Bump astral-sh/setup-uv from 8.2.0 to 8.3.2#55
Conversation
Scriptception
left a comment
There was a problem hiding this comment.
IcebergAutoReview
Verdict: approve
The focused minor update correctly replaces all four setup-uv references with the immutable, signed v8.3.2 commit SHA. The Node 24 runtime is unchanged, upstream lockfile changes were accompanied by regenerated bundles and upstream validation, and this repository’s complete CI build/test path passed with the new action.
Findings
- No blocking findings.
Validation
- Inspected complete main...HEAD diff and commit ancestry; confirmed only two workflow files changed.
- Verified upstream v8.3.0–v8.3.2 release notes, signed tag/SHA, action.yml runtime, dependency rollup, lockfile update, and regenerated distributions.
- GitHub Actions CI passed: lint, Ruff formatting, mypy, release consistency, build/package verification, and pytest on Python 3.10–3.14.
- Parsed both changed workflow files and verified all 11 action references use immutable 40-character SHA pins.
- Ran release consistency check, git diff --check, and a merge-tree check against current main successfully.
Residual risks / optional notes
- The branch is one commit behind main, although GitHub reports it mergeable and the local merge-tree check found no conflict; required CI should rerun after the branch update.
- The tag-triggered PyPI release workflow was not executed on this PR, but CI successfully exercised the same updated setup-uv and uv build path, and the publishing steps are unchanged.
Automated review by Codex 92f8503f5983 using IcebergAutoReview.
|
@dependabot rebase |
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 8.2.0 to 8.3.2. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@fac544c...11f9893) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.3.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
92f8503 to
82cd6f0
Compare
Scriptception
left a comment
There was a problem hiding this comment.
IcebergAutoReview
Verdict: approve
Focused supply-chain update correctly replaces all four setup-uv v8.2.0 references with the immutable v8.3.2 commit SHA. The single-commit diff is clean, current with main, convention-compliant, and contains no unrelated, permission, manifest, or lockfile changes. PR CI directly exercises setup-uv across lint, Python 3.10–3.14 tests, and package build; the release workflow uses the same build path.
Findings
- No blocking findings.
Validation
- Parsed ci.yml, release.yml, and dependabot.yml successfully as YAML.
- Verified all 11 workflow action references use immutable 40-character SHA pins and all four setup-uv references use 11f9893b081a58869d3b5fccaea48c9e9e46f990.
- Ran scripts/check_release_consistency.py successfully.
- Ran git diff --check successfully.
- Verified one-commit linear ancestry from current main and diff scope limited to ci.yml and release.yml.
- Repository test, lint, type-check, and build commands could not initialize because the review sandbox is read-only and provides no writable temporary/cache directory.
Residual risks / optional notes
- Live GitHub check status and upstream action contents could not be independently fetched because network access is unavailable; assessment relies on the supplied upstream commit mapping and the repository’s CI coverage.
Automated review by Codex 82cd6f0f8b8e using IcebergAutoReview.
Bumps astral-sh/setup-uv from 8.2.0 to 8.3.2.
Commits
11f9893chore: roll up Dependabot updates (#948)f798556docs: update version references to v8.3.1 (#946)e80544dchore: update known checksums for 0.11.28 (#947)f98e069Change update-docs PR labels from 'update-docs' to 'documentation' (#945)cd46263chore: update known checksums for 0.11.27 (#944)11245c7docs: update version references to v8.3.0 (#939)d31148dStrip environment markers from detected uv dependency pins (#938)17c3989Fix cache keys for Python version ranges (#937)3cc3c11chore(deps): roll up Dependabot updates (#936)9225f84chore(deps): bump release-drafter/release-drafter from 7.3.1 to 7.4.0 (#924)