Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v8.0.0→v8.0.1v7.3.1→v7.5.0v4.32.6→v4.33.0Release Notes
actions/download-artifact (actions/download-artifact)
v8.0.1Compare Source
What's Changed
Full Changelog: actions/download-artifact@v8...v8.0.1
astral-sh/setup-uv (astral-sh/setup-uv)
v7.5.0: 🌈 Use `astral-sh/versions` as version providerCompare Source
No more rate-limits
This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.
Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.
The
manifest-fileinput was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest.However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.
This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:
https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson
By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.
The
manifest-fileinput lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:
{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]} {"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}Changes
🚀 Enhancements
📚 Documentation
v7.4.0: 🌈 Add riscv64 architecture support to platform detectionCompare Source
Changes
Thank you @luhenry for adding support for riscv64 arch
🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates
github/codeql-action (github/codeql-action)
v4.33.0Compare Source
Upcoming change: Starting April 2026, the CodeQL Action will skip collecting file coverage information on pull requests to improve analysis performance. File coverage information will still be computed on non-PR analyses. Pull request analyses will log a warning about this upcoming change. #3562
To opt out of this change:
github-codeql-file-coverage-on-prsand the type "True/false", then set this property totruein the repository's settings. For more information, see Managing custom properties for repositories in your organization. Alternatively, if you are using an advanced setup workflow, you can set theCODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.CODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.CODEQL_ACTION_FILE_COVERAGE_ON_PRSenvironment variable totruein your workflow.Fixed a bug which caused the CodeQL Action to fail loading repository properties if a "Multi select" repository property was configured for the repository. #3557
The CodeQL Action now loads custom repository properties on GitHub Enterprise Server, enabling the customization of features such as
github-codeql-disable-overlaythat was previously only available on GitHub.com. #3559Once private package registries can be configured with OIDC-based authentication for organizations, the CodeQL Action will now be able to accept such configurations. #3563
Fixed the retry mechanism for database uploads. Previously this would fail with the error "Response body object should not be disturbed or locked". #3564
A warning is now emitted if the CodeQL Action detects a repository property whose name suggests that it relates to the CodeQL Action, but which is not one of the properties recognised by the current version of the CodeQL Action. #3570
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Renovate Bot.