chore(deps): update astral-sh/setup-uv action to v7 #198
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Trivy image scan report
|
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
libssl3t64 |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
libssl3t64 |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
libssl3t64 |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
No Misconfigurations found
Python
No Vulnerabilities found
No Misconfigurations found
Contributor
Trivy image scan report
|
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
libssl3t64 |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
libssl3t64 |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
libssl3t64 |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
No Misconfigurations found
Python
No Vulnerabilities found
No Misconfigurations found
Contributor
Trivy image scan report
|
| Package | ID | Severity | Installed Version | Fixed Version |
|---|---|---|---|---|
libssl3t64 |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
libssl3t64 |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
libssl3t64 |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9230 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9231 | MEDIUM | 3.5.1-1 | 3.5.1-1+deb13u1 |
openssl-provider-legacy |
CVE-2025-9232 | LOW | 3.5.1-1 | 3.5.1-1+deb13u1 |
No Misconfigurations found
Python
No Vulnerabilities found
No Misconfigurations found
Contributor
✅
|
| Descriptor | Linter | Files | Fixed | Errors | Warnings | Elapsed time |
|---|---|---|---|---|---|---|
| ✅ ACTION | actionlint | 4 | 0 | 0 | 0.12s | |
| ✅ COPYPASTE | jscpd | yes | no | no | 1.19s | |
| ✅ DOCKERFILE | hadolint | 1 | 0 | 0 | 0.07s | |
| ✅ JSON | jsonlint | 3 | 0 | 0 | 0.17s | |
| prettier | 3 | 1 | 0 | 0.46s | ||
| ✅ JSON | v8r | 3 | 0 | 0 | 3.42s | |
| ✅ MARKDOWN | markdownlint | 1 | 0 | 0 | 0.44s | |
| ✅ MARKDOWN | markdown-table-formatter | 1 | 0 | 0 | 0.23s | |
| ✅ PYTHON | bandit | 1 | 0 | 0 | 1.63s | |
| ✅ PYTHON | black | 1 | 0 | 0 | 0.94s | |
| ✅ PYTHON | flake8 | 1 | 0 | 0 | 0.73s | |
| ✅ PYTHON | isort | 1 | 0 | 0 | 0.2s | |
| ✅ PYTHON | mypy | 1 | 0 | 0 | 3.45s | |
| ✅ PYTHON | pylint | 1 | 0 | 0 | 2.96s | |
| ✅ PYTHON | pyright | 1 | 0 | 0 | 1.79s | |
| ✅ PYTHON | ruff | 1 | 0 | 0 | 0.04s | |
| ✅ REPOSITORY | dustilock | yes | no | no | 0.03s | |
| ✅ REPOSITORY | gitleaks | yes | no | no | 0.27s | |
| ✅ REPOSITORY | git_diff | yes | no | no | 0.01s | |
| ✅ REPOSITORY | grype | yes | no | no | 30.43s | |
| ✅ REPOSITORY | kics | yes | no | no | 3.49s | |
| ✅ REPOSITORY | secretlint | yes | no | no | 1.62s | |
| ✅ REPOSITORY | syft | yes | no | no | 2.02s | |
| ✅ REPOSITORY | trivy | yes | no | no | 7.95s | |
| ✅ REPOSITORY | trivy-sbom | yes | no | no | 0.12s | |
| ✅ REPOSITORY | trufflehog | yes | no | no | 4.42s | |
| ✅ YAML | prettier | 6 | 0 | 0 | 0.75s | |
| ✅ YAML | v8r | 6 | 0 | 0 | 6.26s | |
| ✅ YAML | yamllint | 6 | 0 | 0 | 0.7s |
Detailed Issues
⚠️ JSON / prettier - 1 error
Checking formatting...
[warn] .renovaterc.json
[warn] Code style issues found in the above file. Run Prettier with --write to fix.
See detailed reports in MegaLinter artifacts
Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)
- Documentation: Custom Flavors
- Command:
npx mega-linter-runner@9.0.1 --custom-flavor-setup --custom-flavor-linters PYTHON_PYLINT,PYTHON_BLACK,PYTHON_FLAKE8,PYTHON_ISORT,PYTHON_BANDIT,PYTHON_MYPY,PYTHON_PYRIGHT,PYTHON_RUFF,ACTION_ACTIONLINT,COPYPASTE_JSCPD,DOCKERFILE_HADOLINT,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_DUSTILOCK,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_KICS,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R
Contributor
|
🎉 This PR is included in version 1.10.64 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v6.8.0->v7.1.0Release Notes
astral-sh/setup-uv (astral-sh/setup-uv)
v7.1.0: 🌈 Support all the use casesCompare Source
Changes
Support all the use cases!!!
... well, that we know of.
This release adds support for some use cases that most users don't encounter but are useful for e.g. people running Gitea.
The input
resolution-strategylets you use the lowest possible version of uv from a version range. Useful if you want to test your tool with different versions of uv.If you use
activate-environmentthe path to the activated venv is now also exposed under the outputvenv.Downloaded python installations can now also be uploaded to the GitHub Actions cache backend. Useful if you are running in
actand have configured your own backend and don't want to download python again, and again over a slow internet connection.Finally the path to installed python interpreters is now added to the
PATHon Windows.🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
v7.0.0: 🌈 node24 and a lot of bugfixesCompare Source
Changes
This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.
This release also removes the deprecated input
server-urlwhich was used to download uv releases from a different server.The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.
Fixes
UV_CACHE_DIRis already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.uvprocesses running in the background. Starting with uv version0.8.24this action usesuv cache prune --ci --forceto ignore the running processesUV_NO_MODIFY_PATHUV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.Improvements
If you are using minimum version specifiers for the version of uv to install for example
This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo
to determine the highest matching candidate for the version specifier, which took much more time.
If you are using other specifiers like
0.8.xthis action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.🚨 Breaking changes
🐛 Bug fixes
UV_CACHE_DIRhas changed @jamesbraza (#601)🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates
Configuration
📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.