Commit ef2ad7a
authored
chore(deps): Update dependencies for github (#533)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | patch | `v7.0.0` → `v7.0.1` |
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv) |
action | minor | `v8.0.0` → `v8.1.0` |
|
[github/codeql-action](https://redirect.github.com/github/codeql-action)
| action | minor | `v4.32.6` → `v4.35.4` |
---
### Release Notes
<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>
###
[`v7.0.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v7.0.1)
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v7...v7.0.1)
##### What's Changed
- Update the readme with direct upload details by
[@​danwkennedy](https://redirect.github.com/danwkennedy) in
[#​795](https://redirect.github.com/actions/upload-artifact/pull/795)
- Readme: bump all the example versions to v7 by
[@​danwkennedy](https://redirect.github.com/danwkennedy) in
[#​796](https://redirect.github.com/actions/upload-artifact/pull/796)
- Include changes in typespec/ts-http-runtime 0.3.5 by
[@​yacaovsnc](https://redirect.github.com/yacaovsnc) in
[#​797](https://redirect.github.com/actions/upload-artifact/pull/797)
**Full Changelog**:
<actions/upload-artifact@v7...v7.0.1>
</details>
<details>
<summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary>
###
[`v8.1.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v8.1.0):
🌈 New input `no-project`
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v8.0.0...v8.1.0)
#### Changes
This add the a new boolean input `no-project`.
It only makes sense to use in combination with `activate-environment:
true` and will append `--no project` to the `uv venv` call. This is for
example useful [if you have a pyproject.toml file with parts unparseable
by uv](https://redirect.github.com/astral-sh/setup-uv/issues/854)
#### 🚀 Enhancements
- Add input no-project in combination with activate-environment
[@​eifinger](https://redirect.github.com/eifinger)
([#​856](https://redirect.github.com/astral-sh/setup-uv/issues/856))
#### 🧰 Maintenance
- fix: grant contents:write to validate-release job
[@​eifinger](https://redirect.github.com/eifinger)
([#​860](https://redirect.github.com/astral-sh/setup-uv/issues/860))
- Add a release-gate step to the release workflow
[@​zanieb](https://redirect.github.com/zanieb)
([#​859](https://redirect.github.com/astral-sh/setup-uv/issues/859))
- Draft commitish releases
[@​eifinger](https://redirect.github.com/eifinger)
([#​858](https://redirect.github.com/astral-sh/setup-uv/issues/858))
- Add action-types.yml to instructions
[@​eifinger](https://redirect.github.com/eifinger)
([#​857](https://redirect.github.com/astral-sh/setup-uv/issues/857))
- chore: update known checksums for 0.11.7
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​853](https://redirect.github.com/astral-sh/setup-uv/issues/853))
- Refactor version resolving
[@​eifinger](https://redirect.github.com/eifinger)
([#​852](https://redirect.github.com/astral-sh/setup-uv/issues/852))
- chore: update known checksums for 0.11.6
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​850](https://redirect.github.com/astral-sh/setup-uv/issues/850))
- chore: update known checksums for 0.11.5
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​845](https://redirect.github.com/astral-sh/setup-uv/issues/845))
- chore: update known checksums for 0.11.4
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​843](https://redirect.github.com/astral-sh/setup-uv/issues/843))
- Add a release workflow
[@​zanieb](https://redirect.github.com/zanieb)
([#​839](https://redirect.github.com/astral-sh/setup-uv/issues/839))
- chore: update known checksums for 0.11.3
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions)
([#​836](https://redirect.github.com/astral-sh/setup-uv/issues/836))
#### 📚 Documentation
- Update ignore-nothing-to-cache documentation
[@​eifinger](https://redirect.github.com/eifinger)
([#​833](https://redirect.github.com/astral-sh/setup-uv/issues/833))
- Pin setup-uv docs to v8
[@​eifinger](https://redirect.github.com/eifinger)
([#​829](https://redirect.github.com/astral-sh/setup-uv/issues/829))
#### ⬆️ Dependency updates
- chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot)
([#​855](https://redirect.github.com/astral-sh/setup-uv/issues/855))
</details>
<details>
<summary>github/codeql-action (github/codeql-action)</summary>
###
[`v4.35.4`](https://redirect.github.com/github/codeql-action/releases/tag/v4.35.4)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.35.3...v4.35.4)
- Update default CodeQL bundle version to
[2.25.4](https://redirect.github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.4).
[#​3881](https://redirect.github.com/github/codeql-action/pull/3881)
###
[`v4.35.3`](https://redirect.github.com/github/codeql-action/releases/tag/v4.35.3)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.35.2...v4.35.3)
- *Upcoming breaking change*: Add a deprecation warning for customers
using CodeQL version 2.19.3 and earlier. These versions of CodeQL were
discontinued on 9 April 2026 alongside GitHub Enterprise Server 3.15,
and will be unsupported by the next minor release of the CodeQL Action.
[#​3837](https://redirect.github.com/github/codeql-action/pull/3837)
- Configurations for private registries that use Cloudsmith or GCP OIDC
are now accepted.
[#​3850](https://redirect.github.com/github/codeql-action/pull/3850)
- Best-effort connection tests for private registries now use `GET`
requests instead of `HEAD` for better compatibility with various
registry implementations. For NuGet feeds, the test is now always
performed against the service index.
[#​3853](https://redirect.github.com/github/codeql-action/pull/3853)
- Fixed a bug where two diagnostics produced within the same millisecond
could overwrite each other on disk, causing one of them to be lost.
[#​3852](https://redirect.github.com/github/codeql-action/pull/3852)
- Update default CodeQL bundle version to
[2.25.3](https://redirect.github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.3).
[#​3865](https://redirect.github.com/github/codeql-action/pull/3865)
###
[`v4.35.2`](https://redirect.github.com/github/codeql-action/releases/tag/v4.35.2)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.35.1...v4.35.2)
- The undocumented TRAP cache cleanup feature that could be enabled
using the `CODEQL_ACTION_CLEANUP_TRAP_CACHES` environment variable is
deprecated and will be removed in May 2026. If you are affected by this,
we recommend disabling TRAP caching by passing the `trap-caching: false`
input to the `init` Action.
[#​3795](https://redirect.github.com/github/codeql-action/pull/3795)
- The Git version 2.36.0 requirement for improved incremental analysis
now only applies to repositories that contain submodules.
[#​3789](https://redirect.github.com/github/codeql-action/pull/3789)
- Python analysis on GHES no longer extracts the standard library,
relying instead on models of the standard library. This should result in
significantly faster extraction and analysis times, while the effect on
alerts should be minimal.
[#​3794](https://redirect.github.com/github/codeql-action/pull/3794)
- Fixed a bug in the validation of OIDC configurations for private
registries that was added in CodeQL Action 4.33.0 / 3.33.0.
[#​3807](https://redirect.github.com/github/codeql-action/pull/3807)
- Update default CodeQL bundle version to
[2.25.2](https://redirect.github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.2).
[#​3823](https://redirect.github.com/github/codeql-action/pull/3823)
###
[`v4.35.1`](https://redirect.github.com/github/codeql-action/releases/tag/v4.35.1)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.35.0...v4.35.1)
- Fix incorrect minimum required Git version for [improved incremental
analysis](https://redirect.github.com/github/roadmap/issues/1158): it
should have been 2.36.0, not 2.11.0.
[#​3781](https://redirect.github.com/github/codeql-action/pull/3781)
###
[`v4.35.0`](https://redirect.github.com/github/codeql-action/releases/tag/v4.35.0)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.34.1...v4.35.0)
- Reduced the minimum Git version required for [improved incremental
analysis](https://redirect.github.com/github/roadmap/issues/1158) from
2.38.0 to 2.11.0.
[#​3767](https://redirect.github.com/github/codeql-action/pull/3767)
- Update default CodeQL bundle version to
[2.25.1](https://redirect.github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.1).
[#​3773](https://redirect.github.com/github/codeql-action/pull/3773)
###
[`v4.34.1`](https://redirect.github.com/github/codeql-action/releases/tag/v4.34.1)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.34.0...v4.34.1)
- Downgrade default CodeQL bundle version to
[2.24.3](https://redirect.github.com/github/codeql-action/releases/tag/codeql-bundle-v2.24.3)
due to issues with a small percentage of Actions and JavaScript
analyses.
[#​3762](https://redirect.github.com/github/codeql-action/pull/3762)
###
[`v4.34.0`](https://redirect.github.com/github/codeql-action/releases/tag/v4.34.0)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.33.0...v4.34.0)
- Added an experimental change which disables TRAP caching when
[improved incremental
analysis](https://redirect.github.com/github/roadmap/issues/1158) is
enabled, since improved incremental analysis supersedes TRAP caching.
This will improve performance and reduce Actions cache usage. We expect
to roll this change out to everyone in March.
[#​3569](https://redirect.github.com/github/codeql-action/pull/3569)
- We are rolling out improved incremental analysis to C/C++ analyses
that use build mode `none`. We expect this rollout to be complete by the
end of April 2026.
[#​3584](https://redirect.github.com/github/codeql-action/pull/3584)
- Update default CodeQL bundle version to
[2.25.0](https://redirect.github.com/github/codeql-action/releases/tag/codeql-bundle-v2.25.0).
[#​3585](https://redirect.github.com/github/codeql-action/pull/3585)
###
[`v4.33.0`](https://redirect.github.com/github/codeql-action/releases/tag/v4.33.0)
[Compare
Source](https://redirect.github.com/github/codeql-action/compare/v4.32.6...v4.33.0)
- Upcoming change: Starting April 2026, the CodeQL Action will skip
collecting file coverage information on pull requests to improve
analysis performance. File coverage information will still be computed
on non-PR analyses. Pull request analyses will log a warning about this
upcoming change.
[#​3562](https://redirect.github.com/github/codeql-action/pull/3562)
To opt out of this change:
- **Repositories owned by an organization:** Create a custom repository
property with the name `github-codeql-file-coverage-on-prs` and the type
"True/false", then set this property to `true` in the repository's
settings. For more information, see [Managing custom properties for
repositories in your
organization](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization).
Alternatively, if you are using an advanced setup workflow, you can set
the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true`
in your workflow.
- **User-owned repositories using default setup:** Switch to an advanced
setup workflow and set the `CODEQL_ACTION_FILE_COVERAGE_ON_PRS`
environment variable to `true` in your workflow.
- **User-owned repositories using advanced setup:** Set the
`CODEQL_ACTION_FILE_COVERAGE_ON_PRS` environment variable to `true` in
your workflow.
- Fixed [a
bug](https://redirect.github.com/github/codeql-action/issues/3555) which
caused the CodeQL Action to fail loading repository properties if a
"Multi select" repository property was configured for the repository.
[#​3557](https://redirect.github.com/github/codeql-action/pull/3557)
- The CodeQL Action now loads [custom repository
properties](https://docs.github.com/en/organizations/managing-organization-settings/managing-custom-properties-for-repositories-in-your-organization)
on GitHub Enterprise Server, enabling the customization of features such
as `github-codeql-disable-overlay` that was previously only available on
GitHub.com.
[#​3559](https://redirect.github.com/github/codeql-action/pull/3559)
- Once [private package
registries](https://docs.github.com/en/code-security/how-tos/secure-at-scale/configure-organization-security/manage-usage-and-access/giving-org-access-private-registries)
can be configured with OIDC-based authentication for organizations, the
CodeQL Action will now be able to accept such configurations.
[#​3563](https://redirect.github.com/github/codeql-action/pull/3563)
- Fixed the retry mechanism for database uploads. Previously this would
fail with the error "Response body object should not be disturbed or
locked".
[#​3564](https://redirect.github.com/github/codeql-action/pull/3564)
- A warning is now emitted if the CodeQL Action detects a repository
property whose name suggests that it relates to the CodeQL Action, but
which is not one of the properties recognised by the current version of
the CodeQL Action.
[#​3570](https://redirect.github.com/github/codeql-action/pull/3570)
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- At any time (no schedule defined)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/GoogleCloudPlatform/alloydb-python-connector).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My42Ni40IiwidXBkYXRlZEluVmVyIjoiNDMuMTU5LjIiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->1 parent 74e9dea commit ef2ad7a
5 files changed
Lines changed: 9 additions & 9 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
49 | 49 | | |
50 | 50 | | |
51 | 51 | | |
52 | | - | |
| 52 | + | |
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
56 | 56 | | |
57 | 57 | | |
58 | 58 | | |
59 | | - | |
| 59 | + | |
60 | 60 | | |
61 | 61 | | |
62 | | - | |
| 62 | + | |
63 | 63 | | |
64 | 64 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
37 | | - | |
| 37 | + | |
38 | 38 | | |
39 | 39 | | |
40 | 40 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
| 38 | + | |
39 | 39 | | |
40 | 40 | | |
41 | 41 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
60 | | - | |
| 60 | + | |
61 | 61 | | |
62 | 62 | | |
63 | 63 | | |
64 | 64 | | |
65 | 65 | | |
66 | 66 | | |
67 | 67 | | |
68 | | - | |
| 68 | + | |
69 | 69 | | |
70 | 70 | | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
53 | 53 | | |
54 | 54 | | |
55 | 55 | | |
56 | | - | |
| 56 | + | |
57 | 57 | | |
58 | 58 | | |
59 | 59 | | |
| |||
120 | 120 | | |
121 | 121 | | |
122 | 122 | | |
123 | | - | |
| 123 | + | |
124 | 124 | | |
125 | 125 | | |
126 | 126 | | |
| |||
0 commit comments