Update github-actions (major)

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
WyriHaximus/github-action-get-previous-tag	action	major	v1.4.0 → v2.0.0
actions/cache	action	major	v4.3.0 → v5.0.5
actions/checkout	action	major	v5.0.1 → v6.0.2
actions/checkout	action	major	v4.3.1 → v6.0.2
astral-sh/setup-uv	action	major	v7.6.0 → v8.1.0
boostsecurityio/poutine-action	action	major	v0.15.2 → v1.1.4
dessant/lock-threads	action	major	v5.0.1 → v6.0.1
peter-evans/repository-dispatch	action	major	v3.0.0 → v4.0.1
ramsey/composer-install	action	major	v3 → 4.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

WyriHaximus/github-action-get-previous-tag (WyriHaximus/github-action-get-previous-tag)

v2.0.0

Compare Source

Migration

Migrating from prefix to pattern going from this:

prefix: foo-bar

To:

pattern: foo-bar*

Note the astrix (*) at the end. That was always added by default in the previous version. And is the default for pattern. But if you specify your own pattern and it used be a prefix, you MUST add the astrix (*) at the end. It's not suffixed by default anymore because we want to give you full controll over the pattern (after refs/tags/) so you can do things like semver (v*[0-9].*[0-9].*[0-9]) with it without us meddling with it.

v2.0.0

• Total issues resolved: 0
• Total pull requests resolved: 11
• Total contributors: 4

Bug 🐞

• 76: Fix errors thanks to @​WyriHaximus
• 74: Test Get Previous Tag against GitHub Action for expected order of tags thanks to @​WyriHaximus
• 73: Switch to centralized Release Management workflow thanks to @​WyriHaximus
• 56: Fixed a problem with sorting of tags thanks to @​epm-marcus

Dependencies 📦

• 72: chore(deps): update actions/checkout action to v6 thanks to @​renovate-runner[bot]
• 67: chore(deps): update haya14busa/action-update-semver action to v1.5.1 thanks to @​renovate-runner[bot]
• 63: chore(deps): update actions/create-release action to v1.1.4 thanks to @​renovate-runner[bot]
• 55: chore(deps): update actions/checkout action to v4 thanks to @​renovate[bot]

Feature 🏗

• 75: Support tag pattern matching thanks to @​WyriHaximus

Enhancement ✨

• 78: Upgrade to node24 thanks to @​WyriHaximus
• 77: Absolve prefix into pattern thanks to @​WyriHaximus

v2.0

Compare Source

v2

Compare Source

actions/cache (actions/cache)

v5.0.5

Compare Source

What's Changed

• Update ts-http-runtime dependency by @​yacaovsnc in #​1747

Full Changelog: actions/cache@v5...v5.0.5

v5.0.4

Compare Source

v5.0.3

Compare Source

What's Changed

• Bump @actions/cache to v5.0.5 (Resolves: https://github.com/actions/cache/security/dependabot/33)
• Bump @actions/core to v2.0.3

Full Changelog: actions/cache@v5...v5.0.3

v5.0.2

Compare Source

v5.0.1

Compare Source

v5.0.0

Compare Source

v5

Compare Source

actions/checkout (actions/checkout)

v6.0.2

Compare Source

• Fix tag handling: preserve annotations and explicit fetch-tags by @​ericsciple in #​2356

v6.0.1

Compare Source

v6.0.0

Compare Source

v6

Compare Source

astral-sh/setup-uv (astral-sh/setup-uv)

v8.1.0: 🌈 New input no-project

Compare Source

Changes

This add the a new boolean input no-project.
It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

• Add input no-project in combination with activate-environment @​eifinger (#​856)

🧰 Maintenance

• fix: grant contents:write to validate-release job @​eifinger (#​860)
• Add a release-gate step to the release workflow @​zanieb (#​859)
• Draft commitish releases @​eifinger (#​858)
• Add action-types.yml to instructions @​eifinger (#​857)
• chore: update known checksums for 0.11.7 @​github-actions[bot] (#​853)
• Refactor version resolving @​eifinger (#​852)
• chore: update known checksums for 0.11.6 @​github-actions[bot] (#​850)
• chore: update known checksums for 0.11.5 @​github-actions[bot] (#​845)
• chore: update known checksums for 0.11.4 @​github-actions[bot] (#​843)
• Add a release workflow @​zanieb (#​839)
• chore: update known checksums for 0.11.3 @​github-actions[bot] (#​836)

📚 Documentation

• Update ignore-nothing-to-cache documentation @​eifinger (#​833)
• Pin setup-uv docs to v8 @​eifinger (#​829)

⬆️ Dependency updates

• chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @​dependabot[bot] (#​855)

v8.0.0: 🌈 Immutable releases and secure tags

Compare Source

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP]
Use the immutable tag as a version astral-sh/setup-uv@v8.0.0
Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

• Remove update-major-minor-tags workflow @​eifinger (#​826)
• Remove deprecrated custom manifest @​eifinger (#​813)

🧰 Maintenance

• Shortcircuit latest version from manifest @​eifinger (#​828)
• Simplify inputs.ts @​eifinger (#​827)
• Bump release-drafter to v7.1.1 @​eifinger (#​825)
• Refactor inputs @​eifinger (#​823)
• Replace inline compile args with tsconfig @​eifinger (#​824)
• chore: update known checksums for 0.11.2 @​github-actions[bot] (#​821)
• chore: update known checksums for 0.11.1 @​github-actions[bot] (#​817)
• chore: update known checksums for 0.11.0 @​github-actions[bot] (#​815)
• Fix latest-version workflow check @​eifinger (#​812)
• chore: update known checksums for 0.10.11/0.10.12 @​github-actions[bot] (#​811)

boostsecurityio/poutine-action (boostsecurityio/poutine-action)

v1.1.4

Compare Source

v1.1.3

Compare Source

What's Changed

Updated to align with poutine's v1.1.3 (https://github.com/boostsecurityio/poutine/releases/tag/v1.1.3)

dessant/lock-threads (dessant/lock-threads)

v6.0.1

Compare Source

Learn more about this release from the changelog.

v6.0.0

Compare Source

Learn more about this release from the changelog.

v6

Compare Source

peter-evans/repository-dispatch (peter-evans/repository-dispatch)

v4.0.1

Compare Source

What's Changed

• build(deps): bump peter-evans/repository-dispatch from 3 to 4 by @​dependabot[bot] in #​428
• build(deps-dev): bump @​types/node from 18.19.127 to 18.19.129 by @​dependabot[bot] in #​429
• build(deps): bump the github-actions group with 3 updates by @​dependabot[bot] in #​431
• build(deps-dev): bump @​types/node from 18.19.129 to 18.19.130 in the npm group by @​dependabot[bot] in #​432
• Fix node version in actions.yml by @​peter-evans in #​433

Full Changelog: peter-evans/repository-dispatch@v4.0.0...v4.0.1

v4.0.0: Repository Dispatch v4.0.0

Compare Source

⚙️ Requires Actions Runner v2.327.1 or later if you are using a self-hosted runner for Node 24 support.

What's Changed

• build(deps-dev): bump @​types/node from 18.19.8 to 18.19.10 by @​dependabot[bot] in #​306
• build(deps): bump peter-evans/repository-dispatch from 2 to 3 by @​dependabot[bot] in #​307
• build(deps-dev): bump @​types/node from 18.19.10 to 18.19.14 by @​dependabot[bot] in #​308
• build(deps): bump peter-evans/create-pull-request from 5 to 6 by @​dependabot[bot] in #​310
• build(deps): bump peter-evans/slash-command-dispatch from 3 to 4 by @​dependabot[bot] in #​309
• build(deps-dev): bump @​types/node from 18.19.14 to 18.19.15 by @​dependabot[bot] in #​311
• build(deps-dev): bump prettier from 3.2.4 to 3.2.5 by @​dependabot[bot] in #​312
• build(deps-dev): bump @​types/node from 18.19.15 to 18.19.17 by @​dependabot[bot] in #​313
• build(deps-dev): bump @​types/node from 18.19.17 to 18.19.18 by @​dependabot[bot] in #​314
• build(deps-dev): bump eslint-plugin-github from 4.10.1 to 4.10.2 by @​dependabot[bot] in #​316
• build(deps-dev): bump @​types/node from 18.19.18 to 18.19.21 by @​dependabot[bot] in #​317
• build(deps-dev): bump eslint from 8.56.0 to 8.57.0 by @​dependabot[bot] in #​318
• build(deps-dev): bump @​types/node from 18.19.21 to 18.19.22 by @​dependabot[bot] in #​319
• build(deps-dev): bump @​types/node from 18.19.22 to 18.19.24 by @​dependabot[bot] in #​320
• build(deps-dev): bump @​types/node from 18.19.24 to 18.19.26 by @​dependabot[bot] in #​321
• build(deps-dev): bump @​types/node from 18.19.26 to 18.19.29 by @​dependabot[bot] in #​322
• build(deps-dev): bump @​types/node from 18.19.29 to 18.19.31 by @​dependabot[bot] in #​323
• build(deps-dev): bump @​types/node from 18.19.31 to 18.19.33 by @​dependabot[bot] in #​324
• build(deps-dev): bump @​types/node from 18.19.33 to 18.19.34 by @​dependabot[bot] in #​325
• build(deps-dev): bump prettier from 3.2.5 to 3.3.1 by @​dependabot[bot] in #​326
• build(deps-dev): bump prettier from 3.3.1 to 3.3.2 by @​dependabot[bot] in #​327
• build(deps-dev): bump braces from 3.0.2 to 3.0.3 by @​dependabot[bot] in #​328
• build(deps-dev): bump ws from 7.5.9 to 7.5.10 by @​dependabot[bot] in #​329
• build(deps-dev): bump @​types/node from 18.19.34 to 18.19.38 by @​dependabot[bot] in #​330
• build(deps-dev): bump @​types/node from 18.19.38 to 18.19.39 by @​dependabot[bot] in #​332
• build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by @​dependabot[bot] in #​334
• build(deps-dev): bump @​types/node from 18.19.39 to 18.19.41 by @​dependabot[bot] in #​335
• build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by @​dependabot[bot] in #​336
• build(deps-dev): bump @​types/node from 18.19.41 to 18.19.42 by @​dependabot[bot] in #​337
• build(deps-dev): bump @​types/node from 18.19.42 to 18.19.43 by @​dependabot[bot] in #​338
• build(deps-dev): bump @​types/node from 18.19.43 to 18.19.44 by @​dependabot[bot] in #​339
• build(deps-dev): bump @​types/node from 18.19.44 to 18.19.45 by @​dependabot[bot] in #​340
• build(deps-dev): bump @​types/node from 18.19.45 to 18.19.47 by @​dependabot[bot] in #​341
• build(deps-dev): bump @​types/node from 18.19.47 to 18.19.50 by @​dependabot[bot] in #​343
• build(deps): bump peter-evans/create-pull-request from 6 to 7 by @​dependabot[bot] in #​342
• build(deps-dev): bump eslint from 8.57.0 to 8.57.1 by @​dependabot[bot] in #​344
• build(deps-dev): bump @​types/node from 18.19.50 to 18.19.53 by @​dependabot[bot] in #​345
• build(deps-dev): bump @​vercel/ncc from 0.38.1 to 0.38.2 by @​dependabot[bot] in #​346
• Update distribution by @​actions-bot in #​347
• build(deps): bump @​actions/core from 1.10.1 to 1.11.0 by @​dependabot[bot] in #​349
• build(deps-dev): bump @​types/node from 18.19.53 to 18.19.54 by @​dependabot[bot] in #​348
• Update distribution by @​actions-bot in #​350
• build(deps): bump @​actions/core from 1.11.0 to 1.11.1 by @​dependabot[bot] in #​351
• build(deps-dev): bump @​types/node from 18.19.54 to 18.19.55 by @​dependabot[bot] in #​352
• Update distribution by @​actions-bot in #​353
• build(deps-dev): bump @​types/node from 18.19.55 to 18.19.56 by @​dependabot[bot] in #​354
• build(deps-dev): bump @​types/node from 18.19.56 to 18.19.59 by @​dependabot[bot] in #​355
• build(deps-dev): bump @​types/node from 18.19.59 to 18.19.63 by @​dependabot[bot] in #​357
• build(deps-dev): bump @​types/node from 18.19.63 to 18.19.64 by @​dependabot[bot] in #​358
• build(deps-dev): bump @​vercel/ncc from 0.38.2 to 0.38.3 by @​dependabot[bot] in #​359
• build(deps-dev): bump @​types/node from 18.19.64 to 18.19.67 by @​dependabot[bot] in #​361
• build(deps-dev): bump prettier from 3.3.3 to 3.4.1 by @​dependabot[bot] in #​362
• build(deps-dev): bump prettier from 3.4.1 to 3.4.2 by @​dependabot[bot] in #​363
• build(deps-dev): bump @​types/node from 18.19.67 to 18.19.68 by @​dependabot[bot] in #​364
• build(deps-dev): bump @​types/node from 18.19.68 to 18.19.69 by @​dependabot[bot] in #​365
• build(deps-dev): bump @​types/node from 18.19.69 to 18.19.70 by @​dependabot[bot] in #​367
• build(deps-dev): bump @​types/node from 18.19.70 to 18.19.71 by @​dependabot[bot] in #​369
• build(deps-dev): bump eslint-plugin-prettier from 5.2.1 to 5.2.2 by @​dependabot[bot] in #​370
• build(deps-dev): bump @​types/node from 18.19.71 to 18.19.74 by @​dependabot[bot] in #​371
• build(deps-dev): bump eslint-plugin-prettier from 5.2.2 to 5.2.3 by @​dependabot[bot] in #​372
• build(deps-dev): bump @​types/node from 18.19.74 to 18.19.75 by @​dependabot[bot] in #​373
• build(deps-dev): bump @​types/node from 18.19.75 to 18.19.76 by @​dependabot[bot] in #​374
• build(deps-dev): bump prettier from 3.4.2 to 3.5.1 by @​dependabot[bot] in #​375
• build(deps-dev): bump prettier from 3.5.1 to 3.5.2 by @​dependabot[bot] in #​377
• build(deps): bump @​octokit/plugin-paginate-rest and @​actions/github by @​dependabot[bot] in #​378
• Update distribution by @​actions-bot in #​379
• build(deps-dev): bump prettier from 3.5.2 to 3.5.3 by @​dependabot[bot] in #​381
• build(deps-dev): bump @​types/node from 18.19.76 to 18.19.79 by @​dependabot[bot] in #​382
• build(deps-dev): bump @​types/node from 18.19.79 to 18.19.80 by @​dependabot[bot] in #​383
• build(deps-dev): bump @​types/node from 18.19.80 to 18.19.81 by @​dependabot[bot] in #​384
• build(deps-dev): bump eslint-plugin-prettier from 5.2.3 to 5.2.5 by @​dependabot[bot] in #​385
• build(deps-dev): bump @​types/node from 18.19.81 to 18.19.84 by @​dependabot[bot] in #​386
• build(deps-dev): bump eslint-plugin-prettier from 5.2.5 to 5.2.6 by @​dependabot[bot] in #​387
• build(deps-dev): bump @​types/node from 18.19.84 to 18.19.86 by @​dependabot[bot] in #​388
• build(deps-dev): bump @​types/node from 18.19.86 to 18.19.87 by @​dependabot[bot] in #​391
• build(deps-dev): bump eslint-plugin-prettier from 5.2.6 to 5.4.0 by @​dependabot[bot] in #​395
• build(deps-dev): bump @​types/node from 18.19.87 to 18.19.100 by @​dependabot[bot] in #​394
• build(deps): bump @​actions/github from 6.0.0 to 6.0.1 by @​dependabot[bot] in #​396
• Update distribution by @​actions-bot in #​397
• build(deps): bump undici from 5.28.5 to 5.29.0 by @​dependabot[bot] in #​398
• Update distribution by @​actions-bot in #​399
• build(deps-dev): bump @​types/node from 18.19.100 to 18.19.103 by @​dependabot[bot] in #​401
• build(deps-dev): bump @​types/node from 18.19.103 to 18.19.108 by @​dependabot[bot] in #​403
• build(deps-dev): bump eslint-plugin-prettier from 5.4.0 to 5.4.1 by @​dependabot[bot] in #​404
• build(deps-dev): bump @​types/node from 18.19.108 to 18.19.111 by @​dependabot[bot] in #​405
• build(deps-dev): bump @​types/node from 18.19.111 to 18.19.112 by @​dependabot[bot] in #​406
• build(deps-dev): bump eslint-plugin-prettier from 5.4.1 to 5.5.0 by @​dependabot[bot] in #​407
• build(deps-dev): bump prettier from 3.5.3 to 3.6.2 by @​dependabot[bot] in #​408
• build(deps-dev): bump eslint-plugin-prettier from 5.5.0 to 5.5.1 by @​dependabot[bot] in #​409
• build(deps-dev): bump @​types/node from 18.19.112 to 18.19.115 by @​dependabot[bot] in #​410
• [docs] make it clear what's required for a same-repo dispatch by @​rogerluan in #​411
• build(deps-dev): bump @​types/node from 18.19.115 to 18.19.118 by @​dependabot[bot] in #​412
• build(deps-dev): bump @​types/node from 18.19.118 to 18.19.119 by @​dependabot[bot] in #​413
• build(deps): bump form-data from 3.0.1 to 3.0.4 by @​dependabot[bot] in #​414
• build(deps-dev): bump eslint-plugin-prettier from 5.5.1 to 5.5.3 by @​dependabot[bot] in #​415
• build(deps-dev): bump @​types/node from 18.19.119 to 18.19.120 by @​dependabot[bot] in #​416
• build(deps-dev): bump @​types/node from 18.19.120 to 18.19.121 by @​dependabot[bot] in #​418
• build(deps): bump actions/download-artifact from 4 to 5 by @​dependabot[bot] in #​419
• build(deps-dev): bump eslint-plugin-prettier from 5.5.3 to 5.5.4 by @​dependabot[bot] in #​420
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in #​421
• build(deps-dev): bump @​types/node from 18.19.121 to 18.19.123 by @​dependabot[bot] in #​422
• build(deps-dev): bump @​types/node from 18.19.123 to 18.19.124 by @​dependabot[bot] in #​423
• build(deps): bump actions/setup-node from 4 to 5 by @​dependabot[bot] in #​424
• build(deps-dev): bump @​types/node from 18.19.124 to 18.19.127 by @​dependabot[bot] in #​426
• build(deps-dev): bump @​vercel/ncc from 0.38.3 to 0.38.4 by @​dependabot[bot] in #​425
• v4 by @​peter-evans in #​427

New Contributors

• @​rogerluan made their first contribution in #​411

Full Changelog: peter-evans/repository-dispatch@v3.0.0...v4.0.0

v4

Compare Source

ramsey/composer-install (ramsey/composer-install)

v4.0.0

Compare Source

What's Changed

• chore: Bump actions/cache from 4.2.4 to 5.0.3 by @​dependabot[bot] in #​278

  This necessitates a new major version because actions/cache v5 runs on the Node.js 24 runtime and requires a minimum Actions Runner version of 2.327.1. This is a breaking change for anyone using self-hosted runners.

Full Changelog: ramsey/composer-install@3.2.1...4.0.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.