build: update all github actions

[angular-robot]

This PR contains the following updates:

Package	Type	Update	Change
astral-sh/setup-uv	action	minor	v7.4.0 → v7.5.0
pnpm/action-setup	action	minor	v4.3.0 → v4.4.0

---

Release Notes

astral-sh/setup-uv (astral-sh/setup-uv)

v7.5.0: 🌈 Use `astral-sh/versions` as version provider

Compare Source

No more rate-limits

This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.

Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.

The manifest-file input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest.
However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.

This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:

https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson

By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.

---

[!TIP]
The next section is only interesting for users of the manifest-file input

The manifest-file input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.

The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:

{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}

[!WARNING]
The old format still works but is deprecated. A warning will be logged when you use it.

Changes

• docs: replace copilot instructions with AGENTS.md @​eifinger (#​794)

🚀 Enhancements

• Use astral-sh/versions as primary version provider @​eifinger (#​802)

📚 Documentation

• docs: add cross-client dependabot rollup skill @​eifinger (#​793)

pnpm/action-setup (pnpm/action-setup)

v4.4.0

Compare Source

Updated the action to use Node.js 24.

---

• If you want to rebase/retry this PR, check this box

[gemini-code-assist]

Code Review

This pull request updates the pnpm/action-setup GitHub Action. While reviewing this change, I identified a potential bug in the ordering of steps within the checkout-and-setup-node composite action. The pnpm/action-setup step is executed before actions/setup-node, which is contrary to the action's documentation and can lead to pnpm using an incorrect version of Node.js. I have added a detailed comment on this issue.

[gemini-code-assist]

There is an issue with the ordering of steps in this composite action. The pnpm/action-setup step (lines 56-59) is executed before actions/setup-node (lines 61-66).

According to the pnpm/action-setup documentation, actions/setup-node should be run first. This ensures that pnpm is installed and operates within the context of the correct Node.js version specified for the project, rather than the potentially different default Node.js version of the GitHub runner.

To fix this, the actions/setup-node step should be moved to execute before the pnpm/action-setup step.

[alan-agius4]

This PR was merged into the repository. The changes were merged into the following branches:

• main: d7875c8