Skip to content

chore(deps): bump the all group across 1 directory with 6 updates#693

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/master/all-83653cf20d
Open

chore(deps): bump the all group across 1 directory with 6 updates#693
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/github_actions/master/all-83653cf20d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor

Bumps the all group with 6 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
astral-sh/setup-uv 8.1.0 8.3.1
foundry-rs/foundry-toolchain 1.8.0 1.9.0
astral-sh/ruff-action 4.0.0 4.1.0
softprops/action-gh-release 3.0.0 3.0.1
sigstore/gh-action-sigstore-python 3.3.0 3.4.0

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates astral-sh/setup-uv from 8.1.0 to 8.3.1

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.2.0 🌈 New inputs quiet and download-from-astral-mirror

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • f98e069 Change update-docs PR labels from 'update-docs' to 'documentation' (#945)
  • cd46263 chore: update known checksums for 0.11.27 (#944)
  • 11245c7 docs: update version references to v8.3.0 (#939)
  • d31148d Strip environment markers from detected uv dependency pins (#938)
  • 17c3989 Fix cache keys for Python version ranges (#937)
  • 3cc3c11 chore(deps): roll up Dependabot updates (#936)
  • 9225f84 chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)
  • fc16fa3 chore(deps): bump actions/checkout from 6.0.2 to 7.0.0 (#926)
  • a1a7345 ci: call docs update workflow from release (#933)
  • a5e9cbf docs: update version references to v8.2.0 (#932)
  • Additional commits viewable in compare view

Updates foundry-rs/foundry-toolchain from 1.8.0 to 1.9.0

Release notes

Sourced from foundry-rs/foundry-toolchain's releases.

v1.9.0

Highlights

The standalone Rust rewrite of foundryup (https://github.com/foundry-rs/foundryup) is now used instead.

What's Changed

Full Changelog: foundry-rs/foundry-toolchain@v1.8.0...v1.9.0

Commits
  • b00af27 feat: use foundryup installer repo (#152)
  • 313be38 chore(deps): bump the npm-weekly group across 1 directory with 3 updates (#146)
  • d7a89dc ci: allow dependabot dist after maintainer updates (#151)
  • 15c1f56 ci: update dist on dependabot PRs (#150)
  • 7b4b0f3 chore(deps): resolve action dependency advisories (#149)
  • beaa8c2 fix: harden foundryup installer download (#148)
  • ee410a5 chore(deps): bump the ci-weekly group across 1 directory with 2 updates (#147)
  • 06eaaf4 chore(deps): bump the ci-weekly group with 3 updates (#142)
  • ef01607 chore(deps): bump the npm-weekly group with 2 updates (#143)
  • 5ab9eaa fix: quote dependabot schedule time (#139)
  • Additional commits viewable in compare view

Updates astral-sh/ruff-action from 4.0.0 to 4.1.0

Commits

Updates softprops/action-gh-release from 3.0.0 to 3.0.1

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.1

3.0.1

  • maintenance release with updated dependencies
Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.2

3.0.2 is a patch release focused on release reliability and compatibility. It reuses existing draft releases when publishing prereleases, supports replacing release assets on Gitea, hardens streamed asset uploads, and provides clearer release-creation diagnostics. It also includes TypeScript, coverage, and tooling maintenance merged since 3.0.1.

This release fixes #795, #438, and #803. The upload transport hardening covers the historical failure reported in #790, although current hosted Node 24 runners did not reproduce it naturally. The diagnostics work is related to #786 and does not claim a reproducible release-creation fix.

What's Changed

Exciting New Features 🎉

Bug fixes 🐛

Other Changes 🔄

3.0.1

  • maintenance release with updated dependencies

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. v2.6.2 was the final Node 20-compatible release and is no longer maintained or supported.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; freeze v2 at the final v2.6.2 release

... (truncated)

Commits
  • 718ea10 release 3.0.1
  • f1a938b chore(deps): bump esbuild from 0.28.0 to 0.28.1 (#802)
  • 0066ead chore(deps): bump vite from 8.0.14 to 8.0.16 (#806)
  • dc643ca chore(deps): bump the npm group with 3 updates (#805)
  • 85ee99b chore(deps): bump actions/checkout in the github-actions group (#804)
  • 9ed3cf9 chore(deps): bump the npm group with 2 updates (#800)
  • 3efcac8 chore(deps): bump the npm group with 3 updates (#798)
  • 05d6b91 chore(deps): bump brace-expansion from 5.0.5 to 5.0.6 (#797)
  • 403a524 chore(deps): bump @​types/node from 24.12.2 to 24.12.3 in the npm group (#796)
  • 437e073 chore(deps): bump the npm group with 4 updates (#792)
  • Additional commits viewable in compare view

Updates sigstore/gh-action-sigstore-python from 3.3.0 to 3.4.0

Release notes

Sourced from sigstore/gh-action-sigstore-python's releases.

v3.4.0

What's Changed

  • Used sigstore package version is now 4.3.0
  • Other dependency updates

Full Changelog: sigstore/gh-action-sigstore-python@v3.3.0...v3.4.0

Commits
  • 5b79a39 build(deps): bump sigstore in the python-dependencies group (#408)
  • 3d7f17b build(deps): bump idna in the python-dependencies group (#407)
  • 2d128b7 build(deps): bump github/codeql-action in the actions group (#405)
  • 06882d3 build(deps): bump the python-dependencies group with 3 updates (#406)
  • bab6f77 build(deps): bump the actions group across 1 directory with 3 updates (#403)
  • f98c429 build(deps): bump securesystemslib in the python-dependencies group (#404)
  • db9196e build(deps): bump the python-dependencies group across 1 directory with 3 upd...
  • 839093d build(deps): bump certifi from 2026.4.22 to 2026.5.20 in the python-dependenc...
  • d9df9da build(deps): bump ast-serialize in the python-dependencies group (#397)
  • 2f7a761 build(deps): bump github/codeql-action in the actions group (#395)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `8.1.0` | `8.3.1` |
| [foundry-rs/foundry-toolchain](https://github.com/foundry-rs/foundry-toolchain) | `1.8.0` | `1.9.0` |
| [astral-sh/ruff-action](https://github.com/astral-sh/ruff-action) | `4.0.0` | `4.1.0` |
| [softprops/action-gh-release](https://github.com/softprops/action-gh-release) | `3.0.0` | `3.0.1` |
| [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) | `3.3.0` | `3.4.0` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `astral-sh/setup-uv` from 8.1.0 to 8.3.1
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@0880764...f98e069)

Updates `foundry-rs/foundry-toolchain` from 1.8.0 to 1.9.0
- [Release notes](https://github.com/foundry-rs/foundry-toolchain/releases)
- [Changelog](https://github.com/foundry-rs/foundry-toolchain/blob/master/RELEASE.md)
- [Commits](foundry-rs/foundry-toolchain@c7450ba...b00af27)

Updates `astral-sh/ruff-action` from 4.0.0 to 4.1.0
- [Release notes](https://github.com/astral-sh/ruff-action/releases)
- [Commits](astral-sh/ruff-action@0ce1b0b...278981a)

Updates `softprops/action-gh-release` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@b430933...718ea10)

Updates `sigstore/gh-action-sigstore-python` from 3.3.0 to 3.4.0
- [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases)
- [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md)
- [Commits](sigstore/gh-action-sigstore-python@04cffa1...5b79a39)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.3.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: foundry-rs/foundry-toolchain
  dependency-version: 1.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: astral-sh/ruff-action
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: sigstore/gh-action-sigstore-python
  dependency-version: 3.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 14, 2026
@dependabot dependabot Bot requested review from bohendo, elopez and smonicas as code owners July 14, 2026 23:23
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants