Bump the dependencies group across 4 directories with 4 updates

[dependabot]

Bumps the dependencies group with 1 update in the / directory: install-pinned/twine.
Bumps the dependencies group with 1 update in the /rust-cache directory: Swatinem/rust-cache.
Bumps the dependencies group with 1 update in the /setup-python directory: actions/setup-python.
Bumps the dependencies group with 1 update in the /setup-uv directory: astral-sh/setup-uv.

Updates install-pinned/twine from d37e75c8158b39867d6a18f54019be48a55d8dcd to 286d09d023dd646bbac5eaf2021b70e55db35259

Commits

• 286d09d update README.md (twine 6.2.0)
• 53e1418 update pins (twine 6.2.0)
• 634faae update README.md (twine 6.2.0)
• 0db0b91 update pins (twine 6.2.0)
• becfd38 update README.md (twine 6.2.0)
• e7298dc update pins (twine 6.2.0)
• a4d358c update README.md (twine 6.2.0)
• e8e33f6 update pins (twine 6.2.0)
• e221f71 update README.md (twine 6.2.0)
• 79574c0 update pins (twine 6.2.0)
• See full diff in compare view

Updates Swatinem/rust-cache from 2.8.0 to 2.8.1

Release notes

Sourced from Swatinem/rust-cache's releases.

v2.8.1

What's Changed

• Set empty CARGO_ENCODED_RUSTFLAGS in workspace metadata retrieval by @​ark0f in Swatinem/rust-cache#249
• chore(deps): update dependencies by @​reneleonhardt in Swatinem/rust-cache#251
• chore: fix dependabot groups by @​reneleonhardt in Swatinem/rust-cache#253
• Bump the prd-patch group with 2 updates by @​dependabot[bot] in Swatinem/rust-cache#254
• chore(dependabot): regenerate and commit dist/ by @​reneleonhardt in Swatinem/rust-cache#257
• Bump @​types/node from 22.16.3 to 24.2.1 in the dev-major group by @​dependabot[bot] in Swatinem/rust-cache#255
• Bump typescript from 5.8.3 to 5.9.2 in the dev-minor group by @​dependabot[bot] in Swatinem/rust-cache#256
• Bump actions/setup-node from 4 to 5 in the actions group by @​dependabot[bot] in Swatinem/rust-cache#259
• Update README.md by @​Propfend in Swatinem/rust-cache#234
• Bump @​types/node from 24.2.1 to 24.3.0 in the dev-minor group by @​dependabot[bot] in Swatinem/rust-cache#258

New Contributors

• @​ark0f made their first contribution in Swatinem/rust-cache#249
• @​reneleonhardt made their first contribution in Swatinem/rust-cache#251
• @​dependabot[bot] made their first contribution in Swatinem/rust-cache#254
• @​Propfend made their first contribution in Swatinem/rust-cache#234

Full Changelog: Swatinem/rust-cache@v2...v2.8.1

Changelog

Sourced from Swatinem/rust-cache's changelog.

Changelog

2.8.1

• Set empty CARGO_ENCODED_RUSTFLAGS when retrieving metadata
• Various dependency updates

2.8.0

• Add support for warpbuild cache provider
• Add new cache-workspace-crates feature

2.7.8

• Include CPU arch in the cache key

2.7.7

• Also cache cargo install metadata

2.7.6

• Allow opting out of caching $CARGO_HOME/bin
• Add runner OS in cache key
• Adds an option to do lookup-only of the cache

2.7.5

• Support Cargo.lock format cargo-lock v4
• Only run macOsWorkaround() on macOS

2.7.3

• Work around upstream problem that causes cache saving to hang for minutes.

2.7.2

• Only key by Cargo.toml and Cargo.lock files of workspace members.

2.7.1

• Update toml parser to fix parsing errors.

2.7.0

• Properly cache trybuild tests.

2.6.2

• Fix toml parsing.

... (truncated)

Commits

• f13886b 2.8.1
• 5abb1e2 update dependencies, prepare for release
• 3c68c31 Bump @​types/node from 24.2.1 to 24.3.0 in the dev-minor group (#258)
• 5467cca Update README.md (#234)
• 94b28bf Bump actions/setup-node from 4 to 5 in the actions group (#259)
• cb8ffc2 Bump typescript from 5.8.3 to 5.9.2 in the dev-minor group (#256)
• c4f0bbd Bump @​types/node from 22.16.3 to 24.2.1 in the dev-major group (#255)
• d8c5063 chore(dependabot): regenerate and commit dist/ (#257)
• 267a8a9 Merge pull request #254 from Swatinem/dependabot/npm_and_yarn/prd-patch-d0e2e...
• 46cb408 Bump the prd-patch group with 2 updates
• Additional commits viewable in compare view

Updates actions/setup-python from 5.6.0 to 6.0.0

Release notes

Sourced from actions/setup-python's releases.

v6.0.0

What's Changed

Breaking Changes

• Upgrade to node 24 by @​salmanmkc in actions/setup-python#1164

Make sure your runner is on version v2.327.1 or later to ensure compatibility with this release. See Release Notes

Enhancements:

• Add support for pip-version by @​priyagupta108 in actions/setup-python#1129
• Enhance reading from .python-version by @​krystof-k in actions/setup-python#787
• Add version parsing from Pipfile by @​aradkdj in actions/setup-python#1067

Bug fixes:

• Clarify pythonLocation behaviour for PyPy and GraalPy in environment variables by @​aparnajyothi-y in actions/setup-python#1183
• Change missing cache directory error to warning by @​aparnajyothi-y in actions/setup-python#1182
• Add Architecture-Specific PATH Management for Python with --user Flag on Windows by @​aparnajyothi-y in actions/setup-python#1122
• Include python version in PyPy python-version output by @​cdce8p in actions/setup-python#1110
• Update docs: clarification on pip authentication with setup-python by @​priya-kinthali in actions/setup-python#1156

Dependency updates:

• Upgrade idna from 2.9 to 3.7 in /tests/data by @​dependabot[bot] in actions/setup-python#843
• Upgrade form-data to fix critical vulnerabilities #182 & #183 by @​aparnajyothi-y in actions/setup-python#1163
• Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIndex.download by @​aparnajyothi-y in actions/setup-python#1165
• Upgrade actions/checkout from 4 to 5 by @​dependabot[bot] in actions/setup-python#1181
• Upgrade @​actions/tool-cache from 2.0.1 to 2.0.2 by @​dependabot[bot] in actions/setup-python#1095

New Contributors

• @​krystof-k made their first contribution in actions/setup-python#787
• @​cdce8p made their first contribution in actions/setup-python#1110
• @​aradkdj made their first contribution in actions/setup-python#1067

Full Changelog: actions/setup-python@v5...v6.0.0

Commits

• e797f83 Upgrade to node 24 (#1164)
• 3d1e2d2 Revert "Enhance cache-dependency-path handling to support files outside the w...
• 65b0712 Clarify pythonLocation behavior for PyPy and GraalPy in environment variables...
• 5b668cf Bump actions/checkout from 4 to 5 (#1181)
• f62a0e2 Change missing cache directory error to warning (#1182)
• 9322b3c Upgrade setuptools to 78.1.1 to fix path traversal vulnerability in PackageIn...
• fbeb884 Bump form-data to fix critical vulnerabilities #182 & #183 (#1163)
• 03bb615 Bump idna from 2.9 to 3.7 in /tests/data (#843)
• 36da51d Add version parsing from Pipfile (#1067)
• 3c6f142 update documentation (#1156)
• Additional commits viewable in compare view

Updates astral-sh/setup-uv from 6.8.0 to 7.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.1.0 🌈 Support all the use cases

Changes

Support all the use cases!!! ... well, that we know of.

This release adds support for some use cases that most users don't encounter but are useful for e.g. people running Gitea.

The input resolution-strategy lets you use the lowest possible version of uv from a version range. Useful if you want to test your tool with different versions of uv.

If you use activate-environment the path to the activated venv is now also exposed under the output venv.

Downloaded python installations can now also be uploaded to the GitHub Actions cache backend. Useful if you are running in act and have configured your own backend and don't want to download python again, and again over a slow internet connection.

Finally the path to installed python interpreters is now added to the PATH on Windows.

🚀 Enhancements

• Add resolution-strategy input to support oldest compatible version selection @copilot-swe-agent[bot] (#631)
• Add value of UV_PYTHON_INSTALL_DIR to path @​eifinger (#628)
• Set output venv when activate-environment is used @​eifinger (#627)
• Cache python installs @​merlinz01 (#621)

🧰 Maintenance

• Add copilot-instructions.md @​eifinger (#630)
• chore: update known checksums for 0.9.2 @github-actions[bot] (#626)
• chore: update known checksums for 0.9.1 @github-actions[bot] (#625)
• Fall back to PR for updating known versions @​eifinger (#623)

📚 Documentation

• Split up documentation @​eifinger (#632)

⬆️ Dependency updates

• Bump deps @​eifinger (#633)
• Bump github/codeql-action from 3.30.6 to 4.30.7 @dependabot[bot] (#614)

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

... (truncated)

Commits

• 3259c62 Bump deps (#633)
• bf8e8ed Split up documentation (#632)
• 9c6b5e9 Add resolution-strategy input to support oldest compatible version selection ...
• a5129e9 Add copilot-instructions.md (#630)
• d18bcc7 Add value of UV_PYTHON_INSTALL_DIR to path (#628)
• bd1f875 Set output venv when activate-environment is used (#627)
• 1a91c38 chore: update known checksums for 0.9.2 (#626)
• c79f606 chore: update known checksums for 0.9.1 (#625)
• e0249f1 Fall back to PR for updating known versions (#623)
• 6d2eb15 Cache python installs (#621)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions