Skip to content

Update all dependencies#405

Open
red-hat-konflux[bot] wants to merge 1 commit into
masterfrom
konflux/mintmaker/master/all-dependencies
Open

Update all dependencies#405
red-hat-konflux[bot] wants to merge 1 commit into
masterfrom
konflux/mintmaker/master/all-dependencies

Conversation

@red-hat-konflux

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v6v7
astral-sh/setup-uv action major v7v8.2.0
quay.io/fedora/python-313 final major 2026052920260624

Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

astral-sh/setup-uv (astral-sh/setup-uv)

v8.2.0: 🌈 New inputs quiet and download-from-astral-mirror

Compare Source

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details.
In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

⬆️ Dependency updates

v8.1.0: 🌈 New input no-project

Compare Source

Changes

This add the a new boolean input no-project.
It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates

v8.0.0: 🌈 Immutable releases and secure tags

Compare Source

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP]
Use the immutable tag as a version astral-sh/setup-uv@v8.0.0
Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes
🧰 Maintenance

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@codecov

codecov Bot commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.03%. Comparing base (3aea63d) to head (b3c7e98).

Additional details and impacted files
@@           Coverage Diff           @@
##           master     #405   +/-   ##
=======================================
  Coverage   84.03%   84.03%           
=======================================
  Files          49       49           
  Lines        2712     2712           
  Branches      197      197           
=======================================
  Hits         2279     2279           
  Misses        361      361           
  Partials       72       72           
Flag Coverage Δ
unit-tests 84.03% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants