Skip to content

chore(ci): Bump the actions group across 1 directory with 6 updates#71

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-fd765db1b5
Open

chore(ci): Bump the actions group across 1 directory with 6 updates#71
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/actions-fd765db1b5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions group with 6 updates in the / directory:

Package From To
actions/checkout 6.0.2 7.0.0
actions/setup-python 6.2.0 6.3.0
astral-sh/setup-uv 8.1.0 8.3.0
marocchino/sticky-pull-request-comment 3.0.4 3.0.5
j178/prek-action 2.0.3 2.0.5
stefanzweifel/git-auto-commit-action 7.1.0 7.2.0

Updates actions/checkout from 6.0.2 to 7.0.0

Release notes

Sourced from actions/checkout's releases.

v7.0.0

What's Changed

New Contributors

Full Changelog: actions/checkout@v6.0.3...v7.0.0

v6.0.3

What's Changed

New Contributors

Full Changelog: actions/checkout@v6...v6.0.3

Changelog

Sourced from actions/checkout's changelog.

Changelog

v7.0.0

v6.0.3

v6.0.2

v6.0.1

v6.0.0

v5.0.1

v5.0.0

v4.3.1

v4.3.0

v4.2.2

v4.2.1

... (truncated)

Commits

Updates actions/setup-python from 6.2.0 to 6.3.0

Release notes

Sourced from actions/setup-python's releases.

v6.3.0

What's Changed

Enhancement

Dependency update

Documentation

New Contributors

Full Changelog: actions/setup-python@v6...v6.3.0

Commits

Updates astral-sh/setup-uv from 8.1.0 to 8.3.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.2.0 🌈 New inputs quiet and download-from-astral-mirror

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • d31148d Strip environment markers from detected uv dependency pins (#938)
  • 17c3989 Fix cache keys for Python version ranges (#937)
  • 3cc3c11 chore(deps): roll up Dependabot updates (#936)
  • 9225f84 chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)
  • fc16fa3 chore(deps): bump actions/checkout from 6.0.2 to 7.0.0 (#926)
  • a1a7345 ci: call docs update workflow from release (#933)
  • a5e9cbf docs: update version references to v8.2.0 (#932)
  • c5680ec chore: update known checksums for 0.11.26 (#930)
  • c86fe4e Add a threat model for setup-uv (#923)
  • 224c887 chore: update known checksums for 0.11.25 (#929)
  • Additional commits viewable in compare view

Updates marocchino/sticky-pull-request-comment from 3.0.4 to 3.0.5

Release notes

Sourced from marocchino/sticky-pull-request-comment's releases.

v3.0.5

What's Changed

Full Changelog: marocchino/sticky-pull-request-comment@v3.0.4...v3.0.5

Commits
  • 5770ad5 📦️ Build
  • 2c19060 build(deps-dev): Bump @​biomejs/biome from 2.4.14 to 2.5.2 (#1730)
  • 3d24e5a build(deps-dev): Bump js-yaml from 4.1.1 to 5.2.1 (#1732)
  • 3604821 build(deps-dev): Bump @​rollup/plugin-commonjs from 29.0.2 to 29.0.3 (#1710)
  • a4d9c0f build(deps-dev): Bump @​types/node from 25.9.1 to 26.1.0 (#1731)
  • ae65a58 build(deps-dev): Bump vitest from 4.1.7 to 4.1.9 (#1719)
  • 8680321 build(deps-dev): Bump vite from 8.0.13 to 8.0.16 (#1720)
  • 5d40239 build(deps): Bump actions/checkout from 6 to 7 (#1721)
  • 39ab01d build(deps-dev): Bump rollup from 4.60.4 to 4.62.2 (#1722)
  • b2660f1 build(deps): Bump undici from 6.24.0 to 6.27.0 (#1725)
  • Additional commits viewable in compare view

Updates j178/prek-action from 2.0.3 to 2.0.5

Release notes

Sourced from j178/prek-action's releases.

v2.0.5

What's Changed

Full Changelog: j178/prek-action@v2...v2.0.5

v2.0.4

What's Changed

Full Changelog: j178/prek-action@v2...v2.0.4

Commits

Updates stefanzweifel/git-auto-commit-action from 7.1.0 to 7.2.0

Release notes

Sourced from stefanzweifel/git-auto-commit-action's releases.

v7.2.0

Added

Fixed

Dependency Updates

Changelog

Sourced from stefanzweifel/git-auto-commit-action's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Unreleased

TBD

v7.2.0 - 2026-06-28

Added

Fixed

Dependency Updates

v7.1.0 - 2025-12-17

Added

Changes

Dependency Updates

v7.0.0 - 2025-10-12

Added

... (truncated)

Commits
  • 4a55954 Update README.md
  • 9f6c933 Add hooks to run shell snippets around git operations (#411)
  • c365a74 Emit warning for pull_request_target trigger usage (#410)
  • d28176c Bump actions/checkout from 6 to 7 (#409)
  • 25df622 Add EXAMPLES.md
  • 32e9844 docs(action): fix input and output descriptions in action.yml (#406)
  • a3ed46f docs: fix typos, grammar, and formatting across markdown files (#408)
  • b4d688c docs: fix broken and redirecting URLs in README.md (#407)
  • f53a62c README: clearify meaning of the repository field (#404)
  • 4fc4bbf Bump release-drafter/release-drafter from 6 to 7 (#403)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [actions/checkout](https://github.com/actions/checkout) | `6.0.2` | `7.0.0` |
| [actions/setup-python](https://github.com/actions/setup-python) | `6.2.0` | `6.3.0` |
| [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `8.1.0` | `8.3.0` |
| [marocchino/sticky-pull-request-comment](https://github.com/marocchino/sticky-pull-request-comment) | `3.0.4` | `3.0.5` |
| [j178/prek-action](https://github.com/j178/prek-action) | `2.0.3` | `2.0.5` |
| [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) | `7.1.0` | `7.2.0` |



Updates `actions/checkout` from 6.0.2 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@de0fac2...9c091bb)

Updates `actions/setup-python` from 6.2.0 to 6.3.0
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](actions/setup-python@a309ff8...ece7cb0)

Updates `astral-sh/setup-uv` from 8.1.0 to 8.3.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@0880764...d31148d)

Updates `marocchino/sticky-pull-request-comment` from 3.0.4 to 3.0.5
- [Release notes](https://github.com/marocchino/sticky-pull-request-comment/releases)
- [Commits](marocchino/sticky-pull-request-comment@0ea0beb...5770ad5)

Updates `j178/prek-action` from 2.0.3 to 2.0.5
- [Release notes](https://github.com/j178/prek-action/releases)
- [Commits](j178/prek-action@6ad8027...e98a699)

Updates `stefanzweifel/git-auto-commit-action` from 7.1.0 to 7.2.0
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](stefanzweifel/git-auto-commit-action@04702ed...4a55954)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: actions
- dependency-name: actions/setup-python
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
- dependency-name: marocchino/sticky-pull-request-comment
  dependency-version: 3.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: j178/prek-action
  dependency-version: 2.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-version: 7.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: automated, ci. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants