This is an automated email from the ASF dual-hosted git repository.
zeroshade pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/arrow-adbc.git
The following commit(s) were added to refs/heads/main by this push:
new a49be8b7c chore: bump the actions group across 1 directory with 3
updates (#4193)
a49be8b7c is described below
commit a49be8b7cb1db47b9c6ab198f8b4a79d50c748c0
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Apr 14 12:07:23 2026 -0400
chore: bump the actions group across 1 directory with 3 updates (#4193)
Bumps the actions group with 3 updates in the / directory:
[astral-sh/setup-uv](https://github.com/astral-sh/setup-uv),
[ruby/setup-ruby](https://github.com/ruby/setup-ruby) and
[docker/login-action](https://github.com/docker/login-action).
Updates `astral-sh/setup-uv` from 7.6.0 to 8.0.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/setup-uv/releases";>astral-sh/setup-uv's
releases</a>.</em></p>
<blockquote>
<h2>v8.0.0 🌈 Immutable releases and secure tags</h2>
<h1>This is the first immutable release of <code>setup-uv</code> 🥳</h1>
<p>All future releases are also immutable, if you want to know more
about what this means checkout <a
href="https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases";>the
docs</a>.</p>
<p>This release also has two breaking changes</p>
<h2>New format for <code>manifest-file</code></h2>
<p>The previously deprecated way of defining a custom version manifest
to control which <code>uv</code> versions are available and where to
download them from got removed. The functionality is still there but you
have to use the <a
href="https://github.com/astral-sh/setup-uv/blob/main/docs/customization.md#format";>new
format</a>.</p>
<h2>No more major and minor tags</h2>
<p>To increase <strong>security</strong> even more we will <strong>stop
publishing minor tags</strong>. You won't be able to use
<code>@v8</code> or <code>@v8.0</code> any longer. We do this because
pinning to major releases opens up users to supply chain attacks like
what happened to <a
href="https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/";>tj-actions</a>.</p>
<blockquote>
<p>[!TIP]
Use the immutable tag as a version
<code>astral-sh/[email protected]</code>
Or even better the githash
<code>astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57</code></p>
</blockquote>
<h2>🚨 Breaking changes</h2>
<ul>
<li>Remove update-major-minor-tags workflow <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/826";>#826</a>)</li>
<li>Remove deprecrated custom manifest <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/813";>#813</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>Shortcircuit latest version from manifest <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/828";>#828</a>)</li>
<li>Simplify inputs.ts <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/827";>#827</a>)</li>
<li>Bump release-drafter to v7.1.1 <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/825";>#825</a>)</li>
<li>Refactor inputs <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/823";>#823</a>)</li>
<li>Replace inline compile args with tsconfig <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/824";>#824</a>)</li>
<li>chore: update known checksums for 0.11.2 @<a
href="https://github.com/apps/github-actions";>github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/821";>#821</a>)</li>
<li>chore: update known checksums for 0.11.1 @<a
href="https://github.com/apps/github-actions";>github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/817";>#817</a>)</li>
<li>chore: update known checksums for 0.11.0 @<a
href="https://github.com/apps/github-actions";>github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/815";>#815</a>)</li>
<li>Fix latest-version workflow check <a
href="https://github.com/eifinger";><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/812";>#812</a>)</li>
<li>chore: update known checksums for 0.10.11/0.10.12 @<a
href="https://github.com/apps/github-actions";>github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/811";>#811</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/cec208311dfd045dd5311c1add060b2062131d57";><code>cec2083</code></a>
Shortcircuit latest version from manifest (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/828";>#828</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/4dd8ab45206a76f8c1dfe399fa88df10a7264f27";><code>4dd8ab4</code></a>
Simplify inputs.ts (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/827";>#827</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/7fdbe7cf0c8ef50cfd0878eed7b5180abc6b53c7";><code>7fdbe7c</code></a>
Remove update-major-minor-tags workflow (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/826";>#826</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/485abd05e5c74a247f0a309e333d2433ab9a353a";><code>485abd0</code></a>
Bump release-drafter to v7.1.1 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/825";>#825</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/f82eb19c06057c455674b2602e0139fd906f1428";><code>f82eb19</code></a>
Refactor inputs (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/823";>#823</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/868d1f74d9d862d7b40219546bfe35299c6dd452";><code>868d1f7</code></a>
Replace inline compile args with tsconfig (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/824";>#824</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/447e6d02b15d65b3247cce2d6019f11957285d11";><code>447e6d0</code></a>
chore: update known checksums for 0.11.2 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/821";>#821</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/5c62c5926145985eec91f09e2e0a75f40daed929";><code>5c62c59</code></a>
chore: update known checksums for 0.11.1 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/817";>#817</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/e1a7373adb857afd2a70b971e8ebdacc64ed27d0";><code>e1a7373</code></a>
chore: update known checksums for 0.11.0 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/815";>#815</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/89709315bb3bd4bf0f4b1db4b710e99009087ab5";><code>8970931</code></a>
Remove deprecrated custom manifest (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/813";>#813</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/setup-uv/compare/37802adc94f370d6bfd71619e3f0bf239e1f3b78...cec208311dfd045dd5311c1add060b2062131d57";>compare
view</a></li>
</ul>
</details>
<br />
Updates `ruby/setup-ruby` from 1.299.0 to 1.300.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/setup-ruby/releases";>ruby/setup-ruby's
releases</a>.</em></p>
<blockquote>
<h2>v1.300.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Refactor matrix script by <a
href="https://github.com/ntkme";><code>@​ntkme</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/897";>ruby/setup-ruby#897</a></li>
<li>Add jruby-10.0.5.0 by <a
href="https://github.com/ruby-builder-bot";><code>@​ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/900";>ruby/setup-ruby#900</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0";>https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/ruby/setup-ruby/commit/e65c17d16e57e481586a6a5a0282698790062f92";><code>e65c17d</code></a>
Add jruby-10.0.5.0</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/ba696adf55506673e48342a66e30f1f53cadeae0";><code>ba696ad</code></a>
Refactor matrix script</li>
<li><a
href="https://github.com/ruby/setup-ruby/commit/2327de0bdc11657e6bed81a43cae73251edb97a0";><code>2327de0</code></a>
TruffleRuby 34+ does not support macOS Intel</li>
<li>See full diff in <a
href="https://github.com/ruby/setup-ruby/compare/3ff19f5e2baf30647122352b96108b1fbe250c64...e65c17d16e57e481586a6a5a0282698790062f92";>compare
view</a></li>
</ul>
</details>
<br />
Updates `docker/login-action` from 4.0.0 to 4.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/docker/login-action/releases";>docker/login-action's
releases</a>.</em></p>
<blockquote>
<h2>v4.1.0</h2>
<ul>
<li>Fix scoped Docker Hub cleanup path when registry is omitted by <a
href="https://github.com/crazy-max";><code>@​crazy-max</code></a> in <a
href="https://redirect.github.com/docker/login-action/pull/945";>docker/login-action#945</a></li>
<li>Bump <code>@​aws-sdk/client-ecr</code> and
<code>@​aws-sdk/client-ecr-public</code> to 3.1020.0 in <a
href="https://redirect.github.com/docker/login-action/pull/930";>docker/login-action#930</a></li>
<li>Bump <code>@​docker/actions-toolkit</code> from 0.77.0 to 0.86.0 in
<a
href="https://redirect.github.com/docker/login-action/pull/932";>docker/login-action#932</a>
<a
href="https://redirect.github.com/docker/login-action/pull/936";>docker/login-action#936</a></li>
<li>Bump brace-expansion from 1.1.12 to 1.1.13 in <a
href="https://redirect.github.com/docker/login-action/pull/952";>docker/login-action#952</a></li>
<li>Bump fast-xml-parser from 5.3.4 to 5.3.6 in <a
href="https://redirect.github.com/docker/login-action/pull/942";>docker/login-action#942</a></li>
<li>Bump flatted from 3.3.3 to 3.4.2 in <a
href="https://redirect.github.com/docker/login-action/pull/944";>docker/login-action#944</a></li>
<li>Bump glob from 10.3.12 to 10.5.0 in <a
href="https://redirect.github.com/docker/login-action/pull/940";>docker/login-action#940</a></li>
<li>Bump handlebars from 4.7.8 to 4.7.9 in <a
href="https://redirect.github.com/docker/login-action/pull/949";>docker/login-action#949</a></li>
<li>Bump http-proxy-agent and https-proxy-agent to 8.0.0 in <a
href="https://redirect.github.com/docker/login-action/pull/937";>docker/login-action#937</a></li>
<li>Bump lodash from 4.17.23 to 4.18.1 in <a
href="https://redirect.github.com/docker/login-action/pull/958";>docker/login-action#958</a></li>
<li>Bump minimatch from 3.1.2 to 3.1.5 in <a
href="https://redirect.github.com/docker/login-action/pull/941";>docker/login-action#941</a></li>
<li>Bump picomatch from 4.0.3 to 4.0.4 in <a
href="https://redirect.github.com/docker/login-action/pull/948";>docker/login-action#948</a></li>
<li>Bump undici from 6.23.0 to 6.24.1 in <a
href="https://redirect.github.com/docker/login-action/pull/938";>docker/login-action#938</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/docker/login-action/compare/v4.0.0...v4.1.0";>https://github.com/docker/login-action/compare/v4.0.0...v4.1.0</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/docker/login-action/commit/4907a6ddec9925e35a0a9e82d7399ccc52663121";><code>4907a6d</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/930";>#930</a>
from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...</li>
<li><a
href="https://github.com/docker/login-action/commit/1e233e691a8881d7f35ca7c2d5dfaaed80b39636";><code>1e233e6</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/6c24ead68057f18c30c808a431f0b85dc25663cb";><code>6c24ead</code></a>
build(deps): bump the aws-sdk-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/ee034d70944e3546349cd24295914f139342f1e6";><code>ee034d7</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/958";>#958</a>
from docker/dependabot/npm_and_yarn/lodash-4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/1527209db9734bd2352a2dc1a63d79c9aa5358bb";><code>1527209</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/937";>#937</a>
from docker/dependabot/npm_and_yarn/proxy-agent-depen...</li>
<li><a
href="https://github.com/docker/login-action/commit/d39362aba4d72f8d9d93e0962119840690133e1b";><code>d39362a</code></a>
build(deps): bump lodash from 4.17.23 to 4.18.1</li>
<li><a
href="https://github.com/docker/login-action/commit/a6f092b568105cbb6d9deb7e55e0a4c5c1025fce";><code>a6f092b</code></a>
chore: update generated content</li>
<li><a
href="https://github.com/docker/login-action/commit/60953f0bed2120ec69659d271fe18d34bc069779";><code>60953f0</code></a>
build(deps): bump the proxy-agent-dependencies group with 2 updates</li>
<li><a
href="https://github.com/docker/login-action/commit/62c688590fb4ab6c6e89a217ced0a7b2ddcf1340";><code>62c6885</code></a>
Merge pull request <a
href="https://redirect.github.com/docker/login-action/issues/936";>#936</a>
from docker/dependabot/npm_and_yarn/docker/actions-to...</li>
<li><a
href="https://github.com/docker/login-action/commit/102c0e672992d2e992c89b6f4808d65a353b5a1a";><code>102c0e6</code></a>
chore: update generated content</li>
<li>Additional commits viewable in <a
href="https://github.com/docker/login-action/compare/b45d80f862d83dbcd57f89517bcf500b2ab88fb2...4907a6ddec9925e35a0a9e82d7399ccc52663121";>compare
view</a></li>
</ul>
</details>
<br />
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
.github/workflows/integration.yml | 2 +-
.github/workflows/packaging.yml | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/integration.yml
b/.github/workflows/integration.yml
index b53abecf0..4b44f1dcc 100644
--- a/.github/workflows/integration.yml
+++ b/.github/workflows/integration.yml
@@ -278,7 +278,7 @@ jobs:
./ci/scripts/python_test.sh "$(pwd)" "$(pwd)/build"
docker compose down
docker compose rm -fsv
- - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 #
v7.6.0
+ - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 #
v8.0.0
- name: Run PostgreSQL Validation Suite
run: |
env POSTGRES_VERSION=18 docker compose up --wait --detach
postgres-test
diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml
index df619d7ae..67ea3f28e 100644
--- a/.github/workflows/packaging.yml
+++ b/.github/workflows/packaging.yml
@@ -416,7 +416,7 @@ jobs:
mv apache-arrow-adbc-$VERSION.tar.gz adbc/ci/linux-packages/
- name: Set up Ruby
- uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 #
v1.299.0
+ uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92 #
v1.300.0
with:
ruby-version: ruby
@@ -428,7 +428,7 @@ jobs:
restore-keys: linux-${{ env.TASK_NAMESPACE }}-ccache-${{
matrix.target }}-
- name: Login to GitHub Container registry
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 #
v4.0.0
+ uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 #
v4.1.0
with:
registry: ghcr.io
username: ${{ github.actor }}
