chore(deps): bump the all group across 1 directory with 7 updates

[dependabot]

Bumps the all group with 7 updates in the / directory:

Package	From	To
astral-sh/setup-uv	7.6.0	8.0.0
cachix/install-nix-action	31.10.1	31.10.3
cachix/cachix-action	16	17
actions/configure-pages	5.0.0	6.0.0
actions/deploy-pages	4.0.5	5.0.0
pypa/gh-action-pypi-publish	1.13.0	1.14.0
sigstore/gh-action-sigstore-python	3.2.0	3.3.0

Updates astral-sh/setup-uv from 7.6.0 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

• Remove update-major-minor-tags workflow @​eifinger (#826)
• Remove deprecrated custom manifest @​eifinger (#813)

🧰 Maintenance

• Shortcircuit latest version from manifest @​eifinger (#828)
• Simplify inputs.ts @​eifinger (#827)
• Bump release-drafter to v7.1.1 @​eifinger (#825)
• Refactor inputs @​eifinger (#823)
• Replace inline compile args with tsconfig @​eifinger (#824)
• chore: update known checksums for 0.11.2 @github-actions[bot] (#821)
• chore: update known checksums for 0.11.1 @github-actions[bot] (#817)
• chore: update known checksums for 0.11.0 @github-actions[bot] (#815)
• Fix latest-version workflow check @​eifinger (#812)
• chore: update known checksums for 0.10.11/0.10.12 @github-actions[bot] (#811)

Commits

• cec2083 Shortcircuit latest version from manifest (#828)
• 4dd8ab4 Simplify inputs.ts (#827)
• 7fdbe7c Remove update-major-minor-tags workflow (#826)
• 485abd0 Bump release-drafter to v7.1.1 (#825)
• f82eb19 Refactor inputs (#823)
• 868d1f7 Replace inline compile args with tsconfig (#824)
• 447e6d0 chore: update known checksums for 0.11.2 (#821)
• 5c62c59 chore: update known checksums for 0.11.1 (#817)
• e1a7373 chore: update known checksums for 0.11.0 (#815)
• 8970931 Remove deprecrated custom manifest (#813)
• Additional commits viewable in compare view

Updates cachix/install-nix-action from 31.10.1 to 31.10.3

Release notes

Sourced from cachix/install-nix-action's releases.

v31.10.3

What's Changed

• nix: 2.34.2 -> 2.34.4 by @​github-actions[bot] in cachix/install-nix-action#271

Full Changelog: cachix/install-nix-action@v31...v31.10.3

v31.10.2

What's Changed

• nix: 2.34.1 -> 2.34.2 by @​github-actions[bot] in cachix/install-nix-action#270

Full Changelog: cachix/install-nix-action@v31...v31.10.2

Commits

• 96951a3 Merge pull request #271 from cachix/create-pull-request/patch
• 6281169 nix: 2.34.2 -> 2.34.4
• 51f3067 Revert "ci: use 25.11 for channel tests"
• 15118c1 ci: use 25.11 for channel tests
• e1ac057 Merge pull request #270 from cachix/create-pull-request/patch
• d181b96 nix: 2.34.1 -> 2.34.2
• See full diff in compare view

Updates cachix/cachix-action from 16 to 17

Release notes

Sourced from cachix/cachix-action's releases.

v17

What's Changed

Breaking changes

• Upgrade action to use Node 24 by @​sandydoo in cachix/cachix-action#212 https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

Full Changelog: cachix/cachix-action@v16...v17

Changelog

Sourced from cachix/cachix-action's changelog.

Release

1. Create and push a new tag:

   git tag v17
   git push origin v17

2. Wait for CI to pass.

3. Create a release for the new tag.

4. Move the major version tag to the latest release:

   git tag -fa v17
   git push origin v17 --force

Commits

• 1eb2ef6 Merge pull request #212 from cachix/upgrade-node-24
• 75ce400 dist: re-build using esbuild targeting node24
• 2b33705 deps: update devenv inputs
• 04937db breaking: update action to Node 24
• ca2e519 ci: use 25.11 for tests
• e7c5c1a Merge pull request #208 from cachix/dependabot/github_actions/actions/checkout-6
• bea8a50 ci: allow running tests manually and with a custom nix version
• 2e35755 chore(deps): bump actions/checkout from 5 to 6
• See full diff in compare view

Updates actions/configure-pages from 5.0.0 to 6.0.0

Release notes

Sourced from actions/configure-pages's releases.

v6.0.0

Changelog

• upgrade to node 24 @​salmanmkc (#186)
• Upgrade IA Publish @​Jcambass (#165)
• Add workflow file for publishing releases to immutable action package @​Jcambass (#163)
• pin draft release version @​YiMysty (#162)
• Bump espree from 9.6.1 to 10.1.0 @​dependabot (#160)
• Bump eslint-config-prettier from 8.8.0 to 9.1.0 @​dependabot (#143)
• Be more friendly to Dependabot @​yoannchaudet (#158)
• Bump eslint-plugin-github from 4.10.2 to 5.0.1 @​dependabot (#154)
• Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group @​dependabot (#156)
• Bump undici from 5.28.3 to 5.28.4 @​dependabot (#145)

See details of all code changes since previous release.

Commits

• 45bfe01 Merge pull request #186 from salmanmkc/node24
• d8770c2 Update Node version from 20 to 24 in action.yml
• cb8a1a3 upgrade to node 24
• d560657 Merge pull request #165 from actions/Jcambass-patch-1
• 35e0ac4 Upgrade IA Publish
• 1dfbcbf Merge pull request #163 from actions/Jcambass-patch-1
• 2f4f988 Add workflow file for publishing releases to immutable action package
• 0d7570c Merge pull request #162 from actions/pin-draft-release-verssion
• 3ea1966 pin draft release version
• aabcbc4 Merge pull request #160 from actions/dependabot/npm_and_yarn/espree-10.1.0
• Additional commits viewable in compare view

Updates actions/deploy-pages from 4.0.5 to 5.0.0

Release notes

Sourced from actions/deploy-pages's releases.

v5.0.0

Changelog

• Update Node.js version to 24.x @​salmanmkc (#404)
• Add workflow file for publishing releases to immutable action package @​Jcambass (#374)
• Bump braces from 3.0.2 to 3.0.3 in the npm_and_yarn group across 1 directory @​dependabot (#360)
• Make the rebuild dist workflow work nicer with Dependabot @​yoannchaudet (#361)
• Bump the non-breaking-changes group across 1 directory with 3 updates @​dependabot (#358)
• Delete repeated sentence @​garethsb (#359)
• Update README.md @​tsusdere (#348)
• Bump the non-breaking-changes group with 4 updates @​dependabot (#341)
• Remove error message for file permissions @​TooManyBees (#340)

---

See details of all code changes since previous release.

⚠️ For use with products other than GitHub.com, such as GitHub Enterprise Server, please consult the compatibility table.

Commits

• cd2ce8f Merge pull request #404 from salmanmkc/node24
• bbe2a95 Update Node.js version to 24.x
• 854d7aa Merge pull request #374 from actions/Jcambass-patch-1
• 306bb81 Add workflow file for publishing releases to immutable action package
• b742728 Merge pull request #360 from actions/dependabot/npm_and_yarn/npm_and_yarn-513...
• 7273294 Bump braces in the npm_and_yarn group across 1 directory
• 963791f Merge pull request #361 from actions/dependabot-friendly
• 51bb29d Make the rebuild dist workflow safer for Dependabot
• 89f3d10 Merge pull request #358 from actions/dependabot/npm_and_yarn/non-breaking-cha...
• bce7355 Merge branch 'main' into dependabot/npm_and_yarn/non-breaking-changes-99c12deb21
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

• @​him2him2 made their first contribution in #395
• @​whitequark made their first contribution in #397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits

• cef2210 Merge pull request #397 from whitequark/patch-1
• b4595e2 Enable verbose and print-hash by default.
• e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
• 7495c38 docs: fix typos and grammar in README and SECURITY
• 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
• 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
• b5a6e8b deps: bump sigstore and pypi-attestations
• a48a03e remove another experimental mention
• 8087a88 action: remove a lingering mention of PEP 740 being experimental
• 3317ede 🧪 Integrate actionlint via pre-commit framework
• Additional commits viewable in compare view

Updates sigstore/gh-action-sigstore-python from 3.2.0 to 3.3.0

Release notes

Sourced from sigstore/gh-action-sigstore-python's releases.

v3.3.0

What's Changed

• Dependency updates. Most importantly used sigstore-python is now version 4.2.0

Full Changelog: sigstore/gh-action-sigstore-python@v3.2.0...v3.3.0

Commits

• 04cffa1 build(deps): bump requests from 2.32.5 to 2.33.0 in /requirements (#342)
• 69171e8 build(deps): bump charset-normalizer in the python-dependencies group (#340)
• 40198d7 build(deps): bump github/codeql-action in the actions group (#338)
• ca55bb0 build(deps): bump the python-dependencies group with 2 updates (#339)
• 2736143 build(deps): bump the actions group with 3 updates (#335)
• 9afbb88 build(deps): bump pyasn1 from 0.6.2 to 0.6.3 in /requirements (#337)
• eb907b0 build(deps): bump pyopenssl from 25.3.0 to 26.0.0 in /requirements (#334)
• 84eaebf build(deps): bump astral-sh/setup-uv in the actions group (#331)
• 57c12be build(deps): bump charset-normalizer in the python-dependencies group (#332)
• 57918d7 build(deps): bump pyjwt from 2.11.0 to 2.12.0 in /requirements (#333)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions