Skip to content

Tags: astral-sh/setup-uv

Tags

v8.2.0

Toggle v8.2.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
chore(deps): roll up dependabot updates (#903)

Rolls up the current open Dependabot npm updates:

- #848 esbuild from 0.27.5 to 0.28.0
- #847 undici from 8.0.0 to 8.3.0
- #846 ts-jest from 29.4.9 to 29.4.11
- #841 @biomejs/biome from 2.4.10 to 2.4.15, including the matching
biome.json schema URL update

Validation:

- npm run all

v8.1.0

Toggle v8.1.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
fix: grant contents:write to validate-release job (#860)

## Problem

The release workflow fails at the `validate-release` job because `gh
release view` cannot find draft releases. This is because the job only
has `contents: read` permission, but GitHub requires `contents: write`
to view draft releases.

See failed run:
https://github.com/astral-sh/setup-uv/actions/runs/24528604608

## Fix

Bump `validate-release` job permissions from `contents: read` to
`contents: write`, matching the `release` job which already has this
permission.

v8.0.0

Toggle v8.0.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Shortcircuit latest version from manifest (#828)

The first version is guaranteed to be the latest

v7.6.0

Toggle v7.6.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Fetch uv from Astral's mirror by default (#809)

This PR tries fetching the uv artifact from `releases.astral.sh` by
default, only in cases where the artifact would otherwise have come from
`https://github.com/astral-sh/uv/releases/download/`. The checksums are
supposed to be the same for the mirror, and can still come from
`raw.githubusercontent.com/astral-sh/versions`. If the download fails,
we fall back to the original URL.

This avoids hitting GitHub's Releases API which is prone to rate
limiting. As far as I can tell, together with
#802 this PR makes a github
token entirely unnecessary for this action.


Towards astral-sh/uv#18503.

v7.6

Toggle v7.6's commit message 
Release v7.6.0

v7

Toggle v7's commit message 
Release v7.6.0

v7.5.0

Toggle v7.5.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
Use astral-sh/versions as primary version provider (#802)

Closes: #777
Closes: #325

v7.5

Toggle v7.5's commit message 
Release v7.5.0

v7.4.0

Toggle v7.4.0's commit message

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode 
chore(deps): bump versions (#792)

## Summary
- replicate the currently open Dependabot dependency updates in a single
branch
- update `smol-toml` to `^1.6.0`
- update `@biomejs/biome` to `2.3.8`
- regenerate `package-lock.json` and bundled `dist` output

## Notes
- `main` already includes the open Octokit Dependabot bumps, so those
PRs required no additional net changes here
- the open `smol-toml` Dependabot PR currently resolves to `^1.6.0`,
which is what this branch mirrors

## Validation
- `npm run all`

v7.4

Toggle v7.4's commit message 
Release v7.4.0