@v31.9.1...v31.10.0

v31.9.1

What's Changed

nix: 2.33.0 -> 2.33.3 by @github-actions[bot] in cachix/install-nix-action#266

Full Changelog: cachix/install-nix-action@v31...v31.9.1

Commits

6165592 Merge pull request #273 from cachix/create-pull-request/patch
b9f700d nix: 2.34.4 -> 2.34.5
96951a3 Merge pull request #271 from cachix/create-pull-request/patch
6281169 nix: 2.34.2 -> 2.34.4
51f3067 Revert "ci: use 25.11 for channel tests"
15118c1 ci: use 25.11 for channel tests
e1ac057 Merge pull request #270 from cachix/create-pull-request/patch
d181b96 nix: 2.34.1 -> 2.34.2
1ca7d21 Merge pull request #269 from cachix/create-pull-request/patch
b613734 nix: 2.34.0 -> 2.34.1
Additional commits viewable in compare view

Updates cachix/cachix-action from 16 to 17

Release notes

Sourced from cachix/cachix-action's releases.

v17

What's Changed

Breaking changes

Upgrade action to use Node 24 by @sandydoo in cachix/cachix-action#212 https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

Full Changelog: cachix/cachix-action@v16...v17

Changelog

Sourced from cachix/cachix-action's changelog.

Release
Create and push a new tag:
git tag v17
git push origin v17
Wait for CI to pass.

Create a release for the new tag.
Move the major version tag to the latest release:
git tag -fa v17
git push origin v17 --force

Commits

1eb2ef6 Merge pull request #212 from cachix/upgrade-node-24
75ce400 dist: re-build using esbuild targeting node24
2b33705 deps: update devenv inputs
04937db breaking: update action to Node 24
ca2e519 ci: use 25.11 for tests
e7c5c1a Merge pull request #208 from cachix/dependabot/github_actions/actions/checkout-6
bea8a50 ci: allow running tests manually and with a custom nix version
2e35755 chore(deps): bump actions/checkout from 5 to 6
See full diff in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.0.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.0.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/metadata-action from 5.10.0 to 6.0.0

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/metadata-action#605

List inputs now preserve # inside values while still supporting full-line # comments by @crazy-max in docker/metadata-action#607

Switch to ESM and update config/test wiring by @crazy-max in docker/metadata-action#602

Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588

Bump @actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599

Bump @actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597

Bump @docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600

Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

Commits

030e881 Merge pull request #607 from crazy-max/allow-comments
4b529ac chore: update generated content
b0082b3 preserve comments in list input values with commentNoInfix
7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
281c9b0 chore: update generated content
5f43b3b test: stabilize github mock setup since ESM
9d53276 github class moved since actions-toolkit v0.77.0
eaa3d39 chore(deps): Bump @docker/actions-toolkit from 0.68.0 to 0.77.0
6b695f7 Merge pull request #605 from crazy-max/node24
a1afadc node 24 as default runtime
Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.1.0

Release notes

Sourced from docker/login-action's releases.

v4.1.0

Fix scoped Docker Hub cleanup path when registry is omitted by @crazy-max in docker/login-action#945

Bump @aws-sdk/client-ecr and @aws-sdk/client-ecr-public to 3.1020.0 in docker/login-action#930

Bump @docker/actions-toolkit from 0.77.0 to 0.86.0 in docker/login-action#932 docker/login-action#936

Bump brace-expansion from 1.1.12 to 1.1.13 in docker/login-action#952

Bump fast-xml-parser from 5.3.4 to 5.3.6 in docker/login-action#942

Bump flatted from 3.3.3 to 3.4.2 in docker/login-action#944

Bump glob from 10.3.12 to 10.5.0 in docker/login-action#940

Bump handlebars from 4.7.8 to 4.7.9 in docker/login-action#949

Bump http-proxy-agent and https-proxy-agent to 8.0.0 in docker/login-action#937

Bump lodash from 4.17.23 to 4.18.1 in docker/login-action#958

Bump minimatch from 3.1.2 to 3.1.5 in docker/login-action#941

Bump picomatch from 4.0.3 to 4.0.4 in docker/login-action#948

Bump undici from 6.23.0 to 6.24.1 in docker/login-action#938

Full Changelog: docker/login-action@v4.0.0...v4.1.0

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits

4907a6d Merge pull request #930 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
1e233e6 chore: update generated content
6c24ead build(deps): bump the aws-sdk-dependencies group with 2 updates
ee034d7 Merge pull request #958 from docker/dependabot/npm_and_yarn/lodash-4.18.1
1527209 Merge pull request #937 from docker/dependabot/npm_and_yarn/proxy-agent-depen...
d39362a build(deps): bump lodash from 4.17.23 to 4.18.1
a6f092b chore: update generated content
60953f0 build(deps): bump the proxy-agent-dependencies group with 2 updates
62c6885 Merge pull request #936 from docker/dependabot/npm_and_yarn/docker/actions-to...
102c0e6 chore: update generated content
Additional commits viewable in compare view

Updates docker/build-push-action from 6.18.0 to 7.0.0

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

v6.19.2

Preserve port in GIT_AUTH_TOKEN host by @crazy-max in docker/build-push-action#1458

Full Changelog: docker/build-push-action@v6.19.1...v6.19.2

v6.19.1

Derive GIT_AUTH_TOKEN host from GitHub server URL by @crazy-max in docker/build-push-action#1456

Full Changelog: docker/build-push-action@v6.19.0...v6.19.1

v6.19.0

Scope default git auth token to github.com by @crazy-max in docker/build-push-action#1451

Bump brace-expansion from 1.1.11 to 1.1.12 in docker/build-push-action#1396

Bump form-data from 2.5.1 to 2.5.5 in docker/build-push-action#1391

Bump js-yaml from 3.14.1 to 3.14.2 in docker/build-push-action#1429

Bump lodash from 4.17.21 to 4.17.23 in docker/build-push-action#1446

Bump tmp from 0.2.3 to 0.2.4 in docker/build-push-action#1398

Bump undici from 5.28.4 to 5.29.0 in docker/build-push-action#1397

Full Changelog: docker/build-push-action@v6.18.0...v6.19.0

Commits

bcafcac Merge pull request #1509 from docker/dependabot/npm_and_yarn/vite-7.3.2
18e62f1 Merge pull request #1510 from docker/dependabot/npm_and_yarn/lodash-4.18.1
46580d2 chore: update generated content
3f80b25 chore(deps): Bump lodash from 4.17.23 to 4.18.1
efeec95 Merge pull request #1505 from crazy-max/refactor-git-context
ddf04b0 Merge pull request #1511 from docker/dependabot/github_actions/crazy-max-dot-...
db08d97 chore(deps): Bump the crazy-max-dot-github group with 2 updates
ef1fb96 Merge pull request #1508 from docker/dependabot/github_actions/docker/login-a...
2d8f2a1 chore: update generated content
919ac7b fix test since secrets are not written to temp path anymore
Additional commits viewable in compare view

Updates actions/configure-pages from 5.0.0 to 6.0.0

Release notes

Sourced from actions/configure-pages's releases.

v6.0.0

Changelog

upgrade to node 24 @salmanmkc (#186)

Upgrade IA Publish @Jcambass (#165)

Add workflow file for publishing releases to immutable action package @Jcambass (#163)

pin draft release version @YiMysty (#162)

Bump espree from 9.6.1 to 10.1.0 @dependabot (#160)

Bump eslint-config-prettier from 8.8.0 to 9.1.0 @dependabot (#143)

Be more friendly to Dependabot @yoannchaudet (#158)

Bump eslint-plugin-github from 4.10.2 to 5.0.1 @dependabot (#154)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group @dependabot (#156)

Bump undici from 5.28.3 to 5.28.4 @dependabot (#145)

See details of all code changes since previous release.

Commits

45bfe01 Merge pull request #186 from salmanmkc/node24
d8770c2 Update Node version from 20 to 24 in action.yml
cb8a1a3 upgrade to node 24
d560657 Merge pull request #165 from actions/Jcambass-patch-1
35e0ac4 Upgrade IA Publish
1dfbcbf Merge pull request #163 from actions/Jcambass-patch-1
2f4f988 Add workflow file for publishing releases to immutable action package
0d7570c Merge pull request #162 from actions/pin-draft-release-verssion
3ea1966 pin draft release version
aabcbc4 Merge pull request #160 from actions/dependabot/npm_and_yarn/espree-10.1.0
Additional commits viewable in compare view

Updates actions/upload-pages-artifact from 4.0.0 to 5.0.0

Release notes

Sourced from actions/upload-pages-artifact's releases.

v5.0.0

Changelog

Update upload-artifact action to version 7 @Tom-van-Woudenberg (#139)

feat: add include-hidden-files input @jonchurch (#137)

See details of all code changes since previous release.

Commits

fc324d3 Merge pull request #139 from Tom-van-Woudenberg/patch-1
fe9d4b7 Merge branch 'main' into patch-1
0ca1617 Merge pull request #137 from jonchurch/include-hidden-files
57f0e84 Update action.yml
4a90348 v7 --> hash
56f665a Update upload-artifact action to version 7
f7615f5 Add include-hidden-files input
See full diff in compare view

Updates actions/deploy-pages from 4.0.5 to 5.0.0

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

Update Node.js version to 24.x @salmanmkc (#404)

Add workflow file for publishing releases to immutable action package @Jcambass (#374)

Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @dependabot (#360)

Make the rebuild dist workflow work nicer with Dependabot @yoannchaudet (#361)

Bump the non-breaking-changes group across 1 directory with 3 updates @dependabot (#358)

Delete repeated sentence @garethsb (#359)

Update README.md @tsusdere (#348)

Bump the non-breaking-changes group with 4 updates @dependabot (#341)

Remove error message for file permissions @TooManyBees (#340)

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

cd2ce8f Merge pull request #404 from salmanmkc/node24
bbe2a95 Update Node.js version to 24.x
854d7aa Merge pull request #374 from actions/Jcambass-patch-1
306bb81 Add workflow file for publishing releases to immutable action package
b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
7273294 Bump braces in the npm_and_yarn group across 1 directory
963791f Merge pull request #361 from actions/dependabot-friendly
51bb29d Make the rebuild dist workflow safer for Dependabot
89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
Additional commits viewable in compare view

Updates DavidAnson/markdownlint-cli2-action from 22.0.0 to 23.0.0

Commits

ce4853d Update to version 23.0.0.
63a898c Improve type fidelity.
08fc3a2 Add configPointer input, examples for package.json/pyproject.toml.
154744f Freshen generated index.js file.
d1d523c Bump markdownlint-cli2 from 0.21.0 to 0.22.0
619b235 Bump eslint from 10.0.3 to 10.1.0
a226cbe Freshen generated index.js file.
5d93b2e Migrate from Node.js 20 to Node.js 24.
0cf8cdd Bump eslint from 10.0.2 to 10.0.3
462cc85 Bump @stylistic/eslint-plugin from 5.9.0 to 5.10.0
Additional commits viewable in compare view

Updates actions/upload-artifact from 6.0.0 to 7.0.0

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.0

v7 What's new

Direct Uploads

Adds support for uploading single files directly (unzipped). Callers can set the new archive parameter to false to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The name parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

Add proxy integration test by @Link- in actions/upload-artifact#754

Upgrade the module to ESM and bump dependencies by @danwkennedy in actions/upload-artifact#762

Support direct file uploads by @danwkennedy in actions/upload-artifact#764

New Contributors

@Link- made their first contribution in actions/upload-artifact#754

Full Changelog: actions/upload-artifact@v6...v7.0.0

Commits

043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
634250c Include changes in typespec/ts-http-runtime 0.3.5
e454baa Readme: bump all the example versions to v7 (#796)
74fad66 Update the readme with direct upload details (#795)
bbbca2d Support direct file up...
Description has been truncated

Bumps the all group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.2.0` | `8.0.0` | | [cachix/install-nix-action](https://github.com/cachix/install-nix-action) | `31.9.0` | `31.10.4` | | [cachix/cachix-action](https://github.com/cachix/cachix-action) | `16` | `17` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.1.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.18.0` | `7.0.0` | | [actions/configure-pages](https://github.com/actions/configure-pages) | `5.0.0` | `6.0.0` | | [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) | `4.0.0` | `5.0.0` | | [actions/deploy-pages](https://github.com/actions/deploy-pages) | `4.0.5` | `5.0.0` | | [DavidAnson/markdownlint-cli2-action](https://github.com/davidanson/markdownlint-cli2-action) | `22.0.0` | `23.0.0` | | [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.1` | | [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) | `1.13.0` | `1.14.0` | | [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) | `3.2.0` | `3.3.0` | | [actions/setup-node](https://github.com/actions/setup-node) | `6.2.0` | `6.3.0` | Updates `astral-sh/setup-uv` from 7.2.0 to 8.0.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@61cb8a9...cec2083) Updates `cachix/install-nix-action` from 31.9.0 to 31.10.4 - [Release notes](https://github.com/cachix/install-nix-action/releases) - [Changelog](https://github.com/cachix/install-nix-action/blob/master/RELEASE.md) - [Commits](cachix/install-nix-action@4e002c8...6165592) Updates `cachix/cachix-action` from 16 to 17 - [Release notes](https://github.com/cachix/cachix-action/releases) - [Changelog](https://github.com/cachix/cachix-action/blob/master/RELEASE.md) - [Commits](cachix/cachix-action@3ba601f...1eb2ef6) Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@c7c5346...ce36039) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@8d2750c...4d04d5d) Updates `docker/metadata-action` from 5.10.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@c299e40...030e881) Updates `docker/login-action` from 3.7.0 to 4.1.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@c94ce9f...4907a6d) Updates `docker/build-push-action` from 6.18.0 to 7.0.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@2634353...bcafcac) Updates `actions/configure-pages` from 5.0.0 to 6.0.0 - [Release notes](https://github.com/actions/configure-pages/releases) - [Commits](actions/configure-pages@983d773...45bfe01) Updates `actions/upload-pages-artifact` from 4.0.0 to 5.0.0 - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@7b1f4a7...fc324d3) Updates `actions/deploy-pages` from 4.0.5 to 5.0.0 - [Release notes](https://github.com/actions/deploy-pages/releases) - [Commits](actions/deploy-pages@d6db901...cd2ce8f) Updates `DavidAnson/markdownlint-cli2-action` from 22.0.0 to 23.0.0 - [Release notes](https://github.com/davidanson/markdownlint-cli2-action/releases) - [Commits](DavidAnson/markdownlint-cli2-action@07035fd...ce4853d) Updates `actions/upload-artifact` from 6.0.0 to 7.0.0 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@b7c566a...043fb46) Updates `actions/download-artifact` from 7.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@37930b1...3e5f45b) Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0 - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210) Updates `sigstore/gh-action-sigstore-python` from 3.2.0 to 3.3.0 - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](sigstore/gh-action-sigstore-python@a5caf34...04cffa1) Updates `actions/setup-node` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@6044e13...53b8394) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: cachix/install-nix-action dependency-version: 31.10.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: cachix/cachix-action dependency-version: '17' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/login-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/configure-pages dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/upload-pages-artifact dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/deploy-pages dependency-version: 5.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: DavidAnson/markdownlint-cli2-action dependency-version: 23.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: sigstore/gh-action-sigstore-python dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 15, 2026

dependabot bot requested a review from elopez as a code owner April 15, 2026 22:55

dependabot bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 15, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the all group across 1 directory with 17 updates#3005

chore(deps): bump the all group across 1 directory with 17 updates#3005
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/github_actions/master/all-bacf7eeb2f

dependabot bot commented on behalf of github Apr 15, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Apr 15, 2026

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

New format for manifest-file

No more major and minor tags

🚨 Breaking changes

🧰 Maintenance

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

🚀 Enhancements

🧰 Maintenance

v31.10.4

What's Changed

v31.10.3

What's Changed

v31.10.2

What's Changed

v31.10.1

What's Changed

v31.10.0

What's Changed

v31.9.1

What's Changed

v17

What's Changed

Breaking changes

Release

v4.0.0

v4.0.0

v6.0.0

v4.1.0

v4.0.0

v7.0.0

v6.19.2

v6.19.1

v6.19.0

v6.0.0

Changelog

v5.0.0

Changelog

v5.0.0

Changelog

v7.0.0

v7 What's new

Direct Uploads

ESM

What's Changed

New Contributors

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

This is the first immutable release of `setup-uv` 🥳

New format for `manifest-file`