chore: bump astral-sh/setup-uv from 6.7.0 to 7.1.1 (#369)

dependabot[bot] · web-flow · commit 8b63b15615b2 · 2025-10-27T10:32:04.000+01:00
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6.7.0 to 7.1.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v7.1.1 🌈 Fix empty workdir detection and lowest resolution strategy</h2> <h2>Changes</h2> <p>This release fixes a bug where the <code>working-directory</code> input was not used to detect an empty work dir. It also fixes the <code>lowest</code> resolution strategy resolving to latest when only a lower bound was specified.</p> <p>Special thanks to <a href="https://github.com/tpgillam"><code>@​tpgillam</code></a> for the first contribution!</p> <h2>🐛 Bug fixes</h2> <ul> <li>Fix &quot;lowest&quot; resolution strategy with lower-bound only <a href="https://github.com/tpgillam"><code>@​tpgillam</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/649">#649</a>)</li> <li>Use working-directory to detect empty workdir <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/645">#645</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>chore: update known checksums for 0.9.4 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/651">#651</a>)</li> <li>chore: update known checksums for 0.9.3 @<a href="https://github.com/apps/github-actions">github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/644">#644</a>)</li> </ul> <h2>📚 Documentation</h2> <ul> <li>Change version in docs to v7 <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/647">#647</a>)</li> </ul> <h2>⬆️ Dependency updates</h2> <ul> <li>Bump github/codeql-action from 4.30.7 to 4.30.8 @<a href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/639">#639</a>)</li> <li>Bump actions/setup-node from 5.0.0 to 6.0.0 @<a href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/641">#641</a>)</li> <li>Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 @<a href="https://github.com/apps/dependabot">dependabot[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/634">#634</a>)</li> <li>Update lockfile with latest npm <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/636">#636</a>)</li> </ul> <h2>v7.1.0 🌈 Support all the use cases</h2> <h2>Changes</h2> <p><strong>Support all the use cases!!!</strong> ... well, that we know of.</p> <p>This release adds support for some use cases that most users don't encounter but are useful for e.g. people running Gitea.</p> <p>The input <code>resolution-strategy</code> lets you use the lowest possible version of uv from a version range. Useful if you want to test your tool with different versions of uv.</p> <p>If you use <code>activate-environment</code> the path to the activated venv is now also exposed under the output <code>venv</code>.</p> <p>Downloaded python installations can now also be uploaded to the GitHub Actions cache backend. Useful if you are running in <code>act</code> and have configured your own backend and don't want to download python again, and again over a slow internet connection.</p> <p>Finally the path to installed python interpreters is now added to the <code>PATH</code> on Windows.</p> <h2>🚀 Enhancements</h2> <ul> <li>Add resolution-strategy input to support oldest compatible version selection @<a href="https://github.com/apps/copilot-swe-agent">copilot-swe-agent[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/631">#631</a>)</li> <li>Add value of UV_PYTHON_INSTALL_DIR to path <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/628">#628</a>)</li> <li>Set output venv when activate-environment is used <a href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/627">#627</a>)</li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/setup-uv/commit/2ddd2b9cb38ad8efd50337e8ab201519a34c9f24"><code>2ddd2b9</code></a> chore: update known checksums for 0.9.4 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/651">#651</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/b7bf78939d77607a9ccb489e4ec4651ba1092d5c"><code>b7bf789</code></a> Fix &quot;lowest&quot; resolution strategy with lower-bound only (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/649">#649</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/cb6c0a53d9c61608defba05145184489d20183b2"><code>cb6c0a5</code></a> Change version in docs to v7 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/647">#647</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/dffc6292f2060d80116faf1baee66598a67f042c"><code>dffc629</code></a> Use working-directory to detect empty workdir (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/645">#645</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/6e346e1653b720be5aaa194026b82bdef65869c7"><code>6e346e1</code></a> chore: update known checksums for 0.9.3 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/644">#644</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/3ccd0fd498ef6303a98d4125859aae05eedf6294"><code>3ccd0fd</code></a> Bump github/codeql-action from 4.30.7 to 4.30.8 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/639">#639</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/ce6dbd84e16b87aae956dc7c4caa8fd37a0af793"><code>ce6dbd8</code></a> Bump actions/setup-node from 5.0.0 to 6.0.0 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/641">#641</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/2382069a66b5b52782577081ec324838fd5fc1fc"><code>2382069</code></a> Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/634">#634</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/b1daf91f4e1bc4ac09cc4af84e8cd78da243aa80"><code>b1daf91</code></a> Update lockfile with latest npm (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/636">#636</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/3259c6206f993105e3a61b142c2d97bf4b9ef83d"><code>3259c62</code></a> Bump deps (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/633">#633</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/setup-uv/compare/b75a909f75acd358c2196fb9a5f1299a9a8868a4...2ddd2b9cb38ad8efd50337e8ab201519a34c9f24">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=astral-sh/setup-uv&package-manager=github_actions&previous-version=6.7.0&new-version=7.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -16,7 +16,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install uv
-        uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
+        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
 
       - name: Install the project
         run: uv sync --locked --group dev
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -101,7 +101,7 @@ jobs:
           path: dist
 
       - name: Install uv
-        uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
+        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
         with:
           version: ${{ env.UV_VERSION }}
 
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -36,7 +36,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       
       - name: Install uv
-        uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
+        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
 
       - name: Install the project
         run: uv sync --locked --extra cli
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
       - name: Install uv
-        uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
+        uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
 
       - name: Install the dependencies
         run: uv sync --locked --group dev --all-extras --python ${{ matrix.python-version }}
diff --git a/.github/workflows/weekly_download.yml b/.github/workflows/weekly_download.yml
@@ -21,7 +21,7 @@ jobs:
             token: ${{ steps.app-token.outputs.token }}
             ref: ${{ github.head_ref }}
         - name: Install uv
-          uses: astral-sh/setup-uv@b75a909f75acd358c2196fb9a5f1299a9a8868a4 # v6.7.0
+          uses: astral-sh/setup-uv@2ddd2b9cb38ad8efd50337e8ab201519a34c9f24 # v7.1.1
 
         - name: Install the project
           run: uv sync --locked --only-group download
