build(deps): update github actions (main) (major)

Metadata

Project: charmcraft
Number: #2693
Type: pull request
State: open
Author: renovate[bot]
Labels: PR: Dependencies
Created: 2026-05-16 18:22:43+00:00
Updated: 2026-05-28 20:25:03+00:00
Closed: —

Current evaluation

Updates major versions of GitHub Actions dependencies and remains open, with automated type-checking notifications reporting non-critical errors.

Suggested action: needs review

Reason: This is a standard Renovate dependency update PR for GitHub Actions. It already carries the appropriate label, and the CI type-checking failures are pre-existing and explicitly marked as notification-only. It requires maintainer review and merge to proceed.

Staleness: 25 Complexity: 10 Confidence: 90

Issue body

> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [actions/download-artifact](https://redirect.github.com/actions/download-artifact) | action | major | `v6` → `v8` | | [actions/upload-artifact](https://redirect.github.com/actions/upload-artifact) | action | major | `v5` → `v7` | | [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv) | action | major | `v7` → `v8.1.0` | | [softprops/action-gh-release](https://redirect.github.com/softprops/action-gh-release) | action | major | `v2` → `v3` | --- ### Release Notes <details> <summary>actions/download-artifact (actions/download-artifact)</summary> ### [`v8.0.1`](https://redirect.github.com/actions/download-artifact/releases/tag/v8.0.1) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v8...v8.0.1) ##### What's Changed - Support for CJK characters in the artifact name by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#471](https://redirect.github.com/actions/download-artifact/pull/471) - Add a regression test for artifact name + content-type mismatches by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#472](https://redirect.github.com/actions/download-artifact/pull/472) **Full Changelog**: <https://github.com/actions/download-artifact/compare/v8...v8.0.1> ### [`v8.0.0`](https://redirect.github.com/actions/download-artifact/releases/tag/v8.0.0) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v8...v8) ##### v8 - What's new ##### Direct downloads To support direct uploads in `actions/upload-artifact`, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the `Content-Type` header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new `skip-decompress` parameter to `false`. ##### Enforced checks (breaking) A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the `digest-mismatch` parameter. To be secure by default, we are now defaulting the behavior to `error` which will fail the workflow run. ##### ESM To support new versions of the @actions/\* packages, we've upgraded the package to ESM. ##### What's Changed - Don't attempt to un-zip non-zipped downloads by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#460](https://redirect.github.com/actions/download-artifact/pull/460) - Add a setting to specify what to do on hash mismatch and default it to `error` by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#461](https://redirect.github.com/actions/download-artifact/pull/461) **Full Changelog**: <https://github.com/actions/download-artifact/compare/v7...v8.0.0> ### [`v8`](https://redirect.github.com/actions/download-artifact/compare/v7...v8) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v7.0.0...v8) ### [`v7.0.0`](https://redirect.github.com/actions/download-artifact/releases/tag/v7.0.0) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v7.0.0...v7.0.0) ##### v7 - What's new > \[!IMPORTANT] > actions/download-artifact\@v7 now runs on Node.js 24 (`runs.using: node24`) and requires a minimum Actions Runner version of 2.327.1. If you are using self-hosted runners, ensure they are updated before upgrading. ##### Node.js 24 This release updates the runtime to Node.js 24. v6 had preliminary support for Node 24, however this action was by default still running on Node.js 20. Now this action by default will run on Node.js 24. ##### What's Changed - Update GHES guidance to include reference to Node 20 version by [@patrikpolyak](https://redirect.github.com/patrikpolyak) in [#440](https://redirect.github.com/actions/download-artifact/pull/440) - Download Artifact Node24 support by [@salmanmkc](https://redirect.github.com/salmanmkc) in [#415](https://redirect.github.com/actions/download-artifact/pull/415) - fix: update [@actions/artifact](https://redirect.github.com/actions/artifact) to fix Node.js 24 punycode deprecation by [@salmanmkc](https://redirect.github.com/salmanmkc) in [#451](https://redirect.github.com/actions/download-artifact/pull/451) - prepare release v7.0.0 for Node.js 24 support by [@salmanmkc](https://redirect.github.com/salmanmkc) in [#452](https://redirect.github.com/actions/download-artifact/pull/452) ##### New Contributors - [@patrikpolyak](https://redirect.github.com/patrikpolyak) made their first contribution in [#440](https://redirect.github.com/actions/download-artifact/pull/440) - [@salmanmkc](https://redirect.github.com/salmanmkc) made their first contribution in [#415](https://redirect.github.com/actions/download-artifact/pull/415) **Full Changelog**: <https://github.com/actions/download-artifact/compare/v6.0.0...v7.0.0> ### [`v7`](https://redirect.github.com/actions/download-artifact/compare/v6...v7) [Compare Source](https://redirect.github.com/actions/download-artifact/compare/v6.0.0...v7.0.0) </details> <details> <summary>actions/upload-artifact (actions/upload-artifact)</summary> ### [`v7.0.1`](https://redirect.github.com/actions/upload-artifact/releases/tag/v7.0.1) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v7...v7.0.1) ##### What's Changed - Update the readme with direct upload details by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#795](https://redirect.github.com/actions/upload-artifact/pull/795) - Readme: bump all the example versions to v7 by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#796](https://redirect.github.com/actions/upload-artifact/pull/796) - Include changes in typespec/ts-http-runtime 0.3.5 by [@yacaovsnc](https://redirect.github.com/yacaovsnc) in [#797](https://redirect.github.com/actions/upload-artifact/pull/797) **Full Changelog**: <https://github.com/actions/upload-artifact/compare/v7...v7.0.1> ### [`v7.0.0`](https://redirect.github.com/actions/upload-artifact/releases/tag/v7.0.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v7...v7) #### v7 What's new ##### Direct Uploads Adds support for uploading single files directly (unzipped). Callers can set the new `archive` parameter to `false` to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The `name` parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file. ##### ESM To support new versions of the `@actions/*` packages, we've upgraded the package to ESM. #### What's Changed - Add proxy integration test by [@Link-](https://redirect.github.com/Link-) in [#754](https://redirect.github.com/actions/upload-artifact/pull/754) - Upgrade the module to ESM and bump dependencies by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#762](https://redirect.github.com/actions/upload-artifact/pull/762) - Support direct file uploads by [@danwkennedy](https://redirect.github.com/danwkennedy) in [#764](https://redirect.github.com/actions/upload-artifact/pull/764) #### New Contributors - [@Link-](https://redirect.github.com/Link-) made their first contribution in [#754](https://redirect.github.com/actions/upload-artifact/pull/754) **Full Changelog**: <https://github.com/actions/upload-artifact/compare/v6...v7.0.0> ### [`v7`](https://redirect.github.com/actions/upload-artifact/compare/v6...v7) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v6.0.0...v7) ### [`v6.0.0`](https://redirect.github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v6.0.0...v6.0.0) ### [`v6`](https://redirect.github.com/actions/upload-artifact/compare/v5...v6) [Compare Source](https://redirect.github.com/actions/upload-artifact/compare/v5.0.0...v6.0.0) </details> <details> <summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary> ### [`v8.1.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v8.1.0): 🌈 New input `no-project` [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v8.0.0...v8.1.0) #### Changes This add the a new boolean input `no-project`. It only makes sense to use in combination with `activate-environment: true` and will append `--no project` to the `uv venv` call. This is for example useful [if you have a pyproject.toml file with parts unparseable by uv](https://redirect.github.com/astral-sh/setup-uv/issues/854) #### 🚀 Enhancements - Add input no-project in combination with activate-environment [@eifinger](https://redirect.github.com/eifinger) ([#856](https://redirect.github.com/astral-sh/setup-uv/issues/856)) #### 🧰 Maintenance - fix: grant contents:write to validate-release job [@eifinger](https://redirect.github.com/eifinger) ([#860](https://redirect.github.com/astral-sh/setup-uv/issues/860)) - Add a release-gate step to the release workflow [@zanieb](https://redirect.github.com/zanieb) ([#859](https://redirect.github.com/astral-sh/setup-uv/issues/859)) - Draft commitish releases [@eifinger](https://redirect.github.com/eifinger) ([#858](https://redirect.github.com/astral-sh/setup-uv/issues/858)) - Add action-types.yml to instructions [@eifinger](https://redirect.github.com/eifinger) ([#857](https://redirect.github.com/astral-sh/setup-uv/issues/857)) - chore: update known checksums for 0.11.7 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#853](https://redirect.github.com/astral-sh/setup-uv/issues/853)) - Refactor version resolving [@eifinger](https://redirect.github.com/eifinger) ([#852](https://redirect.github.com/astral-sh/setup-uv/issues/852)) - chore: update known checksums for 0.11.6 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#850](https://redirect.github.com/astral-sh/setup-uv/issues/850)) - chore: update known checksums for 0.11.5 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#845](https://redirect.github.com/astral-sh/setup-uv/issues/845)) - chore: update known checksums for 0.11.4 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#843](https://redirect.github.com/astral-sh/setup-uv/issues/843)) - Add a release workflow [@zanieb](https://redirect.github.com/zanieb) ([#839](https://redirect.github.com/astral-sh/setup-uv/issues/839)) - chore: update known checksums for 0.11.3 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#836](https://redirect.github.com/astral-sh/setup-uv/issues/836)) #### 📚 Documentation - Update ignore-nothing-to-cache documentation [@eifinger](https://redirect.github.com/eifinger) ([#833](https://redirect.github.com/astral-sh/setup-uv/issues/833)) - Pin setup-uv docs to v8 [@eifinger](https://redirect.github.com/eifinger) ([#829](https://redirect.github.com/astral-sh/setup-uv/issues/829)) #### ⬆️ Dependency updates - chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#855](https://redirect.github.com/astral-sh/setup-uv/issues/855)) ### [`v8.0.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v8.0.0): 🌈 Immutable releases and secure tags [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.6.0...v8.0.0) ##### This is the first immutable release of `setup-uv` 🥳 All future releases are also immutable, if you want to know more about what this means checkout [the docs](https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases). This release also has two breaking changes ##### New format for `manifest-file` The previously deprecated way of defining a custom version manifest to control which `uv` versions are available and where to download them from got removed. The functionality is still there but you have to use the [new format](https://redirect.github.com/astral-sh/setup-uv/blob/main/docs/customization.md#format). ##### No more major and minor tags To increase **security** even more we will **stop publishing minor tags**. You won't be able to use `@v8` or `@v8.0` any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to [tj-actions](https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/). > \[!TIP] > Use the immutable tag as a version `astral-sh/setup-uv@v8.0.0` > Or even better the githash `astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57` ##### 🚨 Breaking changes - Remove update-major-minor-tags workflow [@eifinger](https://redirect.github.com/eifinger) ([#826](https://redirect.github.com/astral-sh/setup-uv/issues/826)) - Remove deprecrated custom manifest [@eifinger](https://redirect.github.com/eifinger) ([#813](https://redirect.github.com/astral-sh/setup-uv/issues/813)) ##### 🧰 Maintenance - Shortcircuit latest version from manifest [@eifinger](https://redirect.github.com/eifinger) ([#828](https://redirect.github.com/astral-sh/setup-uv/issues/828)) - Simplify inputs.ts [@eifinger](https://redirect.github.com/eifinger) ([#827](https://redirect.github.com/astral-sh/setup-uv/issues/827)) - Bump release-drafter to v7.1.1 [@eifinger](https://redirect.github.com/eifinger) ([#825](https://redirect.github.com/astral-sh/setup-uv/issues/825)) - Refactor inputs [@eifinger](https://redirect.github.com/eifinger) ([#823](https://redirect.github.com/astral-sh/setup-uv/issues/823)) - Replace inline compile args with tsconfig [@eifinger](https://redirect.github.com/eifinger) ([#824](https://redirect.github.com/astral-sh/setup-uv/issues/824)) - chore: update known checksums for 0.11.2 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#821](https://redirect.github.com/astral-sh/setup-uv/issues/821)) - chore: update known checksums for 0.11.1 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#817](https://redirect.github.com/astral-sh/setup-uv/issues/817)) - chore: update known checksums for 0.11.0 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#815](https://redirect.github.com/astral-sh/setup-uv/issues/815)) - Fix latest-version workflow check [@eifinger](https://redirect.github.com/eifinger) ([#812](https://redirect.github.com/astral-sh/setup-uv/issues/812)) - chore: update known checksums for 0.10.11/0.10.12 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#811](https://redirect.github.com/astral-sh/setup-uv/issues/811)) ### [`v7.6.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.6.0): 🌈 Fetch uv from Astral's mirror by default [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.6.0...v7.6.0) ##### Changes We now default to download uv from `releases.astral.sh`. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more. ##### 🚀 Enhancements - Fetch uv from Astral's mirror by default [@zsol](https://redirect.github.com/zsol) ([#809](https://redirect.github.com/astral-sh/setup-uv/issues/809)) ##### 🧰 Maintenance - Switch to ESM for source and test, use CommonJS for dist [@eifinger](https://redirect.github.com/eifinger) ([#806](https://redirect.github.com/astral-sh/setup-uv/issues/806)) - chore: update known checksums for 0.10.10 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#804](https://redirect.github.com/astral-sh/setup-uv/issues/804)) ##### ⬆️ Dependency updates - chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#808](https://redirect.github.com/astral-sh/setup-uv/issues/808)) - Bump deps [@eifinger](https://redirect.github.com/eifinger) ([#805](https://redirect.github.com/astral-sh/setup-uv/issues/805)) ### [`v7.6`](https://redirect.github.com/astral-sh/setup-uv/compare/v7.5...v7.6) [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.5.0...v7.6.0) ### [`v7.5.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.5.0): 🌈 Use `astral-sh/versions` as version provider [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.5.0...v7.5.0) ##### No more rate-limits This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv. Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly. The `manifest-file` input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest. However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases. This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint: <https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson> By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts. *** > \[!TIP] > The next section is only interesting for users of the `manifest-file` input The `manifest-file` input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations. The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example: ```json {"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]} {"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]} ``` > \[!WARNING]\ > The old format still works but is deprecated. A warning will be logged when you use it. ##### Changes - docs: replace copilot instructions with AGENTS.md [@eifinger](https://redirect.github.com/eifinger) ([#794](https://redirect.github.com/astral-sh/setup-uv/issues/794)) ##### 🚀 Enhancements - Use astral-sh/versions as primary version provider [@eifinger](https://redirect.github.com/eifinger) ([#802](https://redirect.github.com/astral-sh/setup-uv/issues/802)) ##### 📚 Documentation - docs: add cross-client dependabot rollup skill [@eifinger](https://redirect.github.com/eifinger) ([#793](https://redirect.github.com/astral-sh/setup-uv/issues/793)) ### [`v7.5`](https://redirect.github.com/astral-sh/setup-uv/compare/v7.4...v7.5) [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.4.0...v7.5.0) ### [`v7.4.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.4.0): 🌈 Add riscv64 architecture support to platform detection [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.4.0...v7.4.0) ##### Changes Thank you [@luhenry](https://redirect.github.com/luhenry) for adding support for riscv64 arch ##### 🚀 Enhancements - Add riscv64 architecture support to platform detection [@luhenry](https://redirect.github.com/luhenry) ([#791](https://redirect.github.com/astral-sh/setup-uv/issues/791)) ##### 🧰 Maintenance - Delete .github/workflows/dependabot-build.yml [@eifinger](https://redirect.github.com/eifinger) ([#789](https://redirect.github.com/astral-sh/setup-uv/issues/789)) - Harden Dependabot build workflow [@eifinger](https://redirect.github.com/eifinger) ([#788](https://redirect.github.com/astral-sh/setup-uv/issues/788)) - Fix: check PR author instead of event sender for Dependabot detection [@eifinger-bot](https://redirect.github.com/eifinger-bot) ([#787](https://redirect.github.com/astral-sh/setup-uv/issues/787)) - chore: update known checksums for 0.10.9 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#783](https://redirect.github.com/astral-sh/setup-uv/issues/783)) - Add workflow to auto-build dist on Dependabot PRs [@eifinger-bot](https://redirect.github.com/eifinger-bot) ([#782](https://redirect.github.com/astral-sh/setup-uv/issues/782)) - chore: update known checksums for 0.10.8 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#779](https://redirect.github.com/astral-sh/setup-uv/issues/779)) - chore: update known checksums for 0.10.7 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#775](https://redirect.github.com/astral-sh/setup-uv/issues/775)) ##### ⬆️ Dependency updates - chore(deps): bump versions [@eifinger](https://redirect.github.com/eifinger) ([#792](https://redirect.github.com/astral-sh/setup-uv/issues/792)) - Bump actions/setup-node from 6.2.0 to 6.3.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#790](https://redirect.github.com/astral-sh/setup-uv/issues/790)) - Bump eifinger/actionlint-action from 1.10.0 to 1.10.1 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#778](https://redirect.github.com/astral-sh/setup-uv/issues/778)) ### [`v7.4`](https://redirect.github.com/astral-sh/setup-uv/compare/v7.3...v7.4) [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.3.1...v7.4.0) ### [`v7.3.1`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.3.1): 🌈 fall back to VERSION_CODENAME when VERSION_ID is not available [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.3...v7.3.1) ##### Changes This release adds support for running in containers like `debian:testing` or `debian:unstable` ##### 🐛 Bug fixes - fix: fall back to VERSION\_CODENAME when VERSION\_ID is not available [@eifinger-bot](https://redirect.github.com/eifinger-bot) ([#774](https://redirect.github.com/astral-sh/setup-uv/issues/774)) ##### 🧰 Maintenance - chore: update known checksums for 0.10.6 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#771](https://redirect.github.com/astral-sh/setup-uv/issues/771)) - chore: update known checksums for 0.10.5 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#770](https://redirect.github.com/astral-sh/setup-uv/issues/770)) - chore: update known checksums for 0.10.4 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#768](https://redirect.github.com/astral-sh/setup-uv/issues/768)) - chore: update known checksums for 0.10.3 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#767](https://redirect.github.com/astral-sh/setup-uv/issues/767)) - chore: update known checksums for 0.10.2 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#765](https://redirect.github.com/astral-sh/setup-uv/issues/765)) - chore: update known checksums for 0.10.1 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#764](https://redirect.github.com/astral-sh/setup-uv/issues/764)) ##### ⬆️ Dependency updates - Bump github/codeql-action from 4.31.9 to 4.32.2 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#766](https://redirect.github.com/astral-sh/setup-uv/issues/766)) - Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#763](https://redirect.github.com/astral-sh/setup-uv/issues/763)) ### [`v7.3.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.3.0): 🌈 New features and bug fixes for activate-environment [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.3...v7.3) #### Changes This release contains a few bug fixes and a new feature for the activate-environment functionality. #### 🐛 Bug fixes - fix: warn instead of error when no python to cache [@eifinger](https://redirect.github.com/eifinger) ([#762](https://redirect.github.com/astral-sh/setup-uv/issues/762)) - fix: use --clear to create venv [@eifinger](https://redirect.github.com/eifinger) ([#761](https://redirect.github.com/astral-sh/setup-uv/issues/761)) #### 🚀 Enhancements - feat: add venv-path input for activate-environment [@eifinger](https://redirect.github.com/eifinger) ([#746](https://redirect.github.com/astral-sh/setup-uv/issues/746)) #### 🧰 Maintenance - chore: update known checksums for 0.10.0 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#759](https://redirect.github.com/astral-sh/setup-uv/issues/759)) - refactor: tilde-expansion tests as unittests and no self-hosted tests [@eifinger](https://redirect.github.com/eifinger) ([#760](https://redirect.github.com/astral-sh/setup-uv/issues/760)) - chore: update known checksums for 0.9.30 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#756](https://redirect.github.com/astral-sh/setup-uv/issues/756)) - chore: update known checksums for 0.9.29 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#748](https://redirect.github.com/astral-sh/setup-uv/issues/748)) #### 📚 Documentation - Fix punctuation [@pm-dev563](https://redirect.github.com/pm-dev563) ([#747](https://redirect.github.com/astral-sh/setup-uv/issues/747)) #### ⬆️ Dependency updates - Bump typesafegithub/github-actions-typing from 2.2.1 to 2.2.2 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#753](https://redirect.github.com/astral-sh/setup-uv/issues/753)) - Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#751](https://redirect.github.com/astral-sh/setup-uv/issues/751)) - Bump actions/checkout from 6.0.1 to 6.0.2 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#740](https://redirect.github.com/astral-sh/setup-uv/issues/740)) - Bump release-drafter/release-drafter from 6.1.0 to 6.2.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#743](https://redirect.github.com/astral-sh/setup-uv/issues/743)) - Bump eifinger/actionlint-action from 1.9.3 to 1.10.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#731](https://redirect.github.com/astral-sh/setup-uv/issues/731)) - Bump actions/setup-node from 6.1.0 to 6.2.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#738](https://redirect.github.com/astral-sh/setup-uv/issues/738)) ### [`v7.3`](https://redirect.github.com/astral-sh/setup-uv/compare/v7.2...v7.3) [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.2.1...v7.3) ### [`v7.2.1`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.2.1): 🌈 update known checksums up to 0.9.28 [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.2...v7.2.1) ##### Changes ##### 🧰 Maintenance - chore: update known checksums for 0.9.28 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#744](https://redirect.github.com/astral-sh/setup-uv/issues/744)) - chore: update known checksums for 0.9.27 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#742](https://redirect.github.com/astral-sh/setup-uv/issues/742)) - chore: update known checksums for 0.9.26 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#734](https://redirect.github.com/astral-sh/setup-uv/issues/734)) - chore: update known checksums for 0.9.25 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#733](https://redirect.github.com/astral-sh/setup-uv/issues/733)) - chore: update known checksums for 0.9.24 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#730](https://redirect.github.com/astral-sh/setup-uv/issues/730)) ##### 📚 Documentation - Clarify impact of using actions/setup-python [@eifinger](https://redirect.github.com/eifinger) ([#732](https://redirect.github.com/astral-sh/setup-uv/issues/732)) ##### ⬆️ Dependency updates - Bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#741](https://redirect.github.com/astral-sh/setup-uv/issues/741)) ### [`v7.2.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.2.0): 🌈 add outputs python-version and python-cache-hit [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.2...v7.2) ##### Changes Among some minor typo fixes and quality of life features for developers of actions the main feature of this release are new outputs: - **python-version:** The Python version that was set (same content as existing `UV_PYTHON`) - **python-cache-hit:** A boolean value to indicate the Python cache entry was found While implementing this it became clear, that it is easier to handle the Python binaries in a separate cache entry. The added benefit for users is that the "normal" cache containing the dependencies can be used in all runs no matter if these cache the Python binaries or not. > \[!NOTE]\ > This release will invalidate caches that contain the Python binaries. This happens a single time. ##### 🐛 Bug fixes - chore: remove stray space from UV\_PYTHON\_INSTALL\_DIR message [@akx](https://redirect.github.com/akx) ([#720](https://redirect.github.com/astral-sh/setup-uv/issues/720)) ##### 🚀 Enhancements - add outputs python-version and python-cache-hit [@eifinger](https://redirect.github.com/eifinger) ([#728](https://redirect.github.com/astral-sh/setup-uv/issues/728)) - Add action typings with validation [@krzema12](https://redirect.github.com/krzema12) ([#721](https://redirect.github.com/astral-sh/setup-uv/issues/721)) ##### 🧰 Maintenance - fix: use uv\_build backend for old-python-constraint-project [@eifinger](https://redirect.github.com/eifinger) ([#729](https://redirect.github.com/astral-sh/setup-uv/issues/729)) - chore: update known checksums for 0.9.22 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#727](https://redirect.github.com/astral-sh/setup-uv/issues/727)) - chore: update known checksums for 0.9.21 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#726](https://redirect.github.com/astral-sh/setup-uv/issues/726)) - chore: update known checksums for 0.9.20 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#725](https://redirect.github.com/astral-sh/setup-uv/issues/725)) - chore: update known checksums for 0.9.18 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#718](https://redirect.github.com/astral-sh/setup-uv/issues/718)) ##### ⬆️ Dependency updates - Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#719](https://redirect.github.com/astral-sh/setup-uv/issues/719)) - Bump github/codeql-action from 4.31.6 to 4.31.9 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#723](https://redirect.github.com/astral-sh/setup-uv/issues/723)) ### [`v7.2`](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1...v7.2) [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1.6...v7.2) ### [`v7.1.6`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.1.6): 🌈 add OS version to cache key to prevent binary incompatibility [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1.5...v7.1.6) ##### Changes This release will invalidate your cache existing keys! The os version e.g. `ubuntu-22.04` is now part of the cache key. This prevents failing builds when a cache got populated with wheels built with different tools (e.g. glibc) than are present on the runner where the cache got restored. ##### 🐛 Bug fixes - feat: add OS version to cache key to prevent binary incompatibility [@eifinger](https://redirect.github.com/eifinger) ([#716](https://redirect.github.com/astral-sh/setup-uv/issues/716)) ##### 🧰 Maintenance - chore: update known checksums for 0.9.17 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#714](https://redirect.github.com/astral-sh/setup-uv/issues/714)) ##### ⬆️ Dependency updates - Bump actions/checkout from 5.0.0 to 6.0.1 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#712](https://redirect.github.com/astral-sh/setup-uv/issues/712)) - Bump actions/setup-node from 6.0.0 to 6.1.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#715](https://redirect.github.com/astral-sh/setup-uv/issues/715)) ### [`v7.1.5`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.1.5): 🌈 allow setting `cache-local-path` without `enable-cache: true` [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1.4...v7.1.5) ##### Changes [#612](https://redirect.github.com/astral-sh/setup-uv/pull/612) fixed a faulty behavior where this action set `UV_CACHE_DIR` even though `enable-cache` was `false`. It also fixed the cases were the cache dir is already configured in a settings file like `pyproject.toml` or `UV_CACHE_DIR` was already set. Here the action shouldn't overwrite or set `UV_CACHE_DIR`. These fixes introduced an unwanted behavior: You can still set `cache-local-path` but this action didn't do anything. This release fixes that. You can now use `cache-local-path` to automatically set `UV_CACHE_DIR` even when `enable-cache` is `false` (or gets set to false by default e.g. on self-hosted runners) ```yaml - name: This is now possible uses: astral-sh/setup-uv@v7 with: enable-cache: false cache-local-path: "/path/to/cache" ``` ##### 🐛 Bug fixes - allow cache-local-path w/o enable-cache [@eifinger](https://redirect.github.com/eifinger) ([#707](https://redirect.github.com/astral-sh/setup-uv/issues/707)) ##### 🧰 Maintenance - set biome files.maxSize to 2MiB [@eifinger](https://redirect.github.com/eifinger) ([#708](https://redirect.github.com/astral-sh/setup-uv/issues/708)) - chore: update known checksums for 0.9.16 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#706](https://redirect.github.com/astral-sh/setup-uv/issues/706)) - chore: update known checksums for 0.9.15 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#704](https://redirect.github.com/astral-sh/setup-uv/issues/704)) - chore: use `npm ci --ignore-scripts` everywhere [@woodruffw](https://redirect.github.com/woodruffw) ([#699](https://redirect.github.com/astral-sh/setup-uv/issues/699)) - chore: update known checksums for 0.9.14 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#700](https://redirect.github.com/astral-sh/setup-uv/issues/700)) - chore: update known checksums for 0.9.13 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#694](https://redirect.github.com/astral-sh/setup-uv/issues/694)) - chore: update known checksums for 0.9.12 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#693](https://redirect.github.com/astral-sh/setup-uv/issues/693)) - chore: update known checksums for 0.9.11 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#688](https://redirect.github.com/astral-sh/setup-uv/issues/688)) ##### ⬆️ Dependency updates - Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#695](https://redirect.github.com/astral-sh/setup-uv/issues/695)) - bump dependencies [@eifinger](https://redirect.github.com/eifinger) ([#709](https://redirect.github.com/astral-sh/setup-uv/issues/709)) - Bump github/codeql-action from 4.30.9 to 4.31.6 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#698](https://redirect.github.com/astral-sh/setup-uv/issues/698)) - Bump zizmorcore/zizmor-action from 0.2.0 to 0.3.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#696](https://redirect.github.com/astral-sh/setup-uv/issues/696)) - Bump eifinger/actionlint-action from 1.9.2 to 1.9.3 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#690](https://redirect.github.com/astral-sh/setup-uv/issues/690)) ### [`v7.1.4`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.1.4): 🌈 Fix libuv closing bug on Windows [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1.3...v7.1.4) ##### Changes This release fixes the bug `Assertion failed: !(handle->flags & UV_HANDLE_CLOSING)` on Windows runners ##### 🐛 Bug fixes - Wait 50ms before exit to fix libuv bug [@eifinger](https://redirect.github.com/eifinger) ([#689](https://redirect.github.com/astral-sh/setup-uv/issues/689)) ##### 🧰 Maintenance - chore: update known checksums for 0.9.10 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#681](https://redirect.github.com/astral-sh/setup-uv/issues/681)) - chore: update known checksums for 0.9.9 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#679](https://redirect.github.com/astral-sh/setup-uv/issues/679)) ### [`v7.1.3`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.1.3): 🌈 Support act [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1.2...v7.1.3) ##### Changes This bug fix release adds support for <https://github.com/nektos/act> It was previously broken because of a too new `undici` version and TS transpilation target. Compatibility with act is now automatically tested. ##### 🐛 Bug fixes - use old undici and ES2022 target for act support [@eifinger](https://redirect.github.com/eifinger) ([#678](https://redirect.github.com/astral-sh/setup-uv/issues/678)) ##### 🧰 Maintenance - chore: update known checksums for 0.9.8 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#677](https://redirect.github.com/astral-sh/setup-uv/issues/677)) - chore: update known checksums for 0.9.7 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#671](https://redirect.github.com/astral-sh/setup-uv/issues/671)) - chore: update known checksums for 0.9.6 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#670](https://redirect.github.com/astral-sh/setup-uv/issues/670)) ##### 📚 Documentation - Correct description of `cache-dependency-glob` [@allanlewis](https://redirect.github.com/allanlewis) ([#676](https://redirect.github.com/astral-sh/setup-uv/issues/676)) ### [`v7.1.2`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.1.2): 🌈 Speed up extraction on Windows [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1.1...v7.1.2) #### Changes [@lazka](https://redirect.github.com/lazka) fixed a bug that caused extracting uv to take up to 30s. Thank you! #### 🐛 Bug fixes - Use tar for extracting the uv zip file on Windows too [@lazka](https://redirect.github.com/lazka) ([#660](https://redirect.github.com/astral-sh/setup-uv/issues/660)) #### 🧰 Maintenance - chore: update known checksums for 0.9.5 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#663](https://redirect.github.com/astral-sh/setup-uv/issues/663)) #### ⬆️ Dependency updates - Bump dependencies [@eifinger](https://redirect.github.com/eifinger) ([#664](https://redirect.github.com/astral-sh/setup-uv/issues/664)) - Bump github/codeql-action from 4.30.8 to 4.30.9 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#652](https://redirect.github.com/astral-sh/setup-uv/issues/652)) ### [`v7.1.1`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.1.1): 🌈 Fix empty workdir detection and lowest resolution strategy [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1...v7.1.1) ##### Changes This release fixes a bug where the `working-directory` input was not used to detect an empty work dir. It also fixes the `lowest` resolution strategy resolving to latest when only a lower bound was specified. Special thanks to [@tpgillam](https://redirect.github.com/tpgillam) for the first contribution! ##### 🐛 Bug fixes - Fix "lowest" resolution strategy with lower-bound only [@tpgillam](https://redirect.github.com/tpgillam) ([#649](https://redirect.github.com/astral-sh/setup-uv/issues/649)) - Use working-directory to detect empty workdir [@eifinger](https://redirect.github.com/eifinger) ([#645](https://redirect.github.com/astral-sh/setup-uv/issues/645)) ##### 🧰 Maintenance - chore: update known checksums for 0.9.4 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#651](https://redirect.github.com/astral-sh/setup-uv/issues/651)) - chore: update known checksums for 0.9.3 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#644](https://redirect.github.com/astral-sh/setup-uv/issues/644)) ##### 📚 Documentation - Change version in docs to v7 [@eifinger](https://redirect.github.com/eifinger) ([#647](https://redirect.github.com/astral-sh/setup-uv/issues/647)) ##### ⬆️ Dependency updates - Bump github/codeql-action from 4.30.7 to 4.30.8 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#639](https://redirect.github.com/astral-sh/setup-uv/issues/639)) - Bump actions/setup-node from 5.0.0 to 6.0.0 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#641](https://redirect.github.com/astral-sh/setup-uv/issues/641)) - Bump eifinger/actionlint-action from 1.9.1 to 1.9.2 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#634](https://redirect.github.com/astral-sh/setup-uv/issues/634)) - Update lockfile with latest npm [@eifinger](https://redirect.github.com/eifinger) ([#636](https://redirect.github.com/astral-sh/setup-uv/issues/636)) ### [`v7.1.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v7.1.0): 🌈 Support all the use cases [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.1...v7.1) #### Changes **Support all the use cases!!!** ... well, that we know of. This release adds support for some use cases that most users don't encounter but are useful for e.g. people running Gitea. The input `resolution-strategy` lets you use the lowest possible version of uv from a version range. Useful if you want to test your tool with different versions of uv. If you use `activate-environment` the path to the activated venv is now also exposed under the output `venv`. Downloaded python installations can now also be uploaded to the GitHub Actions cache backend. Useful if you are running in `act` and have configured your own backend and don't want to download python again, and again over a slow internet connection. Finally the path to installed python interpreters is now added to the `PATH` on Windows. #### 🚀 Enhancements - Add resolution-strategy input to support oldest compatible version selection @[copilot-swe-agent\[bot\]](https://redirect.github.com/apps/copilot-swe-agent) ([#631](https://redirect.github.com/astral-sh/setup-uv/issues/631)) - Add value of UV\_PYTHON\_INSTALL\_DIR to path [@eifinger](https://redirect.github.com/eifinger) ([#628](https://redirect.github.com/astral-sh/setup-uv/issues/628)) - Set output venv when activate-environment is used [@eifinger](https://redirect.github.com/eifinger) ([#627](https://redirect.github.com/astral-sh/setup-uv/issues/627)) - Cache python installs [@merlinz01](https://redirect.github.com/merlinz01) ([#621](https://redirect.github.com/astral-sh/setup-uv/issues/621)) #### 🧰 Maintenance - Add copilot-instructions.md [@eifinger](https://redirect.github.com/eifinger) ([#630](https://redirect.github.com/astral-sh/setup-uv/issues/630)) - chore: update known checksums for 0.9.2 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#626](https://redirect.github.com/astral-sh/setup-uv/issues/626)) - chore: update known checksums for 0.9.1 @[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#625](https://redirect.github.com/astral-sh/setup-uv/issues/625)) - Fall back to PR for updating known versions [@eifinger](https://redirect.github.com/eifinger) ([#623](https://redirect.github.com/astral-sh/setup-uv/issues/623)) #### 📚 Documentation - Split up documentation [@eifinger](https://redirect.github.com/eifinger) ([#632](https://redirect.github.com/astral-sh/setup-uv/issues/632)) #### ⬆️ Dependency updates - Bump deps [@eifinger](https://redirect.github.com/eifinger) ([#633](https://redirect.github.com/astral-sh/setup-uv/issues/633)) - Bump github/codeql-action from 3.30.6 to 4.30.7 @[dependabot\[bot\]](https://redirect.github.com/apps/dependabot) ([#614](https://redirect.github.com/astral-sh/setup-uv/issues/614)) ### [`v7.1`](https://redirect.github.com/astral-sh/setup-uv/compare/v7.0...v7.1) [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7...v7.1) </details> <details> <summary>softprops/action-gh-release (softprops/action-gh-release)</summary> ### [`v3.0.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v3.0.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v3.0.0...v3.0.0) `3.0.0` is a major release that moves the action runtime from Node 20 to Node 24. Use `v3` on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on `v2.6.2`. #### What's Changed ##### Other Changes 🔄 - Move the action runtime and bundle target to Node 24 - Update `@types/node` to the Node 24 line and allow future Dependabot updates - Keep the floating major tag on `v3`; `v2` remains pinned to the latest `2.x` release ### [`v3`](https://redirect.github.com/softprops/action-gh-release/compare/v2...v3) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.6.2...v3.0.0) ### [`v2.6.2`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.6.2) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.6.1...v2.6.2)  #### What's Changed ##### Other Changes 🔄 - chore(deps): bump picomatch from 4.0.3 to 4.0.4 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [#775](https://redirect.github.com/softprops/action-gh-release/pull/775) - chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [#777](https://redirect.github.com/softprops/action-gh-release/pull/777) - chore(deps): bump vite from 8.0.0 to 8.0.5 by [@dependabot](https://redirect.github.com/dependabot)\[bot] in [#781](https://redirect.github.com/softprops/action-gh-release/pull/781) **Full Changelog**: <https://github.com/softprops/action-gh-release/compare/v2...v2.6.2> ### [`v2.6.1`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.6.1) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.6.0...v2.6.1) `2.6.1` is a patch release focused on restoring linked discussion thread creation when `discussion_category_name` is set. It fixes `#764`, where the draft-first publish flow stopped carrying the discussion category through the final publish step. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. #### What's Changed ##### Bug fixes 🐛 - fix: preserve discussion category on publish by [@chenrui333](https://redirect.github.com/chenrui333) in [#765](https://redirect.github.com/softprops/action-gh-release/pull/765) ### [`v2.6.0`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.6.0) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.5.3...v2.6.0) `2.6.0` is a minor release centered on `previous_tag` support for `generate_release_notes`, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a `working_directory` docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. #### What's Changed ##### Exciting New Features 🎉 - feat: support previous\_tag for generate\_release\_notes by [@pocesar](https://redirect.github.com/pocesar) in [#372](https://redirect.github.com/softprops/action-gh-release/pull/372) ##### Bug fixes 🐛 - fix: recover concurrent asset metadata 404s by [@chenrui333](https://redirect.github.com/chenrui333) in [#760](https://redirect.github.com/softprops/action-gh-release/pull/760) ##### Other Changes 🔄 - docs: clarify reused draft release behavior by [@chenrui333](https://redirect.github.com/chenrui333) in [#759](https://redirect.github.com/softprops/action-gh-release/pull/759) - docs: clarify working\_directory input by [@chenrui333](https://redirect.github.com/chenrui333) in [#761](https://redirect.github.com/softprops/action-gh-release/pull/761) - ci: verify dist bundle freshness by [@chenrui333](https://redirect.github.com/chenrui333) in [#762](https://redirect.github.com/softprops/action-gh-release/pull/762) - fix: clarify immutable prerelease uploads by [@chenrui333](https://redirect.github.com/chenrui333) in [#763](https://redirect.github.com/softprops/action-gh-release/pull/763) ### [`v2.5.3`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.5.3) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.5.2...v2.5.3)  `2.5.3` is a patch release focused on the remaining path-handling and release-selection bugs uncovered after `2.5.2`. It fixes `#639`, `#571`, `#280`, `#614`, `#311`, `#403`, and `#368`. It also adds documentation clarifications for `#541`, `#645`, `#542`, `#393`, and `#411`, where the current behavior is either usage-sensitive or constrained by GitHub platform limits rather than an action-side runtime bug. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. ##### What's Changed ##### Bug fixes 🐛 - fix: prefer token input over GITHUB\_TOKEN by [@chenrui333](https://redirect.github.com/chenrui333) in [#751](https://redirect.github.com/softprops/action-gh-release/pull/751) - fix: clean up duplicate drafts after canonicalization by [@chenrui333](https://redirect.github.com/chenrui333) in [#753](https://redirect.github.com/softprops/action-gh-release/pull/753) - fix: support Windows-style file globs by [@chenrui333](https://redirect.github.com/chenrui333) in [#754](https://redirect.github.com/softprops/action-gh-release/pull/754) - fix: normalize refs-tag inputs by [@chenrui333](https://redirect.github.com/chenrui333) in [#755](https://redirect.github.com/softprops/action-gh-release/pull/755) - fix: expand tilde file paths by [@chenrui333](https://redirect.github.com/chenrui333) in [#756](https://redirect.github.com/softprops/action-gh-release/pull/756) ##### Other Changes 🔄 - docs: clarify token precedence by [@chenrui333](https://redirect.github.com/chenrui333) in [#752](https://redirect.github.com/softprops/action-gh-release/pull/752) - docs: clarify GitHub release limits by [@chenrui333](https://redirect.github.com/chenrui333) in [#758](https://redirect.github.com/softprops/action-gh-release/pull/758) - documentation clarifications for empty-token handling, `preserve_order`, and special-character asset filename behavior **Full Changelog**: <https://github.com/softprops/action-gh-release/compare/v2...v2.5.3> ### [`v2.5.2`](https://redirect.github.com/softprops/action-gh-release/releases/tag/v2.5.2) [Compare Source](https://redirect.github.com/softprops/action-gh-release/compare/v2.5.1...v2.5.2)  `2.5.2` is a patch release focused on the remaining release-creation and prerelease regressions in the `2.5.x` bug-fix cycle. It fixes `#705`, fixes `#708`, fixes `#740`, fixes `#741`, and fixes `#722`. Regression testing covers the shared-tag race, prerelease event behavior, dotfile asset labels, same-filename concurrent uploads, and blocked-tag cleanup behavior. If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible. #### What's Changed ##### Bug fixes 🐛 - fix: canonicalize releases after concurrent create by [@chenrui333](https://redirect.github.com/chenrui333) in [#746](https://redirect.github.com/softprops/action-gh-release/pull/746) - fix: preserve prereleased events for prereleases by [@chenrui333](https://redirect.github.com/chenrui333) in [#748](https://redirect.github.com/softprops/action-gh-release/pull/748) - fix: restore dotfile asset labels by [@chenrui333](https://redirect.github.com/chenrui333) in [#749](https://redirect.github.com/softprops/action-gh-release/pull/749) - fix: handle upload already\_exists races across workflows by [@api2062](https://redirect.github.com/api2062) in [#745](https://redirect.github.com/softprops/action-gh-release/pull/745) - fix: clean up orphan drafts when tag creation is blocked by [@chenrui333](https://redirect.github.com/chenrui333) in [#750](https://redirect.github.com/softprops/action-gh-release/pull/750) #### New Contributors - [@api2062](https://redirect.github.com/api2062) made their first contribution in [#745](https://redirect.github.com/softprops/action-gh-release/pull/745) **Full Changelog**: <https://github.com/softprops/a > ✂ **Note** > > PR body was truncated to here. </details> --- ### Configuration 📅 **Schedule**: (in timezone Etc/UTC) - Branch creation - "every weekend" - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://redirect.github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/canonical/charmcraft).

Evaluation history

Date	Model	Scores	Action	Summary
2026-06-15 11:09:20.587425+00:00	qwen3.6-35b-a3b-mtp-q6	Staleness: 25 Complexity: 10 Confidence: 90	needs review	Updates major versions of GitHub Actions dependencies and remains open, with automated type-checking notifications reporting non-critical errors.
2026-06-15 11:06:32.192466+00:00	pending	—	—	—