From b5e9bb0a49504eb6adc022f4b04921972154d049 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jun 2026 01:42:47 +0000
Subject: [PATCH 1/3] Bump snowballstemmer from 3.1.0 to 3.1.1 (#12801)

Bumps [snowballstemmer](https://github.com/snowballstem/snowball) from
3.1.0 to 3.1.1.
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/snowballstem/snowball/blob/main/NEWS">snowballstemmer's
changelog</a>.</em></p>
<blockquote>
<h1>Snowball 3.1.1 (2026-06-03)</h1>
<h2>Compiler changes</h2>
<ul>
<li>
<p>Bug fixes:</p>
<ul>
<li>Fix a segmentation fault after reporting an error for a string
command
not followed by a string variable name or string literal. Bug introduced
in 3.1.0. Patch from Jerry James (<a
href="https://redirect.github.com/snowballstem/snowball/issues/287">#287</a>).</li>
</ul>
</li>
<li>
<p>Compiler command-line options:</p>
<ul>
<li>Emit an error for <code>-o -</code>/<code>-output -</code>. Output
to stdout is not supported
because we need to generate multiple files for some target languages.
We were interpreting <code>-</code> as a base filename to append
extensions to, so
we'd create <code>-.c</code> and <code>-.h</code> for C, but creating
filenames that start with
<code>-</code> seems unhelpful.</li>
</ul>
</li>
</ul>
<h2>Generic code generation changes</h2>
<ul>
<li>
<p>Bug fixes:</p>
<ul>
<li>Variable localisation was failing to check the expression on the RHS
of an
integer test for uses of a variable, so could incorrectly localise an
integer variable whose value should have persisted between calls to a
function.  This bug won't realistically manifest in real world Snowball
code.</li>
</ul>
</li>
<li>
<p>Optimisations:</p>
<ul>
<li>
<p>Inline some routines which are only used once. This is done for
routines
consisting of a single non-compound command (or cases such as <code>not
&lt;boolean&gt;</code> and <code>goto &lt;grouping&gt;</code> which we
internally synthesise a
non-compound command for).  Localisation of variables happens after
inlining, so variables can now be localised in more cases.</p>
</li>
<li>
<p><code>test next</code> and <code>not next</code> are both now
simplified to a comparison between
<code>cursor</code> and <code>limit</code> (like <code>not
atlimit</code> and <code>atlimit</code>). We already
normalise <code>hop 1</code> to <code>next</code>, so <code>test hop
1</code> and <code>not hop 1</code> are also
simplified in this way.</p>
</li>
<li>
<p>Simplify <code>not</code> applied to an integer test by removing the
<code>not</code> and
flipping the sense of the test (e.g. <code>not $(x &gt; y)</code>
becomes <code>$(x &lt;= y)</code>)
which results in simpler generated code. More usefully in real world
code,
this also results in simpler generated code for <code>not atlimit</code>
(since
<code>atlimit</code> is converted <code>$(cursor &gt;= limit)</code> or
<code>$(cursor &lt;= limit)</code>
(depending on the current direction).</p>
</li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/snowballstem/snowball/commit/cd195b51e948a902a4312f023f4a14392516a543"><code>cd195b5</code></a>
Update for 3.1.1</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/80d885c983019967339bbea003e0a8f724ba0f58"><code>80d885c</code></a>
NEWS: Update draft entry</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/5346c74eaedfdd9495ccc8afd5d6957da9e95258"><code>5346c74</code></a>
C++: Compile runtime as C++</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/537f9702e635f8dad03441775aebe53565492ed7"><code>537f970</code></a>
python: Add classifier for 3.14</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/3aeb013c9ffd2f2df15c6ef9cc956a7f825e4fd2"><code>3aeb013</code></a>
python: Skip Natural Language :: Sesotho classifier</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/91fa20b842db0f422ea02d26d59f518dbae72c63"><code>91fa20b</code></a>
NEWS: Update draft entry</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/a04abeb4f95eed8757b5107694fa0424c7026a79"><code>a04abeb</code></a>
Don't use extern &quot;C&quot; for functions which can throw</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/49bb623cb9b0ca05267d939c2e2f56c10b63dc6c"><code>49bb623</code></a>
C++: Hook up properly</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/7ab50ed5f4ed99f08d897100633345e488e07a05"><code>7ab50ed</code></a>
CI: Fix coverage job</li>
<li><a
href="https://github.com/snowballstem/snowball/commit/5f0a33cc278f0973f5c987fdcf8aa1d1afa6ba95"><code>5f0a33c</code></a>
NEWS: Add draft entry</li>
<li>Additional commits viewable in <a
href="https://github.com/snowballstem/snowball/compare/v3.1.0...v3.1.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=snowballstemmer&package-manager=pip&previous-version=3.1.0&new-version=3.1.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt  | 2 +-
 requirements/dev.txt          | 2 +-
 requirements/doc-spelling.txt | 2 +-
 requirements/doc.txt          | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 0e1600af659..630e40ecb57 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -259,7 +259,7 @@ six==1.17.0
     # via python-dateutil
 slotscheck==0.20.0
     # via -r requirements/lint.in
-snowballstemmer==3.1.0
+snowballstemmer==3.1.1
     # via sphinx
 sphinx==8.1.3
     # via
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 8a34e18868e..5494139a0eb 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -252,7 +252,7 @@ six==1.17.0
     # via python-dateutil
 slotscheck==0.20.0
     # via -r requirements/lint.in
-snowballstemmer==3.1.0
+snowballstemmer==3.1.1
     # via sphinx
 sphinx==8.1.3
     # via
diff --git a/requirements/doc-spelling.txt b/requirements/doc-spelling.txt
index e5c3306697f..3380097a3d9 100644
--- a/requirements/doc-spelling.txt
+++ b/requirements/doc-spelling.txt
@@ -56,7 +56,7 @@ requests==2.34.2
     # via
     #   sphinx
     #   sphinxcontrib-spelling
-snowballstemmer==3.1.0
+snowballstemmer==3.1.1
     # via sphinx
 sphinx==8.1.3
     # via
diff --git a/requirements/doc.txt b/requirements/doc.txt
index 1a68ba65c49..0b911efd14c 100644
--- a/requirements/doc.txt
+++ b/requirements/doc.txt
@@ -52,7 +52,7 @@ pyyaml==6.0.3
     #   sphinxcontrib-mermaid
 requests==2.34.2
     # via sphinx
-snowballstemmer==3.1.0
+snowballstemmer==3.1.1
     # via sphinx
 sphinx==8.1.3
     # via

From 535006e95f7d97c8aa834fd31c8f0fbadd70ab46 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jun 2026 02:10:45 +0000
Subject: [PATCH 2/3] Bump filelock from 3.29.0 to 3.29.1 (#12804)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [filelock](https://github.com/tox-dev/py-filelock) from 3.29.0 to
3.29.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/py-filelock/releases">filelock's
releases</a>.</em></p>
<blockquote>
<h2>3.29.1</h2>
<!-- raw HTML omitted -->
<h2>What's Changed</h2>
<ul>
<li>docs: fix API docs of <code>release()</code> by <a
href="https://github.com/MrAnno"><code>@​MrAnno</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/540">tox-dev/filelock#540</a></li>
<li>docs: clarify per-thread scope of FileLock configuration by <a
href="https://github.com/Gares95"><code>@​Gares95</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/543">tox-dev/filelock#543</a></li>
<li>chore: improve filelock maintenance path by <a
href="https://github.com/lphuc2250gma"><code>@​lphuc2250gma</code></a>
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/542">tox-dev/filelock#542</a></li>
<li>chore: improve filelock maintenance path by <a
href="https://github.com/lphuc2250gma"><code>@​lphuc2250gma</code></a>
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/544">tox-dev/filelock#544</a></li>
<li>chore: improve filelock maintenance path by <a
href="https://github.com/lphuc2250gma"><code>@​lphuc2250gma</code></a>
in <a
href="https://redirect.github.com/tox-dev/filelock/pull/545">tox-dev/filelock#545</a></li>
<li>🐛 fix(soft): refuse to follow symlinks when reading the lock file by
<a href="https://github.com/dxbjavid"><code>@​dxbjavid</code></a> in <a
href="https://redirect.github.com/tox-dev/filelock/pull/548">tox-dev/filelock#548</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/MrAnno"><code>@​MrAnno</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/540">tox-dev/filelock#540</a></li>
<li><a href="https://github.com/Gares95"><code>@​Gares95</code></a> made
their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/543">tox-dev/filelock#543</a></li>
<li><a
href="https://github.com/lphuc2250gma"><code>@​lphuc2250gma</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/542">tox-dev/filelock#542</a></li>
<li><a href="https://github.com/dxbjavid"><code>@​dxbjavid</code></a>
made their first contribution in <a
href="https://redirect.github.com/tox-dev/filelock/pull/548">tox-dev/filelock#548</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/tox-dev/filelock/compare/3.29.0...3.29.1">https://github.com/tox-dev/filelock/compare/3.29.0...3.29.1</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst">filelock's
changelog</a>.</em></p>
<blockquote>
<p>###########
Changelog
###########</p>
<hr />
<p>3.29.1 (2026-06-03)</p>
<hr />
<ul>
<li>🐛 fix(soft): refuse to follow symlinks when reading the lock file
:pr:<code>548</code> - by :user:<code>dxbjavid</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>547</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>546</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>chore: improve filelock maintenance path :pr:<code>545</code> - by
:user:<code>lphuc2250gma</code></li>
<li>chore: improve filelock maintenance path :pr:<code>544</code> - by
:user:<code>lphuc2250gma</code></li>
<li>chore: improve filelock maintenance path :pr:<code>542</code> - by
:user:<code>lphuc2250gma</code></li>
<li>docs: clarify per-thread scope of FileLock configuration
:pr:<code>543</code> - by :user:<code>Gares95</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>541</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>docs: fix API docs of <code>release()</code> :pr:<code>540</code> -
by :user:<code>MrAnno</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>539</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>538</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>537</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
<li>build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0
:pr:<code>536</code> - by :user:<code>dependabot[bot]</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>535</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
</ul>
<hr />
<p>3.29.0 (2026-04-19)</p>
<hr />
<ul>
<li>✨ feat(soft): enable stale lock detection on Windows
:pr:<code>534</code></li>
<li>🐛 fix(async): use single-thread executor for lock consistency
:pr:<code>533</code></li>
<li>build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1
:pr:<code>530</code> - by :user:<code>dependabot[bot]</code></li>
</ul>
<hr />
<p>3.28.0 (2026-04-14)</p>
<hr />
<ul>
<li>🐛 fix(ci): unbreak release workflow, publish to PyPI again
:pr:<code>529</code></li>
</ul>
<hr />
<p>3.26.1 (2026-04-09)</p>
<hr />
<ul>
<li>🐛 fix(asyncio): add <strong>exit</strong> to BaseAsyncFileLock and
fix <strong>del</strong> loop handling :pr:<code>518</code> - by
:user:<code>naarob</code></li>
<li>build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0
:pr:<code>525</code> - by :user:<code>dependabot[bot]</code></li>
</ul>
<hr />
<p>3.26.0 (2026-04-06)</p>
<hr />
<ul>
<li>✨ feat(soft): add PID inspection and lock breaking
:pr:<code>524</code></li>
<li>[pre-commit.ci] pre-commit autoupdate :pr:<code>523</code> - by
:user:<code>pre-commit-ci[bot]</code></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/tox-dev/filelock/commit/438b6fe991411a104a01baa543a9466c73f1fc79"><code>438b6fe</code></a>
Release 3.29.1</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/bfbfa76c1b5069a7af1cbcddafe22fbf3f1a1aae"><code>bfbfa76</code></a>
🐛 fix(soft): refuse to follow symlinks when reading the lock file (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/548">#548</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/c51a72cb4913a1e451f892d238b81e39f4f64340"><code>c51a72c</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/547">#547</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/cc05fd7f91030bc7f93c1467e3d7fbd3d401d624"><code>cc05fd7</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/546">#546</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/cb947e58c22d8f352abe8ae02078596eeb33fd2f"><code>cb947e5</code></a>
chore: improve filelock maintenance path (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/545">#545</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/e087ca9d94091336c4256f3a6794b5dfed9595e4"><code>e087ca9</code></a>
chore: improve filelock maintenance path (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/544">#544</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/f9dd949b1976c9d124e9cd6b15102bfb8340ba4d"><code>f9dd949</code></a>
chore: improve filelock maintenance path (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/542">#542</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/9200f1f53d924d6425cc663af03f9835bf53382a"><code>9200f1f</code></a>
docs: clarify per-thread scope of FileLock configuration (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/543">#543</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/9d8985fc953d1301a56a74bc58d8a6b580bce5fa"><code>9d8985f</code></a>
[pre-commit.ci] pre-commit autoupdate (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/541">#541</a>)</li>
<li><a
href="https://github.com/tox-dev/filelock/commit/7d1f48ccef189397896e55e4121d0fa74edb3be2"><code>7d1f48c</code></a>
docs: fix API docs of <code>release()</code> (<a
href="https://redirect.github.com/tox-dev/py-filelock/issues/540">#540</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/tox-dev/py-filelock/compare/3.29.0...3.29.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=filelock&package-manager=pip&previous-version=3.29.0&new-version=3.29.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 requirements/constraints.txt | 2 +-
 requirements/dev.txt         | 2 +-
 requirements/lint.txt        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/requirements/constraints.txt b/requirements/constraints.txt
index 630e40ecb57..77852439a91 100644
--- a/requirements/constraints.txt
+++ b/requirements/constraints.txt
@@ -81,7 +81,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.29.0
+filelock==3.29.1
     # via
     #   python-discovery
     #   virtualenv
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5494139a0eb..0cc49dfc0ae 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -79,7 +79,7 @@ exceptiongroup==1.3.1
     # via pytest
 execnet==2.1.2
     # via pytest-xdist
-filelock==3.29.0
+filelock==3.29.1
     # via
     #   python-discovery
     #   virtualenv
diff --git a/requirements/lint.txt b/requirements/lint.txt
index b76fb26d65f..5f44d162de5 100644
--- a/requirements/lint.txt
+++ b/requirements/lint.txt
@@ -40,7 +40,7 @@ distlib==0.4.1
     # via virtualenv
 exceptiongroup==1.3.1
     # via pytest
-filelock==3.29.0
+filelock==3.29.1
     # via
     #   python-discovery
     #   virtualenv

From 0286176a92cec2b79bb51d7ecf09ca1d1a46c0ef Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 4 Jun 2026 02:11:56 +0000
Subject: [PATCH 3/3] Bump astral-sh/setup-uv from 8.1.0 to 8.2.0 (#12803)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from
8.1.0 to 8.2.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/setup-uv/releases">astral-sh/setup-uv's
releases</a>.</em></p>
<blockquote>
<h2>v8.2.0 🌈 New inputs <code>quiet</code> and
<code>download-from-astral-mirror</code></h2>
<h2>Changes</h2>
<p>This release brings two new inputs and a few bug fixes.</p>
<h3>New inputs</h3>
<p>Lets talk about the new inputs first.</p>
<h4>quiet</h4>
<p>Pretty simple. It turns of all <code>info</code> loggings. Useful if
you use this in a composite action and are not interested in all the
details.
In the upcoming releases we will add log groups to fully implement
support for &quot;less noise&quot;</p>
<blockquote>
<p>[!NOTE]<br />
Warnings and errors are always logged.</p>
</blockquote>
<h4>download-from-astral-mirror</h4>
<p>In some cases you may want to directly use the fallback of checking
for available versions and downloading releases from GitHub instead of
using the astral.sh mirror. Setting <code>download-from-astral-mirror:
false</code> allows you to do that.</p>
<h3>Bugfixes</h3>
<p>When using the astral.sh mirror to query available versions and
download releases (done by default) we now stop sending the GitHub token
in the header. The mirror never looked at it but we shouldn't be handing
out that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due
to retries and other faults.</p>
<p>We couldn't pinpoint all rootcauses yet but added more logging for
error cases to track them down.</p>
<h2>🐛 Bug fixes</h2>
<ul>
<li>fix: report unexpected cache save failures <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/896">#896</a>)</li>
<li>fix: report unexpected setup failures <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/895">#895</a>)</li>
<li>fix: add timeout to fetch to prevent silent hangs <a
href="https://github.com/eifinger-bot"><code>@​eifinger-bot</code></a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/883">#883</a>)</li>
<li>Limit GitHub tokens to github.com download URLs <a
href="https://github.com/zsol"><code>@​zsol</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/878">#878</a>)</li>
<li>increase libuv-workaround timeout to 100ms <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/880">#880</a>)</li>
</ul>
<h2>🚀 Enhancements</h2>
<ul>
<li>Add quiet input to suppress info-level log output <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/898">#898</a>)</li>
<li>feat: add <code>download-from-astral-mirror</code> input <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/897">#897</a>)</li>
</ul>
<h2>🧰 Maintenance</h2>
<ul>
<li>docs: update dependabot rollup biome guidance <a
href="https://github.com/eifinger"><code>@​eifinger</code></a> (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/902">#902</a>)</li>
<li>chore: update known checksums for 0.11.18 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/899">#899</a>)</li>
<li>chore: update known checksums for 0.11.17 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/892">#892</a>)</li>
<li>chore: update known checksums for 0.11.16 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/889">#889</a>)</li>
<li>chore: update known checksums for 0.11.15 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/885">#885</a>)</li>
<li>chore: update known checksums for 0.11.14 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/879">#879</a>)</li>
<li>chore: update known checksums for 0.11.13 @<a
href="https://github.com/apps/github-actions">github-actions[bot]</a>
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/877">#877</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/fac544c07dec837d0ccb6301d7b5580bf5edae39"><code>fac544c</code></a>
chore(deps): roll up dependabot updates (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/903">#903</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/7390f777b051d6c47c9cb905ff80e7d5d85a7068"><code>7390f77</code></a>
docs: update dependabot rollup biome guidance (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/902">#902</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/363c64a728451954156ddb9e3f368b879eeee5da"><code>363c64a</code></a>
chore(deps): roll up dependabot updates (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/901">#901</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/c4fcbafce4f941a09e04c45c42db7a2e3ba5cd91"><code>c4fcbaf</code></a>
chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1
(<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/900">#900</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/8e642c5e623b521f8b6b15bbc2ba54bae583fe45"><code>8e642c5</code></a>
chore: update known checksums for 0.11.18 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/899">#899</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/a92cb430984b4b2b34c9c47e020cf035089958fa"><code>a92cb43</code></a>
Add quiet input to suppress info-level log output (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/898">#898</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/e07f2ac4b796a5fa8dc51ebf0a5187d0463eb4d6"><code>e07f2ac</code></a>
chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/842">#842</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/bc4034eedf3a6f77238660a28089c6b201eae39f"><code>bc4034e</code></a>
chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/893">#893</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/df42d4f6ba41cdcf6eda832c32439db37cc28b39"><code>df42d4f</code></a>
chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/891">#891</a>)</li>
<li><a
href="https://github.com/astral-sh/setup-uv/commit/b9c8c4c7baf912cbda30843477d08b3f63b0f660"><code>b9c8c4c</code></a>
feat: add <code>download-from-astral-mirror</code> input (<a
href="https://redirect.github.com/astral-sh/setup-uv/issues/897">#897</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/setup-uv/compare/v8.1.0...v8.2.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=astral-sh/setup-uv&package-manager=github_actions&previous-version=8.1.0&new-version=8.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/ci-cd.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 74abc7afaf9..a3d6e373f9a 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -215,7 +215,7 @@ jobs:
       # important: do not use system python
       env:
         UV_PYTHON_PREFERENCE: only-managed
-      uses: astral-sh/setup-uv@v8.1.0
+      uses: astral-sh/setup-uv@v8.2.0
       with:
         python-version: ${{ matrix.pyver }}
         activate-environment: true
@@ -320,7 +320,7 @@ jobs:
       # important: do not use system python
       env:
         UV_PYTHON_PREFERENCE: only-managed
-      uses: astral-sh/setup-uv@v8.1.0
+      uses: astral-sh/setup-uv@v8.2.0
       with:
         python-version: ${{ matrix.pyver }}
         activate-environment: true
@@ -370,7 +370,7 @@ jobs:
       # important: do not use system python
       env:
         UV_PYTHON_PREFERENCE: only-managed
-      uses: astral-sh/setup-uv@v8.1.0
+      uses: astral-sh/setup-uv@v8.2.0
       with:
         python-version: ${{ matrix.pyver }}
         activate-environment: true