ci(deps): bump astral-sh/setup-uv from 8.0.0 to 8.2.0#88
Closed
dependabot[bot] wants to merge 1 commit into
Closed
ci(deps): bump astral-sh/setup-uv from 8.0.0 to 8.2.0#88dependabot[bot] wants to merge 1 commit into
dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 8.0.0 to 8.2.0. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@cec2083...fac544c) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.2.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
anchildress1
added a commit
that referenced
this pull request
Jun 24, 2026
uv lock --upgrade across the board (24 packages), incl. requests 2.32.5->2.34.2, urllib3 2.6.3->2.7.0, black 26.1.0->26.5.1, coverage 7.13.4->7.14.3, bandit 1.9.3->1.9.4, pip-audit 2.10.0->2.10.1. Supersedes Dependabot PRs #88 and #89. Validation: make ai-checks green (format, lint, bandit, pip-audit, detect-secrets, complexity, tests 88.63%). No vulnerable dependencies. Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Owner
|
Superseded by #90 — all package upgrades (incl. this one, to an equal-or-newer version) are folded into the Firebase deploy PR with a single lockfile update + green ai-checks. |
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
dependabot
Bot
deleted the
dependabot/github_actions/astral-sh/setup-uv-8.2.0
branch
anchildress1
added a commit
that referenced
this pull request
Jun 24, 2026
#90) * feat(ci): deploy to Firebase Hosting; keep gh-pages as callable fork workflow Move the primary published site to Firebase Hosting via Workload Identity Federation (no long-lived key). Extract site generation into a shared composite action so the Firebase and gh-pages paths produce identical output. Preserve the original gh-pages deploy as a separate callable/fork-friendly workflow, skipping its scheduled run on the upstream repo. The gh-pages branch remains the incremental state store (last_run.txt, posts_data.json). Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * chore(deps): bump GitHub Actions to latest - actions/checkout v6 -> v7 - astral-sh/setup-uv v7 -> v8.2.0 - github/codeql-action v4.32.4 -> v4.36.2 - googleapis/release-please-action v4.4.0 -> v5.0.0 (node24 runtime) Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * refactor(ci): move upstream incremental state to a dedicated mirror-state branch The gh-pages branch held only a save file on the upstream repo (Firebase does the hosting now), which was confusing. Park upstream state on a clearly-named mirror-state branch instead; forks keep state on gh-pages alongside their site. The generate-site composite gains a state_branch input so both paths share one restore/persist mechanism. Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * chore(deps): upgrade all Python dependencies to latest uv lock --upgrade across the board (24 packages), incl. requests 2.32.5->2.34.2, urllib3 2.6.3->2.7.0, black 26.1.0->26.5.1, coverage 7.13.4->7.14.3, bandit 1.9.3->1.9.4, pip-audit 2.10.0->2.10.1. Supersedes Dependabot PRs #88 and #89. Validation: make ai-checks green (format, lint, bandit, pip-audit, detect-secrets, complexity, tests 88.63%). No vulnerable dependencies. Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(ci): address PR review — fork guard, site-URL fallback, schedule docs - publish.yaml: guard the Firebase job to the upstream owner so forks (no WIF config) skip it instead of failing every scheduled run. - generate-site: add fallback_site_url so the Firebase path resolves robots.txt and sitemap to the deployed URL when SITE_DOMAIN is unset; fail fast when no site URL can be resolved instead of emitting a broken github.io URL. Resolve SITE_HOME once and reuse it across steps. - Correct schedule comments/docs to UTC + DST-accurate ET (14:40 UTC). Generated-by: Claude Opus 4.8 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps astral-sh/setup-uv from 8.0.0 to 8.2.0.
Release notes
Sourced from astral-sh/setup-uv's releases.
... (truncated)
Commits
fac544cchore(deps): roll up dependabot updates (#903)7390f77docs: update dependabot rollup biome guidance (#902)363c64achore(deps): roll up dependabot updates (#901)c4fcbafchore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1 (#900)8e642c5chore: update known checksums for 0.11.18 (#899)a92cb43Add quiet input to suppress info-level log output (#898)e07f2acchore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2 (#842)bc4034echore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (#893)df42d4fchore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#891)b9c8c4cfeat: adddownload-from-astral-mirrorinput (#897)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)