Skip to content

Bump astral-sh/setup-uv from 6.8.0 to 8.3.2 in /.github/actions/python-setup#7077

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/actions/python-setup/astral-sh/setup-uv-8.3.2
Closed

Bump astral-sh/setup-uv from 6.8.0 to 8.3.2 in /.github/actions/python-setup#7077
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/dot-github/actions/python-setup/astral-sh/setup-uv-8.3.2

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor

Bumps astral-sh/setup-uv from 6.8.0 to 8.3.2.

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.2.0 🌈 New inputs quiet and download-from-astral-mirror

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

🚀 Enhancements

🧰 Maintenance

... (truncated)

Commits
  • 11f9893 chore: roll up Dependabot updates (#948)
  • f798556 docs: update version references to v8.3.1 (#946)
  • e80544d chore: update known checksums for 0.11.28 (#947)
  • f98e069 Change update-docs PR labels from 'update-docs' to 'documentation' (#945)
  • cd46263 chore: update known checksums for 0.11.27 (#944)
  • 11245c7 docs: update version references to v8.3.0 (#939)
  • d31148d Strip environment markers from detected uv dependency pins (#938)
  • 17c3989 Fix cache keys for Python version ranges (#937)
  • 3cc3c11 chore(deps): roll up Dependabot updates (#936)
  • 9225f84 chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6.8.0 to 8.3.2.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@d0cc045...11f9893)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.3.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Usage: [Issues, PRs], Target: dependencies in the project github_actions Pull requests that update GitHub Actions code labels Jul 12, 2026
Copilot AI review requested due to automatic review settings July 12, 2026 14:35
@dependabot dependabot Bot added dependencies Usage: [Issues, PRs], Target: dependencies in the project github_actions Pull requests that update GitHub Actions code labels Jul 12, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@moonbox3

Copy link
Copy Markdown
Contributor

Superseded by #7103

@moonbox3 moonbox3 closed this Jul 14, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 14, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/github_actions/dot-github/actions/python-setup/astral-sh/setup-uv-8.3.2 branch July 14, 2026 07:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Usage: [Issues, PRs], Target: dependencies in the project github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants