build(deps): bump the github-actions group across 1 directory with 4 updates

[dependabot]

Bumps the github-actions group with 4 updates in the / directory: softprops/action-gh-release, astral-sh/setup-uv, gradle/actions and jaxxstorm/action-install-gh-release.

Updates softprops/action-gh-release from 2 to 3

Release notes

Sourced from softprops/action-gh-release's releases.

v3.0.0

3.0.0 is a major release that moves the action runtime from Node 20 to Node 24. Use v3 on GitHub-hosted runners and self-hosted fleets that already support the Node 24 Actions runtime. If you still need the last Node 20-compatible line, stay on v2.6.2.

What's Changed

Other Changes 🔄

• Move the action runtime and bundle target to Node 24
• Update @types/node to the Node 24 line and allow future Dependabot updates
• Keep the floating major tag on v3; v2 remains pinned to the latest 2.x release

v2.6.2

What's Changed

Other Changes 🔄

• chore(deps): bump picomatch from 4.0.3 to 4.0.4 by @​dependabot[bot] in softprops/action-gh-release#775
• chore(deps): bump brace-expansion from 5.0.4 to 5.0.5 by @​dependabot[bot] in softprops/action-gh-release#777
• chore(deps): bump vite from 8.0.0 to 8.0.5 by @​dependabot[bot] in softprops/action-gh-release#781

Full Changelog: softprops/action-gh-release@v2...v2.6.2

v2.6.1

2.6.1 is a patch release focused on restoring linked discussion thread creation when discussion_category_name is set. It fixes [#764](https://github.com/softprops/action-gh-release/issues/764), where the draft-first publish flow stopped carrying the discussion category through the final publish step.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

Bug fixes 🐛

• fix: preserve discussion category on publish by @​chenrui333 in softprops/action-gh-release#765

v2.6.0

2.6.0 is a minor release centered on previous_tag support for generate_release_notes, which lets workflows pin GitHub's comparison base explicitly instead of relying on the default range. It also includes the recent concurrent asset upload recovery fix, a working_directory docs sync, a checked-bundle freshness guard for maintainers, and clearer immutable-prerelease guidance where GitHub platform behavior imposes constraints on how prerelease asset uploads can be published.

If you still hit an issue after upgrading, please open a report with the bug template and include a minimal repro or sanitized workflow snippet where possible.

What's Changed

... (truncated)

Changelog

Sourced from softprops/action-gh-release's changelog.

0.1.13

• fix issue with multiple runs concatenating release bodies #145

Commits

• b430933 release: cut v3.0.0 for Node 24 upgrade (#670)
• c2e35e0 chore(deps): bump the npm group across 1 directory with 7 updates (#783)
• See full diff in compare view

Updates astral-sh/setup-uv from 6 to 7

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.2.1 🌈 update known checksums up to 0.9.28

Changes

🧰 Maintenance

• chore: update known checksums for 0.9.28 @github-actions[bot] (#744)
• chore: update known checksums for 0.9.27 @github-actions[bot] (#742)
• chore: update known checksums for 0.9.26 @github-actions[bot] (#734)
• chore: update known checksums for 0.9.25 @github-actions[bot] (#733)
• chore: update known checksums for 0.9.24 @github-actions[bot] (#730)

📚 Documentation

• Clarify impact of using actions/setup-python @​eifinger (#732)

⬆️ Dependency updates

• Bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 @dependabot[bot] (#741)

v7.0.0 🌈 node24 and a lot of bugfixes

Changes

This release comes with a load of bug fixes and a speed up. Because of switching from node20 to node24 it is also a breaking change. If you are running on GitHub hosted runners this will just work, if you are using self-hosted runners make sure, that your runners are up to date. If you followed the normal installation instructions your self-hosted runner will keep itself updated.

This release also removes the deprecated input server-url which was used to download uv releases from a different server. The manifest-file input supersedes that functionality by adding a flexible way to define available versions and where they should be downloaded from.

Fixes

• The action now respects when the environment variable UV_CACHE_DIR is already set and does not overwrite it. It now also finds cache-dir settings in config files if you set them.
• Some users encountered problems that cache pruning took forever because they had some uv processes running in the background. Starting with uv version 0.8.24 this action uses uv cache prune --ci --force to ignore the running processes
• If you just want to install uv but not have it available in path, this action now respects UV_NO_MODIFY_PATH
• Some other actions also set the env var UV_CACHE_DIR. This action can now deal with that but as this could lead to unwanted behavior in some edgecases a warning is now displayed.

Improvements

If you are using minimum version specifiers for the version of uv to install for example

[tool.uv]
required-version = ">=0.8.17"

This action now detects that and directly uses the latest version. Previously it would download all available releases from the uv repo to determine the highest matching candidate for the version specifier, which took much more time.

If you are using other specifiers like 0.8.x this action still needs to download all available releases because the specifier defines an upper bound (not 0.9.0 or later) and "latest" would possibly not satisfy that.

🚨 Breaking changes

... (truncated)

Commits

• 37802ad Fetch uv from Astral's mirror by default (#809)
• 9f00d18 chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 (#808)
• fd8f376 Switch to ESM for source and test, use CommonJS for dist (#806)
• f9070de Bump deps (#805)
• cadb67b chore: update known checksums for 0.10.10 (#804)
• e06108d Use astral-sh/versions as primary version provider (#802)
• 0f6ec07 docs: replace copilot instructions with AGENTS.md (#794)
• 821e5c9 docs: add cross-client dependabot rollup skill (#793)
• 6ee6290 chore(deps): bump versions (#792)
• 9f332a1 Add riscv64 architecture support to platform detection (#791)
• Additional commits viewable in compare view

Updates gradle/actions from 5 to 6

Release notes

Sourced from gradle/actions's releases.

v6.0.0

[!IMPORTANT] The release of gradle/actions@v6 contains important changes to the license terms. More details in this blog post. TL;DR: By upgrading to v6, you accept the Terms of Use for the gradle-actions-caching component.

Summary

• Caching functionality of 'gradle-actions' has been extracted into a separate gradle-actions-caching library, and is no longer open-source. See this blog post for more context.
• Existing, rudimentary, configuration-cache support has been removed, pending a fully functional implementation in gradle-actions-caching.
• Dependencies updated to address security vulnerabilities

[!IMPORTANT]

Licensing notice

The caching functionality in `gradle-actions` has been extracted into `gradle-actions-caching`, a proprietary commercial component that is not covered by the MIT License. The bundled `gradle-actions-caching` component is licensed and governed by a separate license, available at https://gradle.com/legal/terms-of-use/.

The `gradle-actions-caching` component is used only when caching is enabled and is not loaded or used when caching is disabled.

Use of the `gradle-actions-caching` component is subject to a separate license, available at https://gradle.com/legal/terms-of-use/. If you do not agree to these license terms, do not use the `gradle-actions-caching` component.

What's Changed

• Bump the npm-dependencies group in /sources with 2 updates by @​dependabot[bot] in gradle/actions#866
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#868
• Dependency updates by @​bigdaz in gradle/actions#876
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#878
• Bump @​types/node from 25.3.3 to 25.3.5 in /sources in the npm-dependencies group across 1 directory by @​dependabot[bot] in gradle/actions#877
• Bump the github-actions group across 3 directories with 3 updates by @​dependabot[bot] in gradle/actions#867
• Update known wrapper checksums by @​github-actions[bot] in gradle/actions#881
• Bump the npm-dependencies group in /sources with 6 updates by @​dependabot[bot] in gradle/actions#879
• Bump the github-actions group across 3 directories with 5 updates by @​dependabot[bot] in gradle/actions#880
• Remove configuration-cache support by @​bigdaz in gradle/actions#884
• Extract caching logic into a separate gradle-actions-caching component by @​bigdaz in gradle/actions#885
• Update gradle-actions-caching library to v0.3.0 by @​bot-githubaction in gradle/actions#899
• Avoid windows shutdown bug by @​bigdaz in gradle/actions#900
• Dependency updates by @​bigdaz in gradle/actions#905
• Fix critical and high npm vulnerabilities by @​bigdaz in gradle/actions#904
• Fix rendering of job-disabled message by @​bigdaz in gradle/actions#909

Full Changelog: gradle/actions@v5.0.2...v6.0.0

v5.0.2

Summary

This release contains no functional changes. It updates dependencies and known Gradle wrapper checksums.

What's Changed

• Update dependencies by @​bigdaz in gradle/actions#851

... (truncated)

Commits

• 50e97c2 Link to docs for caching providers
• f2e6298 Restructure caching documentation for basic and enhanced providers (#934)
• b294b1e Really fix integ-test-full
• 83d3189 Revise license details for gradle-actions-caching
• 1d5db06 Update license link for gradle-actions-caching component
• 1c80961 Fix license link for Enhanced Caching component
• 9e99920 Fix integ-test-full workflow
• bb8aaaf Fix workflow permissions
• f5dfb43 [bot] Update dist directory
• ff9ae24 Add open-source 'basic' cache provider and revamp licensing documentation (#930)
• Additional commits viewable in compare view

Updates jaxxstorm/action-install-gh-release from 2.1.0 to 3.0.0

Release notes

Sourced from jaxxstorm/action-install-gh-release's releases.

v3.0.0

What's Changed

• fix(deps): update octokit monorepo (major) by @​renovate[bot] in jaxxstorm/action-install-gh-release#132
• chore(deps): update dependency @​types/lodash to v4.17.18 by @​renovate[bot] in jaxxstorm/action-install-gh-release#131
• fix(deps): update dependency @​actions/github to v6.0.1 by @​renovate[bot] in jaxxstorm/action-install-gh-release#129
• fix(deps): update dependency eslint to v9.29.0 by @​renovate[bot] in jaxxstorm/action-install-gh-release#128
• docs: add inputs table to README.md by @​gmeligio in jaxxstorm/action-install-gh-release#144
• build(deps): bump the npm_and_yarn group across 1 directory with 9 updates by @​dependabot[bot] in jaxxstorm/action-install-gh-release#152
• chore(deps): update dependency lodash to v4.17.23 [security] by @​renovate[bot] in jaxxstorm/action-install-gh-release#151
• chore(deps): update dependency @​vercel/ncc to v0.38.4 by @​renovate[bot] in jaxxstorm/action-install-gh-release#150
• chore: update dependencies and node version by @​jaxxstorm in jaxxstorm/action-install-gh-release#153

Full Changelog: jaxxstorm/action-install-gh-release@v2.1.0...v3.0.0

Commits

• 25e24d2 Merge pull request #153 from jaxxstorm/dep_upds
• 75057ca chore: update setup-node
• 5a4b567 chore: update dependencies and node version
• f981338 Merge pull request #150 from jaxxstorm/renovate/vercel-ncc-0.x
• 882b9e7 Merge pull request #151 from jaxxstorm/renovate/npm-lodash-vulnerability
• 49c9f0f Merge pull request #152 from jaxxstorm/dependabot/npm_and_yarn/npm_and_yarn-8...
• 5110481 build(deps): bump the npm_and_yarn group across 1 directory with 9 updates
• a47c330 chore(deps): update dependency @​vercel/ncc to v0.38.4
• f75c8f1 chore(deps): update dependency lodash to v4.17.23 [security]
• 1f20b27 Merge pull request #144 from gmeligio/action_docs
• Additional commits viewable in compare view