dependabot[bot] opened a new pull request, #1500: URL: https://github.com/apache/datafusion-python/pull/1500
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.3.1 to 8.1.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/astral-sh/setup-uv/releases";>astral-sh/setup-uv's releases</a>.</em></p> <blockquote> <h2>v8.1.0 🌈 New input <code>no-project</code></h2> <h2>Changes</h2> <p>This add the a new boolean input <code>no-project</code>. It only makes sense to use in combination with <code>activate-environment: true</code> and will append <code>--no project</code> to the <code>uv venv</code> call. This is for example useful <a href="https://redirect.github.com/astral-sh/setup-uv/issues/854";>if you have a pyproject.toml file with parts unparseable by uv</a></p> <h2>🚀 Enhancements</h2> <ul> <li>Add input no-project in combination with activate-environment <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/856";>#856</a>)</li> </ul> <h2>🧰 Maintenance</h2> <ul> <li>fix: grant contents:write to validate-release job <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/860";>#860</a>)</li> <li>Add a release-gate step to the release workflow <a href="https://github.com/zanieb";><code>@zanieb</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/859";>#859</a>)</li> <li>Draft commitish releases <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/858";>#858</a>)</li> <li>Add action-types.yml to instructions <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/857";>#857</a>)</li> <li>chore: update known checksums for 0.11.7 @<a href="https://github.com/apps/github-actions";>github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/853";>#853</a>)</li> <li>Refactor version resolving <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/852";>#852</a>)</li> <li>chore: update known checksums for 0.11.6 @<a href="https://github.com/apps/github-actions";>github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/850";>#850</a>)</li> <li>chore: update known checksums for 0.11.5 @<a href="https://github.com/apps/github-actions";>github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/845";>#845</a>)</li> <li>chore: update known checksums for 0.11.4 @<a href="https://github.com/apps/github-actions";>github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/843";>#843</a>)</li> <li>Add a release workflow <a href="https://github.com/zanieb";><code>@zanieb</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/839";>#839</a>)</li> <li>chore: update known checksums for 0.11.3 @<a href="https://github.com/apps/github-actions";>github-actions[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/836";>#836</a>)</li> </ul> <h2>📚 Documentation</h2> <ul> <li>Update ignore-nothing-to-cache documentation <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/833";>#833</a>)</li> <li>Pin setup-uv docs to v8 <a href="https://github.com/eifinger";><code>@eifinger</code></a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/829";>#829</a>)</li> </ul> <h2>⬆️ Dependency updates</h2> <ul> <li>chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @<a href="https://github.com/apps/dependabot";>dependabot[bot]</a> (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/855";>#855</a>)</li> </ul> <h2>v8.0.0 🌈 Immutable releases and secure tags</h2> <h1>This is the first immutable release of <code>setup-uv</code> 🥳</h1> <p>All future releases are also immutable, if you want to know more about what this means checkout <a href="https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases";>the docs</a>.</p> <p>This release also has two breaking changes</p> <h2>New format for <code>manifest-file</code></h2> <p>The previously deprecated way of defining a custom version manifest to control which <code>uv</code> versions are available and where to download them from got removed. The functionality is still there but you have to use the <a href="https://github.com/astral-sh/setup-uv/blob/main/docs/customization.md#format";>new format</a>.</p> <h2>No more major and minor tags</h2> <p>To increase <strong>security</strong> even more we will <strong>stop publishing minor tags</strong>. You won't be able to use <code>@v8</code> or <code>@v8.0</code> any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to <a href="https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/";>tj-actions</a>.</p> <blockquote> <p>[!TIP] Use the immutable tag as a version <code>astral-sh/[email protected]</code> Or even better the githash <code>astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57</code></p> </blockquote> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/astral-sh/setup-uv/commit/08807647e7069bb48b6ef5acd8ec9567f424441b";><code>0880764</code></a> fix: grant contents:write to validate-release job (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/860";>#860</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/717d6aba0f15312f509f5c4999e34d71ecbab8a9";><code>717d6ab</code></a> Add a release-gate step to the release workflow (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/859";>#859</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/5a911eb3a3983b5e650f2dad95c1ce698ca94378";><code>5a911eb</code></a> Draft commitish releases (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/858";>#858</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/080c31e04cd7155b0ca676d08c7bc260a4476a23";><code>080c31e</code></a> Add action-types.yml to instructions (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/857";>#857</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/b3e97d2ba1a1eed7e9d1f8456dd06c3b725bc3a6";><code>b3e97d2</code></a> Add input no-project in combination with activate-environment (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/856";>#856</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/7dd591db9557f680290587fcc578372813b9ff64";><code>7dd591d</code></a> chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/855";>#855</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/1541b7762698877904805605192ecd63d0e4787a";><code>1541b77</code></a> chore: update known checksums for 0.11.7 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/853";>#853</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/cdfb2ee6dde255817c739680168ad81e184c4bfb";><code>cdfb2ee</code></a> Refactor version resolving (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/852";>#852</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/cb84d12dc6a0d495b82fcae14fa4559b90698660";><code>cb84d12</code></a> chore: update known checksums for 0.11.6 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/850";>#850</a>)</li> <li><a href="https://github.com/astral-sh/setup-uv/commit/1912cc65f2e839707d7a16f2372f30b57d35fd80";><code>1912cc6</code></a> chore: update known checksums for 0.11.5 (<a href="https://redirect.github.com/astral-sh/setup-uv/issues/845";>#845</a>)</li> <li>Additional commits viewable in <a href="https://github.com/astral-sh/setup-uv/compare/5a095e7a2014a4212f075830d4f7277575a9d098...08807647e7069bb48b6ef5acd8ec9567f424441b";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
