Skip to content

Bump the all group across 1 directory with 4 updates#269

Merged
thomas-chauchefoin-tob merged 1 commit into
masterfrom
dependabot/github_actions/all-8d06c7e61c
May 6, 2026
Merged

Bump the all group across 1 directory with 4 updates#269
thomas-chauchefoin-tob merged 1 commit into
masterfrom
dependabot/github_actions/all-8d06c7e61c

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026
edited
Loading

Bumps the all group with 4 updates in the / directory: anthropics/claude-code-action, astral-sh/setup-uv, actions/upload-artifact and pypa/gh-action-pypi-publish.

Updates anthropics/claude-code-action from 1.0.29 to 1.0.99

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.99

Full Changelog: anthropics/claude-code-action@v1...v1.0.99

v1.0.98

Full Changelog: anthropics/claude-code-action@v1...v1.0.98

v1.0.97

Full Changelog: anthropics/claude-code-action@v1...v1.0.97

v1.0.96

What's Changed

New Contributors

Full Changelog: anthropics/claude-code-action@v1...v1.0.96

v1.0.95

Full Changelog: anthropics/claude-code-action@v1...v1.0.95

v1.0.94

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.94

v1.0.93

Full Changelog: anthropics/claude-code-action@v1...v1.0.93

v1.0.92

Full Changelog: anthropics/claude-code-action@v1...v1.0.92

v1.0.91

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.91

v1.0.90

What's Changed

Full Changelog: anthropics/claude-code-action@v1...v1.0.90

v1.0.89

... (truncated)

Commits
  • c3d45e8 chore: bump Claude Code to 2.1.112 and Agent SDK to 0.2.112
  • 931e620 chore: bump Claude Code to 2.1.111 and Agent SDK to 0.2.111
  • 905d4eb chore: bump Claude Code to 2.1.110 and Agent SDK to 0.2.110
  • 5fb8995 chore: bump Claude Code to 2.1.109 and Agent SDK to 0.2.109
  • c3bf66d fix: handle fork PRs by fetching via refs/pull/N/head (#962) (#963)
  • 3943183 chore: bump Claude Code to 2.1.108 and Agent SDK to 0.2.108
  • 65f29cf chore: bump Claude Code to 2.1.107 and Agent SDK to 0.2.107
  • 1c8b699 chore: bump Claude Code to 2.1.105 and Agent SDK to 0.2.105
  • ff49ec5 Prepend system bin dirs to PATH when allowed_non_write_users is set (#1208)
  • 25474bf chore: bump Claude Code to 2.1.104 and Agent SDK to 0.2.104
  • Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.6.0 to 8.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.1.0 🌈 New input no-project

Changes

This add the a new boolean input no-project. It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

  • Add input no-project in combination with activate-environment @​eifinger (#856)

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

  • chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#855)

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

... (truncated)

Commits
  • 0880764 fix: grant contents:write to validate-release job (#860)
  • 717d6ab Add a release-gate step to the release workflow (#859)
  • 5a911eb Draft commitish releases (#858)
  • 080c31e Add action-types.yml to instructions (#857)
  • b3e97d2 Add input no-project in combination with activate-environment (#856)
  • 7dd591d chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)
  • 1541b77 chore: update known checksums for 0.11.7 (#853)
  • cdfb2ee Refactor version resolving (#852)
  • cb84d12 chore: update known checksums for 0.11.6 (#850)
  • 1912cc6 chore: update known checksums for 0.11.5 (#845)
  • Additional commits viewable in compare view

Updates actions/upload-artifact from 7.0.0 to 7.0.1

Release notes

Sourced from actions/upload-artifact's releases.

v7.0.1

What's Changed

Full Changelog: actions/upload-artifact@v7...v7.0.1

Commits
  • 043fb46 Merge pull request #797 from actions/yacaovsnc/update-dependency
  • 634250c Include changes in typespec/ts-http-runtime 0.3.5
  • e454baa Readme: bump all the example versions to v7 (#796)
  • 74fad66 Update the readme with direct upload details (#795)
  • See full diff in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

GH Sponsors badge

Commits
  • cef2210 Merge pull request #397 from whitequark/patch-1
  • b4595e2 Enable verbose and print-hash by default.
  • e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
  • 7495c38 docs: fix typos and grammar in README and SECURITY
  • 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
  • 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
  • b5a6e8b deps: bump sigstore and pypi-attestations
  • a48a03e remove another experimental mention
  • 8087a88 action: remove a lingering mention of PEP 740 being experimental
  • 3317ede 🧪 Integrate actionlint via pre-commit framework
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 23, 2026
@dependabot dependabot Bot requested a review from ESultanik as a code owner April 23, 2026 11:43
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 23, 2026
@dependabot @thomas-chauchefoin-tob
Bump the all group across 1 directory with 4 updates
5ca24a4 
Bumps the all group with 4 updates in the / directory: [anthropics/claude-code-action](https://github.com/anthropics/claude-code-action), [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).


Updates `anthropics/claude-code-action` from 1.0.29 to 1.0.99
- [Release notes](https://github.com/anthropics/claude-code-action/releases)
- [Commits](anthropics/claude-code-action@1b8ee3b...c3d45e8)

Updates `astral-sh/setup-uv` from 7.6.0 to 8.1.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@37802ad...0880764)

Updates `actions/upload-artifact` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](actions/upload-artifact@bbbca2d...043fb46)

Updates `pypa/gh-action-pypi-publish` from 1.13.0 to 1.14.0
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](pypa/gh-action-pypi-publish@ed0c539...cef2210)

---
updated-dependencies:
- dependency-name: anthropics/claude-code-action
  dependency-version: 1.0.99
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: pypa/gh-action-pypi-publish
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@thomas-chauchefoin-tob thomas-chauchefoin-tob force-pushed the dependabot/github_actions/all-8d06c7e61c branch from a33d44a to 5ca24a4 Compare May 6, 2026 10:02
@thomas-chauchefoin-tob thomas-chauchefoin-tob merged commit 4f7ca68 into master May 6, 2026
12 checks passed
@thomas-chauchefoin-tob thomas-chauchefoin-tob deleted the dependabot/github_actions/all-8d06c7e61c branch May 6, 2026 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ESultanik ESultanik Awaiting requested review from ESultanik ESultanik is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thomas-chauchefoin-tob