a0ea520fe3
Update taiki-e/install-action action to v2.52.8 ( #14056 )
2025-06-16 02:05:57 +00:00
f38e96bddd
Update actions/setup-python digest to a26af69 ( #14045 )
2025-06-15 21:47:33 -04:00
49b450109b
filter out riscv64 wheels before publishing to pypi ( #14009 )
...
An alternative to #14006
2025-06-13 09:57:04 -04:00
210b579188
build-binaries for riscv64 ( #12688 )
...
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:
- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->
## Summary
<!-- What's the purpose of the change? What does it do, and why? -->
Build riscv64 binary so it can get released in the GitHub Releases,
which is used by many high-level apps.
A copy-paste from linux-s390x, with only target and arch changed.
maturin-action added riscv64 support in v1.48.0, this PR also bumps it
to the latest version, v1.48.1.
## Test Plan
<!-- How was it tested? -->
Let CI test itself :P
Already tested in [my
fork](https://github.com/Xeonacid/uv/actions/runs/14289179697/job/40048172301 )
2025-06-10 11:18:28 -04:00
f5382c010b
Update acj/freebsd-firecracker-action action to v0.4.2 ( #13906 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[acj/freebsd-firecracker-action](https://redirect.github.com/acj/freebsd-firecracker-action )
| action | patch | `v0.4.1` -> `v0.4.2` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>acj/freebsd-firecracker-action
(acj/freebsd-firecracker-action)</summary>
###
[`v0.4.2`](https://redirect.github.com/acj/freebsd-firecracker-action/releases/tag/v0.4.2 )
[Compare
Source](https://redirect.github.com/acj/freebsd-firecracker-action/compare/v0.4.1...v0.4.2 )
[Firecracker
1.12.0](https://redirect.github.com/firecracker-microvm/firecracker/releases/tag/v1.12.0 )
[FreeBSD 14.3-RELEASE](https://www.freebsd.org/releases/14.3R/relnotes/ )
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC40MC4zIiwidXBkYXRlZEluVmVyIjoiNDAuNDAuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-09 18:06:31 -05:00
262ca73965
Remove the configuration section in favor of concepts / reference ( #13842 )
...
Extends https://github.com/astral-sh/uv/pull/13841 — I'll drop that
commit later after that pull request merges but it's small.
I find the split into a "Configuration" section awkward and don't think
it's helping us. Everything moved into the "Concepts" section, except
the "Environment variables" page which definitely belongs in the
reference and the "Installer" page which is fairly niche and seems
better in the reference.
Before / After
<img
src="https://github.com/user-attachments/assets/80d8304b-17da-4900-a5f4-c3ccac96fcc5 "
width="400">
2025-06-05 17:09:49 +00:00
f168802ba4
Bump `cargo-test-macos` timeout to 15m ( #13847 )
...
Closes https://github.com/astral-sh/uv/issues/13846
15m is fine, we should definitely take action if it runs that long
normally though.
2025-06-04 18:24:40 +00:00
f9d3f24728
Add Pyodide support ( #12731 )
...
This includes some initial work on adding Pyodide support (issue
#12729 ). It is enough to get
```
uv pip compile -p /path/to/pyodide --extra-index-url file:/path/to/simple-index
```
to work which should already be quite useful.
## Test Plan
* added a unit test for `pyodide_platform`
* integration tested manually with:
```
cargo run pip install \
-p /home/rchatham/Documents/programming/tmp/pyodide-venv-test/.pyodide-xbuildenv-0.29.3/0.27.4/xbuildenv/pyodide-root/dist/python \
--extra-index-url file:/home/rchatham/Documents/programming/tmp/pyodide-venv-test/.pyodide-xbuildenv-0.29.3/0.27.4/xbuildenv/pyodide-root/package_index \
--index-strategy unsafe-best-match --target blah --no-build \
numpy pydantic
```
---------
Co-authored-by: konsti <konstin@mailbox.org>
Co-authored-by: Zanie Blue <contact@zanie.dev>
2025-06-03 12:01:26 -05:00
f429d99b6c
Disable OpenSUSE system test for now ( #13818 )
...
ref #13811
2025-06-03 14:53:09 +00:00
fd48b8bb78
Update acj/freebsd-firecracker-action to v0.4.1 ( #13804 )
...
This should hopefully fix the flakes we're seeing.
Fixes #13746 , hopefully.
2025-06-03 15:12:03 +02:00
4368c403fe
Downgrade firecracker action to v0.3 ( #13786 )
...
See https://github.com/acj/freebsd-firecracker-action/issues/3
2025-06-02 13:25:12 -05:00
d65c146b21
feat: add dynamically generated sysconfig replacement mappings ( #13441 )
...
## Summary
Implementation referenced in
https://github.com/astral-sh/uv/pull/12239#issuecomment-2744880003
Closes #12919 #12901
This makes the sysconfig replacements mappings dynamically generated
from
https://github.com/astral-sh/python-build-standalone/blob/main/cpython-unix/targets.yml
## Test Plan
cargo dev tests, and tested scenario from
https://github.com/astral-sh/uv/issues/12901#issuecomment-2822107454
2025-06-02 10:58:30 -05:00
1e890b5ac7
Update taiki-e/install-action action to v2.52.4 ( #13778 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[taiki-e/install-action](https://redirect.github.com/taiki-e/install-action )
| action | minor | `v2.50.3` -> `v2.52.4` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>taiki-e/install-action (taiki-e/install-action)</summary>
###
[`v2.52.4`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.52.4 ):
2.52.4
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.52.3...v2.52.4 )
- Update `cargo-binstall@latest` to 1.12.6.
- Update `wash@latest` to 0.42.0.
###
[`v2.52.3`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.52.3 ):
2.52.3
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.52.2...v2.52.3 )
- Update `cargo-nextest@latest` to 0.9.97.
- Update `trivy@latest` to 0.63.0.
- Update `protoc@latest` to 3.31.1.
###
[`v2.52.2`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.52.2 ):
2.52.2
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.52.1...v2.52.2 )
- Update `mdbook@latest` to 0.4.51.
###
[`v2.52.1`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.52.1 ):
2.52.1
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.52.0...v2.52.1 )
- Update `taplo@latest` to 0.10.0.
- Update `mdbook@latest` to 0.4.50.
- Update `deepsource@latest` to 0.9.0.
- Update `cargo-shear@latest` to 1.3.0.
###
[`v2.52.0`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.52.0 ):
2.52.0
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.51.3...v2.52.0 )
- Support `trivy`.
([#​970](https://redirect.github.com/taiki-e/install-action/pull/970 ),
thanks [@​jayvdb](https://redirect.github.com/jayvdb ))
- Update `syft@latest` to 1.26.1.
- Update `rclone@latest` to 1.69.3.
- Update `cargo-shear@latest` to 1.2.8.
###
[`v2.51.3`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.51.3 ):
2.51.3
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.51.2...v2.51.3 )
- Update `wasmtime@latest` to 33.0.0.
- Update `cargo-tarpaulin@latest` to 0.32.7.
- Update `espup@latest` to 0.15.1.
- Update `dprint@latest` to 0.50.0.
###
[`v2.51.2`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.51.2 ):
2.51.2
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.51.1...v2.51.2 )
- Update `syft@latest` to 1.25.1.
- Update `release-plz@latest` to 0.3.135.
###
[`v2.51.1`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.51.1 ):
2.51.1
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.51.0...v2.51.1 )
- Update `syft@latest` to 1.25.0.
- Update `cargo-binstall@latest` to 1.12.5.
###
[`v2.51.0`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.51.0 ):
2.51.0
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.10...v2.51.0 )
- Support `cargo-shear`.
([#​962](https://redirect.github.com/taiki-e/install-action/pull/962 ),
thanks [@​vivienm](https://redirect.github.com/vivienm ))
- Update `grcov@latest` to 0.10.0.
- Update `cargo-nextest@latest` to 0.9.96.
- Update `protoc@latest` to 3.31.0.
- Update `syft@latest` to 1.24.0.
###
[`v2.50.10`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.10 ):
2.50.10
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.9...v2.50.10 )
- Update `trunk@latest` to 0.21.14.
- Update `release-plz@latest` to 0.3.134.
- Update `cargo-binstall@latest` to 1.12.4.
###
[`v2.50.9`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.9 ):
2.50.9
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.8...v2.50.9 )
- Update `editorconfig-checker@latest` to 3.3.0.
- Update `cargo-lambda@latest` to 1.8.5.
###
[`v2.50.8`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.8 ):
2.50.8
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.7...v2.50.8 )
- Update `cargo-tarpaulin@latest` to 0.32.5.
- Update `mdbook@latest` to 0.4.49.
###
[`v2.50.7`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.7 ):
2.50.7
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.6...v2.50.7 )
- Update `cargo-tarpaulin@latest` to 0.32.4.
###
[`v2.50.6`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.6 ):
2.50.6
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.5...v2.50.6 )
- Update `knope@latest` to 0.20.0.
###
[`v2.50.5`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.5 ):
2.50.5
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.4...v2.50.5 )
- Update `xh@latest` to 0.24.1.
- Update `typos@latest` to 1.32.0.
- Update `rclone@latest` to 1.69.2.
###
[`v2.50.4`](https://redirect.github.com/taiki-e/install-action/releases/tag/v2.50.4 ):
2.50.4
[Compare
Source](https://redirect.github.com/taiki-e/install-action/compare/v2.50.3...v2.50.4 )
- Update `typos@latest` to 1.31.2.
- Update `osv-scanner@latest` to 2.0.2.
- Update `cargo-nextest@latest` to 0.9.95.
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4zMy42IiwidXBkYXRlZEluVmVyIjoiNDAuMzMuNiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-06-02 09:50:01 +02:00
53efc0cf6d
Update docker/build-push-action action to v6.18.0 ( #13770 )
2025-06-01 21:57:51 -04:00
59070b5b3f
Use codspeed runner for wall time benchmarking ( #13586 )
...
We couldn't use the CodSpeed "walltime" runner because it required
administrative permissions on our repositories, but following some
feedback they've adjusted the required permissions so we can give it a
try now.
As a brief background, CodSpeed uses Valgrind for instrumented
benchmarking, emulating the execution for improved stability on GitHub's
runners. This is nice, but means things like allocs and io are not
measured. Now, they support standard wall time benchmarking, using their
own managed runners for stable measurements. Here, we add support for
those while retaining the old workflow — you can toggle between views in
their UI.
2025-05-29 12:52:17 -05:00
e5d002beb1
Add `uvw` as alias for `uv` without console window on Windows ( #11786 )
...
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:
- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->
## Summary
Related to https://github.com/astral-sh/uv/issues/6801 .
Currently on Windows, uv itself will always creates a console window,
even though the window could be empty if `uv run --gui-script` is used.
This is due to it using the [default `console` window
subsystem](https://rust-lang.github.io/rfcs/1665-windows-subsystem.html ).
This PR introduces a wrapper `uvw` that, similar to the existing `uvx`,
invokes `uv` with the
[`CREATE_NO_WINDOW`](https://learn.microsoft.com/en-us/windows/win32/procthread/process-creation-flags#:~:text=CREATE_NO_WINDOW )
process creation flag on Windows, which creates child process without
console window.
Note that this PR does not alter any behaviors regarding `run --script`
and `run --gui-script`.
## Test Plan
Built and tested locally by doing something like `uvw run test.py`.
2025-05-28 14:37:21 -04:00
fc77be09f4
Use only a single 3.13t Linux integration test ( #13700 )
...
Fixes https://github.com/astral-sh/uv/issues/13681
We're still using the apt repo in the deadsnakes test but this is one
less location with the flaky apt script.
2025-05-28 16:15:02 +02:00
abd5fd199c
Increase deadsnake timeout to 15min ( #13661 )
...
https://github.com/astral-sh/uv/actions/runs/15254949524/job/42900366590
2025-05-27 09:37:14 -05:00
a7ae768118
Build s390x on nightly ( #13665 )
...
Build s390x on nightly due to llvm performance regressions see
https://github.com/rust-lang/rust/issues/141287 . To be undone when the
llvm fixes land on stable.
This should fix the timeouts in
https://github.com/astral-sh/uv/actions/runs/15259826631/job/42915439608?pr=13576
2025-05-27 09:32:08 -05:00
b80cafd5e8
Stack traces from Windows CI crashes ( #13656 )
...
We regularly have Windows CI crashing with `exit_code: -1073741819`, a
recent example is
<https://github.com/astral-sh/uv/actions/runs/15244692977/job/42869570968?pr=13650 >.
This code apparently means Access Violation, akin to a Segmentation
Fault. Lacking local reproducibility (at least I never saw this on my
Windows machine), I generated workflow steps that will hopefully give us
a stack trace (and only fail an already failed job when they are
actually bogus; I didn't find any good references).
2025-05-26 22:22:42 +02:00
7941d215e5
Update actions/attest-build-provenance action to v2.3.0 ( #13650 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/attest-build-provenance](https://redirect.github.com/actions/attest-build-provenance )
| action | minor | `v2.2.3` -> `v2.3.0` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>actions/attest-build-provenance
(actions/attest-build-provenance)</summary>
###
[`v2.3.0`](https://redirect.github.com/actions/attest-build-provenance/releases/tag/v2.3.0 )
[Compare
Source](https://redirect.github.com/actions/attest-build-provenance/compare/v2.2.3...v2.3.0 )
#### What's Changed
- Bump `actions/attest` from 2.2.1 to 2.3.0 by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[https://github.com/actions/attest-build-provenance/pull/615 ](https://redirect.github.com/actions/attest-build-provenance/pull/615 )
- Updates `@sigstore/oci` from 0.4.0 to 0.5.0
**Full Changelog**:
https://github.com/actions/attest-build-provenance/compare/v2.2.3...v2.3.0
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4xNi4wIiwidXBkYXRlZEluVmVyIjoiNDAuMTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-26 12:52:22 +00:00
fe6dfbc97b
Set pypa/gh-action-pypi-publish test to verbose ( #13659 )
...
See
https://github.com/astral-sh/uv/actions/runs/15244694849/job/42869932290?pr=13652
2025-05-26 12:42:06 +00:00
d393bf7886
Update docker/build-push-action action to v6.17.0 ( #13653 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[docker/build-push-action](https://redirect.github.com/docker/build-push-action )
| action | minor | `v6.16.0` -> `v6.17.0` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>docker/build-push-action (docker/build-push-action)</summary>
###
[`v6.17.0`](https://redirect.github.com/docker/build-push-action/releases/tag/v6.17.0 )
[Compare
Source](https://redirect.github.com/docker/build-push-action/compare/v6.16.0...v6.17.0 )
- Bump
[@​docker/actions-toolkit](https://redirect.github.com/docker/actions-toolkit )
from 0.59.0 to 0.61.0 by
[@​crazy-max](https://redirect.github.com/crazy-max ) in
[https://github.com/docker/build-push-action/pull/1364 ](https://redirect.github.com/docker/build-push-action/pull/1364 )
> \[!NOTE]
> Build record is now exported using the [`buildx history
export`](https://docs.docker.com/reference/cli/docker/buildx/history/export/ )
command instead of the legacy export-build tool.
**Full Changelog**:
https://github.com/docker/build-push-action/compare/v6.16.0...v6.17.0
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4xNi4wIiwidXBkYXRlZEluVmVyIjoiNDAuMTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-26 14:37:57 +02:00
853163dee5
Update astral-sh/setup-uv action to v6.1.0 ( #13652 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv ) |
action | minor | `v6.0.1` -> `v6.1.0` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary>
###
[`v6.1.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v6.1.0 ):
🌈
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v6.0.1...v6.1.0 )
#### Changes
This release adds the input `server-url` which defaults to
`https://github.com `. You can set this to a custom url to control where
this action downloads the uv release from. This is useful for users of
gitea and comparable solutions.
[@​sebadevo](https://redirect.github.com/sebadevo ) pointed out
that we don't invalidate the cache when the `prune-cache` input is
changed. This leads to unnessecarily big caches. The input is now used
to compute the cache key, properly invalidating the cache when it is
changed.
> \[!NOTE]\
> For most users this release will invalidate the cache once.
> You will see the known warning
[no-github-actions-cache-found-for-key](https://redirect.github.com/astral-sh/setup-uv?tab=readme-ov-file#why-do-i-see-warnings-like-no-github-actions-cache-found-for-key )
> This is expected and will only appear once.
#### 🐛 Bug fixes
- Purge cache in cache key
[@​eifinger](https://redirect.github.com/eifinger )
([#​423](https://redirect.github.com/astral-sh/setup-uv/issues/423 ))
#### 🚀 Enhancements
- feat: support custom github url
[@​Zoupers](https://redirect.github.com/Zoupers )
([#​414](https://redirect.github.com/astral-sh/setup-uv/issues/414 ))
#### 🧰 Maintenance
- chore: update known versions for 0.7.7
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​422](https://redirect.github.com/astral-sh/setup-uv/issues/422 ))
- chore: update known versions for 0.7.6
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​415](https://redirect.github.com/astral-sh/setup-uv/issues/415 ))
- chore: update known versions for 0.7.5
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​412](https://redirect.github.com/astral-sh/setup-uv/issues/412 ))
- chore: update known versions for 0.7.4
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​410](https://redirect.github.com/astral-sh/setup-uv/issues/410 ))
- chore: update known versions for 0.7.3
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​405](https://redirect.github.com/astral-sh/setup-uv/issues/405 ))
- Fix path to known-checksums.ts
[@​eifinger](https://redirect.github.com/eifinger )
([#​404](https://redirect.github.com/astral-sh/setup-uv/issues/404 ))
- Fix update-known-versions workflow argument
[@​eifinger](https://redirect.github.com/eifinger )
([#​401](https://redirect.github.com/astral-sh/setup-uv/issues/401 ))
- Fix update-known-versions workflow
[@​eifinger](https://redirect.github.com/eifinger )
([#​400](https://redirect.github.com/astral-sh/setup-uv/issues/400 ))
- Create version-manifest.json on uv release
[@​eifinger](https://redirect.github.com/eifinger )
([#​399](https://redirect.github.com/astral-sh/setup-uv/issues/399 ))
- Run infrastructure workflows on arm runners
[@​eifinger](https://redirect.github.com/eifinger )
([#​396](https://redirect.github.com/astral-sh/setup-uv/issues/396 ))
- chore: update known checksums for 0.7.2
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​395](https://redirect.github.com/astral-sh/setup-uv/issues/395 ))
- chore: update known checksums for 0.7.0
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​390](https://redirect.github.com/astral-sh/setup-uv/issues/390 ))
#### 📚 Documentation
- Add section to README explaining if packages are installed by setup-uv
[@​pirate](https://redirect.github.com/pirate )
([#​398](https://redirect.github.com/astral-sh/setup-uv/issues/398 ))
#### ⬆️ Dependency updates
- Bump dependencies
[@​eifinger](https://redirect.github.com/eifinger )
([#​424](https://redirect.github.com/astral-sh/setup-uv/issues/424 ))
- Bump typescript from 5.8.2 to 5.8.3
@​[dependabot\[bot\]](https://redirect.github.com/apps/dependabot )
([#​393](https://redirect.github.com/astral-sh/setup-uv/issues/393 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4xNi4wIiwidXBkYXRlZEluVmVyIjoiNDAuMTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-26 14:37:37 +02:00
f969417bba
Increase uv publish integration test timeout ( #13658 )
...
Sometimes we have to wait a long time for remote caches to update, see
e.g.
https://github.com/astral-sh/uv/actions/runs/15252860797/job/42893715464
2025-05-26 12:34:29 +00:00
8373261fe7
Update actions/download-artifact action to v4.3.0 ( #13651 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/download-artifact](https://redirect.github.com/actions/download-artifact )
| action | minor | `v4.2.1` -> `v4.3.0` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>
###
[`v4.3.0`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.3.0 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.2.1...v4.3.0 )
#### What's Changed
- feat: implement new `artifact-ids` input by
[@​GrantBirki](https://redirect.github.com/GrantBirki ) in
[https://github.com/actions/download-artifact/pull/401 ](https://redirect.github.com/actions/download-artifact/pull/401 )
- Fix workflow example for downloading by artifact ID by
[@​joshmgross](https://redirect.github.com/joshmgross ) in
[https://github.com/actions/download-artifact/pull/402 ](https://redirect.github.com/actions/download-artifact/pull/402 )
- Prep for v4.3.0 release by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/download-artifact/pull/404 ](https://redirect.github.com/actions/download-artifact/pull/404 )
#### New Contributors
- [@​GrantBirki](https://redirect.github.com/GrantBirki ) made
their first contribution in
[https://github.com/actions/download-artifact/pull/401 ](https://redirect.github.com/actions/download-artifact/pull/401 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4xNi4wIiwidXBkYXRlZEluVmVyIjoiNDAuMTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-26 14:30:01 +02:00
9f0d83c7df
Update acj/freebsd-firecracker-action action to v0.4.0 ( #13649 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[acj/freebsd-firecracker-action](https://redirect.github.com/acj/freebsd-firecracker-action )
| action | minor | `v0.3.0` -> `v0.4.0` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the Dependency
Dashboard for more information.
---
### Release Notes
<details>
<summary>acj/freebsd-firecracker-action
(acj/freebsd-firecracker-action)</summary>
###
[`v0.4.0`](https://redirect.github.com/acj/freebsd-firecracker-action/releases/tag/v0.4.0 )
[Compare
Source](https://redirect.github.com/acj/freebsd-firecracker-action/compare/v0.3.0...v0.4.0 )
[Firecracker
1.12.0](https://redirect.github.com/firecracker-microvm/firecracker/releases/tag/v1.12.0 )
[FreeBSD 14.3-STABLE](https://www.freebsd.org/releases/14.3R/relnotes/ )
Bug fixes:
- Wait for Firecracker VM to exit before returning control to the
calling workflow
Changes:
- Upgrade CI workflow to Ubuntu 24.04
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MC4xNi4wIiwidXBkYXRlZEluVmVyIjoiNDAuMTYuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW50ZXJuYWwiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-26 13:32:46 +02:00
5b25e896b5
Update uraimo/run-on-arch-action to v3.0.1 (latest) ( #13603 )
...
This one claims in its README to resolve segfaults.
Also sync the commented-out workflow to match the uncommented ones.
## Test Plan
Checks passed in #13600 already....
2025-05-24 11:07:48 -04:00
30be27beb1
No GHA token for cross arch tests ( #13599 )
2025-05-22 21:11:38 +02:00
3483f1d8b3
fix: format uv-trampoline for 2024 edition ( #13519 )
...
## Summary
Follow on to https://github.com/astral-sh/uv/pull/13516
Ensure uv-trampoline is formatted after switching to 2024 edition.
2025-05-18 20:19:27 -04:00
4b7f5f1103
Update Python releases ( #13509 )
2025-05-17 13:19:20 -05:00
dfa1b958ac
Issue template: Please include the complete error message ( #13451 )
...
We're getting a number of user reports where we could have helped if we
were just seeing the full error message. If we're not getting an MRE, we
should at least urge users to copy the _full_ error they see on screen.
2025-05-15 07:36:08 -05:00
395039afd1
feat(docker): add 3.14 beta images to uv docker ( #13390 )
...
## Summary
Now that Python 3.14 first beta is out, I think it's worth adding
support for the official upstream RC images.
Once 3.14 is released, we can remove the `-rc-` infix from the images we
pull from.
## Test Plan
Upstream images verified to be functional with uv.
2025-05-13 20:27:09 +02:00
a0b27c7cff
Update fedora Docker tag to v43 ( #13165 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| fedora | container | major | `42` -> `43` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNTcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjI1Ny4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-13 14:47:49 +02:00
87c8ec8a85
Fix ecosystem checks by pinning Git refs ( #13401 )
...
https://github.com/pallets/flask/pull/5727 broke our ecosystem checks,
for now we're pinning the Git refs to unblock CI.
2025-05-12 11:45:25 +02:00
8d6d616791
Update issue templates to use `uv self version` command ( #13370 )
...
<!--
Thank you for contributing to uv! To help us out with reviewing, please
consider the following:
- Does this pull request include a summary of the change? (See below.)
- Does this pull request include a descriptive title?
- Does this pull request include references to any relevant issues?
-->
## Summary
<!-- What's the purpose of the change? What does it do, and why? -->
This PR updates the issue templates to recommend using the `uv self
version` command instead of `uv version` for retrieving uv's own version
information. The `uv version` command is intended to show the current
project's version (from pyproject.toml), not the uv tool version, which
leads to confusion when users try to report issues.
## Test Plan
<!-- How was it tested? -->
n/a
2025-05-09 16:41:24 -05:00
878c2acdf3
Add downloading of GraalPy ( #13172 )
...
## Summary
This adds GraalPy download metadata so that `uv python install graalpy`
works. See https://github.com/astral-sh/uv/issues/13114
## Test Plan
The existing integration test was changed to test this functionality.
2025-05-06 11:02:27 -05:00
1cfc67d266
Update Artifact GitHub Actions dependencies ( #13290 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| actions/download-artifact | action | digest | `95815c3` -> `d3f86a1` |
|
[actions/download-artifact](https://redirect.github.com/actions/download-artifact )
| action | minor | `v4.2.1` -> `v4.3.0` |
---
### Release Notes
<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>
###
[`v4.3.0`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.3.0 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.2.1...v4.3.0 )
#### What's Changed
- feat: implement new `artifact-ids` input by
[@​GrantBirki](https://redirect.github.com/GrantBirki ) in
[https://github.com/actions/download-artifact/pull/401 ](https://redirect.github.com/actions/download-artifact/pull/401 )
- Fix workflow example for downloading by artifact ID by
[@​joshmgross](https://redirect.github.com/joshmgross ) in
[https://github.com/actions/download-artifact/pull/402 ](https://redirect.github.com/actions/download-artifact/pull/402 )
- Prep for v4.3.0 release by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/download-artifact/pull/404 ](https://redirect.github.com/actions/download-artifact/pull/404 )
#### New Contributors
- [@​GrantBirki](https://redirect.github.com/GrantBirki ) made
their first contribution in
[https://github.com/actions/download-artifact/pull/401 ](https://redirect.github.com/actions/download-artifact/pull/401 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4.2.1...v4.3.0
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNjQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-05 09:52:26 +00:00
12a978cd34
Update astral-sh/setup-uv action to v6.0.1 ( #13291 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv ) |
action | patch | `v6.0.0` -> `v6.0.1` |
---
### Release Notes
<details>
<summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary>
###
[`v6.0.1`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v6.0.1 ):
🌈 Fix default cache dependency glob
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v6.0.0...v6.0.1 )
##### Changes
The new default in v6 used illegal patterns and therefore didn't match
requirements files. This is now fixed.
##### 🐛 Bug fixes
- Fix default cache dependency glob
[@​eifinger](https://redirect.github.com/eifinger )
([#​388](https://redirect.github.com/astral-sh/setup-uv/issues/388 ))
##### 🧰 Maintenance
- chore: update known checksums for 0.6.17
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​384](https://redirect.github.com/astral-sh/setup-uv/issues/384 ))
##### ⬆️ Dependency updates
- Bump dependencies
[@​eifinger](https://redirect.github.com/eifinger )
([#​389](https://redirect.github.com/astral-sh/setup-uv/issues/389 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNjQuMCIsInVwZGF0ZWRJblZlciI6IjM5LjI2NC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-05-05 11:38:56 +02:00
96cfca1c8f
Move static feature out of perf features ( #13265 )
...
#5577 fixed a bug on macos due to dynamically linking lzma/xz through
static linking. In #7686 , this feature was moved to the performance
category.
This PR moves the `xz2/static` back to the general default features,
and, inspired by https://github.com/Homebrew/homebrew-core/pull/222211 ,
it structures and documents the feature flags cleaner.
We need to take care that this feature does not accidentally disable
features we want.
---------
Co-authored-by: Zanie Blue <contact@zanie.dev>
2025-05-02 15:56:40 +00:00
5ee54b4fa3
minify and filter embed managed pythons json on compile time ( #12967 )
...
## Summary
In #10939 I added the generated
`crates/uv-python/src/download-metadata-minified.json` file which is a
minified version of `crates/uv-python/download-metadata.json`.
The main reason for this PR is to avoid bloating the git objects as this
is a single-line file.
As a bonus, I also filtered the embed json to include only the versions
for the compiled target. Which should improve the binary size and
performance by a bit.
## Test Plan
<!-- How was it tested? -->
2025-04-30 15:51:03 -04:00
f8f1b9c505
Update taiki-e/install-action action to v2.50.3 ( #13161 )
2025-04-28 08:48:37 -04:00
cfe82dc22a
Update EmbarkStudios/cargo-deny-action action to v2 ( #13164 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[EmbarkStudios/cargo-deny-action](https://redirect.github.com/EmbarkStudios/cargo-deny-action )
| action | major | `v1` -> `v2.0.11` |
---
### Release Notes
<details>
<summary>EmbarkStudios/cargo-deny-action
(EmbarkStudios/cargo-deny-action)</summary>
###
[`v2.0.11`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.11 )
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.10...v2.0.11 )
#### \[0.18.2] - 2025-03-10
##### Added
-
[PR#753](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/753 )
resolved
[#​752](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/752 )
by adding back the `advisories.unmaintained` config option. See the
[docs](https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html#the-unmaintained-field-optional )
for how it can be used. The default matches the current behavior, which
is to error on any `unmaintained` advisory, but adding `unmaintained =
"workspace"` to the `[advisories]` table will mean unmaintained
advisories will only error if the crate is a direct dependency of your
workspace.
#### \[0.18.1] - 2025-02-27
##### Fixed
-
[PR#749](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/749 )
updated `krates` to pull in the fix for
[EmbarkStudios/krates#100 ](https://redirect.github.com/EmbarkStudios/krates/issues/100 ).
###
[`v2.0.10`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.10 )
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.9...v2.0.10 )
-
[PR#96](https://redirect.github.com/EmbarkStudios/cargo-deny-action/pull/96 )
resolved
[#​94](https://redirect.github.com/EmbarkStudios/cargo-deny-action/issues/94 )
by switching to the directory the manifest path is located in and doing
`rustup toolchain install` if `rustup show` failed due to any reason
###
[`v2.0.9`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.9 ):
Release 2.0.9 - cargo-deny 0.18.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.8...v2.0.9 )
-
[`d8395c1`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/commit/d8395c1 )
removed the rustup update.
###
[`v2.0.8`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.8 )
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.7...v2.0.8 )
-
[PR#93](https://redirect.github.com/EmbarkStudios/cargo-deny-action/pull/93 )
pins to a hash instead of tag, avoiding future breakage from eg. rustup
changes.
###
[`v2.0.7`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.7 ):
Release 2.0.7 - cargo-deny 0.18.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.6...v2.0.7 )
-
[PR#92](https://redirect.github.com/EmbarkStudios/cargo-deny-action/pull/92 )
fixed an issue introduced by the latest rustup release.
###
[`v2.0.6`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.6 ):
Release 2.0.6 - cargo-deny 0.18.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.5...v2.0.6 )
##### Changed
-
[PR#746](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/746 )
changed the directory naming of advisory databases,
[again](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/745 ),
so the name uses the last path component and a different, but also
stable, hashing algorithm. Eg. the default
`https://github.com/rustsec/advisory-db ` will now be placed in
`$CARGO_HOME/advisory-dbs/advisory-db-3157b0e258782691`.
-
[PR#746](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/746 )
changed the MSRV to 1.85.0 and uses edition 2024.
##### Fixed
-
[PR#746](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/746 )
fixes an issue when using cargo 1.85.0 where source urls were not being
properly assigned to crates.io due to the constant being used no longer
matching the new path used in cargo 1.85.0 causing eg. workspace
dependency checks to fail.
###
[`v2.0.5`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.5 ):
Release 2.0.5 - cargo-deny 0.17.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.4...v2.0.5 )
##### Changed
-
[PR#745](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/745 )
updated `tame-index` to
[0.18.0](https://redirect.github.com/EmbarkStudios/tame-index/releases/tag/0.18.0 )
so that cargo 1.85.0 is transparently supported along with older cargo
versions.
-
[PR#745](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/745 )
now uses the same stable hashing as cargo 1.85.0 for the advisory
databases, which changes their path, but will notably now be the same
across all host platforms.
###
[`v2.0.4`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.4 ):
Release 2.0.4 - cargo-deny 0.16.3
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.3...v2.0.4 )
- Update base image to rust 1.83.0 so that version 4 lockfiles are
supported with no config changes
###
[`v2.0.3`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.3 ):
Release 2.0.3 - cargo-deny 0.16.3
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.2...v2.0.3 )
##### Changed
-
[PR#721](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/721 )
updated `rust-version` to 1.81.0 to accurately reflect the minimum rust
version required to compile, resolving
[#​720](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/720 ).
-
[PR#722](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/722 )
updated the SPDX license list to 3.25.0.
##### Fixed
-
[PR#726](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/726 )
resolved
[#​725](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/725 )
by adding the `unnecessary-skip` diagnostic, emitted when there is a
`skip` configured for a crate that only has one version in the graph.
###
[`v2.0.2`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.2 ):
Release 2.0.2 - cargo-deny 0.16.2
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2.0.1...v2.0.2 )
##### Fixed
-
[PR#703](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/703 )
resolved
[#​696](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/696 )
by no longer emitting errors when failing to deserialize deprecated
fields, and removed some lingering documentation that wasn't removed in
[PR#611](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/611 ).
-
[PR#719](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/719 )
updated to `krates` -> 0.17.5, fixing an issue where `cargo-deny` could
[panic](https://redirect.github.com/EmbarkStudios/krates/issues/97 ) due
to [incorrectly
resolving](https://redirect.github.com/EmbarkStudios/krates/issues/84 )
features for different versions of the same crate referenced by a single
crate.
-
[PR#719](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/719 )
resolved
[#​706](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/706 )
by removing a warning issued when users use ignored scheme modifiers for
source urls.
-
[PR#719](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/719 )
resolved
[#​718](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/718 )
by updating the book with missing arguments.
##### Added
-
[PR#715](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/715 )
resolved
[#​714](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/714 )
by adding support for Edition 2024. Thanks
[@​kpcyrd](https://redirect.github.com/kpcyrd )!
-
[PR#710](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/710 )
resolved
[#​708](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/708 )
by allowing for unpublished workspace crates to be excluded from the
dependency graph that checks are run against, either via the
`--exclude-unpublished` CLI argument or the `graph.exclude-unpublished`
config field. Thanks
[@​Tastaturtaste](https://redirect.github.com/Tastaturtaste )!
##### Changed
-
[PR#711](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/711 )
updated `goblin` -> 0.9.2
-
[PR#713](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/713 )
updated various crates, notably `rustsec` -> 0.30.
###
[`v2.0.1`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.1 ):
Release 2.0.1 - cargo-deny 0.16.1
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v2...v2.0.1 )
##### Fixed
-
[PR#691](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/691 )
fixed an issue where workspace dependencies that used the current dir
'.' path component would incorrectly trigger the
`unused-workspace-dependency` lint.
###
[`v2.0.0`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v2.0.0 ):
Release 2.0.0 - cargo-deny 0.16.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.6.3...v2 )
#### `Action`
##### Added
-
[PR#78](https://redirect.github.com/EmbarkStudios/cargo-deny-action/pull/78 )
added SSH support, thanks
[@​nagua](https://redirect.github.com/nagua )!
##### Changed
- This release includes breaking changes in cargo-deny, so this release
begins the `v2` tag, using `v1` will be stable but not follow future
`cargo-deny` releases.
#### `cargo-deny`
##### Removed
-
[PR#681](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/681 )
finished the deprecation introduced in
[PR#611](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/611 ),
making the usage of the deprecated fields into errors.
##### `[advisories]`
The following fields have all been removed in favor of denying all
advisories by default. To ignore an advisory the
[`ignore`](https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html#the-ignore-field-optional )
field can be used as before.
- `vulnerability` - Vulnerability advisories are now `deny` by default
- `unmaintained` - Unmaintained advisories are now `deny` by default
- `unsound` - Unsound advisories are now `deny` by default
- `notice` - Notice advisories are now `deny` by default
- `severity-threshold` - The severity of vulnerabilities is now
irrelevant
##### `[licenses]`
The following fields have all been removed in favor of denying all
licenses that are not explicitly allowed via either
[`allow`](https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-allow-field-optional )
or
[`exceptions`](https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-exceptions-field-optional ).
- `unlicensed` - Crates whose license(s) cannot be confidently
determined are now always errors. The
[`clarify`](https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-clarify-field-optional )
field can be used to help cargo-deny determine the license.
- `allow-osi-fsf-free` - The OSI/FSF Free attributes are now irrelevant,
only whether it is explicitly allowed.
- `copyleft` - The copyleft attribute is now irrelevant, only whether it
is explicitly allowed.
- `default` - The default is now `deny`.
- `deny` - All licenses are now denied by default, this field added
nothing.
##### Changed
-
[PR#685](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/685 )
follows up on
[PR#673](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/673 ),
moving the fields that were added to their own separate
[`bans.workspace-dependencies`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-workspace-dependencies-field-optional )
section. This is an unannounced breaking change but is fairly minor and
0.15.0 was never released on github actions so the amount of people
affected by this will be (hopefully) small. This also makes the
workspace duplicate detection off by default since the field is
optional, *but* makes it so that if not specified workspace duplicates
are now `deny` instead of `warn`.
##### Fixed
-
[PR#685](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/685 )
resolved
[#​682](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/682 )
by adding the `include-path-dependencies` field, allowing path
dependencies to be ignored if it is `false`.
###
[`v1.6.3`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.3 ):
Release 1.6.3 - cargo-deny 0.14.21
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.6.2...v1.6.3 )
##### Fixed
-
[PR#643](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/643 )
resolved
[#​629](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/629 )
by making the hosted git (github, gitlab, bitbucket) org/user name
comparison case-insensitive. Thanks
[@​pmnlla](https://redirect.github.com/pmnlla )!
-
[PR#649](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/649 )
fixed an issue where depending on the same crate multiple times by using
different `cfg()/triple` targets could cause features to be resolved
incorrectly and thus crates to be not pulled into the graph used for
checking.
#### \[0.14.20] - 2024-03-23
##### Fixed
-
[PR#642](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/642 )
resolved
[#​641](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/641 )
by pinning `gix-transport` (and its unique dependencies) to 0.41.2 as a
workaround for `cargo install` not using the lockfile. See [this
issue](https://redirect.github.com/Byron/gitoxide/issues/1328 ) for more
information.
###
[`v1.6.2`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.2 ):
Release 1.6.2 - cargo-deny 0.14.19
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.6.1...v1.6.2 )
##### Changed
-
[PR#639](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/639 )
updated tame-index to avoid an error if you don't used `--locked`.
#### \[0.14.18] - 2024-03-21
##### Fixed
-
[PR#638](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/638 )
resolved
[#​636](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/636 )
by updating `krates`.
#### \[0.14.17] - 2024-03-17
##### Changed
-
[PR#631](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/631 )
improved the diagnostic for when the yank check fails due to some issue
with retrieving or reading the index information.
-
[PR#633](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/633 )
updated `gix` -> 0.60.
###
[`v1.6.1`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.1 )
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.6.0...v1.6.1 )
##### Fixed
-
[PR#626](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/626 )
resolved
[#​625](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/625 )
by explicitly checking that a license identified as Pixar was actually
(probably) the Pixar license, instead of a normal Apache-2.0 license.
###
[`v1.6.0`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.6.0 )
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.15...v1.6.0 )
#### action changes
- Color output is now always enabled so that colors show up in the
action output.
#### 0.14.15
##### Added
-
[PR#618](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/618 )
added metadata notes to diagnostics when a license is rejected, as well
as removing span information for accepted licenses unless the log level
is `info` or higher to make the diagnostic clearer by default.
#### 0.14.14
##### Fixed
-
[PR#617](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/617 )
resolved
[#​576](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/576 )
by updating the SPDX license list to 3.23.
#### 0.14.13
##### Fixed
-
[PR#615](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/615 )
fixed an issue introduced in
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
where the various `bans` diagnostic codes could not have their lint
level changed via the CLI. It also introduced the `deprecated`
diagnostic code.
#### 0.14.12
##### Changed
-
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
did a major refactor of configuration, both how it is deserialized and
changing (hopefully improving) many options.
-
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
moved `targets`, `exclude`, `all-features`, `features`,
`no-default-features`, and `exclude` into the `[graph]` table.
-
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
moved `feature-depth` into the `[output]` table.
##### Added
-
[PR#613](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/613 )
added support for [basic shell
expansion](https://embarkstudios.github.io/cargo-deny/checks/advisories/cfg.html#the-db-path-field-optional )
to `advisories.db-path`, which expands support beyond just `~` to
include environment variable expansion.
##### Fixed
-
[PR#601](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/601 )
resolved
[#​600](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/600 )
by outputting the correct spans when a license was both allowed and
denied.
-
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
resolved
[#​264](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/264 )
be replacing `toml` and `serde` with `toml-span`.
-
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
resolved
[#​539](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/539 )
by simplifying the very common `name = "<crate_name>", version =
"<requirements>"` used to target specific crates into either a plain
[package spec
string](https://embarkstudios.github.io/cargo-deny/checks/cfg.html#string-format )
or the simpler `crate = "<package spec>"`.
-
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
resolved
[#​578](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/578 )
by adding a `reason = "<reason>"` field to *many* fields within the
configuration that are provided in diagnostics. `[bans.deny]` also has
an additional `use-instead = "<url/crate_name>"`.
[PR#610](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/610 )
did this for the `advisories.ignore` field.
-
[PR#605](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/605 )
resolved
[#​579](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/579 )
by allowing yanked crates to be ignored by specifying a
[PackageSpec](https://embarkstudios.github.io/cargo-deny/checks/cfg.html#package-specs )
in the `[advisories.ignore]` array.
##### Deprecated
-
[PR#606](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/606 )
and
[PR#611](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/611 )
together deprecated several fields listed below. See
[PR#611](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/611 )
for how to change your config to opt-in to the new behavior that will
become the default when the deprecated fields are removed in a future
minor version.
- `[advisories]`
- `vulnerability`
- `unmaintained`
- `unsound`
- `notice`
- `severity-threshold`
- `[licenses]`
- `unlicensed`
- `allow-osi-fsf-free`
- `copyleft`
- `default`
- `deny`
###
[`v1.5.15`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.15 ):
Release 1.5.15 - cargo-deny 0.14.11
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.14...v1.5.15 )
##### Fixed
- Resolved
[https://github.com/EmbarkStudios/cargo-deny-action/issues/71 ](https://redirect.github.com/EmbarkStudios/cargo-deny-action/issues/71 )
that was introduced in the previous release.
###
[`v1.5.14`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.14 ):
Release 1.5.14 - cargo-deny 0.14.11
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.13...v1.5.14 )
##### Added
- Added the `manifest-path` key as a shorthand for doing `arguments:
--manifest-path <path>`
###
[`v1.5.13`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.13 ):
Release 1.5.13 - cargo-deny 0.14.11
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.12...v1.5.13 )
##### Fixed
-
[PR#599](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/599 )
resolved
[#​488](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/488 )
by treating git and path sources differently. Thanks
[@​kpreid](https://redirect.github.com/kpreid )!
###
[`v1.5.12`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.12 ):
Release 1.5.12 - cargo-deny 0.14.10
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.11...v1.5.12 )
##### Fixed
-
[PR#596](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/596 )
updated `krates` *again* to pull in
[krates#77](https://redirect.github.com/EmbarkStudios/krates/pull/77 ).
###
[`v1.5.11`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.11 ):
Release 1.5.11 - cargo-deny 0.14.9
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.10...v1.5.11 )
##### Fixed
-
[PR#594](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/594 )
updated `krates` *again* to pull in
[krates#75](https://redirect.github.com/EmbarkStudios/krates/pull/75 ).
###
[`v1.5.10`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.10 ):
Release 1.5.10 - cargo-deny 0.14.8
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.9...v1.5.10 )
##### Fixed
-
[PR#592](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/592 )
updated `krates` *again* to pull in
[krates#73](https://redirect.github.com/EmbarkStudios/krates/pull/73 ).
###
[`v1.5.9`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.9 ):
Release 1.5.9 - cargo-deny 0.14.7
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.8...v1.5.9 )
##### Fixed
-
[PR#591](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/591 )
updated `krates` *again* to pull in
[krates#71](https://redirect.github.com/EmbarkStudios/krates/pull/71 ).
###
[`v1.5.8`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.8 ):
Release 1.5.8 - cargo-deny 0.14.6
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.7...v1.5.8 )
##### Fixed
-
[PR#590](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/590 )
updated `krates` to fix an issue with crates that directly have a
dependency on 2 or more versions of the same crate.
##### Added
-
[PR#590](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/590 )
resolved
[#​405](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/405 )
by emitting warnings when a `wrapper` crate for a banned crate does not
have a dependency on that crate.
##### Changed
-
[PR#591](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/591 )
updated `gix` and `tame-index`.
###
[`v1.5.7`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.7 ):
Release 1.5.7 - cargo-deny 0.14.5
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.6...v1.5.7 )
##### Fixed
-
[PR#588](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/588 )
resolved an issue introduced in \[0.14.4] where features that reference
dev-only dependencies in non-workspace crates would cause a
[panic](https://redirect.github.com/EmbarkStudios/krates/issues/66 ).
###
[`v1.5.6`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.6 ):
Release 1.5.6 - cargo-deny 0.14.4
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.5...v1.5.6 )
##### Fixed
-
[PR#586](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/586 )
resolved 2 issues with crate graph creation, see
[krates#60](https://redirect.github.com/EmbarkStudios/krates/issues/60 )
and
[krates#64](https://redirect.github.com/EmbarkStudios/krates/issues/64 )
for more details.
###
[`v1.5.5`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.5 ):
Release 1.5.5 - cargo-deny 0.14.2
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.4...v1.5.5 )
##### Added
-
[PR#545](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/545 )
added the ability to specify additional license exceptions via
[additional configuration
files](https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#additional-exceptions-configuration-file ).
-
[PR#549](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/549 )
added the
[`bans.build`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-build-field-optional )
configuration option, opting in to checking for [file
extensions](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-script-extensions-field-optional ),
[native
executables](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-executables-field-optional ),
and [interpreted
scripts](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-interpreted-field-optional ).
This resolved
[#​43](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/43 ).
##### Changed
-
[PR#557](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/557 )
introduced changes to how
[`dev-dependencies`](https://doc.rust-lang.org/cargo/reference/specifying-dependencies.html#development-dependencies )
are handled. By default, crates that are only used as dev-dependencies
(ie, there are no normal nor build dependency edges linking them to
other crates) will no longer be considered when checking for
[`multiple-versions`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-multiple-versions-field-optional )
violations. This can be re-enabled via the
[`bans.multiple-versions-include-dev`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-multiple-versions-include-dev-field-optional )
config field. Additionally, licenses are no longer checked for
`dev-dependencies`, but can be re-enabled via
[`licenses.include-dev`](https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html#the-include-dev-field-optional )
the config field. `dev-dependencies` can also be completely disabled
altogether, but this applies to all checks, including `advisories` and
`sources`, so is not enabled by default. This behavior can be enabled by
using the
[`exclude-dev`](https://embarkstudios.github.io/cargo-deny/checks/cfg.html#the-exclude-dev-field-optional )
field, or the `--exclude-dev` command line flag. This change resolved
[#​322](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/322 ),
[#​329](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/329 ),
[#​413](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/413 )
and
[#​497](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/497 ).
##### Fixed
-
[PR#549](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/549 )
fixed
[#​548](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/548 )
by correctly locating cargo registry indices from an git ssh url.
-
[PR#549](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/549 )
fixed
[#​552](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/552 )
by correctly handling signal interrupts and removing the advisory-dbs
lock file.
-
[PR#549](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/549 )
fixed
[#​553](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/553 )
by adding the `native-certs` feature flag that can enable the OS native
certificate store.
##### Deprecated
-
[PR#549](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/549 )
moved `bans.allow-build-scripts` to
[`bans.build.allow-build-scripts`](https://embarkstudios.github.io/cargo-deny/checks/bans/cfg.html#the-allow-build-scripts-field-optional ).
`bans.allow-build-scripts` is still supported, but emits a warning.
###
[`v1.5.4`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.4 ):
Release 1.5.4 - cargo-deny 0.14.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.3...v1.5.4 )
Updated the cargo version to 1.71.0 which should give significant
improvements to run times due to using the crates.io sparse index
instead of the old git index.
###
[`v1.5.3`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.3 ):
Release 1.5.3 - cargo-deny 0.14.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.2...v1.5.3 )
##### Changed
- [PR#520] resolved
[#​522](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/522 )
by completely removing all dependencies upon `git2` and `openssl`. This
was done by transitioning from `git2` -> `gix` for all git operations,
both directly in this crate, as well as replacing
[`crates-index`](https://redirect.github.com/frewsxcv/rust-crates-index )
with
[`tame-index`](https://redirect.github.com/EmbarkStudios/tame-index ).
- [PR#520] bumped the MSRV from `1.65.0` -> `1.70.0`
-
[PR#523](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/523 )
added "(try `cargo update -p <crate_name>`)" when an advisory is
detected for a crate. Thanks
[@​Victor-N-Suadicani](https://redirect.github.com/Victor-N-Suadicani )!
##### Fixed
- [PR#520] resolved
[#​361](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/361 )
by printing output when a fetch is being performed to clarify what is
taking time.
- [PR#520] (possibly) resolved
[#​435](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/435 )
by switching all git operations from `git2` to `gix`.
- [PR#520] resolved
[#​439](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/439 )
by using minimal refspecs for cloning and fetching all remote git
repositories (indices or advisory databases) where only the remote HEAD
is needed to update the local repository, regardless of the default
remote branch pointed to by HEAD.
- [PR#520] resolved
[#​446](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/446 )
by ensuring (and testing) that crates from non-registry sources are not
checked for advisories, eg. in the case that a local crate is named and
versioned the same as a crate from crates.io that has an advisory that
affects it.
- [PR#520] resolved
[#​515](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/515 )
by always opening the correct registry index based upon the environment.
-
[PR#531](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/531 )
resolved
[#​210](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/210 )
by adding `osi` and `fsf` options to `licenses.allow-osi-fsf-free`.
Thanks [@​zkxs](https://redirect.github.com/zkxs )!
-
[PR#533](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/533 )
resolved
[#​521](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/521 )
and
[#​524](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/524 )
by allowing clarifications to add files that are used to verify the
license information is up to date, rather than needing to match one of
the license files that was discovered.
-
[PR#534](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/534 )
resolved
[#​479](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/479 )
by improving how advisory databases are cloned and/or fetched, notably
each database now uses `gix`'s [file-based
locking](https://docs.rs/gix-lock/7.0.2/gix_lock/struct.Marker.html#method.acquire_to_hold_resource )
to ensure that only one process has mutable access to an advisory
database repo at a time.
##### Removed
- [PR#520] removed all features, notably `standalone`. This is due to
cargo still being in transition from `git2` -> `gix` and having no way
to compiled *without* OpenSSL. Once cargo is a better state with regards
to this we can add back that feature.
[PR#520]: https://redirect.github.com/EmbarkStudios/cargo-deny/pull/520
###
[`v1.5.2`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.2 ):
Release 1.5.2 - cargo-deny 0.13.9
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.1...v1.5.2 )
##### Fixed
-
[PR#506](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/506 )
replaced `atty` (unmaintained) with `is-terminal`. Thanks
[@​tottoto](https://redirect.github.com/tottoto )!
-
[PR#511](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/511 )
resolved
[#​494](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/494 ),
[#​507](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/507 ),
and
[#​510](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/510 )
by fixing up how and when urls are normalized.
-
[PR#512](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/512 )
resolved
[#​509](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/509 )
by fixing casing of the root configuration keys.
-
[PR#513](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/513 )
resolved
[#​508](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/508 )
by correctly using the crates.io sparse index when checking for yanked
crates if specified by the user, as well as falling back to the regular
git index if the sparse index is not present.
###
[`v1.5.1`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.1 ):
Release 1.5.1 - cargo-deny 0.13.8
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.5.0...v1.5.1 )
##### Added
-
[PR#504](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/504 )
(though really
[PR#365](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/365 ))
resolved
[#​350](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/350 )
by adding the `deny-multiple-versions` field to `bans.deny` entries,
allowing specific crates to deny multiple versions while
allowing/warning on them more generally. Thanks
[@​leops](https://redirect.github.com/leops )!
-
[PR#493](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/493 )
resolved
[#​437](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/437 )
by also looking for deny configuration files in `.cargo`. Thanks
[@​DJMcNab](https://redirect.github.com/DJMcNab )!
-
[PR#502](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/502 )
resolved
[#​500](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/500 )
by adding initial support for [sparse
indices](https://blog.rust-lang.org/inside-rust/2023/01/30/cargo-sparse-protocol.html ).
##### Fixed
-
[PR#503](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/503 )
resolved
[#​498](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/498 )
by falling back to more lax parsing of the SPDX expression of crate if
fails to parse according to the stricter but more correct rules.
###
[`v1.5.0`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.5.0 ):
Release 1.5.0 - cargo-deny 0.13.7
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.4.0...v1.5.0 )
Update from cargo-deny 0.13.5 to 0.13.7, apparently I missed two
releases, that's embarrassing.
#### 0.13.7
##### Fixed
-
[PR#491](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/491 )
resolved
[#​490](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/490 )
by building libgit2 from vendored sources instead of relying on
potentially outdated packages.
#### 0.13.6
##### Changed
-
[PR#489](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/489 )
updated dependencies, notably `clap`, `cargo`, and `git2`
##### Added
-
[PR#485](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/485 )
added this project and repository to our Security Bug Bounty Program and
has Private vulnerability reporting enabled. See
[`SECURITY.md`](./SECURITY.md) for more details.
-
[PR#487](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/487 )
added `allow-wildcard-paths`, fixing
[#​488](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/448 )
by allowing wildcards to be denied, but allowing them for internal,
private crates. Thanks [@​sribich](https://giqthub.com/sribich )!
##### Fixed
-
[PR#489](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/489 )
fixed an issue where git sources where `branch=master` would be
incorrectly categorized as not specifying the branch (ie use HEAD of
default branch).
###
[`v1.4.0`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.4.0 ):
Release 1.4.0 - cargo-deny 0.13.5
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.3.2...v1.4.0 )
##### Changed
- Updated to cargo-deny 0.13.5
###
[`v1.3.2`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.3.2 ):
- cargo-deny 0.12.1
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.3.1...v1.3.2 )
##### Added
- [PR#54](https://redirect.github.com/PR/cargo-deny-action/issues/54 )
resolved
[#​53](https://redirect.github.com/EmbarkStudios/cargo-deny-action/issues/53 )
by adding the `credentials` parameter for passing in a private access
token to allow cargo to fetch private github repositories. Thanks
[@​danielhaap83](https://redirect.github.com/danielhaap83 )!
###
[`v1.3.1`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.3.1 ):
- cargo-deny 0.12.1
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.3.0...v1.3.1 )
##### Fixed
-
[PR#426](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/426 )
fixed an oversight in
[PR#422](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/422 ),
fully resolving
[#​412](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/412 )
by allowing both `https` and `ssh` URLs for advisory databases. Thanks
[@​jbg](https://redirect.github.com/jbg )!
##### Changed
-
[PR#427](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/427 )
updated dependencies.
###
[`v1.3.0`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.3.0 ):
- cargo-deny 0.12.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.17...v1.3.0 )
##### Removed
-
[PR#423](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/423 )
removed the `fix` subcommand. This functionality was far too complicated
for far too little benefit.
##### Fixed
-
[PR#420](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/420 )
resolved
[#​388](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/388 )
by adding the ability to fetch advisory databases via the `git` CLI.
Thanks [@​danielhaap83](https://redirect.github.com/danielhaap83 )!
-
[PR#422](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/422 )
fixed
[#​380](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/380 )
and
[#​410](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/410 )
by updating a few transitive dependencies that use `git2`, as well as
removing the usage of `rustsec`'s `git` feature so that we now use `git2
v0.14`, resolving a crash issue in new `libgit2` versions available in
eg. rolling release distros such as Arch. This should also make it
easier to update and improve git related functionality since more of it
is inside cargo-deny itself now.
-
[PR#424](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/424 )
*really* fixed (there's even a test now!)
[#​384](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/384 )
by adding each version's reverse dependency graph in the ascending
order.
###
[`v1.2.17`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.17 ):
- cargo-deny 0.11.4
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.16...v1.2.17 )
#### Changed
-
[PR#51](https://redirect.github.com/EmbarkStudios/cargo-deny-action/pull/51 )
updated the image to use Rust 1.60.0 by default. Thanks
[@​MarcoIeni](https://redirect.github.com/MarcoIeni )!
###
[`v1.2.16`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.16 ):
- cargo-deny 0.11.4
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.15...v1.2.16 )
#### Added
-
[PR#49](https://redirect.github.com/EmbarkStudios/cargo-deny-action/pull/49 )
added the `command-arguments` option to the action. Thanks
[@​ryo33](https://redirect.github.com/ryo33 )!
###
[`v1.2.15`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.15 ):
- cargo-deny 0.11.3
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.14...v1.2.15 )
##### Fixed
- Accidentally change how arguments were forwarded to cargo-deny which
broken more complicated invocations
###
[`v1.2.14`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.14 ):
- cargo-deny 0.11.3
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.13...v1.2.14 )
##### Added
- Added `git` to the image, resolving
[#​40](https://redirect.github.com/EmbarkStudios/cargo-deny-action/issues/40 )
###
[`v1.2.13`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.13 ):
- cargo-deny 0.11.3
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.12...v1.2.13 )
##### Changed
- Added the `rust-version` github actions variable, allowing you to
specify a specific cargo version to use when running cargo-deny,
including nightly, or other unstable versions.
###
[`v1.2.12`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.12 ):
- cargo-deny 0.11.3
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.11...v1.2.12 )
##### Fixed
-
[PR#407](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/407 )
resolved
[#​406](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/406 )
by always checking license exceptions first.
###
[`v1.2.11`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.10...v1.2.11 )
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.10...v1.2.11 )
###
[`v1.2.10`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.10 ):
- cargo-deny 0.11.1
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.9...v1.2.10 )
##### Added
-
[PR#391](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/391 )
resolved
[#​344](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/344 )
by adding `[licenses.ignore-sources]` to ignore license checking for
crates sourced from 1 or more specified registries. Thanks
[@​ShellWowza](https://redirect.github.com/ShellWowza )!
-
[PR#396](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/396 )
resolved
[#​366](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/366 )
by also looking for `.deny.toml` in addition to `deny.toml` if a config
file is not specified.
##### Changed
-
[PR#392](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/392 )
updated all dependencies.
##### Fixed
-
[PR#393](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/393 )
resolved
[#​371](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/371 )
by changing the default for version requirements specified in config
files to accept all versions, rather than using the almost-but-not-quite
default of `*`.
-
[PR#394](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/394 )
resolved
[#​147](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/147 )
by ignore *all* private crates, not only the ones in the workspace.
-
[PR#395](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/395 )
resolved
[#​375](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/375 )
by fixing a potential infinite loop when using `[bans.skip-tree]`.
###
[`v1.2.9`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.9 ):
- cargo-deny 0.11.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.8...v1.2.9 )
Fixed image to use proper tag.
###
[`v1.2.8`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.8 ):
- cargo-deny 0.11.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.7...v1.2.8 )
Updated the cargo version in the image to 1.57.0 to allow for the use of
[custom
profiles](https://doc.rust-lang.org/cargo/reference/profiles.html#custom-profiles ).
###
[`v1.2.7`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.7 ):
v1.2.6 - cargo-deny 0.11.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.6...v1.2.7 )
#### \[0.11.0] - 2021-12-06
##### Changed
-
[PR#382](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/382 )
updated dependencies and bumped the Minimum Stable Rust Version to
**1.56.1**.
#### \[0.10.3] - 2021-11-22
##### Changed
-
[PR#379](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/379 )
updated `askalono` which got rid of the `failure` dependency, which was
pulling in a lot of additional crates that are now gone.
##### Fixed
-
[PR#379](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/379 )
fixed
[#​378](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/378 )
which was an edge case where the `sources` check was executed against a
crate that didn't use any crates from crates.io, and the config file was
shorter than the crates.io URL.
#### \[0.10.2] - 2021-11-21
##### Fixed
-
[PR#376](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/376 )
fixed the JSON formatting when using `--format json` output option.
Thanks [@​dnaka91](https://redirect.github.com/dnaka91 )!
##### Changed
-
[PR#377](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/377 )
updated dependencies.
#### \[0.10.1] - 2021-11-10
##### Fixed
-
[PR#347](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/374 )
resolved
[#​372](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/372 )
by correcting a slight mistake that resulted in an incorrect hash making
cargo-deny unable to lookup index or crate information from the local
file system.
#### \[0.10.0] - 2021-10-29
##### Added
-
[PR#353](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/353 )
resolved
[#​351](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/351 )
by adding the `sources.private` field to blanket allow git repositories
sourced from a particular url.
-
[PR#359](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/359 )
resolved
[#​341](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/341 )
and
[#​357](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/357 )
by adding support for the [`--frozen`, `--locked`, and
`--offline`](https://doc.rust-lang.org/cargo/commands/cargo-metadata.html#manifest-options )
flags to determine whether network access is allowed, and whether the
`Cargo.lock` file can be created and/or modified.
-
[PR#368](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/368 )
added the `licenses.unused-allowed-license` field to control whether the
[L006 - license was not
encountered](https://embarkstudios.github.io/cargo-deny/checks/licenses/diags.html#l006---license-was-not-encountered )
diagnostic. Thanks [@​thomcc](https://redirect.github.com/thomcc )!
##### Changed
-
[PR#358](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/358 )
bumped the Minimum Stable Rust Version to **1.53.0**.
-
[PR#358](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/358 )
bumped various dependencies, notably `semver` to `1.0.3`.
#### \[0.9.1] - 2021-03-26
##### Changed
- Updated dependencies
###
[`v1.2.6`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.6 ):
Release 1.2.6 - cargo-deny 0.9.1
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.5...v1.2.6 )
##### Changed
- Updated dependencies
###
[`v1.2.5`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.5 ):
- cargo-deny 0.9.0
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.4...v1.2.5 )
##### Changed
- Updated `krates`, which in turn uses an updated `cargo_metadata` which
uses [`camino`](https://docs.rs/camino ) for utf-8 paths. Rather than
support both vanilla Path/Buf and Utf8Path/Buf, cargo-deny now just uses
Utf8Path/Buf, which means that non-utf-8 paths for things like your
Cargo.toml manifest or license paths will no longer function. This is a
breaking change, that can be reverted if it disruptive for users, but
the assumption is that cargo-deny is operating on normal checkouts of
rust repositories that are overwhelmingly going to be utf-8 compatible
paths.
###
[`v1.2.4`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.4 ):
Update image
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.3...v1.2.4 )
Updates the base image to rust 1.50.0 to fix issue if you pin to it via
eg rust-toolchain.
###
[`v1.2.3`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.3 ):
- cargo-deny 0.8.5
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.2...v1.2.3 )
##### Added
-
[PR#315](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/315 )
resolved
[#​312](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/312 )
by adding support for excluding packages in the deny configuration file,
in addition to the existing support for the `--exclude` CLI option.
Thanks [@​luser](https://redirect.github.com/luser )!
##### Fixed
-
[PR#318](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/318 )
fixed
[#​316](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/316 )
by adding a workaround for crate versions with pre-release identifiers
in them that could be erroneously marked as matching advisories in an
advisory database. Thanks for reporting this
[@​djc](https://redirect.github.com/djc )!
###
[`v1.2.2`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.2 ):
- cargo-deny 0.8.4
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.2.1...v1.2.2 )
##### Changed
- Updated dependencies, notably `rustsec`, `crossbeam`\*, and `cargo`.
- Bumped the Minimum Stable Rust Version to **1.44.1**.
###
[`v1.2.1`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/v1.2.1 ):
- cargo-deny 0.8.1
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/1.2.0...v1.2.1 )
Updates cargo-deny from 0.7.3 -> 0.8.1
##### Added
-
[PR#238](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/238 )
resolved
[#​225](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/225 )
by adding a `wrappers` field to `[bans.deny]` entries, which allows the
banned crate to be used only if it is a direct dependency of one of the
wrapper crates. Thanks
[@​Stupremee](https://redirect.github.com/Stupremee )!
-
[PR#244](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/244 )
resolved
[#​69](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/69 )
by adding support for multiple advisory databases, which will all be
checked during the `advisory` check. Thanks
[@​Stupremee](https://redirect.github.com/Stupremee )!
-
[PR#243](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/243 )
resolved
[#​54](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/54 )
by adding support for compiling and using `cargo` crate directly via the
`standalone` feature. This allows `cargo-deny` to be used without cargo
being installed, but it still requires
[**rustc**](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/295 )
to be available. Thanks
[@​Stupremee](https://redirect.github.com/Stupremee )!
-
[PR#275](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/275 )
resolved
[#​64](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/64 )
by adding a diagnostic when a user tries to ignore an advisory
identifier that doesn't exist in any database.
-
[PR#262](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/262 )
added the `fix` subcommand, which was added to bring `cargo-deny` to
feature parity with `cargo-audit` so that it can take over for
`cargo-audit` as the [official
frontend](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/194 )
for the the [RustSec Advisory
Database](https://redirect.github.com/RustSec/advisory-db ).
##### Changed
- `advisories.db-url` has been deprecated in favor of
`advisories.db-urls` since multiple databses are now supported.
- `advisories.db-path` is now no longer the directory into which the
advisory database is cloned into, but rather a root directory where each
unique database is placed in a canonicalized directory similar to how
`.cargo/registry/index` directories work.
-
[PR#274](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/274 )
resolved
[#​115](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/115 )
by normalizing git urls. Thanks
[@​senden9](https://redirect.github.com/senden9 )!
##### Fixed
-
[#​265](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/265 )
A transitive dependency (`smol_str`) forced the usage of the latest Rust
stable version (1.46) which was unintended. We now state the MSRV in the
README and check for it in CI so that changing the MSRV is a conscious
decision.
-
[PR#287](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/287 )
fixed
[#​286](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/286 ),
which could happen if using a git source where the representation
differed slightly between the user specified id and the id used for
dependencies.
-
[PR#249](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/249 )
fixed
[#​190](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/190 )
by printing a different diagnostic for when the path specified for a
clarification license file could not be found. Thanks
[@​khodzha](https://redirect.github.com/khodzha )!
-
[PR#297](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/297 )
fixed a couple of diagnostics to have codes.
-
[PR#296](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/296 )
resolved
[#​288](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/288 )
by improving the information in diagnostics pertaining to advisories.
Thanks [@​tomasfarias](https://redirect.github.com/tomasfarias )!
###
[`v1.2.0`](https://redirect.github.com/EmbarkStudios/cargo-deny-action/releases/tag/1.2.0 ):
- cargo-deny 0.8.1
[Compare
Source](https://redirect.github.com/EmbarkStudios/cargo-deny-action/compare/v1.1.0...1.2.0 )
Updates cargo-deny from 0.7.3 -> 0.8.1
##### Added
-
[PR#238](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/238 )
resolved
[#​225](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/225 )
by adding a `wrappers` field to `[bans.deny]` entries, which allows the
banned crate to be used only if it is a direct dependency of one of the
wrapper crates. Thanks
[@​Stupremee](https://redirect.github.com/Stupremee )!
-
[PR#244](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/244 )
resolved
[#​69](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/69 )
by adding support for multiple advisory databases, which will all be
checked during the `advisory` check. Thanks
[@​Stupremee](https://redirect.github.com/Stupremee )!
-
[PR#243](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/243 )
resolved
[#​54](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/54 )
by adding support for compiling and using `cargo` crate directly via the
`standalone` feature. This allows `cargo-deny` to be used without cargo
being installed, but it still requires
[**rustc**](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/295 )
to be available. Thanks
[@​Stupremee](https://redirect.github.com/Stupremee )!
-
[PR#275](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/275 )
resolved
[#​64](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/64 )
by adding a diagnostic when a user tries to ignore an advisory
identifier that doesn't exist in any database.
-
[PR#262](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/262 )
added the `fix` subcommand, which was added to bring `cargo-deny` to
feature parity with `cargo-audit` so that it can take over for
`cargo-audit` as the [official
frontend](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/194 )
for the the [RustSec Advisory
Database](https://redirect.github.com/RustSec/advisory-db ).
##### Changed
- `advisories.db-url` has been deprecated in favor of
`advisories.db-urls` since multiple databses are now supported.
- `advisories.db-path` is now no longer the directory into which the
advisory database is cloned into, but rather a root directory where each
unique database is placed in a canonicalized directory similar to how
`.cargo/registry/index` directories work.
-
[PR#274](https://redirect.github.com/EmbarkStudios/cargo-deny/pull/274 )
resolved
[#​115](https://redirect.github.com/EmbarkStudios/cargo-deny/issues/115 )
by normalizing git urls. Thanks
[@​senden9](https://redirect.github.com/senden9 )!
##### Fixe
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNTcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjI1Ny4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-28 10:56:57 +02:00
aacf2a724c
Update astral-sh/setup-uv action to v6 ( #13162 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv ) |
action | major | `v5.4.2` -> `v6.0.0` |
---
### Release Notes
<details>
<summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary>
###
[`v6.0.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v6.0.0 ):
🌈 activate-environment and working-directory
[Compare
Source](https://redirect.github.com/astral-sh/setup-uv/compare/v5.4.2...v6.0.0 )
##### Changes
This version contains some breaking changes which have been gathering up
for a while. Lets dive into them:
- [Activate environment](#activate-environment)
- [Working Directory](#working-directory)
- [Default `cache-dependency-glob`](#default-cache-dependency-glob)
- [Use default cache dir on self hosted
runners](#use-default-cache-dir-on-self-hosted-runners)
##### Activate environment
In previous versions using the input `python-version` automatically
activated a venv at the repository root.
This led to some unwanted side-effects, was sometimes unexpected and not
flexible enough.
The venv activation is now explicitly controlled with the new input
`activate-environment` (false by default):
```yaml
- name: Install the latest version of uv and activate the environment
uses: astral-sh/setup-uv@v6
with:
activate-environment: true
- run: uv pip install pip
```
The venv gets created by the [`uv
venv`](https://docs.astral.sh/uv/pip/environments/ ) command so the
python version is controlled by the `python-version` input or the files
`pyproject.toml`, `uv.toml`, `.python-version` in the
`working-directory`.
##### Working Directory
The new input `working-directory` controls where we look for
`pyproject.toml`, `uv.toml` and `.python-version` files
which are used to determine the version of uv and python to install.
It can also be used to control where the venv gets created.
```yaml
- name: Install uv based on the config files in the working-directory
uses: astral-sh/setup-uv@v6
with:
working-directory: my/subproject/dir
```
> \[!CAUTION]
>
> The inputs `pyproject-file` and `uv-file` have been removed.
##### Default `cache-dependency-glob`
[@​ssbarnea](https://redirect.github.com/ssbarnea ) found out that
the default `cache-dependency-glob` was not suitable for a lot of users.
The old default
```yaml
cache-dependency-glob: |
**/requirements*.txt
**/uv.lock
```
is changed and should cover over 99.5% of use cases:
```yaml
cache-dependency-glob: |
**/*(requirements|constraints)*.(txt|in)
**/pyproject.toml
**/uv.lock
```
> \[!NOTE]
>
> This shouldn't be a breaking change. The only thing you may notice is
that your caches get invalidated once.
##### Use default cache dir on self hosted runners
The directory where uv stores its cache was always set to a directory in
`RUNNER_TEMP`. For self-hosted runners this made no sense as this gets
cleaned after every run and led to slower runs than necessary.
On self-hosted runners `UV_CACHE_DIR` is no longer set and the [default
cache
directory](https://docs.astral.sh/uv/concepts/cache/#cache-directory ) is
used instead.
##### 🚨 Breaking changes
- Change default cache-dependency-glob
[@​eifinger](https://redirect.github.com/eifinger )
([#​352](https://redirect.github.com/astral-sh/setup-uv/issues/352 ))
- No default UV_CACHE_DIR on selfhosted runners
[@​eifinger](https://redirect.github.com/eifinger )
([#​380](https://redirect.github.com/astral-sh/setup-uv/issues/380 ))
- new inputs activate-environment and working-directory
[@​eifinger](https://redirect.github.com/eifinger )
([#​381](https://redirect.github.com/astral-sh/setup-uv/issues/381 ))
##### 🧰 Maintenance
- chore: update known checksums for 0.6.16
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​378](https://redirect.github.com/astral-sh/setup-uv/issues/378 ))
- chore: update known checksums for 0.6.15
@​[github-actions\[bot\]](https://redirect.github.com/apps/github-actions )
([#​377](https://redirect.github.com/astral-sh/setup-uv/issues/377 ))
##### 📚 Documentation
- bump to v6 in README
[@​eifinger](https://redirect.github.com/eifinger )
([#​382](https://redirect.github.com/astral-sh/setup-uv/issues/382 ))
- log info on venv activation
[@​eifinger](https://redirect.github.com/eifinger )
([#​375](https://redirect.github.com/astral-sh/setup-uv/issues/375 ))
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yNTcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjI1Ny4zIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-28 10:53:35 +02:00
0f58828003
Update Swatinem/rust-cache action to v2.7.8 ( #13160 )
2025-04-27 22:30:40 -04:00
0a49849f5a
Update docker/build-push-action action to v6.16.0 ( #13151 )
2025-04-28 02:23:30 +00:00
5783ed666e
Update actions/setup-python action to v5.6.0 ( #13150 )
2025-04-27 21:38:50 -04:00
17cfd82c34
Update taiki-e/install-action digest to ab3728c ( #13143 )
2025-04-28 00:32:30 +00:00
bb16905a69
Update pypa/gh-action-pypi-publish digest to db8f07d ( #13142 )
2025-04-27 20:31:18 -04:00
38bcf66861
Don't run CodSpeed benchmarks outside of `astral-sh/uv` ( #13140 )
...
## Summary
This fails on forks, I think, since you can't post to CodSpeed.
2025-04-27 20:22:31 -04:00
1cafcd0ad9
Loosen `github.repository` match in `ci.yml` ( #13121 )
...
## Summary
Discussed with @zanieb and was recommended to remove this piece
entirely.
2025-04-26 16:16:58 +00:00
c7c9b7a90e
Test publishing with pypa/gh-action-pypi-publish ( #12742 )
...
A publish testing for #11652
2025-04-25 18:27:40 +02:00
05c40921cc
Retry on deadsnake repo add failure ( #13026 )
...
This has been failing with a 504
2025-04-21 16:59:06 -05:00
06134f34ea
Update docker/login-action action to v3.4.0 ( #13008 )
2025-04-21 08:29:32 -04:00
e992e5fa17
Update docker/setup-buildx-action action to v3.10.0 ( #13010 )
2025-04-21 08:29:19 -04:00
a74f995441
Update docker/metadata-action action to v5.7.0 ( #13009 )
2025-04-21 08:29:12 -04:00
98e3546afd
Update docker/build-push-action action to v6.15.0 ( #13007 )
2025-04-21 08:29:02 -04:00
f56ca37271
Update conda-incubator/setup-miniconda action to v3.1.1 ( #13005 )
2025-04-21 08:28:52 -04:00
bdfb014d68
Update astral-sh/setup-uv action to v5.4.2 ( #13004 )
2025-04-21 03:54:04 +00:00
c929f71085
Update actions/setup-python action to v5.5.0 ( #13003 )
2025-04-21 03:32:53 +00:00
78f2b697ce
Update actions/checkout action to v4.2.2 ( #13002 )
2025-04-21 03:08:09 +00:00
9b65e49096
Update actions/attest-build-provenance action to v2.2.3 ( #13001 )
2025-04-21 02:49:22 +00:00
26fb1ac320
Update taiki-e/install-action digest to 09dc018 ( #12996 )
2025-04-21 02:15:02 +00:00
f967ca7afe
Update astral-sh/setup-uv digest to d4b2f3b ( #12995 )
2025-04-21 02:12:27 +00:00
eef3fc2215
update cargo-dist and enable ci checks ( #12949 )
...
Fixes #12881
Potentially Fixes #12780
Prevents #12879
2025-04-17 19:32:56 -04:00
693110506a
Update Artifact GitHub Actions dependencies ( #12865 )
2025-04-14 08:31:19 -04:00
e718f55677
Update taiki-e/install-action digest to be7c31b ( #12860 )
2025-04-14 08:21:35 -04:00
50de464425
Add integration test for GitHub provided free-threaded Python ( #12471 )
2025-04-10 16:51:50 -05:00
876b9aef50
update cargo-dist ( #12790 )
...
Putting this up to confirm that it does what it should:
* undirty the release.yml by including action-commits in the config
* add `persist-credentials=false` hardening
* includes but does not use `[package.metadata.dist.binaries]` overrides
(for #11786 )
2025-04-10 09:42:41 -04:00
df2d773d52
Update taiki-e/install-action digest to 2db3465 ( #12697 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[taiki-e/install-action](https://redirect.github.com/taiki-e/install-action )
| action | digest | `6aca1cf` -> `2db3465` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMjcuMyIsInVwZGF0ZWRJblZlciI6IjM5LjIzNS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-04-08 12:07:05 -05:00
b0a6ef4dd6
Update maturin-action to v1.48.1 ( #12736 )
...
Initially, this was for testing CI for #12688 , but I think it makes
sense to merge this independently and rebase #12688 on top of it.
2025-04-08 12:10:48 -04:00
2b62f73064
Add `UV_PYTHON_DOWNLOADS_JSON_URL` to set custom managed python sources ( #10939 )
...
## Summary
Add an option to overwrite the list of available Python downloads from a
local JSON file by using the environment variable
`UV_PYTHON_DOWNLOADS_JSON_URL`
as an experimental support for providing custom sources for Python
distribution binaries #8015
related #10203
I probably should make the JSON to be fetched from a remote URL instead
of a local file.
please let me know what you think and I will modify the code
accordingly.
## Test Plan
### normal run
```
root@75c66494ba8b:/# /code/target/release/uv python list
cpython-3.14.0a4+freethreaded-linux-x86_64-gnu <download available>
cpython-3.14.0a4-linux-x86_64-gnu <download available>
cpython-3.13.1+freethreaded-linux-x86_64-gnu <download available>
cpython-3.13.1-linux-x86_64-gnu <download available>
cpython-3.12.8-linux-x86_64-gnu <download available>
cpython-3.11.11-linux-x86_64-gnu <download available>
cpython-3.10.16-linux-x86_64-gnu <download available>
cpython-3.9.21-linux-x86_64-gnu <download available>
cpython-3.8.20-linux-x86_64-gnu <download available>
cpython-3.7.9-linux-x86_64-gnu <download available>
pypy-3.10.14-linux-x86_64-gnu <download available>
pypy-3.9.19-linux-x86_64-gnu <download available>
pypy-3.8.16-linux-x86_64-gnu <download available>
pypy-3.7.13-linux-x86_64-gnu <download available>
```
### empty JSON file
```sh
root@75c66494ba8b:/# export UV_PYTHON_DOWNLOADS_JSON_URL=/code/crates/uv-python/my-download-metadata.json
root@75c66494ba8b:/# cat $UV_PYTHON_DOWNLOADS_JSON_URL
{}
root@75c66494ba8b:/# /code/target/release/uv python list
root@75c66494ba8b:/#
```
### JSON file with valid version
```sh
root@75c66494ba8b:/# export UV_PYTHON_DOWNLOADS_JSON_URL=/code/crates/uv-python/my-download-metadata.json
root@75c66494ba8b:/# cat $UV_PYTHON_DOWNLOADS_JSON_URL
{
"cpython-3.11.9-linux-x86_64-gnu": {
"name": "cpython",
"arch": {
"family": "x86_64",
"variant": null
},
"os": "linux",
"libc": "gnu",
"major": 3,
"minor": 11,
"patch": 9,
"prerelease": "",
"url": "https://github.com/astral-sh/python-build-standalone/releases/download/20240814/cpython-3.11.9%2B20240814-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz ",
"sha256": "daa487c7e73005c4426ac393273117cf0e2dc4ab9b2eeda366e04cd00eea00c9",
"variant": null
}
}
root@75c66494ba8b:/# /code/target/release/uv python list
cpython-3.11.9-linux-x86_64-gnu <download available>
root@75c66494ba8b:/#
```
### Remote Path
```sh
root@75c66494ba8b:/# export UV_PYTHON_DOWNLOADS_JSON_URL=http://a.com/file.json
root@75c66494ba8b:/# /code/target/release/uv python list
error: Remote python downloads JSON is not yet supported, please use a local path (without `file://` prefix)
```
---------
Co-authored-by: Aria Desires <aria.desires@gmail.com>
2025-04-07 13:55:00 -04:00
ba443fae75
use astral-sh/cargo-dist instead ( #12659 )
2025-04-03 17:25:18 -04:00
c1b49b9ab2
Update astral-sh/setup-uv digest to 0c5e2b8 ( #12569 )
2025-03-31 13:29:05 +00:00
545ededdf6
Pin actions/checkout action to 11bd719 ( #12567 )
2025-03-31 09:07:40 -04:00
be615cb213
Update Artifact GitHub Actions dependencies ( #12572 )
2025-03-31 09:07:01 -04:00
ae03d7e617
Update taiki-e/install-action digest to 6aca1cf ( #12570 )
2025-03-31 09:06:51 -04:00
123b9d7a5c
Update actions/setup-python digest to 8d9ed9a ( #12568 )
2025-03-31 09:06:17 -04:00
a28db37f33
Add smoke test script in Python ( #11628 )
...
I wanted to consolidate these anyway, and apparently it's a huge pain to
make a Windows task fail early via GitHub's PowerShell setup so I
implement this in Python instead.
2025-03-27 15:35:21 -05:00
99e2324dcf
Use 64-bit host for 32-bit releases to work around OOM ( #12466 )
...
The i686 linux gnu release job started failing since the last release
(#12430 ) due to an OOM with llvm breaking the 4GB limit for 32-bit
processes. We work around this by using a 64-bit host targeting 32-bit.
2025-03-25 18:33:31 +01:00
f00f8e908a
Update taiki-e/install-action digest to 914ac1e ( #12410 )
2025-03-24 09:19:26 -04:00
2040c1c330
Update webfactory/ssh-agent action to v0.9.1 ( #12421 )
2025-03-24 09:19:07 -04:00
6355a24240
Update PyO3/maturin-action action to v1.47.3 ( #12411 )
2025-03-23 22:15:00 -04:00
b69be96e0f
Update astral-sh/setup-uv digest to 2269511 ( #12409 )
2025-03-23 22:14:16 -04:00
619e300025
Update Swatinem/rust-cache digest to 9d47c6a ( #12408 )
2025-03-23 22:14:10 -04:00
e9d2b6ecea
Un-pin `maturin-action` version ( #12287 )
...
## Summary
The commit we want is in https://github.com/PyO3/maturin-action/pull/330
which is now released.
2025-03-18 10:54:22 -05:00
3c20ffe9ef
Update PyO3/maturin-action action to v1.47.2 ( #12228 )
2025-03-17 14:17:16 -04:00
28a2d07c44
Update CodSpeedHQ/action action to v3.5.0 ( #12227 )
2025-03-17 14:17:03 -04:00
68ece236a9
Update peter-evans/create-pull-request action to v7.0.8 ( #12226 )
2025-03-17 14:16:46 -04:00
f31a1edd42
Update taiki-e/install-action digest to 2c41309 ( #12213 )
2025-03-17 03:32:42 +00:00
5880a98163
Pin dependencies ( #12191 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [CodSpeedHQ/action](https://redirect.github.com/CodSpeedHQ/action ) |
action | pinDigest | -> `0010eb0` |
|
[EmbarkStudios/cargo-deny-action](https://redirect.github.com/EmbarkStudios/cargo-deny-action )
| action | pinDigest | -> `3f4a782` |
| [PyO3/maturin-action](https://redirect.github.com/PyO3/maturin-action )
| action | pinDigest | -> `36db840` |
|
[SebRollen/toml-action](https://redirect.github.com/SebRollen/toml-action )
| action | pinDigest | -> `b1b3628` |
| [Swatinem/rust-cache](https://redirect.github.com/Swatinem/rust-cache )
| action | pinDigest | -> `f0deed1` |
|
[acj/freebsd-firecracker-action](https://redirect.github.com/acj/freebsd-firecracker-action )
| action | pinDigest | -> `4d93174` |
|
[actions/attest-build-provenance](https://redirect.github.com/actions/attest-build-provenance )
| action | pinDigest | -> `c074443` |
| [actions/checkout](https://redirect.github.com/actions/checkout ) |
action | pinDigest | -> `11bd719` |
|
[actions/setup-python](https://redirect.github.com/actions/setup-python )
| action | pinDigest | -> `4237552` |
| [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv ) |
action | pinDigest | -> `f94ec6b` |
|
[conda-incubator/setup-miniconda](https://redirect.github.com/conda-incubator/setup-miniconda )
| action | pinDigest | -> `505e639` |
|
[docker/build-push-action](https://redirect.github.com/docker/build-push-action )
| action | pinDigest | -> `471d1dc` |
| [docker/login-action](https://redirect.github.com/docker/login-action )
| action | pinDigest | -> `74a5d14` |
|
[docker/metadata-action](https://redirect.github.com/docker/metadata-action )
| action | pinDigest | -> `902fa8e` |
|
[docker/setup-buildx-action](https://redirect.github.com/docker/setup-buildx-action )
| action | pinDigest | -> `b5ca514` |
|
[ludeeus/action-shellcheck](https://redirect.github.com/ludeeus/action-shellcheck )
| action | pinDigest | -> `00cae50` |
|
[peter-evans/create-pull-request](https://redirect.github.com/peter-evans/create-pull-request )
| action | pinDigest | -> `271a8d0` |
|
[taiki-e/install-action](https://redirect.github.com/taiki-e/install-action )
| action | pinDigest | -> `2153a01` |
|
[uraimo/run-on-arch-action](https://redirect.github.com/uraimo/run-on-arch-action )
| action | pinDigest | -> `ac33288` |
|
[webfactory/ssh-agent](https://redirect.github.com/webfactory/ssh-agent )
| action | pinDigest | -> `dc588b6` |
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-15 16:25:19 -04:00
8cf439bc36
Update Artifact GitHub Actions dependencies ( #12192 )
...
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/download-artifact](https://redirect.github.com/actions/download-artifact )
| action | minor | `v4` -> `v4.1.9` |
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact )
| action | minor | `v4` -> `v4.6.1` |
---
### Release Notes
<details>
<summary>actions/download-artifact (actions/download-artifact)</summary>
###
[`v4.1.9`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.9 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.8...v4.1.9 )
#### What's Changed
- Add workflow file for publishing releases to immutable action package
by [@​Jcambass](https://redirect.github.com/Jcambass ) in
[https://github.com/actions/download-artifact/pull/354 ](https://redirect.github.com/actions/download-artifact/pull/354 )
- docs: small migration fix by
[@​froblesmartin](https://redirect.github.com/froblesmartin ) in
[https://github.com/actions/download-artifact/pull/370 ](https://redirect.github.com/actions/download-artifact/pull/370 )
- Update MIGRATION.md by
[@​andyfeller](https://redirect.github.com/andyfeller ) in
[https://github.com/actions/download-artifact/pull/372 ](https://redirect.github.com/actions/download-artifact/pull/372 )
- Update artifact package to 2.2.2 by
[@​yacaovsnc](https://redirect.github.com/yacaovsnc ) in
[https://github.com/actions/download-artifact/pull/380 ](https://redirect.github.com/actions/download-artifact/pull/380 )
#### New Contributors
- [@​Jcambass](https://redirect.github.com/Jcambass ) made their
first contribution in
[https://github.com/actions/download-artifact/pull/354 ](https://redirect.github.com/actions/download-artifact/pull/354 )
- [@​froblesmartin](https://redirect.github.com/froblesmartin )
made their first contribution in
[https://github.com/actions/download-artifact/pull/370 ](https://redirect.github.com/actions/download-artifact/pull/370 )
- [@​andyfeller](https://redirect.github.com/andyfeller ) made
their first contribution in
[https://github.com/actions/download-artifact/pull/372 ](https://redirect.github.com/actions/download-artifact/pull/372 )
- [@​yacaovsnc](https://redirect.github.com/yacaovsnc ) made their
first contribution in
[https://github.com/actions/download-artifact/pull/380 ](https://redirect.github.com/actions/download-artifact/pull/380 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4...v4.1.9
###
[`v4.1.8`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.8 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.7...v4.1.8 )
#### What's Changed
- Update
[@​actions/artifact](https://redirect.github.com/actions/artifact )
version, bump dependencies by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/download-artifact/pull/341 ](https://redirect.github.com/actions/download-artifact/pull/341 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4...v4.1.8
###
[`v4.1.7`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.7 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.6...v4.1.7 )
#### What's Changed
- Update
[@​actions/artifact](https://redirect.github.com/actions/artifact )
dependency by
[@​bethanyj28](https://redirect.github.com/bethanyj28 ) in
[https://github.com/actions/download-artifact/pull/325 ](https://redirect.github.com/actions/download-artifact/pull/325 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4.1.6...v4.1.7
###
[`v4.1.6`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.6 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.5...v4.1.6 )
#### What's Changed
- updating `@actions/artifact` dependency to v2.1.6 by
[@​eggyhead](https://redirect.github.com/eggyhead ) in
[https://github.com/actions/download-artifact/pull/324 ](https://redirect.github.com/actions/download-artifact/pull/324 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4.1.5...v4.1.6
###
[`v4.1.5`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.5 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.4...v4.1.5 )
##### What's Changed
- Update readme with v3/v2/v1 deprecation notice by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/download-artifact/pull/322 ](https://redirect.github.com/actions/download-artifact/pull/322 )
- Update dependencies `@actions/core` to v1.10.1 and `@actions/artifact`
to v2.1.5
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4.1.4...v4.1.5
###
[`v4.1.4`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.4 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.3...v4.1.4 )
#### What's Changed
- Update
[@​actions/artifact](https://redirect.github.com/actions/artifact )
by [@​bethanyj28](https://redirect.github.com/bethanyj28 ) in
[https://github.com/actions/download-artifact/pull/307 ](https://redirect.github.com/actions/download-artifact/pull/307 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4...v4.1.4
###
[`v4.1.3`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.3 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.2...v4.1.3 )
#### What's Changed
- Update release-new-action-version.yml by
[@​konradpabjan](https://redirect.github.com/konradpabjan ) in
[https://github.com/actions/download-artifact/pull/292 ](https://redirect.github.com/actions/download-artifact/pull/292 )
- Update toolkit dependency with updated unzip logic by
[@​bethanyj28](https://redirect.github.com/bethanyj28 ) in
[https://github.com/actions/download-artifact/pull/299 ](https://redirect.github.com/actions/download-artifact/pull/299 )
- Update
[@​actions/artifact](https://redirect.github.com/actions/artifact )
by [@​bethanyj28](https://redirect.github.com/bethanyj28 ) in
[https://github.com/actions/download-artifact/pull/303 ](https://redirect.github.com/actions/download-artifact/pull/303 )
#### New Contributors
- [@​bethanyj28](https://redirect.github.com/bethanyj28 ) made
their first contribution in
[https://github.com/actions/download-artifact/pull/299 ](https://redirect.github.com/actions/download-artifact/pull/299 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4...v4.1.3
###
[`v4.1.2`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.2 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.1...v4.1.2 )
- Bump
[@​actions/artifacts](https://redirect.github.com/actions/artifacts )
to latest version to include [updated GHES host
check](https://redirect.github.com/actions/toolkit/pull/1648 )
###
[`v4.1.1`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.1 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4.1.0...v4.1.1 )
- Fix transient request timeouts
[https://github.com/actions/download-artifact/issues/249 ](https://redirect.github.com/actions/download-artifact/issues/249 )
- Bump `@actions/artifacts` to latest version
###
[`v4.1.0`](https://redirect.github.com/actions/download-artifact/releases/tag/v4.1.0 )
[Compare
Source](https://redirect.github.com/actions/download-artifact/compare/v4...v4.1.0 )
#### What's Changed
- Some cleanup by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/download-artifact/pull/247 ](https://redirect.github.com/actions/download-artifact/pull/247 )
- Fix default for run-id by
[@​stchr](https://redirect.github.com/stchr ) in
[https://github.com/actions/download-artifact/pull/252 ](https://redirect.github.com/actions/download-artifact/pull/252 )
- Support pattern matching to filter artifacts & merge to same directory
by [@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/download-artifact/pull/259 ](https://redirect.github.com/actions/download-artifact/pull/259 )
#### New Contributors
- [@​stchr](https://redirect.github.com/stchr ) made their first
contribution in
[https://github.com/actions/download-artifact/pull/252 ](https://redirect.github.com/actions/download-artifact/pull/252 )
**Full Changelog**:
https://github.com/actions/download-artifact/compare/v4...v4.1.0
</details>
<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>
###
[`v4.6.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.1 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.6.0...v4.6.1 )
#### What's Changed
- Update to use artifact 2.2.2 package by
[@​yacaovsnc](https://redirect.github.com/yacaovsnc ) in
[https://github.com/actions/upload-artifact/pull/673 ](https://redirect.github.com/actions/upload-artifact/pull/673 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.6.1
###
[`v4.6.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.6.0 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.5.0...v4.6.0 )
##### What's Changed
- Expose env vars to control concurrency and timeout by
[@​yacaovsnc](https://redirect.github.com/yacaovsnc ) in
[https://github.com/actions/upload-artifact/pull/662 ](https://redirect.github.com/actions/upload-artifact/pull/662 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.6.0
###
[`v4.5.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.5.0 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0 )
##### What's Changed
- fix: deprecated `Node.js` version in action by
[@​hamirmahal](https://redirect.github.com/hamirmahal ) in
[https://github.com/actions/upload-artifact/pull/578 ](https://redirect.github.com/actions/upload-artifact/pull/578 )
- Add new `artifact-digest` output by
[@​bdehamer](https://redirect.github.com/bdehamer ) in
[https://github.com/actions/upload-artifact/pull/656 ](https://redirect.github.com/actions/upload-artifact/pull/656 )
##### New Contributors
- [@​hamirmahal](https://redirect.github.com/hamirmahal ) made
their first contribution in
[https://github.com/actions/upload-artifact/pull/578 ](https://redirect.github.com/actions/upload-artifact/pull/578 )
- [@​bdehamer](https://redirect.github.com/bdehamer ) made their
first contribution in
[https://github.com/actions/upload-artifact/pull/656 ](https://redirect.github.com/actions/upload-artifact/pull/656 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.4.3...v4.5.0
###
[`v4.4.3`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.3 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3 )
#### What's Changed
- Undo indirect dependency updates from
[#​627](https://redirect.github.com/actions/upload-artifact/issues/627 )
by [@​joshmgross](https://redirect.github.com/joshmgross ) in
[https://github.com/actions/upload-artifact/pull/632 ](https://redirect.github.com/actions/upload-artifact/pull/632 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.4.2...v4.4.3
###
[`v4.4.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.2 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2 )
#### What's Changed
- Bump `@actions/artifact` to 2.1.11 by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/627 ](https://redirect.github.com/actions/upload-artifact/pull/627 )
- Includes fix for relative symlinks not resolving properly
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.4.1...v4.4.2
###
[`v4.4.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.1 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1 )
#### What's Changed
- Add a section about hidden files by
[@​joshmgross](https://redirect.github.com/joshmgross ) in
[https://github.com/actions/upload-artifact/pull/607 ](https://redirect.github.com/actions/upload-artifact/pull/607 )
- Add workflow file for publishing releases to immutable action package
by [@​Jcambass](https://redirect.github.com/Jcambass ) in
[https://github.com/actions/upload-artifact/pull/621 ](https://redirect.github.com/actions/upload-artifact/pull/621 )
- Update
[@​actions/artifact](https://redirect.github.com/actions/artifact )
to latest version, includes symlink and timeout fixes by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/625 ](https://redirect.github.com/actions/upload-artifact/pull/625 )
#### New Contributors
- [@​Jcambass](https://redirect.github.com/Jcambass ) made their
first contribution in
[https://github.com/actions/upload-artifact/pull/621 ](https://redirect.github.com/actions/upload-artifact/pull/621 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.4.0...v4.4.1
###
[`v4.4.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.4.0 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0 )
#### Notice: Breaking Changes ⚠️
We will no longer include hidden files and folders by default in the
`upload-artifact` action of this version. This reduces the risk that
credentials are accidentally uploaded into artifacts. Customers who need
to continue to upload these files can use a new option,
`include-hidden-files`, to continue to do so.
See ["Notice of upcoming deprecations and breaking changes in GitHub
Actions
runners"](https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/ )
changelog and [this
issue](https://redirect.github.com/actions/upload-artifact/issues/602 )
for more details.
#### What's Changed
- Exclude hidden files by default by
[@​joshmgross](https://redirect.github.com/joshmgross ) in
[https://github.com/actions/upload-artifact/pull/598 ](https://redirect.github.com/actions/upload-artifact/pull/598 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.3.6...v4.4.0
###
[`v4.3.6`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.6 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.5...v4.3.6 )
#### What's Changed
- Revert to
[@​actions/artifact](https://redirect.github.com/actions/artifact )
2.1.8 by [@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/594 ](https://redirect.github.com/actions/upload-artifact/pull/594 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.3.6
###
[`v4.3.5`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.5 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5 )
#### What's Changed
- Bump
[@​actions/artifact](https://redirect.github.com/actions/artifact )
to v2.1.9 by [@​robherley](https://redirect.github.com/robherley )
in
[https://github.com/actions/upload-artifact/pull/588 ](https://redirect.github.com/actions/upload-artifact/pull/588 )
- Fixed artifact upload chunk timeout logic
[#​1774](https://redirect.github.com/actions/toolkit/pull/1774 )
- Use lazy stream to prevent issues with open file limits
[#​1771](https://redirect.github.com/actions/toolkit/pull/1771 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.3.4...v4.3.5
###
[`v4.3.4`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.4 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4 )
#### What's Changed
- Update
[@​actions/artifact](https://redirect.github.com/actions/artifact )
version, bump dependencies by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/584 ](https://redirect.github.com/actions/upload-artifact/pull/584 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.3.3...v4.3.4
###
[`v4.3.3`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.3 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3 )
#### What's Changed
- updating `@actions/artifact` dependency to v2.1.6 by
[@​eggyhead](https://redirect.github.com/eggyhead ) in
[https://github.com/actions/upload-artifact/pull/565 ](https://redirect.github.com/actions/upload-artifact/pull/565 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.3.2...v4.3.3
###
[`v4.3.2`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.2 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2 )
#### What's Changed
- Update release-new-action-version.yml by
[@​konradpabjan](https://redirect.github.com/konradpabjan ) in
[https://github.com/actions/upload-artifact/pull/516 ](https://redirect.github.com/actions/upload-artifact/pull/516 )
- Minor fix to the migration readme by
[@​andrewakim](https://redirect.github.com/andrewakim ) in
[https://github.com/actions/upload-artifact/pull/523 ](https://redirect.github.com/actions/upload-artifact/pull/523 )
- Update readme with v3/v2/v1 deprecation notice by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/561 ](https://redirect.github.com/actions/upload-artifact/pull/561 )
- updating `@actions/artifact` dependency to v2.1.5 and `@actions/core`
to v1.0.1 by [@​eggyhead](https://redirect.github.com/eggyhead ) in
[https://github.com/actions/upload-artifact/pull/562 ](https://redirect.github.com/actions/upload-artifact/pull/562 )
#### New Contributors
- [@​andrewakim](https://redirect.github.com/andrewakim ) made
their first contribution in
[https://github.com/actions/upload-artifact/pull/523 ](https://redirect.github.com/actions/upload-artifact/pull/523 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4.3.1...v4.3.2
###
[`v4.3.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.1 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.3.0...v4.3.1 )
- Bump
[@​actions/artifacts](https://redirect.github.com/actions/artifacts )
to latest version to include [updated GHES host
check](https://redirect.github.com/actions/toolkit/pull/1648 )
###
[`v4.3.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.3.0 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.2.0...v4.3.0 )
#### What's Changed
- Reorganize upload code in prep for merge logic & add more tests by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/504 ](https://redirect.github.com/actions/upload-artifact/pull/504 )
- Add sub-action to merge artifacts by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/505 ](https://redirect.github.com/actions/upload-artifact/pull/505 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.3.0
###
[`v4.2.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.2.0 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.1.0...v4.2.0 )
#### What's Changed
- Ability to overwrite an Artifact by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/501 ](https://redirect.github.com/actions/upload-artifact/pull/501 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.2.0
###
[`v4.1.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v4.1.0 )
[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v4.0.0...v4.1.0 )
#### What's Changed
- Add migrations docs by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/482 ](https://redirect.github.com/actions/upload-artifact/pull/482 )
- Update README.md by
[@​samuelwine](https://redirect.github.com/samuelwine ) in
[https://github.com/actions/upload-artifact/pull/492 ](https://redirect.github.com/actions/upload-artifact/pull/492 )
- Support artifact-url output by
[@​konradpabjan](https://redirect.github.com/konradpabjan ) in
[https://github.com/actions/upload-artifact/pull/496 ](https://redirect.github.com/actions/upload-artifact/pull/496 )
- Update readme to reflect new 500 artifact per job limit by
[@​robherley](https://redirect.github.com/robherley ) in
[https://github.com/actions/upload-artifact/pull/497 ](https://redirect.github.com/actions/upload-artifact/pull/497 )
#### New Contributors
- [@​samuelwine](https://redirect.github.com/samuelwine ) made
their first contribution in
[https://github.com/actions/upload-artifact/pull/492 ](https://redirect.github.com/actions/upload-artifact/pull/492 )
**Full Changelog**:
https://github.com/actions/upload-artifact/compare/v4...v4.1.0
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "before 4am on Monday" (UTC),
Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions ) if
that's undesired.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/ ).
View the [repository job
log](https://developer.mend.io/github/astral-sh/uv ).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMDAuMCIsInVwZGF0ZWRJblZlciI6IjM5LjIwMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJpbnRlcm5hbCJdfQ==-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-03-15 15:11:23 -05:00
4d989b3630
Instruct Renovate to pin GitHub Actions based on SHA ( #12189 )
...
## Summary
The intent here is that all actions should be pinned to an immutable SHA
(but that Renovate should annotate each SHA with the corresponding
SemVer version).
2025-03-15 17:24:33 +00:00
dab1ea2272
Replace change detection GitHub Action ( #12188 )
...
## Summary
`tj-actions/changed-files` no longer exists due to a malicious commit.
This PR replaces it with a minimal shell script to get us unblocked.
2025-03-15 13:12:00 -04:00
553bcccb6a
Add support for dynamic musl Python distributions on x86-64 Linux ( #12121 )
...
Following the upstream release and #12120 , removes gating preventing
installation of the managed musl Python versions.
Of note
- The filtering of musl Python distributions has moved from the Rust
runtime to the metadata fetcher
- The filtering is now conditional on the PBS release date, removing all
old static musl distributions
- We could support the `+static` musl downloads in the future; right
now, they are deprioritized when selecting a variant
- I added test to CI which uses Alpine and installs numpy
2025-03-11 18:14:10 -05:00
b2a0ea3701
Integration test uv_build package ( #12058 )
...
I somehow missed running an actual integration test of the PEP 517 API
in CI and the python shim was using the old uv CLI interface still.
The tests include pip, uv and `python -m build`. They must be a in CI
job since we can't depend on the Python package in the Rust tests (we
only get the binary in `cargo test`, not the `uv_build` wheel).
2025-03-07 23:40:53 +01:00
0798c3565d
Fix `PyPI` typo in publish workflow ( #12051 )
2025-03-07 11:10:23 -06:00
7a56aef7d1
Revert "Run the `uv-build` publish sequentially after `uv` ( #12022 )" ( #12024 )
...
This was not the problem
2025-03-06 16:53:39 -06:00
15bc1e7c03
Fix upload name for macOS wheels ( #12023 )
...
These were missed in the original PR and consequently not uploaded
2025-03-06 16:53:29 -06:00
ef1243c6e8
Run the `uv-build` publish sequentially after `uv` ( #12022 )
...
In an attempt to resolve a trusted publishing failure
2025-03-06 15:27:57 -06:00
renovate[bot]
Aria Desires
Xeonacid
Zanie Blue
Hood Chatham
konsti
samypr100
Reci
Geoffrey Thomas
Bryan Lee
Tim Felgentreff
Meitar Reihan
Charlie Marsh