chore(deps): bump the github-actions group across 1 directory with 4 updates#636
chore(deps): bump the github-actions group across 1 directory with 4 updates#636dependabot[bot] wants to merge 1 commit into
Conversation
933edee to
15f34ca
Compare
…updates Bumps the github-actions group with 4 updates in the / directory: [actions/checkout](https://github.com/actions/checkout), [actions/setup-python](https://github.com/actions/setup-python), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) and [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action). Updates `actions/checkout` from 6 to 7 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](actions/checkout@v6...v7) Updates `actions/setup-python` from 6.2.0 to 6.3.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@a309ff8...ece7cb0) Updates `astral-sh/setup-uv` from 7.6.0 to 8.3.1 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@37802ad...f98e069) Updates `docker/setup-buildx-action` from 4.0.0 to 4.2.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@4d04d5d...bb05f3f) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/setup-python dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions - dependency-name: astral-sh/setup-uv dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
15f34ca to
f70ae51
Compare
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Want reviews to match your repository better? Bugbot Learning can learn team-specific rules from PR activity. A team admin can enable Learning in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit f70ae51. Configure here.
| runs-on: ${{ matrix.os }} | ||
| steps: | ||
| - uses: actions/checkout@0c366fd6a839edf440554fa01a7085ccba70ac98 # v6.0.1 | ||
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.1 |
There was a problem hiding this comment.
Image workflow checkout downgraded
Medium Severity
This PR bumps actions/checkout to v7 in most workflows, but image.yml replaces the previous pin 0c366fd… with de0fac2…, which is an older v6.0.2 commit. Image build jobs therefore run a regressed checkout while CI uses v7, skipping v6.0.3 fixes and the v7 upgrade.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit f70ae51. Configure here.


Bumps the github-actions group with 4 updates in the / directory: actions/checkout, actions/setup-python, astral-sh/setup-uv and docker/setup-buildx-action.
Updates
actions/checkoutfrom 6 to 7Release notes
Sourced from actions/checkout's releases.
Commits
9c091bbupdate error wording (#2467)1044a6dgetting ready for checkout v7 release (#2464)f028218Bump the minor-npm-dependencies group across 1 directory with 3 updates (#2462)d914b26upgrade module to esm and update dependencies (#2463)537c7efBump@actions/coreand@actions/tool-cacheand Remove uuid (#2459)130a169Bump js-yaml from 4.1.0 to 4.2.0 (#2461)7d09575Bump flatted from 3.3.1 to 3.4.2 (#2460)0f9f3aaBump actions/publish-immutable-action (#2458)f9e715ablock checking out fork pr for pull_request_target and workflow_run (#2454)Updates
actions/setup-pythonfrom 6.2.0 to 6.3.0Release notes
Sourced from actions/setup-python's releases.
Commits
ece7cb0Fix pip cache error handling on Windows. (#1040)1d18d7aUpdate advanced-usage.md (#811)d2b357aUpdate dependency versions and test workflow configuration (#1322)8f639b1Merge pull request #1324 from jasongin/update-actions-cache-5.1.06731c2bResolve high-severity audit issues0cb1a84Add RHEL support and include Linux distro in cache keys (#1323)dc6eab6Update dist6f4b74bStrict equalityfa8bde1Bump@actions/cacheto 5.1.0, log cache write deniedc8813baUpgrade@actionsdependencies and update licenses (#1303)Updates
astral-sh/setup-uvfrom 7.6.0 to 8.3.1Release notes
Sourced from astral-sh/setup-uv's releases.
... (truncated)
Commits
f98e069Change update-docs PR labels from 'update-docs' to 'documentation' (#945)cd46263chore: update known checksums for 0.11.27 (#944)11245c7docs: update version references to v8.3.0 (#939)d31148dStrip environment markers from detected uv dependency pins (#938)17c3989Fix cache keys for Python version ranges (#937)3cc3c11chore(deps): roll up Dependabot updates (#936)9225f84chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)fc16fa3chore(deps): bump actions/checkout from 6.0.2 to 7.0.0 (#926)a1a7345ci: call docs update workflow from release (#933)a5e9cbfdocs: update version references to v8.2.0 (#932)Updates
docker/setup-buildx-actionfrom 4.0.0 to 4.2.0Release notes
Sourced from docker/setup-buildx-action's releases.
Commits
bb05f3fMerge pull request #580 from docker/dependabot/npm_and_yarn/docker/actions-to...321c814[dependabot skip] chore: update generated contentb9a36efbuild(deps): bump@docker/actions-toolkitfrom 0.91.0 to 0.92.0ebeab24Merge pull request #570 from docker/dependabot/npm_and_yarn/undici-6.27.05c7b8ae[dependabot skip] chore: update generated content037e618build(deps): bump undici from 6.25.0 to 6.27.066080e5Merge pull request #577 from docker/dependabot/npm_and_yarn/sigstore-4.1.1409aef0Merge pull request #562 from docker/dependabot/npm_and_yarn/js-yaml-4.2.049c6e42build(deps): bump sigstore from 4.1.0 to 4.1.12211273[dependabot skip] chore: update generated content