ci(deps): bump the github-actions group across 1 directory with 3 updates by dependabot[bot] · Pull Request #556 · brooklyn-data/dbt_artifacts

dependabot · 2026-05-18T21:01:34Z

Bumps the github-actions group with 3 updates in the / directory: actions/checkout, astral-sh/setup-uv and google-github-actions/auth.

Updates actions/checkout from 3 to 6

Release notes

Sourced from actions/checkout's releases.

v6.0.0

What's Changed

Update README to include Node.js 24 support details and requirements by @salmanmkc in actions/checkout#2248

Persist creds to a separate file by @ericsciple in actions/checkout#2286

v6-beta by @ericsciple in actions/checkout#2298

update readme/changelog for v6 by @ericsciple in actions/checkout#2311

Full Changelog: actions/checkout@v5.0.0...v6.0.0

v6-beta

What's Changed

Updated persist-credentials to store the credentials under $RUNNER_TEMP instead of directly in the local git config.

This requires a minimum Actions Runner version of v2.329.0 to access the persisted credentials for Docker container action scenarios.

v5.0.1

What's Changed

Port v6 cleanup to v5 by @ericsciple in actions/checkout#2301

Full Changelog: actions/checkout@v5...v5.0.1

v5.0.0

What's Changed

Update actions checkout to use node 24 by @salmanmkc in actions/checkout#2226

Prepare v5.0.0 release by @salmanmkc in actions/checkout#2238

⚠️ Minimum Compatible Runner Version

v2.327.1
Release Notes

Make sure your runner is updated to this version or newer to use this release.

Full Changelog: actions/checkout@v4...v5.0.0

v4.3.1

What's Changed

Port v6 cleanup to v4 by @ericsciple in actions/checkout#2305

Full Changelog: actions/checkout@v4...v4.3.1

v4.3.0

What's Changed

docs: update README.md by @motss in actions/checkout#1971

Add internal repos for checking out multiple repositories by @mouismail in actions/checkout#1977

Documentation update - add recommended permissions to Readme by @benwells in actions/checkout#2043

... (truncated)

Commits

de0fac2 Fix tag handling: preserve annotations and explicit fetch-tags (#2356)
064fe7f Add orchestration_id to git user-agent when ACTIONS_ORCHESTRATION_ID is set (...
8e8c483 Clarify v6 README (#2328)
033fa0d Add worktree support for persist-credentials includeIf (#2327)
c2d88d3 Update all references from v5 and v4 to v6 (#2314)
1af3b93 update readme/changelog for v6 (#2311)
71cf226 v6-beta (#2298)
069c695 Persist creds to a separate file (#2286)
ff7abcd Update README to include Node.js 24 support details and requirements (#2248)
08c6903 Prepare v5.0.0 release (#2238)
Additional commits viewable in compare view

Updates astral-sh/setup-uv from 3.2.4 to 8.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.1.0 🌈 New input no-project

Changes

This add the a new boolean input no-project. It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

Add input no-project in combination with activate-environment @eifinger (#856)

🧰 Maintenance

fix: grant contents:write to validate-release job @eifinger (#860)

Add a release-gate step to the release workflow @zanieb (#859)

Draft commitish releases @eifinger (#858)

Add action-types.yml to instructions @eifinger (#857)

chore: update known checksums for 0.11.7 @github-actions[bot] (#853)

Refactor version resolving @eifinger (#852)

chore: update known checksums for 0.11.6 @github-actions[bot] (#850)

chore: update known checksums for 0.11.5 @github-actions[bot] (#845)

chore: update known checksums for 0.11.4 @github-actions[bot] (#843)

Add a release workflow @zanieb (#839)

chore: update known checksums for 0.11.3 @github-actions[bot] (#836)

📚 Documentation

Update ignore-nothing-to-cache documentation @eifinger (#833)

Pin setup-uv docs to v8 @eifinger (#829)

⬆️ Dependency updates

chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#855)

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

... (truncated)

Commits

0880764 fix: grant contents:write to validate-release job (#860)
717d6ab Add a release-gate step to the release workflow (#859)
5a911eb Draft commitish releases (#858)
080c31e Add action-types.yml to instructions (#857)
b3e97d2 Add input no-project in combination with activate-environment (#856)
7dd591d chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)
1541b77 chore: update known checksums for 0.11.7 (#853)
cdfb2ee Refactor version resolving (#852)
cb84d12 chore: update known checksums for 0.11.6 (#850)
1912cc6 chore: update known checksums for 0.11.5 (#845)
Additional commits viewable in compare view

Updates google-github-actions/auth from 2.1.13 to 3.0.0

Release notes

Sourced from google-github-actions/auth's releases.

v3.0.0

What's Changed

Bump to Node 24 and remove old parameters by @sethvargo in google-github-actions/auth#508

Remove hacky script by @sethvargo in google-github-actions/auth#509

Release: v3.0.0 by @google-github-actions-bot in google-github-actions/auth#510

Full Changelog: google-github-actions/auth@v2...v3.0.0

Commits

7c6bc77 Release: v3.0.0 (#510)
42e4997 Remove hacky script (#509)
5ea4dc1 Bump to Node 24 and remove old parameters (#508)
See full diff in compare view

dependabot · 2026-05-18T21:01:35Z

Labels

The following labels could not be found: dependencies, github-actions. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

…ates Bumps the github-actions group with 3 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [google-github-actions/auth](https://github.com/google-github-actions/auth). Updates `actions/checkout` from 3 to 6 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v3...v6) Updates `astral-sh/setup-uv` from 3.2.4 to 8.1.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@caf0cab...0880764) Updates `google-github-actions/auth` from 2.1.13 to 3.0.0 - [Release notes](https://github.com/google-github-actions/auth/releases) - [Changelog](https://github.com/google-github-actions/auth/blob/main/CHANGELOG.md) - [Commits](google-github-actions/auth@c200f36...7c6bc77) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: google-github-actions/auth dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot requested a review from mtcarlone as a code owner May 18, 2026 21:01

dependabot Bot changed the title ~~ci(deps): bump the github-actions group with 3 updates~~ ci(deps): bump the github-actions group across 1 directory with 3 updates May 25, 2026

dependabot Bot force-pushed the dependabot/github_actions/github-actions-37cd20819c branch from cb9fad8 to 428275a Compare May 25, 2026 17:30

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ci(deps): bump the github-actions group across 1 directory with 3 updates#556

ci(deps): bump the github-actions group across 1 directory with 3 updates#556
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/github-actions-37cd20819c

dependabot Bot commented on behalf of github May 18, 2026 •

edited

Loading

Uh oh!

dependabot Bot commented on behalf of github May 18, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 18, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v6.0.0

What's Changed

v6-beta

What's Changed

v5.0.1

What's Changed

v5.0.0

What's Changed

⚠️ Minimum Compatible Runner Version

v4.3.1

What's Changed

v4.3.0

What's Changed

v8.1.0 🌈 New input no-project

Changes

🚀 Enhancements

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

New format for manifest-file

No more major and minor tags

v3.0.0

What's Changed

Uh oh!

dependabot Bot commented on behalf of github May 18, 2026

Labels

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 18, 2026 •

edited

Loading

v8.1.0 🌈 New input `no-project`

This is the first immutable release of `setup-uv` 🥳

New format for `manifest-file`