mirror of https://github.com/astral-sh/ruff
21 Commits
| Author | SHA1 | Message | Date |
|---|---|---|---|
renovate[bot]
|
6ae7e7ba6b
|
Update Swatinem/rust-cache action to v2.8.1 (#20708)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
3adb478c6b
|
Update actions/setup-python action to v6 (#20408)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
9e4acd8bdd
|
Update actions/checkout action to v5 (#20404) | |
|
renovate[bot]
|
3d2a0c3cd6
|
Update Swatinem/rust-cache action to v2.8.0 (#19168)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [Swatinem/rust-cache](https://redirect.github.com/Swatinem/rust-cache) | action | minor | `v2.7.8` -> `v2.8.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>Swatinem/rust-cache (Swatinem/rust-cache)</summary> ### [`v2.8.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.8.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.8...v2.8.0) ##### What's Changed - Add cache-workspace-crates feature by [@​jbransen](https://redirect.github.com/jbransen) in [https://github.com/Swatinem/rust-cache/pull/246](https://redirect.github.com/Swatinem/rust-cache/pull/246) - Feat: support warpbuild cache provider by [@​stegaBOB](https://redirect.github.com/stegaBOB) in [https://github.com/Swatinem/rust-cache/pull/247](https://redirect.github.com/Swatinem/rust-cache/pull/247) ##### New Contributors - [@​jbransen](https://redirect.github.com/jbransen) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/246](https://redirect.github.com/Swatinem/rust-cache/pull/246) - [@​stegaBOB](https://redirect.github.com/stegaBOB) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/247](https://redirect.github.com/Swatinem/rust-cache/pull/247) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.7.8...v2.8.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNy4yIiwidXBkYXRlZEluVmVyIjoiNDEuMTcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
87c64c9eab
|
Update actions/setup-python action to v5.6.0 (#17846)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
50eb3f539e
|
Update actions/setup-python action to v5.5.0 (#17260)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | minor | `v5` -> `v5.5.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/setup-python (actions/setup-python)</summary> ### [`v5.5.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.5.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.4.0...v5.5.0) ##### What's Changed ##### Enhancements: - Support free threaded Python versions like '3.13t' by [@​colesbury](https://redirect.github.com/colesbury) in [https://github.com/actions/setup-python/pull/973](https://redirect.github.com/actions/setup-python/pull/973) - Enhance Workflows: Include ubuntu-arm runners, Add e2e Testing for free threaded and Upgrade [@​action/cache](https://redirect.github.com/action/cache) from 4.0.0 to 4.0.3 by [@​priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/1056](https://redirect.github.com/actions/setup-python/pull/1056) - Add support for .tool-versions file in setup-python by [@​mahabaleshwars](https://redirect.github.com/mahabaleshwars) in [https://github.com/actions/setup-python/pull/1043](https://redirect.github.com/actions/setup-python/pull/1043) ##### Bug fixes: - Fix architecture for pypy on Linux ARM64 by [@​mayeut](https://redirect.github.com/mayeut) in [https://github.com/actions/setup-python/pull/1011](https://redirect.github.com/actions/setup-python/pull/1011) This update maps arm64 to aarch64 for Linux ARM64 PyPy installations. ##### Dependency updates: - Upgrade [@​vercel/ncc](https://redirect.github.com/vercel/ncc) from 0.38.1 to 0.38.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/1016](https://redirect.github.com/actions/setup-python/pull/1016) - Upgrade [@​actions/glob](https://redirect.github.com/actions/glob) from 0.4.0 to 0.5.0 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/1015](https://redirect.github.com/actions/setup-python/pull/1015) ##### New Contributors - [@​colesbury](https://redirect.github.com/colesbury) made their first contribution in [https://github.com/actions/setup-python/pull/973](https://redirect.github.com/actions/setup-python/pull/973) - [@​mahabaleshwars](https://redirect.github.com/mahabaleshwars) made their first contribution in [https://github.com/actions/setup-python/pull/1043](https://redirect.github.com/actions/setup-python/pull/1043) **Full Changelog**: https://github.com/actions/setup-python/compare/v5...v5.5.0 ### [`v5.4.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.4.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.3.0...v5.4.0) #### What's Changed ##### Enhancements: - Update cache error message by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-python/pull/968](https://redirect.github.com/actions/setup-python/pull/968) - Enhance Workflows: Add Ubuntu-24, Remove Python 3.8 by [@​priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/985](https://redirect.github.com/actions/setup-python/pull/985) - Configure Dependabot settings by [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-python/pull/1008](https://redirect.github.com/actions/setup-python/pull/1008) ##### Documentation changes: - Readme update - recommended permissions by [@​benwells](https://redirect.github.com/benwells) in [https://github.com/actions/setup-python/pull/1009](https://redirect.github.com/actions/setup-python/pull/1009) - Improve Advanced Usage examples by [@​lrq3000](https://redirect.github.com/lrq3000) in [https://github.com/actions/setup-python/pull/645](https://redirect.github.com/actions/setup-python/pull/645) ##### Dependency updates: - Upgrade `undici` from 5.28.4 to 5.28.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/1012](https://redirect.github.com/actions/setup-python/pull/1012) - Upgrade `urllib3` from 1.25.9 to 1.26.19 in /**tests**/data by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/895](https://redirect.github.com/actions/setup-python/pull/895) - Upgrade `actions/publish-immutable-action` from 0.0.3 to 0.0.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/1014](https://redirect.github.com/actions/setup-python/pull/1014) - Upgrade `@actions/http-client` from 2.2.1 to 2.2.3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/1020](https://redirect.github.com/actions/setup-python/pull/1020) - Upgrade `requests` from 2.24.0 to 2.32.2 in /**tests**/data by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/1019](https://redirect.github.com/actions/setup-python/pull/1019) - Upgrade `@actions/cache` to `^4.0.0` by [@​priyagupta108](https://redirect.github.com/priyagupta108) in [https://github.com/actions/setup-python/pull/1007](https://redirect.github.com/actions/setup-python/pull/1007) #### New Contributors - [@​benwells](https://redirect.github.com/benwells) made their first contribution in [https://github.com/actions/setup-python/pull/1009](https://redirect.github.com/actions/setup-python/pull/1009) - [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) made their first contribution in [https://github.com/actions/setup-python/pull/1008](https://redirect.github.com/actions/setup-python/pull/1008) - [@​lrq3000](https://redirect.github.com/lrq3000) made their first contribution in [https://github.com/actions/setup-python/pull/645](https://redirect.github.com/actions/setup-python/pull/645) **Full Changelog**: https://github.com/actions/setup-python/compare/v5...v5.4.0 ### [`v5.3.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.3.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.2.0...v5.3.0) ##### What's Changed - Add workflow file for publishing releases to immutable action package by [@​Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-python/pull/941](https://redirect.github.com/actions/setup-python/pull/941) - Upgrade IA publish by [@​Jcambass](https://redirect.github.com/Jcambass) in [https://github.com/actions/setup-python/pull/943](https://redirect.github.com/actions/setup-python/pull/943) ##### Bug Fixes: - Normalise Line Endings to Ensure Cross-Platform Consistency by [@​priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/938](https://redirect.github.com/actions/setup-python/pull/938) - Revise `isGhes` logic by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/setup-python/pull/963](https://redirect.github.com/actions/setup-python/pull/963) - Bump pillow from 7.2 to 10.2.0 by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-python/pull/956](https://redirect.github.com/actions/setup-python/pull/956) ##### Enhancements: - Enhance workflows and documentation updates by [@​priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/965](https://redirect.github.com/actions/setup-python/pull/965) - Bump default versions to latest by [@​jeffwidman](https://redirect.github.com/jeffwidman) in [https://github.com/actions/setup-python/pull/905](https://redirect.github.com/actions/setup-python/pull/905) ##### New Contributors - [@​Jcambass](https://redirect.github.com/Jcambass) made their first contribution in [https://github.com/actions/setup-python/pull/941](https://redirect.github.com/actions/setup-python/pull/941) - [@​jww3](https://redirect.github.com/jww3) made their first contribution in [https://github.com/actions/setup-python/pull/963](https://redirect.github.com/actions/setup-python/pull/963) **Full Changelog**: https://github.com/actions/setup-python/compare/v5...v5.3.0 ### [`v5.2.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.2.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.1.1...v5.2.0) #### What's Changed ##### Bug fixes: - Add `.zip` extension to Windows package downloads for `Expand-Archive` Compatibility by [@​priyagupta108](https://redirect.github.com/priyagupta108) in [https://github.com/actions/setup-python/pull/916](https://redirect.github.com/actions/setup-python/pull/916) This addresses compatibility issues on Windows self-hosted runners by ensuring that the filenames for Python and PyPy package downloads explicitly include the .zip extension, allowing the Expand-Archive command to function correctly. - Add arch to cache key by [@​Zxilly](https://redirect.github.com/Zxilly) in [https://github.com/actions/setup-python/pull/896](https://redirect.github.com/actions/setup-python/pull/896) This addresses issues with caching by adding the architecture (arch) to the cache key, ensuring that cache keys are accurate to prevent conflicts. Note: This change may break previous cache keys as they will no longer be compatible with the new format. ##### Documentation changes: - Fix display of emojis in contributors doc by [@​sciencewhiz](https://redirect.github.com/sciencewhiz) in [https://github.com/actions/setup-python/pull/899](https://redirect.github.com/actions/setup-python/pull/899) - Documentation update for caching poetry dependencies by [@​gowridurgad](https://redirect.github.com/gowridurgad) in [https://github.com/actions/setup-python/pull/908](https://redirect.github.com/actions/setup-python/pull/908) ##### Dependency updates: - Bump [@​iarna/toml](https://redirect.github.com/iarna/toml) version from 2.2.5 to 3.0.0 by [@​priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/912](https://redirect.github.com/actions/setup-python/pull/912) - Bump pyinstaller from 3.6 to 5.13.1 by [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) in [https://github.com/actions/setup-python/pull/923](https://redirect.github.com/actions/setup-python/pull/923) #### New Contributors - [@​sciencewhiz](https://redirect.github.com/sciencewhiz) made their first contribution in [https://github.com/actions/setup-python/pull/899](https://redirect.github.com/actions/setup-python/pull/899) - [@​priyagupta108](https://redirect.github.com/priyagupta108) made their first contribution in [https://github.com/actions/setup-python/pull/916](https://redirect.github.com/actions/setup-python/pull/916) - [@​Zxilly](https://redirect.github.com/Zxilly) made their first contribution in [https://github.com/actions/setup-python/pull/896](https://redirect.github.com/actions/setup-python/pull/896) - [@​aparnajyothi-y](https://redirect.github.com/aparnajyothi-y) made their first contribution in [https://github.com/actions/setup-python/pull/923](https://redirect.github.com/actions/setup-python/pull/923) **Full Changelog**: https://github.com/actions/setup-python/compare/v5...v5.2.0 ### [`v5.1.1`](https://redirect.github.com/actions/setup-python/releases/tag/v5.1.1) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.1.0...v5.1.1) #### What's Changed ##### Bug fixes: - fix(ci): update all failing workflows by [@​mayeut](https://redirect.github.com/mayeut) in [https://github.com/actions/setup-python/pull/863](https://redirect.github.com/actions/setup-python/pull/863) This update ensures compatibility and optimal performance of workflows on the latest macOS version. ##### Documentation changes: - Documentation update for cache by [@​gowridurgad](https://redirect.github.com/gowridurgad) in [https://github.com/actions/setup-python/pull/873](https://redirect.github.com/actions/setup-python/pull/873) ##### Dependency updates: - Bump braces from 3.0.2 to 3.0.3 and undici from 5.28.3 to 5.28.4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/setup-python/pull/893](https://redirect.github.com/actions/setup-python/pull/893) #### New Contributors - [@​gowridurgad](https://redirect.github.com/gowridurgad) made their first contribution in [https://github.com/actions/setup-python/pull/873](https://redirect.github.com/actions/setup-python/pull/873) **Full Changelog**: https://github.com/actions/setup-python/compare/v5...v5.1.1 ### [`v5.1.0`](https://redirect.github.com/actions/setup-python/releases/tag/v5.1.0) [Compare Source](https://redirect.github.com/actions/setup-python/compare/v5.0.0...v5.1.0) #### What's Changed - Leveraging the raw API to retrieve the version-manifest, as it does not impose a rate limit and hence facilitates unrestricted consumption without the need for a token for Github Enterprise Servers by [@​Shegox](https://redirect.github.com/Shegox) in [https://github.com/actions/setup-python/pull/766](https://redirect.github.com/actions/setup-python/pull/766). - Dependency updates by [@​dependabot](https://redirect.github.com/dependabot) and [@​HarithaVattikuti](https://redirect.github.com/HarithaVattikuti) in [https://github.com/actions/setup-python/pull/817](https://redirect.github.com/actions/setup-python/pull/817) - Documentation changes for version in README by [@​basnijholt](https://redirect.github.com/basnijholt) in [https://github.com/actions/setup-python/pull/776](https://redirect.github.com/actions/setup-python/pull/776) - Documentation changes for link in README by [@​ukd1](https://redirect.github.com/ukd1) in [https://github.com/actions/setup-python/pull/793](https://redirect.github.com/actions/setup-python/pull/793) - Documentation changes for link in Advanced Usage by [@​Jamim](https://redirect.github.com/Jamim) in [https://github.com/actions/setup-python/pull/782](https://redirect.github.com/actions/setup-python/pull/782) - Documentation changes for avoiding rate limit issues on GHES by [@​priya-kinthali](https://redirect.github.com/priya-kinthali) in [https://github.com/actions/setup-python/pull/835](https://redirect.github.com/actions/setup-python/pull/835) #### New Contributors - [@​basnijholt](https://redirect.github.com/basnijholt) made their first contribution in [https://github.com/actions/setup-python/pull/776](https://redirect.github.com/actions/setup-python/pull/776) - [@​ukd1](https://redirect.github.com/ukd1) made their first contribution in [https://github.com/actions/setup-python/pull/793](https://redirect.github.com/actions/setup-python/pull/793) - [@​Jamim](https://redirect.github.com/Jamim) made their first contribution in [https://github.com/actions/setup-python/pull/782](https://redirect.github.com/actions/setup-python/pull/782) - [@​Shegox](https://redirect.github.com/Shegox) made their first contribution in [https://github.com/actions/setup-python/pull/766](https://redirect.github.com/actions/setup-python/pull/766) - [@​priya-kinthali](https://redirect.github.com/priya-kinthali) made their first contribution in [https://github.com/actions/setup-python/pull/835](https://redirect.github.com/actions/setup-python/pull/835) **Full Changelog**: https://github.com/actions/setup-python/compare/v5.0.0...v5.1.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
1120def16a
|
Update Swatinem/rust-cache action to v2.7.8 (#17255)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [Swatinem/rust-cache](https://redirect.github.com/Swatinem/rust-cache) | action | minor | `v2` -> `v2.7.8` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>Swatinem/rust-cache (Swatinem/rust-cache)</summary> ### [`v2.7.8`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.7.8) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.7...v2.7.8) ##### What's Changed - Include CPU arch in the cache key for arm64 Linux runners by [@​rhysd](https://redirect.github.com/rhysd) in [https://github.com/Swatinem/rust-cache/pull/228](https://redirect.github.com/Swatinem/rust-cache/pull/228) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.7.7...v2.7.8 ### [`v2.7.7`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.7.7) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.6...v2.7.7) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.7.6...v2.7.7 ### [`v2.7.6`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.7.6) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.5...v2.7.6) ##### What's Changed - Updated artifact upload action to v4 by [@​guylamar2006](https://redirect.github.com/guylamar2006) in [https://github.com/Swatinem/rust-cache/pull/212](https://redirect.github.com/Swatinem/rust-cache/pull/212) - Adds an option to do lookup-only of the cache by [@​danlec](https://redirect.github.com/danlec) in [https://github.com/Swatinem/rust-cache/pull/217](https://redirect.github.com/Swatinem/rust-cache/pull/217) - add runner OS in cache key by [@​rnbguy](https://redirect.github.com/rnbguy) in [https://github.com/Swatinem/rust-cache/pull/220](https://redirect.github.com/Swatinem/rust-cache/pull/220) - Allow opting out of caching $CARGO_HOME/bin. by [@​benjyw](https://redirect.github.com/benjyw) in [https://github.com/Swatinem/rust-cache/pull/216](https://redirect.github.com/Swatinem/rust-cache/pull/216) ##### New Contributors - [@​guylamar2006](https://redirect.github.com/guylamar2006) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/212](https://redirect.github.com/Swatinem/rust-cache/pull/212) - [@​danlec](https://redirect.github.com/danlec) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/217](https://redirect.github.com/Swatinem/rust-cache/pull/217) - [@​rnbguy](https://redirect.github.com/rnbguy) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/220](https://redirect.github.com/Swatinem/rust-cache/pull/220) - [@​benjyw](https://redirect.github.com/benjyw) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/216](https://redirect.github.com/Swatinem/rust-cache/pull/216) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.7.5...v2.7.6 ### [`v2.7.5`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.7.5) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.3...v2.7.5) ##### What's Changed - Upgrade checkout action from version 3 to 4 by [@​carsten-wenderdel](https://redirect.github.com/carsten-wenderdel) in [https://github.com/Swatinem/rust-cache/pull/190](https://redirect.github.com/Swatinem/rust-cache/pull/190) - fix: usage of `deprecated` version of `node` by [@​hamirmahal](https://redirect.github.com/hamirmahal) in [https://github.com/Swatinem/rust-cache/pull/197](https://redirect.github.com/Swatinem/rust-cache/pull/197) - Only run macOsWorkaround() on macOS by [@​heksesang](https://redirect.github.com/heksesang) in [https://github.com/Swatinem/rust-cache/pull/206](https://redirect.github.com/Swatinem/rust-cache/pull/206) - Support Cargo.lock format cargo-lock v4 by [@​NobodyXu](https://redirect.github.com/NobodyXu) in [https://github.com/Swatinem/rust-cache/pull/211](https://redirect.github.com/Swatinem/rust-cache/pull/211) ##### New Contributors - [@​carsten-wenderdel](https://redirect.github.com/carsten-wenderdel) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/190](https://redirect.github.com/Swatinem/rust-cache/pull/190) - [@​hamirmahal](https://redirect.github.com/hamirmahal) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/197](https://redirect.github.com/Swatinem/rust-cache/pull/197) - [@​heksesang](https://redirect.github.com/heksesang) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/206](https://redirect.github.com/Swatinem/rust-cache/pull/206) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.7.3...v2.7.5 ### [`v2.7.3`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.7.3) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.2...v2.7.3) - Work around upstream problem that causes cache saving to hang for minutes. **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.7.2...v2.7.3 ### [`v2.7.2`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.7.2) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.1...v2.7.2) ##### What's Changed - Update action runtime to `node20` by [@​rhysd](https://redirect.github.com/rhysd) in [https://github.com/Swatinem/rust-cache/pull/175](https://redirect.github.com/Swatinem/rust-cache/pull/175) - Only key by `Cargo.toml` and `Cargo.lock` files of workspace members by [@​max-heller](https://redirect.github.com/max-heller) in [https://github.com/Swatinem/rust-cache/pull/180](https://redirect.github.com/Swatinem/rust-cache/pull/180) ##### New Contributors - [@​rhysd](https://redirect.github.com/rhysd) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/175](https://redirect.github.com/Swatinem/rust-cache/pull/175) - [@​max-heller](https://redirect.github.com/max-heller) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/180](https://redirect.github.com/Swatinem/rust-cache/pull/180) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.7.1...v2.7.2 ### [`v2.7.1`](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.0...v2.7.1) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.7.0...v2.7.1) ### [`v2.7.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.7.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.6.2...v2.7.0) ##### What's Changed - Fix save-if documentation in readme by [@​rukai](https://redirect.github.com/rukai) in [https://github.com/Swatinem/rust-cache/pull/166](https://redirect.github.com/Swatinem/rust-cache/pull/166) - Support for `trybuild` and similar macro testing tools by [@​neysofu](https://redirect.github.com/neysofu) in [https://github.com/Swatinem/rust-cache/pull/168](https://redirect.github.com/Swatinem/rust-cache/pull/168) ##### New Contributors - [@​rukai](https://redirect.github.com/rukai) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/166](https://redirect.github.com/Swatinem/rust-cache/pull/166) - [@​neysofu](https://redirect.github.com/neysofu) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/168](https://redirect.github.com/Swatinem/rust-cache/pull/168) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.6.2...v2.7.0 ### [`v2.6.2`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.6.2) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.6.1...v2.6.2) ##### What's Changed - dep: Use `smol-toml` instead of `toml` by [@​NobodyXu](https://redirect.github.com/NobodyXu) in [https://github.com/Swatinem/rust-cache/pull/164](https://redirect.github.com/Swatinem/rust-cache/pull/164) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2...v2.6.2 ### [`v2.6.1`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.6.1) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.6.0...v2.6.1) - Fix hash contributions of `Cargo.lock`/`Cargo.toml` files. ### [`v2.6.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.6.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.5.1...v2.6.0) ##### What's Changed - Add "buildjet" as a second `cache-provider` backend [@​joroshiba](https://redirect.github.com/joroshiba) in [https://github.com/Swatinem/rust-cache/pull/154](https://redirect.github.com/Swatinem/rust-cache/pull/154) - Clean up sparse registry index. - Do not clean up src of `-sys` crates. - Remove `.cargo/credentials.toml` before saving. ##### New Contributors - [@​joroshiba](https://redirect.github.com/joroshiba) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/154](https://redirect.github.com/Swatinem/rust-cache/pull/154) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.5.1...v2.6.0 ### [`v2.5.1`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.5.1) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.5.0...v2.5.1) - Fix hash contribution of `Cargo.lock`. ### [`v2.5.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.5.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.4.0...v2.5.0) ##### What's Changed - feat: Rm workspace crates version before caching by [@​NobodyXu](https://redirect.github.com/NobodyXu) in [https://github.com/Swatinem/rust-cache/pull/147](https://redirect.github.com/Swatinem/rust-cache/pull/147) - feat: Add hash of `.cargo/config.toml` to key by [@​NobodyXu](https://redirect.github.com/NobodyXu) in [https://github.com/Swatinem/rust-cache/pull/149](https://redirect.github.com/Swatinem/rust-cache/pull/149) ##### New Contributors - [@​NobodyXu](https://redirect.github.com/NobodyXu) made their first contribution in [https://github.com/Swatinem/rust-cache/pull/147](https://redirect.github.com/Swatinem/rust-cache/pull/147) **Full Changelog**: https://github.com/Swatinem/rust-cache/compare/v2.4.0...v2.5.0 ### [`v2.4.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.4.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.3.0...v2.4.0) - Fix cache key stability. - Use 8 character hash components to reduce the key length, making it more readable. ### [`v2.3.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.3.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.2.1...v2.3.0) - Add `cache-all-crates` option, which enables caching of crates installed by workflows. - Add installed packages to cache key, so changes to workflows that install rust tools are detected and cached properly. - Fix cache restore failures due to upstream bug. - Fix `EISDIR` error due to globed directories. - Update runtime `@actions/cache`, `@actions/io` and dev `typescript` dependencies. - Update `npm run prepare` so it creates distribution files with the right line endings. ### [`v2.2.1`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.2.1) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.2.0...v2.2.1) - Update `@actions/cache` dependency to fix usage of `zstd` compression. ### [`v2.2.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.2.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.1.0...v2.2.0) - Add new `save-if` option to always restore, but only conditionally save the cache. ### [`v2.1.0`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.1.0) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.0.2...v2.1.0) - Only hash `Cargo.{lock,toml}` files in the configured workspace directories. ### [`v2.0.2`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.0.2) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2.0.1...v2.0.2) - Avoid calling cargo metadata on pre-cleanup. - Added `prefix-key`, `cache-directories` and `cache-targets` options. ### [`v2.0.1`](https://redirect.github.com/Swatinem/rust-cache/releases/tag/v2.0.1) [Compare Source](https://redirect.github.com/Swatinem/rust-cache/compare/v2...v2.0.1) - Primarily just updating dependencies to fix GitHub deprecation notices. </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
796e7510c4
|
Update actions/checkout action to v4.2.2 (#17257)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/checkout](https://redirect.github.com/actions/checkout) | action | minor | `v4` -> `v4.2.2` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>actions/checkout (actions/checkout)</summary> ### [`v4.2.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v422) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.1...v4.2.2) - `url-helper.ts` now leverages well-known environment variables by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1941](https://redirect.github.com/actions/checkout/pull/1941) - Expand unit test coverage for `isGhes` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1946](https://redirect.github.com/actions/checkout/pull/1946) ### [`v4.2.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v421) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.2.0...v4.2.1) - Check out other refs/\* by commit if provided, fall back to ref by [@​orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1924](https://redirect.github.com/actions/checkout/pull/1924) ### [`v4.2.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v420) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.7...v4.2.0) - Add Ref and Commit outputs by [@​lucacome](https://redirect.github.com/lucacome) in [https://github.com/actions/checkout/pull/1180](https://redirect.github.com/actions/checkout/pull/1180) - Dependency updates by [@​dependabot-](https://redirect.github.com/dependabot-) [https://github.com/actions/checkout/pull/1777](https://redirect.github.com/actions/checkout/pull/1777), [https://github.com/actions/checkout/pull/1872](https://redirect.github.com/actions/checkout/pull/1872) ### [`v4.1.7`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v417) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.6...v4.1.7) - Bump the minor-npm-dependencies group across 1 directory with 4 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1739](https://redirect.github.com/actions/checkout/pull/1739) - Bump actions/checkout from 3 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1697](https://redirect.github.com/actions/checkout/pull/1697) - Check out other refs/\* by commit by [@​orhantoy](https://redirect.github.com/orhantoy) in [https://github.com/actions/checkout/pull/1774](https://redirect.github.com/actions/checkout/pull/1774) - Pin actions/checkout's own workflows to a known, good, stable version. by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1776](https://redirect.github.com/actions/checkout/pull/1776) ### [`v4.1.6`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v416) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.5...v4.1.6) - Check platform to set archive extension appropriately by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1732](https://redirect.github.com/actions/checkout/pull/1732) ### [`v4.1.5`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v415) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.4...v4.1.5) - Update NPM dependencies by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1703](https://redirect.github.com/actions/checkout/pull/1703) - Bump github/codeql-action from 2 to 3 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1694](https://redirect.github.com/actions/checkout/pull/1694) - Bump actions/setup-node from 1 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1696](https://redirect.github.com/actions/checkout/pull/1696) - Bump actions/upload-artifact from 2 to 4 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1695](https://redirect.github.com/actions/checkout/pull/1695) - README: Suggest `user.email` to be `41898282+github-actions[bot]@​users.noreply.github.com` by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1707](https://redirect.github.com/actions/checkout/pull/1707) ### [`v4.1.4`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v414) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.3...v4.1.4) - Disable `extensions.worktreeConfig` when disabling `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1692](https://redirect.github.com/actions/checkout/pull/1692) - Add dependabot config by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1688](https://redirect.github.com/actions/checkout/pull/1688) - Bump the minor-actions-dependencies group with 2 updates by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1693](https://redirect.github.com/actions/checkout/pull/1693) - Bump word-wrap from 1.2.3 to 1.2.5 by [@​dependabot](https://redirect.github.com/dependabot) in [https://github.com/actions/checkout/pull/1643](https://redirect.github.com/actions/checkout/pull/1643) ### [`v4.1.3`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v413) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.2...v4.1.3) - Check git version before attempting to disable `sparse-checkout` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1656](https://redirect.github.com/actions/checkout/pull/1656) - Add SSH user parameter by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1685](https://redirect.github.com/actions/checkout/pull/1685) - Update `actions/checkout` version in `update-main-version.yml` by [@​jww3](https://redirect.github.com/jww3) in [https://github.com/actions/checkout/pull/1650](https://redirect.github.com/actions/checkout/pull/1650) ### [`v4.1.2`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v412) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.1...v4.1.2) - Fix: Disable sparse checkout whenever `sparse-checkout` option is not present [@​dscho](https://redirect.github.com/dscho) in [https://github.com/actions/checkout/pull/1598](https://redirect.github.com/actions/checkout/pull/1598) ### [`v4.1.1`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v411) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.1.0...v4.1.1) - Correct link to GitHub Docs by [@​peterbe](https://redirect.github.com/peterbe) in [https://github.com/actions/checkout/pull/1511](https://redirect.github.com/actions/checkout/pull/1511) - Link to release page from what's new section by [@​cory-miller](https://redirect.github.com/cory-miller) in [https://github.com/actions/checkout/pull/1514](https://redirect.github.com/actions/checkout/pull/1514) ### [`v4.1.0`](https://redirect.github.com/actions/checkout/blob/HEAD/CHANGELOG.md#v410) [Compare Source](https://redirect.github.com/actions/checkout/compare/v4.0.0...v4.1.0) - [Add support for partial checkout filters](https://redirect.github.com/actions/checkout/pull/1396) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIyNy4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
08f86a5ffc
|
Update actions/setup-python digest to 8d9ed9a (#17067)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | digest | `4237552` -> `8d9ed9a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
e068ffe929
|
Update webfactory/ssh-agent action to v0.9.1 (#17074)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [webfactory/ssh-agent](https://redirect.github.com/webfactory/ssh-agent) | action | patch | `v0.9.0` -> `v0.9.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>webfactory/ssh-agent (webfactory/ssh-agent)</summary> ### [`v0.9.1`](https://redirect.github.com/webfactory/ssh-agent/blob/HEAD/CHANGELOG.md#v091-2024-03-17) [Compare Source](https://redirect.github.com/webfactory/ssh-agent/compare/v0.9.0...v0.9.1) ##### Fixed - Fix path used to execute ssh-agent in cleanup.js to respect custom paths set by input ([#​235](https://redirect.github.com/webfactory/ssh-agent/issues/235)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
890f79c4ab
|
Update Swatinem/rust-cache digest to 9d47c6a (#16933)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [Swatinem/rust-cache](https://redirect.github.com/Swatinem/rust-cache) | action | digest | `f0deed1` -> `9d47c6a` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDcuMSIsInVwZGF0ZWRJblZlciI6IjM5LjIwNy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
|
renovate[bot]
|
dbdb46dcd2
|
Pin dependencies (#16791)
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [CodSpeedHQ/action](https://redirect.github.com/CodSpeedHQ/action) | action | pinDigest | -> `0010eb0` | | [PyO3/maturin-action](https://redirect.github.com/PyO3/maturin-action) | action | pinDigest | -> `36db840` | | [SebRollen/toml-action](https://redirect.github.com/SebRollen/toml-action) | action | pinDigest | -> `b1b3628` | | [Swatinem/rust-cache](https://redirect.github.com/Swatinem/rust-cache) | action | pinDigest | -> `f0deed1` | | [actions/cache](https://redirect.github.com/actions/cache) | action | pinDigest | -> `d4323d4` | | [actions/checkout](https://redirect.github.com/actions/checkout) | action | pinDigest | -> `11bd719` | | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | pinDigest | -> `cc20338` | | [actions/github-script](https://redirect.github.com/actions/github-script) | action | pinDigest | -> `60a0d83` | | [actions/setup-node](https://redirect.github.com/actions/setup-node) | action | pinDigest | -> `cdca736` | | [actions/setup-python](https://redirect.github.com/actions/setup-python) | action | pinDigest | -> `4237552` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | pinDigest | -> `4cec3d8` | | [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv) | action | pinDigest | -> `f94ec6b` | | [dawidd6/action-download-artifact](https://redirect.github.com/dawidd6/action-download-artifact) | action | pinDigest | -> `20319c5` | | [docker/build-push-action](https://redirect.github.com/docker/build-push-action) | action | pinDigest | -> `471d1dc` | | [docker/login-action](https://redirect.github.com/docker/login-action) | action | pinDigest | -> `74a5d14` | | [docker/metadata-action](https://redirect.github.com/docker/metadata-action) | action | pinDigest | -> `902fa8e` | | [docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action) | action | pinDigest | -> `b5ca514` | | [extractions/setup-just](https://redirect.github.com/extractions/setup-just) | action | pinDigest | -> `dd310ad` | | [jetli/wasm-bindgen-action](https://redirect.github.com/jetli/wasm-bindgen-action) | action | pinDigest | -> `20b33e2` | | [jetli/wasm-pack-action](https://redirect.github.com/jetli/wasm-pack-action) | action | pinDigest | -> `0d096b0` | | [peter-evans/create-or-update-comment](https://redirect.github.com/peter-evans/create-or-update-comment) | action | pinDigest | -> `71345be` | | [peter-evans/find-comment](https://redirect.github.com/peter-evans/find-comment) | action | pinDigest | -> `3eae4d3` | | [taiki-e/install-action](https://redirect.github.com/taiki-e/install-action) | action | pinDigest | -> `2c41309` | | [uraimo/run-on-arch-action](https://redirect.github.com/uraimo/run-on-arch-action) | action | pinDigest | -> `ac33288` | | [webfactory/ssh-agent](https://redirect.github.com/webfactory/ssh-agent) | action | pinDigest | -> `dc588b6` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Configuration 📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/astral-sh/ruff). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> |
|
Alex Waygood
|
d45c1ee44f
|
Upgrade zizmor to the latest version in CI (#15300)
## Summary This PR upgrades zizmor to the latest release in our CI. zizmor is a static analyzer checking for security issues in GitHub workflows. The new release finds some new issues in our workflows; this PR fixes some of the issues, and adds ignores for some other issues. The issues fixed in this PR are new cases of zizmor's [`template-injection`](https://woodruffw.github.io/zizmor/audits/#template-injection) rule being emitted. The issues I'm ignoring for now are all to do with the [`cache-poisoning`](https://woodruffw.github.io/zizmor/audits/#cache-poisoning) rule. The main reason I'm fixing some but ignoring others is that I'm confident fixing the template-injection diagnostics won't have any impact on how our workflows operate in CI, but I'm worried that fixing the cache-poisoning diagnostics could slow down our CI a fair bit. I don't mind if somebody else is motivated to try to fix these diagnostics, but for now I think I'd prefer to just ignore them; it doesn't seem high-priority enough to try to fix them right now :-) ## Test Plan - `uvx pre-commit run -a --hook-stage=manual` passes locally - Let's see if CI passes on this PR... |
|
|
Alex Waygood
|
712c886749
|
Add `actionlint` as a pre-commit hook (with shellcheck integration) (#15021) | |
|
Alex Waygood
|
033ecf5a4b
|
Also have zizmor check for low-severity security issues (#14893)
## Summary This PR changes our zizmor configuration to also flag low-severity security issues in our GitHub Actions workflows. It's a followup to https://github.com/astral-sh/ruff/pull/14844. The issues being fixed here were all flagged by [zizmor's `template-injection` rule](https://woodruffw.github.io/zizmor/audits/#template-injection): > Detects potential sources of code injection via template expansion. > > GitHub Actions allows workflows to define template expansions, which occur within special `${{ ... }}` delimiters. These expansions happen before workflow and job execution, meaning the expansion of a given expression appears verbatim in whatever context it was performed in. > > Template expansions aren't syntax-aware, meaning that they can result in unintended shell injection vectors. This is especially true when they're used with attacker-controllable expression contexts, such as `github.event.issue.title` (which the attacker can fully control by supplying a new issue title). [...] > To fully remediate the vulnerability, you should not use `${{ env.VARNAME }}`, since that is still a template expansion. Instead, you should use `${VARNAME}` to ensure that the shell itself performs the variable expansion. ## Test Plan I tested that this passes all zizmore warnings by running `pre-commit run -a zizmor` locally. The other test is obviously to check that the workflows all still run correctly in CI 😄 |
|
|
Alex Waygood
|
58e7db89a1
|
Run zizmor in CI, and fix most warnings (#14844)
## Summary A [recent exploit](https://github.com/advisories/GHSA-7x29-qqmq-v6qc) brought attention to how easy it can be for attackers to use template expansion in GitHub Actions workflows to inject arbitrary code into a repository. That vulnerability [would have been caught by the zizmor linter](https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection), which looks for potential security vulnerabilities in GitHub Actions workflows. This PR adds [zizmor](https://github.com/woodruffw/zizmor) as a pre-commit hook and fixes the high- and medium-severity warnings flagged by the tool. All the warnings fixed in this PR are related to this zizmor check: https://woodruffw.github.io/zizmor/audits/#artipacked. The summary of the check is that `actions/checkout` will by default persist git configuration for the duration of the workflow, which can be insecure. It's unnecessary unless you actually need to do things with `git` later on in the workflow. None of our workflows do except for `publish-docs.yml` and `sync-typeshed.yml`, so I set `persist-credentials: true` for those two but `persist-credentials: false` for all other uses of `actions/checkout`. Unfortunately there are several warnings in `release.yml`, including four high-severity warnings. However, this is a generated workflow file, so I have deliberately excluded this file from the check. These are the findings in `release.yml`: <details> <summary>release.yml findings</summary> ``` warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:62:9 | 62 | - uses: actions/checkout@v4 | _________- 63 | | with: 64 | | submodules: recursive | |_______________________________- does not set persist-credentials: false | = note: audit confidence → Low warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:124:9 | 124 | - uses: actions/checkout@v4 | _________- 125 | | with: 126 | | submodules: recursive | |_______________________________- does not set persist-credentials: false | = note: audit confidence → Low warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:174:9 | 174 | - uses: actions/checkout@v4 | _________- 175 | | with: 176 | | submodules: recursive | |_______________________________- does not set persist-credentials: false | = note: audit confidence → Low warning[artipacked]: credential persistence through GitHub Actions artifacts --> /Users/alexw/dev/ruff/.github/workflows/release.yml:249:9 | 249 | - uses: actions/checkout@v4 | _________- 250 | | with: 251 | | submodules: recursive 252 | | # Create a GitHub Release while uploading all files to it | |_______________________________________________________________- does not set persist-credentials: false | = note: audit confidence → Low error[excessive-permissions]: overly broad workflow or job-level permissions --> /Users/alexw/dev/ruff/.github/workflows/release.yml:17:1 | 17 | / permissions: 18 | | "contents": "write" ... | 39 | | # If there's a prerelease-style suffix to the version, then the release(s) 40 | | # will be marked as a prerelease. | |_________________________________^ contents: write is overly broad at the workflow level | = note: audit confidence → High error[template-injection]: code injection via template expansion --> /Users/alexw/dev/ruff/.github/workflows/release.yml:80:9 | 80 | - id: plan | _________^ 81 | | run: | | |_________^ 82 | || dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --out... 83 | || echo "dist ran successfully" 84 | || cat plan-dist-manifest.json 85 | || echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" | ||__________________________________________________________________________________^ this step | ||__________________________________________________________________________________^ inputs.tag may expand into attacker-controllable code | = note: audit confidence → Low error[template-injection]: code injection via template expansion --> /Users/alexw/dev/ruff/.github/workflows/release.yml:80:9 | 80 | - id: plan | _________^ 81 | | run: | | |_________^ 82 | || dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --out... 83 | || echo "dist ran successfully" 84 | || cat plan-dist-manifest.json 85 | || echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" | ||__________________________________________________________________________________^ this step | ||__________________________________________________________________________________^ inputs.tag may expand into attacker-controllable code | = note: audit confidence → Low error[template-injection]: code injection via template expansion --> /Users/alexw/dev/ruff/.github/workflows/release.yml:80:9 | 80 | - id: plan | _________^ 81 | | run: | | |_________^ 82 | || dist ${{ (inputs.tag && inputs.tag != 'dry-run' && format('host --steps=create --tag={0}', inputs.tag)) || 'plan' }} --out... 83 | || echo "dist ran successfully" 84 | || cat plan-dist-manifest.json 85 | || echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" | ||__________________________________________________________________________________^ this step | ||__________________________________________________________________________________^ inputs.tag may expand into attacker-controllable code | = note: audit confidence → Low ``` </details> ## Test Plan `uvx pre-commit run -a` |
|
Charlie Marsh
|
6b973b2556
|
Point docs to Astral favicon (#13219)
## Summary Same as https://github.com/astral-sh/uv/pull/6951. Unfortunately we have to use a single favicon for the docs. |
|
Dhruv Manilawala
|
e047b9685a
|
Use docs bot email for docs publish (#12511)
Ref: https://github.com/astral-sh/uv/pull/5369 |
|
|
Charlie Marsh
|
9460857932
|
Migrate to standalone docs repo (#12341)
## Summary See: https://github.com/astral-sh/uv/pull/5081 |
|
|
renovate[bot]
|
c396b9f08b
|
Update cloudflare/wrangler-action action to v3.7.0 (#12235) | |
|
Dhruv Manilawala
|
3a72400202
|
Rename publish workflow file extension (`yaml` -> `yml`) (#12206) |