chore(deps): bump astral-sh/setup-uv from 8.0.0 to 8.2.0

[dependabot]

Bumps astral-sh/setup-uv from 8.0.0 to 8.2.0.

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.2.0 🌈 New inputs quiet and download-from-astral-mirror

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details. In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token. All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

• fix: report unexpected cache save failures @​eifinger (#896)
• fix: report unexpected setup failures @​eifinger (#895)
• fix: add timeout to fetch to prevent silent hangs @​eifinger-bot (#883)
• Limit GitHub tokens to github.com download URLs @​zsol (#878)
• increase libuv-workaround timeout to 100ms @​eifinger (#880)

🚀 Enhancements

• Add quiet input to suppress info-level log output @​eifinger (#898)
• feat: add download-from-astral-mirror input @​eifinger (#897)

🧰 Maintenance

• docs: update dependabot rollup biome guidance @​eifinger (#902)
• chore: update known checksums for 0.11.18 @github-actions[bot] (#899)
• chore: update known checksums for 0.11.17 @github-actions[bot] (#892)
• chore: update known checksums for 0.11.16 @github-actions[bot] (#889)
• chore: update known checksums for 0.11.15 @github-actions[bot] (#885)
• chore: update known checksums for 0.11.14 @github-actions[bot] (#879)
• chore: update known checksums for 0.11.13 @github-actions[bot] (#877)

... (truncated)

Commits

• fac544c chore(deps): roll up dependabot updates (#903)
• 7390f77 docs: update dependabot rollup biome guidance (#902)
• 363c64a chore(deps): roll up dependabot updates (#901)
• c4fcbaf chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1 (#900)
• 8e642c5 chore: update known checksums for 0.11.18 (#899)
• a92cb43 Add quiet input to suppress info-level log output (#898)
• e07f2ac chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2 (#842)
• bc4034e chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 (#893)
• df42d4f chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 (#891)
• b9c8c4c feat: add download-from-astral-mirror input (#897)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

Routine Dependabot bump of the astral-sh/setup-uv GitHub Actions step from v8.0.0 to v8.2.0, with the pinned SHA updated accordingly. No logic or configuration changes are introduced.

• Upgrades astral-sh/setup-uv to v8.2.0, which adds quiet and download-from-astral-mirror inputs and includes security improvements (GitHub token no longer sent to the Astral mirror).
• The SHA pin is updated to match the new release tag, maintaining the existing security posture of the workflow.

Confidence Score: 5/5

Safe to merge — single-line dependency bump with updated SHA pin and no workflow logic changes.

The only change is updating the pinned commit SHA for astral-sh/setup-uv to match the v8.2.0 tag. The new release includes a minor security improvement (stops forwarding GitHub tokens to the Astral mirror) and adds optional inputs that are not used here. No workflow steps, inputs, or job logic are affected.

No files require special attention.

Important Files Changed

Filename	Overview
.github/workflows/test.yml	Bumps astral-sh/setup-uv from v8.0.0 (pinned SHA cec208311dfd045dd5311c1add060b2062131d57) to v8.2.0 (pinned SHA fac544c07dec837d0ccb6301d7b5580bf5edae39); no other changes.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[test.yml workflow triggered] --> B[actions/checkout]
    B --> C[astral-sh/setup-uv]
    C --> |"v8.0.0 → v8.2.0\nSHA updated"| D[uv installed with cache enabled]
    D --> E[Run tests]

Loading

_{Reviews (1): Last reviewed commit: "chore(deps): bump astral-sh/setup-uv fro..." | Re-trigger Greptile}