Skip to content

Bump astral-sh/setup-uv from 8.2.0 to 8.3.2#55

Merged
Scriptception merged 1 commit into
mainfrom
dependabot/github_actions/astral-sh/setup-uv-8.3.2
Jul 13, 2026
Merged

Bump astral-sh/setup-uv from 8.2.0 to 8.3.2#55
Scriptception merged 1 commit into
mainfrom
dependabot/github_actions/astral-sh/setup-uv-8.3.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps astral-sh/setup-uv from 8.2.0 to 8.3.2.

Commits
  • 11f9893 chore: roll up Dependabot updates (#948)
  • f798556 docs: update version references to v8.3.1 (#946)
  • e80544d chore: update known checksums for 0.11.28 (#947)
  • f98e069 Change update-docs PR labels from 'update-docs' to 'documentation' (#945)
  • cd46263 chore: update known checksums for 0.11.27 (#944)
  • 11245c7 docs: update version references to v8.3.0 (#939)
  • d31148d Strip environment markers from detected uv dependency pins (#938)
  • 17c3989 Fix cache keys for Python version ranges (#937)
  • 3cc3c11 chore(deps): roll up Dependabot updates (#936)
  • 9225f84 chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 10, 2026

@Scriptception Scriptception left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IcebergAutoReview

Verdict: approve

The focused minor update correctly replaces all four setup-uv references with the immutable, signed v8.3.2 commit SHA. The Node 24 runtime is unchanged, upstream lockfile changes were accompanied by regenerated bundles and upstream validation, and this repository’s complete CI build/test path passed with the new action.

Findings

  • No blocking findings.

Validation

  • Inspected complete main...HEAD diff and commit ancestry; confirmed only two workflow files changed.
  • Verified upstream v8.3.0–v8.3.2 release notes, signed tag/SHA, action.yml runtime, dependency rollup, lockfile update, and regenerated distributions.
  • GitHub Actions CI passed: lint, Ruff formatting, mypy, release consistency, build/package verification, and pytest on Python 3.10–3.14.
  • Parsed both changed workflow files and verified all 11 action references use immutable 40-character SHA pins.
  • Ran release consistency check, git diff --check, and a merge-tree check against current main successfully.

Residual risks / optional notes

  • The branch is one commit behind main, although GitHub reports it mergeable and the local merge-tree check found no conflict; required CI should rerun after the branch update.
  • The tag-triggered PyPI release workflow was not executed on this PR, but CI successfully exercised the same updated setup-uv and uv build path, and the publishing steps are unchanged.

Automated review by Codex 92f8503f5983 using IcebergAutoReview.

@Scriptception

Copy link
Copy Markdown
Contributor

@dependabot rebase

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 8.2.0 to 8.3.2.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@fac544c...11f9893)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/github_actions/astral-sh/setup-uv-8.3.2 branch from 92f8503 to 82cd6f0 Compare July 13, 2026 11:29

@Scriptception Scriptception left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IcebergAutoReview

Verdict: approve

Focused supply-chain update correctly replaces all four setup-uv v8.2.0 references with the immutable v8.3.2 commit SHA. The single-commit diff is clean, current with main, convention-compliant, and contains no unrelated, permission, manifest, or lockfile changes. PR CI directly exercises setup-uv across lint, Python 3.10–3.14 tests, and package build; the release workflow uses the same build path.

Findings

  • No blocking findings.

Validation

  • Parsed ci.yml, release.yml, and dependabot.yml successfully as YAML.
  • Verified all 11 workflow action references use immutable 40-character SHA pins and all four setup-uv references use 11f9893b081a58869d3b5fccaea48c9e9e46f990.
  • Ran scripts/check_release_consistency.py successfully.
  • Ran git diff --check successfully.
  • Verified one-commit linear ancestry from current main and diff scope limited to ci.yml and release.yml.
  • Repository test, lint, type-check, and build commands could not initialize because the review sandbox is read-only and provides no writable temporary/cache directory.

Residual risks / optional notes

  • Live GitHub check status and upstream action contents could not be independently fetched because network access is unavailable; assessment relies on the supplied upstream commit mapping and the repository’s CI coverage.

Automated review by Codex 82cd6f0f8b8e using IcebergAutoReview.

@Scriptception Scriptception merged commit b2d8bf8 into main Jul 13, 2026
8 checks passed
@Scriptception Scriptception deleted the dependabot/github_actions/astral-sh/setup-uv-8.3.2 branch July 13, 2026 11:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant