Bump astral-sh/setup-uv from 7.1.5 to 7.1.6 #36
Conversation
dependabot
bot
added
dependencies
amrit110
left a comment
amrit110
left a comment
There was a problem hiding this comment.
✅ All checks passed. Auto-approving bot PR.
🤖 AI Engineering Maintenance Bot - Maintaining Vector Institute Repositories built by AI Engineering
|
🎉 All checks passed! This PR will be automatically merged. 🤖 AI Engineering Maintenance Bot - Maintaining Vector Institute Repositories built by AI Engineering |
|
@dependabot rebase |
dependabot
bot
force-pushed
the
dependabot/github_actions/astral-sh/setup-uv-7.1.6
branch
from
4dd522c to
be03bf2
Compare
|
@dependabot rebase |
|
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
|
🔧 Analyzing and fixing: run-code-check... 🤖 AI Engineering Maintenance Bot |
|
🔧 Automated fix applied Fixed unknown failures after dependency updates. ✓ Successfully fixed unknown failures - Modified 0 files - Executed 52 agent actions - (11 tool_call, 4 reasoning, 20 error, 17 info) CI checks will re-run automatically. 📊 View detailed trace on dashboard | Raw trace 🤖 AI Engineering Maintenance Bot |
|
@dependabot recreate |
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 7.1.5 to 7.1.6. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v7.1.5...v7.1.6) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 7.1.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
force-pushed
the
dependabot/github_actions/astral-sh/setup-uv-7.1.6
branch
from
ec9e198 to
a857e0a
Compare
Security update: - Update filelock from 3.20.0 to 3.20.1 (fixes CVE GHSA-w853-jp5j-5j7f) Severity: Critical The vulnerability is a Time-of-Check-Time-of-Use (TOCTOU) race condition that allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The fix adds O_NOFOLLOW flag on Unix/Linux/macOS and adds GetFileAttributesW API check on Windows to prevent symlink following. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <[email protected]>
|
All checks passed! This PR will be automatically merged. AI Engineering Maintenance Bot - Maintaining Vector Institute Repositories built by AI Engineering |
amrit110
deleted the
dependabot/github_actions/astral-sh/setup-uv-7.1.6
branch
Bumps astral-sh/setup-uv from 7.1.5 to 7.1.6.
Release notes
Sourced from astral-sh/setup-uv's releases.
Commits
681c641Bump actions/checkout from 5.0.0 to 6.0.1 (#712)2e85713Bump actions/setup-node from 6.0.0 to 6.1.0 (#715)58b6d7bfix: add OS version to cache key to prevent binary incompatibility (#716)e8b52afchore: update known checksums for 0.9.17 (#714)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)