chore(deps): update github actions

[oep-renovate]

This PR contains the following updates:

Package	Type	Update	Change
Swatinem/rust-cache	action	minor	v2.8.2 → v2.9.1
actions/create-github-app-token	action	major	v2.2.1 → v3.0.0
actions/download-artifact	action	patch	v8.0.0 → v8.0.1
astral-sh/setup-uv	action	minor	v7.3.1 → v7.6.0
codecov/codecov-action	action	patch	v5.5.2 → v5.5.3
docker/metadata-action	action	major	v5.10.0 → v6.0.0
github/codeql-action	action	minor	v4.32.5 → v4.34.1
open-edge-platform/geti-ci	action	digest	9b1ef60 → cc6fbe8
renovatebot/github-action	action	patch	v46.1.3 → v46.1.5
schemathesis/action	action	major	v2 → v3
svenstaro/upload-release-action (changelog)	action	digest	b98a3b1 → 29e53e9

---

Release Notes

Swatinem/rust-cache (Swatinem/rust-cache)

v2.9.1

Compare Source

Fix regression in hash calculation

Full Changelog: Swatinem/rust-cache@v2.9.0...v2.9.1

v2.9.0

Compare Source

What's Changed

• Add support for running rust-cache commands from within a Nix shell by @​marc0246 in #​290
• Bump taiki-e/install-action from 2.62.57 to 2.62.60 in the actions group by @​dependabot[bot] in #​291
• Bump the actions group across 1 directory with 5 updates by @​dependabot[bot] in #​296
• Bump the prd-major group with 3 updates by @​dependabot[bot] in #​294
• Bump @​types/node from 24.10.1 to 25.0.2 in the dev-major group by @​dependabot[bot] in #​295
• Consider all installed toolchains in cache key by @​tamird in #​293
• Compare case-insenitively for full cache key match by @​kbriggs in #​303
• Migrate to node24 runner by @​rhysd in #​314
• Bump the actions group across 1 directory with 7 updates by @​dependabot[bot] in #​312
• Bump the prd-minor group across 1 directory with 2 updates by @​dependabot[bot] in #​307
• Bump @​types/node from 25.0.2 to 25.2.2 in the dev-minor group by @​dependabot[bot] in #​309

New Contributors

• @​marc0246 made their first contribution in #​290
• @​tamird made their first contribution in #​293
• @​kbriggs made their first contribution in #​303

Full Changelog: Swatinem/rust-cache@v2.8.2...v2.9.0

actions/create-github-app-token (actions/create-github-app-token)

v3.0.0

Compare Source

• feat!: node 24 support (#​275) (2e564a0)
• fix!: require NODE_USE_ENV_PROXY for proxy support (#​342) (4451bcb)

Bug Fixes

• remove custom proxy handling (#​143) (dce0ab0)

BREAKING CHANGES

• Custom proxy handling has been removed. If you use HTTP_PROXY or HTTPS_PROXY, you must now also set NODE_USE_ENV_PROXY=1 on the action step.
• Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner.

v2.2.2

Compare Source

Bug Fixes

• deps: bump @​actions/core from 1.11.1 to 3.0.0 (#​337) (b044133)
• deps: bump minimatch from 9.0.5 to 9.0.9 (#​335) (5cbc656)
• deps: bump the production-dependencies group with 4 updates (#​336) (6bda5bc)
• deps: bump undici from 7.16.0 to 7.18.2 (#​323) (b4f638f)

actions/download-artifact (actions/download-artifact)

v8.0.1

Compare Source

What's Changed

• Support for CJK characters in the artifact name by @​danwkennedy in #​471
• Add a regression test for artifact name + content-type mismatches by @​danwkennedy in #​472

Full Changelog: actions/download-artifact@v8...v8.0.1

astral-sh/setup-uv (astral-sh/setup-uv)

v7.6.0: 🌈 Fetch uv from Astral's mirror by default

Compare Source

Changes

We now default to download uv from releases.astral.sh.
This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

• Fetch uv from Astral's mirror by default @​zsol (#​809)

🧰 Maintenance

• Switch to ESM for source and test, use CommonJS for dist @​eifinger (#​806)
• chore: update known checksums for 0.10.10 @​github-actions[bot] (#​804)

⬆️ Dependency updates

• chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 @​dependabot[bot] (#​808)
• Bump deps @​eifinger (#​805)

v7.5.0: 🌈 Use `astral-sh/versions` as version provider

Compare Source

No more rate-limits

This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.

Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.

The manifest-file input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest.
However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.

This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:

https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson

By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.

---

[!TIP]
The next section is only interesting for users of the manifest-file input

The manifest-file input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.

The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:

{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}

[!WARNING]
The old format still works but is deprecated. A warning will be logged when you use it.

Changes

• docs: replace copilot instructions with AGENTS.md @​eifinger (#​794)

🚀 Enhancements

• Use astral-sh/versions as primary version provider @​eifinger (#​802)

📚 Documentation

• docs: add cross-client dependabot rollup skill @​eifinger (#​793)

v7.4.0: 🌈 Add riscv64 architecture support to platform detection

Compare Source

Changes

Thank you @​luhenry for adding support for riscv64 arch

🚀 Enhancements

• Add riscv64 architecture support to platform detection @​luhenry (#​791)

🧰 Maintenance

• Delete .github/workflows/dependabot-build.yml @​eifinger (#​789)
• Harden Dependabot build workflow @​eifinger (#​788)
• Fix: check PR author instead of event sender for Dependabot detection @​eifinger-bot (#​787)
• chore: update known checksums for 0.10.9 @​github-actions[bot] (#​783)
• Add workflow to auto-build dist on Dependabot PRs @​eifinger-bot (#​782)
• chore: update known checksums for 0.10.8 @​github-actions[bot] (#​779)
• chore: update known checksums for 0.10.7 @​github-actions[bot] (#​775)

⬆️ Dependency updates

• chore(deps): bump versions @​eifinger (#​792)
• Bump actions/setup-node from 6.2.0 to 6.3.0 @​dependabot[bot] (#​790)
• Bump eifinger/actionlint-action from 1.10.0 to 1.10.1 @​dependabot[bot] (#​778)

codecov/codecov-action (codecov/codecov-action)

v5.5.3

Compare Source

What's Changed

• build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @​dependabot[bot] in #​1874
• chore(release): bump to 5.5.3 by @​thomasrockhu-codecov in #​1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

docker/metadata-action (docker/metadata-action)

v6.0.0

Compare Source

• Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @​crazy-max in #​605
• List inputs now preserve # inside values while still supporting full-line # comments by @​crazy-max in #​607
• Switch to ESM and update config/test wiring by @​crazy-max in #​602
• Bump lodash from 4.17.21 to 4.17.23 in #​588
• Bump @​actions/core from 1.11.1 to 3.0.0 in #​599
• Bump @​actions/github from 6.0.1 to 9.0.0 in #​597
• Bump @​docker/actions-toolkit from 0.68.0 to 0.79.0 in #​604
• Bump @​isaacs/brace-expansion from 5.0.0 to 5.0.1 in #​600
• Bump semver from 7.7.3 to 7.7.4 in #​603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

github/codeql-action (github/codeql-action)

v4.34.1

Compare Source

• Downgrade default CodeQL bundle version to 2.24.3 due to issues with a small percentage of Actions and JavaScript analyses. #​3762

v4.34.0

Compare Source

• Added an experimental change which disables TRAP caching when improved incremental analysis is enabled, since improved incremental analysis supersedes TRAP caching. This will improve performance and reduce Actions cache usage. We expect to roll this change out to everyone in March. #​3569
• We are rolling out improved incremental analysis to C/C++ analyses that use build mode none. We expect this rollout to be complete by the end of April 2026. #​3584
• Update default CodeQL bundle version to 2.25.0. #​3585

v4.33.0

Compare Source

• Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #​3562

  To opt out of this change:

  • Repositories owned by an organization: Create a custom repository property with the name github-codeql-file-coverage-on-prs and the type "True/false", then set this property to true in the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using default setup: Switch to an advanced setup workflow and set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.
  • User-owned repositories using advanced setup: Set the CODEQL_ACTION_FILE_COVERAGE_ON_PRS environment variable to true in your workflow.

• Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #​3557

• The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as github-codeql-disable-overlay that was previously only available on GitHub.com. #​3559

• Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #​3563

• Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #​3564

• A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #​3570

v4.32.6

Compare Source

• Update default CodeQL bundle version to 2.24.3. #​3548

renovatebot/github-action (renovatebot/github-action)

v46.1.5

Compare Source

Documentation

• remove outdated fine-grained PAT warning (#​1021) (9c61f25)
• update references to renovatebot/github-action to v46.1.4 (f7e605e)

Miscellaneous Chores

• deps: update commitlint monorepo to v20.4.3 (2403c09)
• deps: update dependency @​types/node to v24.11.2 (e2438c9)
• deps: update dependency @​types/node to v24.12.0 (00eea9f)
• deps: update dependency conventional-changelog-conventionalcommits to v9.3.0 (55ee45e)
• deps: update dependency lint-staged to v16.3.2 (e0ccd91)
• deps: update dependency prettier-plugin-packagejson to v3.0.2 (84bfed6)
• deps: update linters to v9.39.4 (dc36863)
• deps: update pnpm to v10.31.0 (9774209)
• deps: update pnpm/action-setup action to v4.3.0 (f3be4c6)
• deps: update pnpm/action-setup action to v4.4.0 (7a6507f)

Build System

• deps: lock file maintenance (554d97c)

Continuous Integration

• deps: update ghcr.io/renovatebot/renovate docker tag to v43.59.5 (5a00506)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.59.6 (1ff5666)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.60.0 (ee1a795)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.60.4 (dd7c09a)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.60.5 (efb4999)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.61.0 (033ba4d)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.61.4 (225899c)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.61.5 (1b45bba)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.61.6 (8a5c110)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.61.7 (a355aba)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.62.0 (b4e7747)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.63.0 (8123aa4)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.64.2 (bc67bcf)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.64.3 (4c15565)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.64.4 (e7aeb3d)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.64.5 (2e3e42c)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.65.0 (58ee54b)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.66.0 (d92e861)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.66.2 (04b1620)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.66.3 (b1544a4)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.66.4 (0e06b5c)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.66.5 (763c93e)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.70.0 (9d94955)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.71.0 (766127d)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.72.0 (b1d82d8)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.73.1 (664826b)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.73.2 (50658c7)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.74.0 (14de895)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.75.0 (a390e5c)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.76.0 (9ee6f9b)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.76.1 (1eae479)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.76.2 (8f8044e)

v46.1.4

Compare Source

Documentation

• update references to renovatebot/github-action to v46.1.3 (c2d0816)

Miscellaneous Chores

• deps: update actions/setup-node action to v6.3.0 (da7b52c)
• deps: update dependency @​semantic-release/npm to v13.1.5 (8779a37)
• deps: update dependency @​types/node to v24.10.14 (4058dd8)
• deps: update dependency @​types/node to v24.10.15 (1839180)
• deps: update dependency @​types/node to v24.11.0 (547c751)
• deps: update dependency conventional-changelog-conventionalcommits to v9.2.0 (d2d8688)
• deps: update dependency globals to v17.4.0 (93a1308)
• deps: update dependency lint-staged to v16.3.0 (fb28428)
• deps: update dependency lint-staged to v16.3.1 (a9bd550)
• deps: update dependency typescript-eslint to v8.56.1 (ef0183d)
• deps: update pnpm to v10.30.2 (5d9b1b3)
• deps: update pnpm to v10.30.3 (d38f704)

Build System

• deps: lock file maintenance (00ae3b2)

Continuous Integration

• deps: update ghcr.io/renovatebot/renovate docker tag to v43.47.0 (d6044f6)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.48.2 (0c2120b)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.48.3 (87c11e9)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.48.4 (bc79127)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.49.0 (e0ff889)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.50.0 (82e724d)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.51.0 (0784fa3)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.51.1 (f005e86)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.52.0 (29f1ae6)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.52.1 (8b92fc0)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.53.0 (9939673)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.54.0 (ea19709)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.55.1 (bfc0ac1)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.55.2 (ab0a774)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.56.0 (5a0686d)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.56.1 (f840e29)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.57.0 (633ac37)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.58.0 (9f1d38a)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.59.1 (8d49f37)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.59.2 (e792068)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.59.3 (527f1d4)
• deps: update ghcr.io/renovatebot/renovate docker tag to v43.59.4 (7be708e)

schemathesis/action (schemathesis/action)

v3

Compare Source

---

Configuration

📅 Schedule: Branch creation - On day 1 and 15 of the month ( * * 1,15 * * ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[github-actions]

📊 Test coverage report

Metric	Coverage
Lines	49.0%
Functions	79.8%
Branches	87.9%
Statements	49.0%

[github-actions]

Docker Image Sizes

CPU

Image	Size
geti-cpu:pr-5777	986.91M
geti-cpu:sha-5a78ffa	986.91M

CUDA

Image	Size
geti-cuda:pr-5777	5.53G
geti-cuda:sha-5a78ffa	5.53G

XPU

Image	Size
geti-xpu:pr-5777	3.32G
geti-xpu:sha-5a78ffa	3.32G

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!