Skip to content

build(deps): bump the github-actions group with 3 updates#1365

Merged
RonnyPfannschmidt merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-d82f2a2380
Apr 25, 2026
Merged

build(deps): bump the github-actions group with 3 updates#1365
RonnyPfannschmidt merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-d82f2a2380

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps the github-actions group with 3 updates: astral-sh/setup-uv, msys2/setup-msys2 and softprops/action-gh-release.

Updates astral-sh/setup-uv from 8.0.0 to 8.1.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.1.0 🌈 New input no-project

Changes

This add the a new boolean input no-project. It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv

🚀 Enhancements

  • Add input no-project in combination with activate-environment @​eifinger (#856)

🧰 Maintenance

📚 Documentation

⬆️ Dependency updates

  • chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] (#855)
Commits
  • 0880764 fix: grant contents:write to validate-release job (#860)
  • 717d6ab Add a release-gate step to the release workflow (#859)
  • 5a911eb Draft commitish releases (#858)
  • 080c31e Add action-types.yml to instructions (#857)
  • b3e97d2 Add input no-project in combination with activate-environment (#856)
  • 7dd591d chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)
  • 1541b77 chore: update known checksums for 0.11.7 (#853)
  • cdfb2ee Refactor version resolving (#852)
  • cb84d12 chore: update known checksums for 0.11.6 (#850)
  • 1912cc6 chore: update known checksums for 0.11.5 (#845)
  • Additional commits viewable in compare view

Updates msys2/setup-msys2 from 2.31.0 to 2.31.1

Release notes

Sourced from msys2/setup-msys2's releases.

v2.31.1

  • input: allow empty input for "install" and "pacboy", meaning not packages will be installed [#589]
  • input: deprecate the special "RUNNER_TEMP" value for "location" in favor of an empty string
  • Update dependencies
Changelog

Sourced from msys2/setup-msys2's changelog.

Changelog

2.31.1

  • input: allow empty input for "install" and "pacboy", meaning not packages will be installed [#589]
  • input: deprecate the special "RUNNER_TEMP" value for "location" in favor of an empty string
  • Update dependencies

2.31.0

  • Update base distribution to 20260322. [#597]
  • Update dependencies
  • Move to node24 from node20

2.30.0

  • Update base distribution to 20251213. [#565]
  • Remove folder-hash dependency [#555]
  • Update dependencies

2.29.0

  • Allow installation to C:\msys64 if it doesn't exist already. Like with the new windows-11-arm image, for example. [#542]
  • Update base distribution to 20250830. [#548]
  • Update dependencies

2.28.0

  • Update base distribution to 20250622. [#518]
  • Update dependencies

2.27.0

  • Update base distribution to 20250221. [#480]
  • Update dependencies
  • Drop support for CLANG32

2.26.0

2.25.0

... (truncated)

Commits

Updates softprops/action-gh-release from 2.6.1 to 3.0.0

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

Full Changelog: softprops/action-gh-release@v2...v2.6.2

Changelog

Sourced from softprops/action-gh-release's changelog.

3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

  • Move the action runtime and bundle target to Node 24
  • Update @types/node to the Node 24 line and allow future Dependabot updates
  • Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

2.6.2

What's Changed

Other Changes 🔄

2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Commits
  • b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
  • c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
  • 3bb1273 release 2.6.2
  • c34030f chore: bump node to 24.14.1
  • 8975bd0 chore(deps): bump vite from 8.0.0 to 8.0.5 (#781)
  • f71937f chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 (#777)
  • 3f0d239 chore(deps): bump picomatch from 4.0.3 to 4.0.4 (#775)
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the github-actions group with 3 updates
410d38b 
Bumps the github-actions group with 3 updates: [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv), [msys2/setup-msys2](https://github.com/msys2/setup-msys2) and [softprops/action-gh-release](https://github.com/softprops/action-gh-release).


Updates `astral-sh/setup-uv` from 8.0.0 to 8.1.0
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](astral-sh/setup-uv@cec2083...0880764)

Updates `msys2/setup-msys2` from 2.31.0 to 2.31.1
- [Release notes](https://github.com/msys2/setup-msys2/releases)
- [Changelog](https://github.com/msys2/setup-msys2/blob/main/CHANGELOG.md)
- [Commits](msys2/setup-msys2@cafece8...e989830)

Updates `softprops/action-gh-release` from 2.6.1 to 3.0.0
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](softprops/action-gh-release@153bb8e...b430933)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: msys2/setup-msys2
  dependency-version: 2.31.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: softprops/action-gh-release
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 17, 2026
@RonnyPfannschmidt RonnyPfannschmidt merged commit f1ed39d into main Apr 25, 2026
25 of 27 checks passed
@dependabot dependabot Bot deleted the dependabot/github_actions/github-actions-d82f2a2380 branch April 25, 2026 09:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@RonnyPfannschmidt