Update CI configuration dependencies (major)#152
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
e486e89 to
d48d14a
Compare
| runs-on: ubuntu-slim | ||
| steps: | ||
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | ||
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
| # - "3.15" | ||
| steps: | ||
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | ||
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
| runs-on: ubuntu-slim | ||
| steps: | ||
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | ||
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
| runs-on: ubuntu-slim | ||
| steps: | ||
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | ||
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
| steps: | ||
| - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 | ||
| - uses: github/codeql-action/init@231aa2c8a89117b126725a0e11897209b7118144 # v1.1.39 | ||
| - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 |
d48d14a to
0f84f1d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v6.0.3→v7.0.0v4.3.1→v7.0.0v7.6.0→v8.2.0v1.1.39→v4.36.2v4.36.3Release Notes
actions/checkout (actions/checkout)
v7.0.0Compare Source
v7Compare Source
astral-sh/setup-uv (astral-sh/setup-uv)
v8.2.0: 🌈 New inputsquietanddownload-from-astral-mirrorCompare Source
Changes
This release brings two new inputs and a few bug fixes.
New inputs
Lets talk about the new inputs first.
quiet
Pretty simple. It turns of all
infologgings. Useful if you use this in a composite action and are not interested in all the details.In the upcoming releases we will add log groups to fully implement support for "less noise"
download-from-astral-mirror
In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting
download-from-astral-mirror: falseallows you to do that.Bugfixes
When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.
We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.
🐛 Bug fixes
🚀 Enhancements
download-from-astral-mirrorinput @eifinger (#897)🧰 Maintenance
⬆️ Dependency updates
v8.1.0: 🌈 New inputno-projectCompare Source
Changes
This add the a new boolean input
no-project.It only makes sense to use in combination with
activate-environment: trueand will append--no projectto theuv venvcall. This is for example useful if you have a pyproject.toml file with parts unparseable by uv🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
v8.0.0: 🌈 Immutable releases and secure tagsCompare Source
This is the first immutable release of
setup-uv🥳All future releases are also immutable, if you want to know more about what this means checkout the docs.
This release also has two breaking changes
New format for
manifest-fileThe previously deprecated way of defining a custom version manifest to control which
uvversions are available and where to download them from got removed. The functionality is still there but you have to use the new format.No more major and minor tags
To increase security even more we will stop publishing minor tags. You won't be able to use
@v8or@v8.0any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.🚨 Breaking changes
🧰 Maintenance
github/codeql-action (github/codeql-action)
v4.36.2Compare Source
v4.36.1Compare Source
No user facing changes.
v4.36.0Compare Source
v4.35.5Compare Source
analysis-kindsinput, onlycode-scanningwill be enabled. Theanalysis-kindsinput is experimental, for GitHub-internal use only, and may change without notice at any time. #3892v4.35.4Compare Source
v4.35.3Compare Source
GETrequests instead ofHEADfor better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853v4.35.2Compare Source
CODEQL_ACTION_CLEANUP_TRAP_CACHESenvironment variable is deprecated and will be removed in May 2026. If you are affected by this, we recommend disabling TRAP caching by passing thetrap-caching: falseinput to theinitAction. #3795v4.35.1Compare Source
v4.35.0Compare Source
v4.34.1Compare Source
v4.34.0Compare Source
none. We expect this rollout to be complete by the end of April 2026. #3584v4.33.0Compare Source
Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562
To opt out of this change:
github-codeql-file-coverage-on-prsand the type "True/false", then set this property totruein the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set theCODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.CODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.CODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557
The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as
github-codeql-disable-overlaythat was previously only available on GitHub.com. #3559Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563
Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564
A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570
v4.32.6Compare Source
v4.32.5Compare Source
github-codeql-disable-overlaycustom repository property to disable improved incremental analysis for CodeQL. First, create a custom repository property with the namegithub-codeql-disable-overlayand the type "True/false" in the organization's settings. Then in the repository's settings, set this property totrueto disable improved incremental analysis. For more information, see Managing custom properties for repositories in your organization. This feature is not yet available on GitHub Enterprise Server. #3507start-proxyaction to resolve the CodeQL CLI version from feature flags instead of using the linked CLI bundle version. We expect to roll this change out to everyone in March. #3512v4.32.4Compare Source
v4.32.3Compare Source
v4.32.2Compare Source
v4.32.1Compare Source
v4.32.0Compare Source
v4.31.11Compare Source
v4.31.10Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.10 - 12 Jan 2026
See the full CHANGELOG.md for more information.
v4.31.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.9 - 16 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.8Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.8 - 11 Dec 2025
See the full CHANGELOG.md for more information.
v4.31.7Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.7 - 05 Dec 2025
See the full CHANGELOG.md for more information.
v4.31.6Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.6 - 01 Dec 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.5Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.5 - 24 Nov 2025
See the full CHANGELOG.md for more information.
v4.31.4Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.4 - 18 Nov 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.3Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.3 - 13 Nov 2025
See the full CHANGELOG.md for more information.
v4.31.2Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.2 - 30 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.31.1Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.1 - 30 Oct 2025
add-snippetsinput has been removed from theanalyzeaction. This input has been deprecated since CodeQL Action 3.26.4 in August 2024 when this removal was announced.See the full CHANGELOG.md for more information.
v4.31.0Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.31.0 - 24 Oct 2025
analyzeorupload-sarifactions, the CodeQL Action automatically performs post-processing steps to prepare the data for the upload. Previously, these post-processing steps were only performed before an upload took place. We are now changing this so that the post-processing steps will always be performed, even when the SARIF files are not uploaded. This does not change anything for theupload-sarifaction. Foranalyze, this may affect Advanced Setup for CodeQL users who specify a value other thanalwaysfor theuploadinput. #3222See the full CHANGELOG.md for more information.
v4.30.9Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.9 - 17 Oct 2025
setup-codeqlaction has been added which is similar toinit, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. #3204See the full CHANGELOG.md for more information.
v4.30.8Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.8 - 10 Oct 2025
No user facing changes.
See the full CHANGELOG.md for more information.
v4.30.7Compare Source
CodeQL Action Changelog
See the releases page for the relevant changes to the CodeQL CLI and language packs.
4.30.7 - 06 Oct 2025
See the full CHANGELOG.md for more information.
v4Compare Source
v3.36.3Compare Source
No user facing changes.
v3.36.2Compare Source
v3.36.1Compare Source
No user facing changes.
v3.36.0Compare Source
v3.35.5Compare Source
analysis-kindsinput, onlycode-scanningwill be enabled. Theanalysis-kindsinput is experimental, for GitHub-internal use only, and may change without notice at any time. #3892v3.35.4Compare Source
v3.35.3Compare Source
GETrequests instead ofHEADfor better compatibility with various registry implementations. For NuGet feeds, the test is now always performed against the service index. #3853v3.35.2Compare Source
Configuration
📅 Schedule: (in timezone Etc/UTC)
* * 3,22 * *)🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.