chore(deps): update astral-sh/setup-uv action to v8 (#336)

renovate[bot] · web-flow · commit 7bed12f3b3c7 · 2026-04-04T23:18:05.000Z
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [astral-sh/setup-uv](https://redirect.github.com/astral-sh/setup-uv) | action | major | `v7.6.0` → `v8.0.0` | --- ### Release Notes <details> <summary>astral-sh/setup-uv (astral-sh/setup-uv)</summary> ### [`v8.0.0`](https://redirect.github.com/astral-sh/setup-uv/releases/tag/v8.0.0): 🌈 Immutable releases and secure tags [Compare Source](https://redirect.github.com/astral-sh/setup-uv/compare/v7.6.0...v8.0.0) ##### This is the first immutable release of `setup-uv` 🥳 All future releases are also immutable, if you want to know more about what this means checkout [the docs](https://docs.github.com/en/code-security/concepts/supply-chain-security/immutable-releases). This release also has two breaking changes ##### New format for `manifest-file` The previously deprecated way of defining a custom version manifest to control which `uv` versions are available and where to download them from got removed. The functionality is still there but you have to use the [new format](https://redirect.github.com/astral-sh/setup-uv/blob/main/docs/customization.md#format). ##### No more major and minor tags To increase **security** even more we will **stop publishing minor tags**. You won't be able to use `@v8` or `@v8.0` any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to [tj-actions](https://unit42.paloaltonetworks.com/github-actions-supply-chain-attack/). > \[!TIP] > Use the immutable tag as a version `astral-sh/setup-uv@v8.0.0` > Or even better the githash `astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57` ##### 🚨 Breaking changes - Remove update-major-minor-tags workflow [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;826](https://redirect.github.com/astral-sh/setup-uv/issues/826)) - Remove deprecrated custom manifest [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;813](https://redirect.github.com/astral-sh/setup-uv/issues/813)) ##### 🧰 Maintenance - Shortcircuit latest version from manifest [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;828](https://redirect.github.com/astral-sh/setup-uv/issues/828)) - Simplify inputs.ts [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;827](https://redirect.github.com/astral-sh/setup-uv/issues/827)) - Bump release-drafter to v7.1.1 [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;825](https://redirect.github.com/astral-sh/setup-uv/issues/825)) - Refactor inputs [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;823](https://redirect.github.com/astral-sh/setup-uv/issues/823)) - Replace inline compile args with tsconfig [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;824](https://redirect.github.com/astral-sh/setup-uv/issues/824)) - chore: update known checksums for 0.11.2 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;821](https://redirect.github.com/astral-sh/setup-uv/issues/821)) - chore: update known checksums for 0.11.1 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;817](https://redirect.github.com/astral-sh/setup-uv/issues/817)) - chore: update known checksums for 0.11.0 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;815](https://redirect.github.com/astral-sh/setup-uv/issues/815)) - Fix latest-version workflow check [@&#8203;eifinger](https://redirect.github.com/eifinger) ([#&#8203;812](https://redirect.github.com/astral-sh/setup-uv/issues/812)) - chore: update known checksums for 0.10.11/0.10.12 @&#8203;[github-actions\[bot\]](https://redirect.github.com/apps/github-actions) ([#&#8203;811](https://redirect.github.com/astral-sh/setup-uv/issues/811)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - Between day 1 and 7 of the month, and on Sunday and Saturday ( * * 1-7 * 0,6 ) in timezone America/Mexico_City, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/reservoir-data/tap-socketdev).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -55,7 +55,7 @@ jobs:
 
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-    - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
+    - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
       with:
         version: ${{ env.UV_VERSION }}
     - name: Run tests
@@ -73,7 +73,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
     - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-    - uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
+    - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
       with:
         version: ${{ env.UV_VERSION }}
     - name: Run typing checks
