From d7f9697fa46f1bd42f91d093cc73f61f1356d8f8 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 9 Apr 2026 09:17:33 +0000
Subject: [PATCH 1/2] ci: bump astral-sh/setup-uv from 5.4.2 to 8.0.0

Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 5.4.2 to 8.0.0.
- [Release notes](https://github.com/astral-sh/setup-uv/releases)
- [Commits](https://github.com/astral-sh/setup-uv/compare/v5.4.2...cec208311dfd045dd5311c1add060b2062131d57)

---
updated-dependencies:
- dependency-name: astral-sh/setup-uv
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/ci.yml                | 4 ++--
 .github/workflows/integration-tests.yml | 2 +-
 action.yml                              | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 82f573c..389c781 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.13'
-      - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.3.1
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.3.1
       - run: uv pip install --system pre-commit==4.2.0
       - run: pre-commit run --all-files --show-diff-on-failure --color=always
 
@@ -37,7 +37,7 @@ jobs:
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.13'
-      - uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.3.1
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.3.1
       - name: Install package and dev dependencies
         run: uv pip install --system -e ".[dev]"
       - name: Run tests
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index bab69c3..c64173f 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -168,7 +168,7 @@ jobs:
 
       - name: Set up uv
         if: matrix.setup == 'uv'
-        uses: astral-sh/setup-uv@d4b2f3b6ecc6e67c4457f6d3e41ec42d3d0fcb86 # v5.3.1
+        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.3.1
 
       - name: Generate uv.lock
         if: matrix.setup == 'uv'
diff --git a/action.yml b/action.yml
index 5e355e0..de9b3df 100644
--- a/action.yml
+++ b/action.yml
@@ -68,7 +68,7 @@ runs:
         targets: ${{ steps.resolve-targets.outputs.targets }}
 
     - name: Set up uv
-      uses: astral-sh/setup-uv@37802adc94f370d6bfd71619e3f0bf239e1f3b78 # v7.6.0
+      uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
       with:
         python-version: '3.13'
 

From 90fcf65304fc2460a90efe113dae3b9c82c36bb5 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 9 Apr 2026 10:08:44 +0000
Subject: [PATCH 2/2] ci: fix setup-uv version comment tags to match v8.0.0

Agent-Logs-Url: https://github.com/developmentseed/action-python-security-auditing/sessions/06aab771-50dc-4269-81cf-84d7e08df002

Co-authored-by: lhoupert <10154151+lhoupert@users.noreply.github.com>
---
 .github/workflows/ci.yml                | 4 ++--
 .github/workflows/integration-tests.yml | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 389c781..e25edfd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -23,7 +23,7 @@ jobs:
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.13'
-      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.3.1
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
       - run: uv pip install --system pre-commit==4.2.0
       - run: pre-commit run --all-files --show-diff-on-failure --color=always
 
@@ -37,7 +37,7 @@ jobs:
       - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: '3.13'
-      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.3.1
+      - uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
       - name: Install package and dev dependencies
         run: uv pip install --system -e ".[dev]"
       - name: Run tests
diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index c64173f..a2d1c96 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -168,7 +168,7 @@ jobs:
 
       - name: Set up uv
         if: matrix.setup == 'uv'
-        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v5.3.1
+        uses: astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57 # v8.0.0
 
       - name: Generate uv.lock
         if: matrix.setup == 'uv'