Commit fe23a35
authored
![cloudquery-ci[bot]](https://avatars.githubusercontent.com/u/74616112?v=4&size=40){kind=avatar}
chore(deps): Update github-actions (#237)
This PR contains the following updates:
| Package | Type | Update | Change | Pending |
|---|---|---|---|---|
| [actions/create-github-app-token](https://redirect.github.com/actions/create-github-app-token) ([changelog](https://redirect.github.com/actions/create-github-app-token/compare/f8d387b68d61c58ab83c6c016672934102569859..1b10c78c7865c340bc4f6099eb2f838309f1e8c3)) | action | digest | `f8d387b` → `1b10c78` | |
| [astral-sh/uv](https://redirect.github.com/astral-sh/uv) | uses-with | patch | `0.11.2` → `0.11.7` | `0.11.8` |
| [googleapis/release-please-action](https://redirect.github.com/googleapis/release-please-action) ([changelog](https://redirect.github.com/googleapis/release-please-action/compare/16a9c90856f42705d54a6fda1823352bdc62cf38..5c625bfb5d1ff62eadeeb3772007f7f66fdcf071)) | action | digest | `16a9c90` → `5c625bf` | |
| [peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request) ([changelog](https://redirect.github.com/peter-evans/create-pull-request/compare/c0f553fe549906ede9cf27b5156039d195d2ece0..5f6978faf089d4d20b00c7766989d076bb2fc7f1)) | action | digest | `c0f553f` → `5f6978f` | |
| [pypa/gh-action-pypi-publish](https://redirect.github.com/pypa/gh-action-pypi-publish) | action | digest | `ed0c539` → `cef2210` | |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/218) for more information.
---
### Release Notes
<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>
### [`v0.11.7`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0117)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.6...0.11.7)
Released on 2026-04-15.
##### Python
- Upgrade CPython build to [`2026041`](https://redirect.github.com/astral-sh/uv/commit/20260414) including an OpenSSL security upgrade ([#​19004](https://redirect.github.com/astral-sh/uv/pull/19004))
##### Enhancements
- Elevate configuration errors to `required-version` mismatches ([#​18977](https://redirect.github.com/astral-sh/uv/pull/18977))
- Further improve TLS certificate validation messages ([#​18933](https://redirect.github.com/astral-sh/uv/pull/18933))
- Improve `--exclude-newer` hints ([#​18952](https://redirect.github.com/astral-sh/uv/pull/18952))
##### Preview features
- Fix `--script` handling in `uv audit` ([#​18970](https://redirect.github.com/astral-sh/uv/pull/18970))
- Fix traversal of extras in `uv audit` ([#​18970](https://redirect.github.com/astral-sh/uv/pull/18970))
##### Bug fixes
- De-quote `workspace metadata` in linehaul data ([#​18966](https://redirect.github.com/astral-sh/uv/pull/18966))
- Avoid installing tool workspace member dependencies as editable ([#​18891](https://redirect.github.com/astral-sh/uv/pull/18891))
- Emit JSON report for `uv sync --check` failures ([#​18976](https://redirect.github.com/astral-sh/uv/pull/18976))
- Filter and warn on invalid TLS certificates ([#​18951](https://redirect.github.com/astral-sh/uv/pull/18951))
- Fix equality comparisons for version specifiers with `~=` operators ([#​18960](https://redirect.github.com/astral-sh/uv/pull/18960))
- Fix stale Python upgrade preview feature check in project environment construction ([#​18961](https://redirect.github.com/astral-sh/uv/pull/18961))
- Improve Windows path normalization ([#​18945](https://redirect.github.com/astral-sh/uv/pull/18945))
### [`v0.11.6`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0116)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.5...0.11.6)
Released on 2026-04-09.
This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See [GHSA-pjjw-68hj-v9mw](https://redirect.github.com/astral-sh/uv/security/advisories/GHSA-pjjw-68hj-v9mw) for details.
##### Bug fixes
- Do not remove files outside the venv on uninstall ([#​18942](https://redirect.github.com/astral-sh/uv/pull/18942))
- Validate and heal wheel `RECORD` during installation ([#​18943](https://redirect.github.com/astral-sh/uv/pull/18943))
- Avoid `uv cache clean` errors due to Win32 path normalization ([#​18856](https://redirect.github.com/astral-sh/uv/pull/18856))
### [`v0.11.5`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0115)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.4...0.11.5)
Released on 2026-04-08.
##### Python
- Add CPython 3.13.13, 3.14.4, and 3.15.0a8 ([#​18908](https://redirect.github.com/astral-sh/uv/pull/18908))
##### Enhancements
- Fix `build_system.requires` error message ([#​18911](https://redirect.github.com/astral-sh/uv/pull/18911))
- Remove trailing path separators in path normalization ([#​18915](https://redirect.github.com/astral-sh/uv/pull/18915))
- Improve error messages for unsupported or invalid TLS certificates ([#​18924](https://redirect.github.com/astral-sh/uv/pull/18924))
##### Preview features
- Add `exclude-newer` to `[[tool.uv.index]]` ([#​18839](https://redirect.github.com/astral-sh/uv/pull/18839))
- `uv audit`: add context/warnings for ignored vulnerabilities ([#​18905](https://redirect.github.com/astral-sh/uv/pull/18905))
##### Bug fixes
- Normalize persisted fork markers before lock equality checks ([#​18612](https://redirect.github.com/astral-sh/uv/pull/18612))
- Clear junction properly when uninstalling Python versions on Windows ([#​18815](https://redirect.github.com/astral-sh/uv/pull/18815))
- Report error cleanly instead of panicking on TLS certificate error ([#​18904](https://redirect.github.com/astral-sh/uv/pull/18904))
##### Documentation
- Remove the legacy `PIP_COMPATIBILITY.md` redirect file ([#​18928](https://redirect.github.com/astral-sh/uv/pull/18928))
- Fix `uv init example-bare --bare` examples ([#​18822](https://redirect.github.com/astral-sh/uv/pull/18822), [#​18925](https://redirect.github.com/astral-sh/uv/pull/18925))
### [`v0.11.4`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0114)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.3...0.11.4)
Released on 2026-04-07.
##### Enhancements
- Add support for `--upgrade-group` ([#​18266](https://redirect.github.com/astral-sh/uv/pull/18266))
- Merge repeated archive URL hashes by version ID ([#​18841](https://redirect.github.com/astral-sh/uv/pull/18841))
- Require all direct URL hash algorithms to match ([#​18842](https://redirect.github.com/astral-sh/uv/pull/18842))
##### Bug fixes
- Avoid panics in environment finding via cycle detection ([#​18828](https://redirect.github.com/astral-sh/uv/pull/18828))
- Enforce direct URL hashes for `pyproject.toml` dependencies ([#​18786](https://redirect.github.com/astral-sh/uv/pull/18786))
- Error on `--locked` and `--frozen` when script lockfile is missing ([#​18832](https://redirect.github.com/astral-sh/uv/pull/18832))
- Fix `uv export` extra resolution for workspace member and conflicting extras ([#​18888](https://redirect.github.com/astral-sh/uv/pull/18888))
- Include conflicts defined in virtual workspace root ([#​18886](https://redirect.github.com/astral-sh/uv/pull/18886))
- Recompute relative `exclude-newer` values during `uv tree --outdated` ([#​18899](https://redirect.github.com/astral-sh/uv/pull/18899))
- Respect `--exclude-newer` in `uv tool list --outdated` ([#​18861](https://redirect.github.com/astral-sh/uv/pull/18861))
- Sort by comparator to break specifier ties ([#​18850](https://redirect.github.com/astral-sh/uv/pull/18850))
- Store relative timestamps in tool receipts ([#​18901](https://redirect.github.com/astral-sh/uv/pull/18901))
- Track newly-activated extras when determining conflicts ([#​18852](https://redirect.github.com/astral-sh/uv/pull/18852))
- Patch `Cargo.lock` in `uv-build` source distributions ([#​18831](https://redirect.github.com/astral-sh/uv/pull/18831))
##### Documentation
- Clarify that `--exclude-newer` compares artifact upload times ([#​18830](https://redirect.github.com/astral-sh/uv/pull/18830))
### [`v0.11.3`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0113)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.2...0.11.3)
Released on 2026-04-01.
##### Enhancements
- Add progress bar for hashing phase in uv publish ([#​18752](https://redirect.github.com/astral-sh/uv/pull/18752))
- Add support for ROCm 7.2 ([#​18730](https://redirect.github.com/astral-sh/uv/pull/18730))
- Emit abi3t tags for every abi3 version ([#​18777](https://redirect.github.com/astral-sh/uv/pull/18777))
- Expand `uv workspace metadata` with dependency information from the lock ([#​18356](https://redirect.github.com/astral-sh/uv/pull/18356))
- Implement support for PEP 803 ([#​18767](https://redirect.github.com/astral-sh/uv/pull/18767))
- Pretty-print platform in built wheel errors ([#​18738](https://redirect.github.com/astral-sh/uv/pull/18738))
- Publish installers to `/installers/uv/latest` on the mirror ([#​18725](https://redirect.github.com/astral-sh/uv/pull/18725))
- Show free-threaded Python in built-wheel errors ([#​18740](https://redirect.github.com/astral-sh/uv/pull/18740))
##### Preview features
- Add `--ignore` and `--ignore-until-fixed` to `uv audit` ([#​18737](https://redirect.github.com/astral-sh/uv/pull/18737))
##### Bug fixes
- Bump simple API cache ([#​18797](https://redirect.github.com/astral-sh/uv/pull/18797))
- Don't drop `blake2b` hashes ([#​18794](https://redirect.github.com/astral-sh/uv/pull/18794))
- Handle broken range request implementations ([#​18780](https://redirect.github.com/astral-sh/uv/pull/18780))
- Remove `powerpc64-unknown-linux-gnu` from release build targets ([#​18800](https://redirect.github.com/astral-sh/uv/pull/18800))
- Respect dependency metadata overrides in `uv pip check` ([#​18742](https://redirect.github.com/astral-sh/uv/pull/18742))
- Support debug CPython ABI tags in environment compatibility ([#​18739](https://redirect.github.com/astral-sh/uv/pull/18739))
##### Documentation
- Document `false` opt-out for `exclude-newer-package` ([#​18768](https://redirect.github.com/astral-sh/uv/pull/18768), [#​18803](https://redirect.github.com/astral-sh/uv/pull/18803))
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Between 12:00 AM and 03:59 AM, on day 1 of the month (`* 0-3 1 * *`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDguMSIsInVwZGF0ZWRJblZlciI6IjQzLjEwOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiXX0=-->1 parent 0f1033a commit fe23a35
5 files changed
Lines changed: 9 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
20 | | - | |
| 20 | + | |
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
20 | 20 | | |
21 | 21 | | |
22 | 22 | | |
23 | | - | |
| 23 | + | |
24 | 24 | | |
25 | 25 | | |
26 | 26 | | |
27 | 27 | | |
28 | 28 | | |
29 | 29 | | |
30 | 30 | | |
31 | | - | |
| 31 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
11 | 11 | | |
12 | 12 | | |
13 | 13 | | |
14 | | - | |
| 14 | + | |
15 | 15 | | |
16 | 16 | | |
17 | 17 | | |
| |||
22 | 22 | | |
23 | 23 | | |
24 | 24 | | |
25 | | - | |
| 25 | + | |
26 | 26 | | |
27 | 27 | | |
28 | 28 | | |
| |||
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
37 | | - | |
| 37 | + | |
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
| 16 | + | |
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
22 | | - | |
| 22 | + | |
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
19 | 19 | | |
20 | 20 | | |
21 | 21 | | |
22 | | - | |
| 22 | + | |
23 | 23 | | |
24 | 24 | | |
25 | 25 | | |
| |||
0 commit comments