chore(deps): bump astral-sh/setup-uv from 6.6.1 to 6.8.0 by dependabot[bot] · Pull Request #1 · mozilla/nss-rs

dependabot · 2025-10-01T14:42:41Z

Bumps astral-sh/setup-uv from 6.6.1 to 6.8.0.

Release notes

Sourced from astral-sh/setup-uv's releases.

v6.7.0 🌈 New inputs restore-cache and save-cache

Changes

This release adds fine-grained control over the caching steps.

The input restore-cache (true by default) can be set to false to skip restoring the cache while still allowing to save the cache.

The input save-cache (true by default) can be set to false to skip saving the cache.

Skipping cache saving can be useful if you know, that you will never use this version of the cache again and don't want to waste storage space:
- name: Save cache only on main branch
  uses: astral-sh/setup-uv@v6
  with:
    enable-cache: true
    save-cache: ${{ github.ref == 'refs/heads/main' }}
🚀 Enhancements

Add inputs restore-cache and save-cache @eifinger (#568)

🧰 Maintenance

bump deps @eifinger (#569)

Automatically push updated known versions @eifinger (#565)

chore: update known versions for 0.8.16/0.8.17 @github-actions[bot] (#562)

chore: update known versions for 0.8.15 @github-actions[bot] (#550)

chore(ci): address CI lint findings @woodruffw (#545)

⬆️ Dependency updates

Bump github/codeql-action from 3.29.11 to 3.30.3 @dependabot[bot] (#566)

Bump actions/setup-node from 4.4.0 to 5.0.0 @dependabot[bot] (#551)

Commits

d0cc045 Always show prune cache output (#597)
2841f9f Bump zizmorcore/zizmor-action from 0.1.2 to 0.2.0 (#571)
e554b93 Add **/*.py.lock to cache-dependency-glob (#590)
c7d85d9 chore: update known versions for 0.8.20
07f2cb5 persist credentials for version update (#584)
208b0c0 README.md: Fix Python versions and update checkout action (#572)
b75a909 bump deps (#569)
ffff8aa Bump github/codeql-action from 3.29.11 to 3.30.3 (#566)
95d0e23 Bump actions/setup-node from 4.4.0 to 5.0.0 (#551)
dc724a1 Add inputs restore-cache and save-cache (#568)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6.6.1 to 6.8.0. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@557e51d...d0cc045) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 6.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

github-advanced-security · 2025-10-01T14:43:19Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

dependabot · 2025-10-13T08:05:04Z

Superseded by #5.

They seem to have a race condition that makes them crash. I wasn't able to figure out why they crash, this seems to happen inside NSS: ``` Process 47677 stopped * thread mozilla#2, name = 'init_twice_withdb', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x000000019b4994f8 libsystem_pthread.dylib`pthread_mutex_lock + 12 libsystem_pthread.dylib`pthread_mutex_lock: -> 0x19b4994f8 <+12>: ldr x8, [x0] 0x19b4994fc <+16>: mov w9, #0x545a ; =21594 0x19b499500 <+20>: movk w9, #0x4d55, lsl mozilla#16 0x19b499504 <+24>: cmp x8, x9 (lldb) up frame mozilla#1: 0x0000000100802f58 libnspr4.dylib`PR_Lock + 20 libnspr4.dylib`PR_Lock: -> 0x100802f58 <+20>: bl 0x10080c0c0 ; symbol stub for: pthread_self 0x100802f5c <+24>: str x0, [x19, #0xb8] 0x100802f60 <+28>: mov w8, #0x1 ; =1 0x100802f64 <+32>: str w8, [x19, #0xb0] (lldb) up frame mozilla#2: 0x00000001007fc188 libnspr4.dylib`PR_CallOnce + 56 libnspr4.dylib`PR_CallOnce: -> 0x1007fc188 <+56>: ldr w23, [x19] 0x1007fc18c <+60>: ldr w20, [x19, #0x8] 0x1007fc190 <+64>: ldr x0, [x22, #0x430] 0x1007fc194 <+68>: bl 0x100802f74 ; PR_Unlock (lldb) up frame mozilla#3: 0x000000010066f634 libnss3.dylib`nss_Init + 112 libnss3.dylib`nss_Init: -> 0x10066f634 <+112>: cbz w0, 0x10066f640 ; <+124> 0x10066f638 <+116>: mov w19, #-0x1 ; =-1 0x10066f63c <+120>: b 0x10066f968 ; <+932> 0x10066f640 <+124>: stp x21, x22, [x29, #-0x80] (lldb) up frame mozilla#4: 0x000000010066ff44 libnss3.dylib`NSS_Initialize + 100 libnss3.dylib`NSS_Initialize: -> 0x10066ff44 <+100>: ldp x29, x30, [sp, #0x40] 0x10066ff48 <+104>: add sp, sp, #0x50 0x10066ff4c <+108>: ret libnss3.dylib`NSS_InitContext: 0x10066ff50 <+0>: sub sp, sp, #0x60 (lldb) up frame mozilla#5: 0x00000001000035fc init-d4e9f02b33e50e46`init::init_twice_withdb::h34013f715e9b4f6e at init.rs:65:9 62 let pathstr = path.to_str().unwrap(); 63 let dircstr = CString::new(pathstr).unwrap(); 64 unsafe { -> 65 nss::NSS_Initialize( 66 dircstr.as_ptr(), 67 empty.as_ptr(), 68 empty.as_ptr(), ```

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 1, 2025

dependabot Bot requested a review from larseggert as a code owner October 1, 2025 14:42

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Oct 1, 2025

dependabot Bot closed this Oct 13, 2025

dependabot Bot deleted the dependabot/github_actions/astral-sh/setup-uv-6.8.0 branch October 13, 2025 08:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump astral-sh/setup-uv from 6.6.1 to 6.8.0#1

chore(deps): bump astral-sh/setup-uv from 6.6.1 to 6.8.0#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/astral-sh/setup-uv-6.8.0

dependabot Bot commented on behalf of github Oct 1, 2025

Uh oh!

github-advanced-security AI commented Oct 1, 2025

Uh oh!

dependabot Bot commented on behalf of github Oct 13, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Oct 1, 2025

v6.7.0 🌈 New inputs restore-cache and save-cache

Changes

🚀 Enhancements

🧰 Maintenance

⬆️ Dependency updates

Uh oh!

github-advanced-security AI commented Oct 1, 2025

Uh oh!

dependabot Bot commented on behalf of github Oct 13, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

v6.7.0 🌈 New inputs `restore-cache` and `save-cache`