Bump the github-actions group with 8 updates by dependabot[bot] · Pull Request #3341 · linkml/linkml

dependabot · 2026-04-01T07:35:26Z

Bumps the github-actions group with 8 updates:

Package	From	To
astral-sh/setup-uv	`7.3.1`	`8.0.0`
docker/metadata-action	`5.10.0`	`6.0.0`
docker/setup-qemu-action	`3.7.0`	`4.0.0`
docker/setup-buildx-action	`3.12.0`	`4.0.0`
docker/login-action	`3.7.0`	`4.0.0`
docker/build-push-action	`6.19.2`	`7.0.0`
codecov/codecov-action	`5.5.2`	`6.0.0`
actions/download-artifact	`8.0.0`	`8.0.1`

Updates astral-sh/setup-uv from 7.3.1 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

Remove update-major-minor-tags workflow @eifinger (#826)

Remove deprecrated custom manifest @eifinger (#813)

🧰 Maintenance

Shortcircuit latest version from manifest @eifinger (#828)

Simplify inputs.ts @eifinger (#827)

Bump release-drafter to v7.1.1 @eifinger (#825)

Refactor inputs @eifinger (#823)

Replace inline compile args with tsconfig @eifinger (#824)

chore: update known checksums for 0.11.2 @github-actions[bot] (#821)

chore: update known checksums for 0.11.1 @github-actions[bot] (#817)

chore: update known checksums for 0.11.0 @github-actions[bot] (#815)

Fix latest-version workflow check @eifinger (#812)

chore: update known checksums for 0.10.11/0.10.12 @github-actions[bot] (#811)

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

We now default to download uv from releases.astral.sh. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

Fetch uv from Astral's mirror by default @zsol (#809)

🧰 Maintenance

Switch to ESM for source and test, use CommonJS for dist @eifinger (#806)

chore: update known checksums for 0.10.10 @github-actions[bot] (#804)

... (truncated)

Commits

cec2083 Shortcircuit latest version from manifest (#828)
4dd8ab4 Simplify inputs.ts (#827)
7fdbe7c Remove update-major-minor-tags workflow (#826)
485abd0 Bump release-drafter to v7.1.1 (#825)
f82eb19 Refactor inputs (#823)
868d1f7 Replace inline compile args with tsconfig (#824)
447e6d0 chore: update known checksums for 0.11.2 (#821)
5c62c59 chore: update known checksums for 0.11.1 (#817)
e1a7373 chore: update known checksums for 0.11.0 (#815)
8970931 Remove deprecrated custom manifest (#813)
Additional commits viewable in compare view

Updates docker/metadata-action from 5.10.0 to 6.0.0

Release notes

Sourced from docker/metadata-action's releases.

v6.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/metadata-action#605

List inputs now preserve # inside values while still supporting full-line # comments by @crazy-max in docker/metadata-action#607

Switch to ESM and update config/test wiring by @crazy-max in docker/metadata-action#602

Bump lodash from 4.17.21 to 4.17.23 in docker/metadata-action#588

Bump @actions/core from 1.11.1 to 3.0.0 in docker/metadata-action#599

Bump @actions/github from 6.0.1 to 9.0.0 in docker/metadata-action#597

Bump @docker/actions-toolkit from 0.68.0 to 0.79.0 in docker/metadata-action#604

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/metadata-action#600

Bump semver from 7.7.3 to 7.7.4 in docker/metadata-action#603

Full Changelog: docker/metadata-action@v5.10.0...v6.0.0

Commits

030e881 Merge pull request #607 from crazy-max/allow-comments
4b529ac chore: update generated content
b0082b3 preserve comments in list input values with commentNoInfix
7b19fec Merge pull request #604 from docker/dependabot/npm_and_yarn/docker/actions-to...
281c9b0 chore: update generated content
5f43b3b test: stabilize github mock setup since ESM
9d53276 github class moved since actions-toolkit v0.77.0
eaa3d39 chore(deps): Bump @docker/actions-toolkit from 0.68.0 to 0.77.0
6b695f7 Merge pull request #605 from crazy-max/node24
a1afadc node 24 as default runtime
Additional commits viewable in compare view

Updates docker/setup-qemu-action from 3.7.0 to 4.0.0

Release notes

Sourced from docker/setup-qemu-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-qemu-action#245

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-qemu-action#241

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-qemu-action#244

Bump @docker/actions-toolkit from 0.67.0 to 0.77.0 in docker/setup-qemu-action#243

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/setup-qemu-action#240

Bump js-yaml from 3.14.1 to 3.14.2 in docker/setup-qemu-action#231

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-qemu-action#238

Full Changelog: docker/setup-qemu-action@v3.7.0...v4.0.0

Commits

ce36039 Merge pull request #245 from crazy-max/node24
6386344 node 24 as default runtime
1ea3db7 Merge pull request #243 from docker/dependabot/npm_and_yarn/docker/actions-to...
b56a002 chore: update generated content
c43f02d build(deps): bump @docker/actions-toolkit from 0.67.0 to 0.77.0
ce10c58 Merge pull request #244 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
429fc9d chore: update generated content
060e5f8 build(deps): bump @actions/core from 1.11.1 to 3.0.0
44be13e Merge pull request #231 from docker/dependabot/npm_and_yarn/js-yaml-3.14.2
1897438 chore: update generated content
Additional commits viewable in compare view

Updates docker/setup-buildx-action from 3.12.0 to 4.0.0

Release notes

Sourced from docker/setup-buildx-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/setup-buildx-action#483

Remove deprecated inputs/outputs by @crazy-max in docker/setup-buildx-action#464

Switch to ESM and update config/test wiring by @crazy-max in docker/setup-buildx-action#481

Bump @actions/core from 1.11.1 to 3.0.0 in docker/setup-buildx-action#475

Bump @docker/actions-toolkit from 0.63.0 to 0.79.0 in docker/setup-buildx-action#482 docker/setup-buildx-action#485

Bump js-yaml from 4.1.0 to 4.1.1 in docker/setup-buildx-action#452

Bump lodash from 4.17.21 to 4.17.23 in docker/setup-buildx-action#472

Bump minimatch from 3.1.2 to 3.1.5 in docker/setup-buildx-action#480

Full Changelog: docker/setup-buildx-action@v3.12.0...v4.0.0

Commits

4d04d5d Merge pull request #485 from docker/dependabot/npm_and_yarn/docker/actions-to...
cd74e05 chore: update generated content
eee38ec build(deps): bump @docker/actions-toolkit from 0.77.0 to 0.79.0
7a83f65 Merge pull request #484 from docker/dependabot/github_actions/docker/setup-qe...
a5aa967 Merge pull request #464 from crazy-max/rm-deprecated
e73d53f build(deps): bump docker/setup-qemu-action from 3 to 4
28a438e Merge pull request #483 from crazy-max/node24
034e9d3 chore: update generated content
b4664d8 remove deprecated inputs/outputs
a8257de node 24 as default runtime
Additional commits viewable in compare view

Updates docker/login-action from 3.7.0 to 4.0.0

Release notes

Sourced from docker/login-action's releases.

v4.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/login-action#929

Switch to ESM and update config/test wiring by @crazy-max in docker/login-action#927

Bump @actions/core from 1.11.1 to 3.0.0 in docker/login-action#919

Bump @aws-sdk/client-ecr from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @aws-sdk/client-ecr-public from 3.890.0 to 3.1000.0 in docker/login-action#909 docker/login-action#920

Bump @docker/actions-toolkit from 0.63.0 to 0.77.0 in docker/login-action#910 docker/login-action#928

Bump @isaacs/brace-expansion from 5.0.0 to 5.0.1 in docker/login-action#921

Bump js-yaml from 4.1.0 to 4.1.1 in docker/login-action#901

Full Changelog: docker/login-action@v3.7.0...v4.0.0

Commits

b45d80f Merge pull request #929 from crazy-max/node24
176cb9c node 24 as default runtime
cad8984 Merge pull request #920 from docker/dependabot/npm_and_yarn/aws-sdk-dependenc...
92cbcb2 chore: update generated content
5a2d6a7 build(deps): bump the aws-sdk-dependencies group with 2 updates
44512b6 Merge pull request #928 from docker/dependabot/npm_and_yarn/docker/actions-to...
28737a5 chore: update generated content
dac0793 build(deps): bump @docker/actions-toolkit from 0.76.0 to 0.77.0
62029f3 Merge pull request #919 from docker/dependabot/npm_and_yarn/actions/core-3.0.0
08c8f06 chore: update generated content
Additional commits viewable in compare view

Updates docker/build-push-action from 6.19.2 to 7.0.0

Release notes

Sourced from docker/build-push-action's releases.

v7.0.0

Node 24 as default runtime (requires Actions Runner v2.327.1 or later) by @crazy-max in docker/build-push-action#1470

Remove deprecated DOCKER_BUILD_NO_SUMMARY and DOCKER_BUILD_EXPORT_RETENTION_DAYS envs by @crazy-max in docker/build-push-action#1473

Remove legacy export-build tool support for build summary by @crazy-max in docker/build-push-action#1474

Switch to ESM and update config/test wiring by @crazy-max in docker/build-push-action#1466

Bump @actions/core from 1.11.1 to 3.0.0 in docker/build-push-action#1454

Bump @docker/actions-toolkit from 0.62.1 to 0.79.0 in docker/build-push-action#1453 docker/build-push-action#1472 docker/build-push-action#1479

Bump minimatch from 3.1.2 to 3.1.5 in docker/build-push-action#1463

Full Changelog: docker/build-push-action@v6.19.2...v7.0.0

Commits

d08e5c3 Merge pull request #1479 from docker/dependabot/npm_and_yarn/docker/actions-t...
cbd2dff chore: update generated content
f76f51f chore(deps): Bump @docker/actions-toolkit from 0.78.0 to 0.79.0
7d03e66 Merge pull request #1473 from crazy-max/rm-deprecated-envs
98f853d chore: update generated content
cadccf6 remove deprecated envs
03fe877 Merge pull request #1478 from docker/dependabot/github_actions/docker/setup-b...
827e366 chore(deps): Bump docker/setup-buildx-action from 3 to 4
e25db87 Merge pull request #1474 from crazy-max/rm-export-build-tool
1ac2573 Merge pull request #1470 from crazy-max/node24
Additional commits viewable in compare view

Updates codecov/codecov-action from 5.5.2 to 6.0.0

Release notes

Sourced from codecov/codecov-action's releases.

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0"" by @thomasrockhu-codecov in codecov/codecov-action#1929

Th/6.0.0 by @thomasrockhu-codecov in codecov/codecov-action#1928

Full Changelog: codecov/codecov-action@v5.5.4...v6.0.0

v5.5.4

This is a mirror of v5.5.2. v6 will be released which requires node24

What's Changed

Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" by @thomasrockhu-codecov in codecov/codecov-action#1926

chore(release): 5.5.4 by @thomasrockhu-codecov in codecov/codecov-action#1927

Full Changelog: codecov/codecov-action@v5.5.3...v5.5.4

v5.5.3

What's Changed

build(deps): bump actions/github-script from 7.0.1 to 8.0.0 by @dependabot[bot] in codecov/codecov-action#1874

chore(release): bump to 5.5.3 by @thomasrockhu-codecov in codecov/codecov-action#1922

Full Changelog: codecov/codecov-action@v5.5.2...v5.5.3

Commits

57e3a13 Th/6.0.0 (#1928)
f67d33d Revert "Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0""...
75cd116 chore(release): 5.5.4 (#1927)
87d39f4 Revert "build(deps): bump actions/github-script from 7.0.1 to 8.0.0" (#1926)
1af5884 chore(release): bump to 5.5.3 (#1922)
c143300 build(deps): bump actions/github-script from 7.0.1 to 8.0.0 (#1874)
See full diff in compare view

Updates actions/download-artifact from 8.0.0 to 8.0.1

Release notes

Sourced from actions/download-artifact's releases.

v8.0.1

What's Changed

Support for CJK characters in the artifact name by @danwkennedy in actions/download-artifact#471

Add a regression test for artifact name + content-type mismatches by @danwkennedy in actions/download-artifact#472

Full Changelog: actions/download-artifact@v8...v8.0.1

Commits

3e5f45b Add regression tests for CJK characters (#471)
e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the github-actions group with 8 updates: | Package | From | To | | --- | --- | --- | | [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) | `7.3.1` | `8.0.0` | | [docker/metadata-action](https://github.com/docker/metadata-action) | `5.10.0` | `6.0.0` | | [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) | `3.7.0` | `4.0.0` | | [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) | `3.12.0` | `4.0.0` | | [docker/login-action](https://github.com/docker/login-action) | `3.7.0` | `4.0.0` | | [docker/build-push-action](https://github.com/docker/build-push-action) | `6.19.2` | `7.0.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.5.2` | `6.0.0` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `8.0.0` | `8.0.1` | Updates `astral-sh/setup-uv` from 7.3.1 to 8.0.0 - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@v7.3.1...v8.0.0) Updates `docker/metadata-action` from 5.10.0 to 6.0.0 - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v5.10.0...v6.0.0) Updates `docker/setup-qemu-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v3.7.0...v4.0.0) Updates `docker/setup-buildx-action` from 3.12.0 to 4.0.0 - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.12.0...v4.0.0) Updates `docker/login-action` from 3.7.0 to 4.0.0 - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3.7.0...v4.0.0) Updates `docker/build-push-action` from 6.19.2 to 7.0.0 - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.19.2...v7.0.0) Updates `codecov/codecov-action` from 5.5.2 to 6.0.0 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v5.5.2...v6.0.0) Updates `actions/download-artifact` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v8.0.0...v8.0.1) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/metadata-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-qemu-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: docker/build-push-action dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: codecov/codecov-action dependency-version: 6.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: actions/download-artifact dependency-version: 8.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>

codecov · 2026-04-23T08:35:47Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.30%. Comparing base (8c8ebc9) to head (fdcba03).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3341      +/-   ##
==========================================
+ Coverage   80.80%   84.30%   +3.49%     
==========================================
  Files         156      156              
  Lines       18212    18212              
  Branches     3795     3795              
==========================================
+ Hits        14717    15354     +637     
+ Misses       2677     1993     -684     
- Partials      818      865      +47

Flag	Coverage Δ
linkml	`80.80% <ø> (ø)`
runtime	`80.80% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Apr 1, 2026

matentzn assigned kevinschaper Apr 1, 2026

matentzn requested a review from kevinschaper April 1, 2026 13:00

kevinschaper approved these changes Apr 22, 2026

View reviewed changes

dalito force-pushed the dependabot/github_actions/github-actions-7b3fc6add6 branch from 735500e to fdcba03 Compare April 23, 2026 08:30

dalito approved these changes Apr 23, 2026

View reviewed changes

dalito merged commit b66ca00 into main Apr 23, 2026
44 of 51 checks passed

dependabot Bot deleted the dependabot/github_actions/github-actions-7b3fc6add6 branch April 23, 2026 09:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the github-actions group with 8 updates#3341

Bump the github-actions group with 8 updates#3341
dalito merged 1 commit into
mainfrom
dependabot/github_actions/github-actions-7b3fc6add6

dependabot Bot commented on behalf of github Apr 1, 2026

Uh oh!

codecov Bot commented Apr 23, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

dependabot Bot commented on behalf of github Apr 1, 2026

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

New format for manifest-file

No more major and minor tags

🚨 Breaking changes

🧰 Maintenance

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

🚀 Enhancements

🧰 Maintenance

v6.0.0

v4.0.0

v4.0.0

v4.0.0

v7.0.0

v6.0.0

⚠️ This version introduces support for node24 which make cause breaking changes for systems that do not currently support node24. ⚠️

What's Changed

v5.5.4

What's Changed

v5.5.3

What's Changed

v8.0.1

What's Changed

Uh oh!

codecov Bot commented Apr 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

This is the first immutable release of `setup-uv` 🥳

New format for `manifest-file`

codecov Bot commented Apr 23, 2026 •

edited

Loading