chore: bump the actions group across 1 directory with 3 updates (#4193)

dependabot[bot] · web-flow · commit a49be8b7cb1d · 2026-04-14T12:07:23.000-04:00
Bumps the actions group with 3 updates in the / directory: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv), [ruby/setup-ruby](https://github.com/ruby/setup-ruby) and [docker/login-action](https://github.com/docker/login-action). Updates `astral-sh/setup-uv` from 7.6.0 to 8.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v8.0.0 🌈 Immutable releases and secure tags</h2> <h1>This is the first immutable release of <code>setup-uv</code> 🥳</h1> <p>All future releases are also immutable, if you want to know more about what this means checkout <a href="https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases">the docs</a>.</p> <p>This release also has two breaking changes</p> <h2>New format for <code>manifest-file</code></h2> <p>The previously deprecated way of defining a custom version manifest to control which <code>uv</code> versions are available and where to download them from got removed. The functionality is still there but you have to use the <a href="https://github.com/astral-sh/setup-uv/blob/main/docs/customization.md#format">new format</a>.</p> <h2>No more major and minor tags</h2> <p>To increase <strong>security</strong> even more we will <strong>stop publishing minor tags</strong>. You won't be able to use <code>@v8</code> or <code>@v8.0</code> any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to <a href="https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/">tj-actions</a>.</p> <blockquote> <p>[!TIP] Use the immutable tag as a version <code>astral-sh/setup-uv@v8.0.0</code> Or even better the githash <code>astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57</code></p> </blockquote> <h2>🚨 Breaking changes</h2> <ul> <li>Remove update-major-minor-tags workflow <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/826">#826</a>)</li> <li>Remove deprecrated custom manifest <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/813">#813</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>Shortcircuit latest version from manifest <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/828">#828</a>)</li> <li>Simplify inputs.ts <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/827">#827</a>)</li> <li>Bump release-drafter to v7.1.1 <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/825">#825</a>)</li> <li>Refactor inputs <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/823">#823</a>)</li> <li>Replace inline compile args with tsconfig <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/824">#824</a>)</li> <li>chore: update known checksums for 0.11.2 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/821">#821</a>)</li> <li>chore: update known checksums for 0.11.1 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/817">#817</a>)</li> <li>chore: update known checksums for 0.11.0 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/815">#815</a>)</li> <li>Fix latest-version workflow check <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/812">#812</a>)</li> <li>chore: update known checksums for 0.10.11/0.10.12 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/811">#811</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/setup-uv/commit/cec208311dfd045dd5311c1add060b2062131d57"><code>cec2083</code></a> Shortcircuit latest version from manifest (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/828">#828</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/4dd8ab45206a76f8c1dfe399fa88df10a7264f27"><code>4dd8ab4</code></a> Simplify inputs.ts (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/827">#827</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/7fdbe7cf0c8ef50cfd0878eed7b5180abc6b53c7"><code>7fdbe7c</code></a> Remove update-major-minor-tags workflow (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/826">#826</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/485abd05e5c74a247f0a309e333d2433ab9a353a"><code>485abd0</code></a> Bump release-drafter to v7.1.1 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/825">#825</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/f82eb19c06057c455674b2602e0139fd906f1428"><code>f82eb19</code></a> Refactor inputs (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/823">#823</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/868d1f74d9d862d7b40219546bfe35299c6dd452"><code>868d1f7</code></a> Replace inline compile args with tsconfig (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/824">#824</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/447e6d02b15d65b3247cce2d6019f11957285d11"><code>447e6d0</code></a> chore: update known checksums for 0.11.2 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/821">#821</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/5c62c5926145985eec91f09e2e0a75f40daed929"><code>5c62c59</code></a> chore: update known checksums for 0.11.1 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/817">#817</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/e1a7373adb857afd2a70b971e8ebdacc64ed27d0"><code>e1a7373</code></a> chore: update known checksums for 0.11.0 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/815">#815</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/89709315bb3bd4bf0f4b1db4b710e99009087ab5"><code>8970931</code></a> Remove deprecrated custom manifest (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/813">#813</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/setup-uv/compare/37802adc94f370d6bfd71619e3f0bf239e1f3b78...cec208311dfd045dd5311c1add060b2062131d57">compare view</a></li> </ul> </details> <br /> Updates `ruby/setup-ruby` from 1.299.0 to 1.300.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/setup-ruby/releases">ruby/setup-ruby's releases</a>.</em></p> <blockquote> <h2>v1.300.0</h2> <h2>What's Changed</h2> <ul> <li>Refactor matrix script by <a href="https://github.com/ntkme"><code>@​ntkme</code></a> in <a href="https://redirect.github.com/ruby/setup-ruby/pull/897">ruby/setup-ruby#897</a></li> <li>Add jruby-10.0.5.0 by <a href="https://github.com/ruby-builder-bot"><code>@​ruby-builder-bot</code></a> in <a href="https://redirect.github.com/ruby/setup-ruby/pull/900">ruby/setup-ruby#900</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0">https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/ruby/setup-ruby/commit/e65c17d16e57e481586a6a5a0282698790062f92"><code>e65c17d</code></a> Add jruby-10.0.5.0</li> <li><a href="https://github.com/ruby/setup-ruby/commit/ba696adf55506673e48342a66e30f1f53cadeae0"><code>ba696ad</code></a> Refactor matrix script</li> <li><a href="https://github.com/ruby/setup-ruby/commit/2327de0bdc11657e6bed81a43cae73251edb97a0"><code>2327de0</code></a> TruffleRuby 34+ does not support macOS Intel</li> <li>See full diff in <a href="https://github.com/ruby/setup-ruby/compare/3ff19f5e2baf30647122352b96108b1fbe250c64...e65c17d16e57e481586a6a5a0282698790062f92">compare view</a></li> </ul> </details> <br /> Updates `docker/login-action` from 4.0.0 to 4.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/login-action/releases">docker/login-action's releases</a>.</em></p> <blockquote> <h2>v4.1.0</h2> <ul> <li>Fix scoped Docker Hub cleanup path when registry is omitted by <a href="https://github.com/crazy-max"><code>@​crazy-max</code></a> in <a href="https://redirect.github.com/docker/login-action/pull/945">docker/login-action#945</a></li> <li>Bump <code>@​aws-sdk/client-ecr</code> and <code>@​aws-sdk/client-ecr-public</code> to 3.1020.0 in <a href="https://redirect.github.com/docker/login-action/pull/930">docker/login-action#930</a></li> <li>Bump <code>@​docker/actions-toolkit</code> from 0.77.0 to 0.86.0 in <a href="https://redirect.github.com/docker/login-action/pull/932">docker/login-action#932</a> <a href="https://redirect.github.com/docker/login-action/pull/936">docker/login-action#936</a></li> <li>Bump brace-expansion from 1.1.12 to 1.1.13 in <a href="https://redirect.github.com/docker/login-action/pull/952">docker/login-action#952</a></li> <li>Bump fast-xml-parser from 5.3.4 to 5.3.6 in <a href="https://redirect.github.com/docker/login-action/pull/942">docker/login-action#942</a></li> <li>Bump flatted from 3.3.3 to 3.4.2 in <a href="https://redirect.github.com/docker/login-action/pull/944">docker/login-action#944</a></li> <li>Bump glob from 10.3.12 to 10.5.0 in <a href="https://redirect.github.com/docker/login-action/pull/940">docker/login-action#940</a></li> <li>Bump handlebars from 4.7.8 to 4.7.9 in <a href="https://redirect.github.com/docker/login-action/pull/949">docker/login-action#949</a></li> <li>Bump http-proxy-agent and https-proxy-agent to 8.0.0 in <a href="https://redirect.github.com/docker/login-action/pull/937">docker/login-action#937</a></li> <li>Bump lodash from 4.17.23 to 4.18.1 in <a href="https://redirect.github.com/docker/login-action/pull/958">docker/login-action#958</a></li> <li>Bump minimatch from 3.1.2 to 3.1.5 in <a href="https://redirect.github.com/docker/login-action/pull/941">docker/login-action#941</a></li> <li>Bump picomatch from 4.0.3 to 4.0.4 in <a href="https://redirect.github.com/docker/login-action/pull/948">docker/login-action#948</a></li> <li>Bump undici from 6.23.0 to 6.24.1 in <a href="https://redirect.github.com/docker/login-action/pull/938">docker/login-action#938</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/docker/login-action/compare/v4.0.0...v4.1.0">https://github.com/docker/login-action/compare/v4.0.0...v4.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121"><code>4907a6d</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/930">#930</a> from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li> <li><a href="https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636"><code>1e233e6</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb"><code>6c24ead</code></a> build(deps): bump the aws-sdk-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6"><code>ee034d7</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/958">#958</a> from docker/dependabot/npm_and_yarn/lodash-4.18.1</li> <li><a href="https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb"><code>1527209</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/937">#937</a> from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li> <li><a href="https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b"><code>d39362a</code></a> build(deps): bump lodash from 4.17.23 to 4.18.1</li> <li><a href="https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce"><code>a6f092b</code></a> chore: update generated content</li> <li><a href="https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779"><code>60953f0</code></a> build(deps): bump the proxy-agent-dependencies group with 2 updates</li> <li><a href="https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340"><code>62c6885</code></a> Merge pull request <a href="https://redirect.github.com/docker/login-action/issues/936">#936</a> from docker/dependabot/npm_and_yarn/docker/actions-to...</li> <li><a href="https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a"><code>102c0e6</code></a> chore: update generated content</li> <li>Additional commits viewable in <a href="https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121">compare view</a></li> </ul> </details> <br /> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml
@@ -278,7 +278,7 @@ jobs:
           ./ci/scripts/python_test.sh "$(pwd)" "$(pwd)/build"
           docker compose down
           docker compose rm -fsv
-      - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78  # v7.6.0
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57  # v8.0.0
       - name: Run PostgreSQL Validation Suite
         run: |
           env POSTGRES_VERSION=18 docker compose up --wait --detach postgres-test
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
@@ -416,7 +416,7 @@ jobs:
           mv apache-arrow-adbc-$VERSION.tar.gz adbc/ci/linux-packages/
 
       - name: Set up Ruby
-        uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64  # v1.299.0
+        uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92  # v1.300.0
         with:
           ruby-version: ruby
 
@@ -428,7 +428,7 @@ jobs:
           restore-keys: linux-${{ env.TASK_NAMESPACE }}-ccache-${{ matrix.target }}-
 
       - name: Login to GitHub Container registry
-        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2  # v4.0.0
+        uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121  # v4.1.0
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
