chore(ci)(deps): bump astral-sh/setup-uv from 6.8.0 to 8.1.0#1698
Conversation
Bumps [astral-sh/setup-uv](https://github.com/astral-sh/setup-uv) from 6.8.0 to 8.1.0. - [Release notes](https://github.com/astral-sh/setup-uv/releases) - [Commits](astral-sh/setup-uv@d0cc045...0880764) --- updated-dependencies: - dependency-name: astral-sh/setup-uv dependency-version: 8.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
| Field | Value |
|---|---|
| Action | astral-sh/setup-uv |
| Previous | v6.8.0 |
| New | v8.1.0 |
| Type | Major (v6 → v8) |
Breaking Changes
- This release also has two breaking changes
- The previously deprecated way of defining a custom version manifest to control which
uvversions are available and where to download them from got removed. The functionality is still there but you have to use the new format. -
🚨 Breaking changes
-
The old format still works but is deprecated. A warning will be logged when you use it.
Release Notes (v7 → v8)
v8.1.0 — v8.1.0 🌈 New input no-project
Changes
This add the a new boolean input no-project.
It only makes sense to use in combination with activate-environment: true and will append --no project to the uv venv call. This is for example useful if you have a pyproject.toml file with parts unparseable by uv
🚀 Enhancements
- Add input no-project in combination with activate-environment @eifinger ([Snyk] Upgrade com.fasterxml.jackson.core:jackson-databind from 2.19.2 to 2.20.1 #856)
🧰 Maintenance
- fix: grant contents:write to validate-release job @eifinger (Testing #772 #860)
- Add a release-gate step to the release workflow @zanieb (@ag-ui/vercel-ai-sdk is not find #859)
- Draft commitish releases @eifinger ([Snyk] Upgrade org.springframework:spring-webmvc from 6.2.9 to 6.2.14 #858)
- Add action-types.yml to instructions @eifinger ([Snyk] Upgrade org.springframework:spring-context from 6.2.9 to 6.2.14 #857)
- chore: update known checksums for 0.11.7 @github-actions[bot] (TypeError: cannot pickle '_thread.RLock' object when streaming events contain LangChain models with HTTP clients #853)
- Refactor version resolving @eifinger (Is there a npm package for adk typescript middleware? #852)
- chore: update known checksums for 0.11.6 @github-actions[bot] (Add MCP Apps - Middleware section to README #850)
- chore: update known checksums for 0.11.5 @github-actions[bot] (feat: add support for FE Tool Security Middleware #845)
- chore: update known checksums for 0.11.4 @github-actions[bot] (fix: add step in CI to ensure all keys from menu are in agentFilesMapper, add Oracle Agent Spec #843)
- Add a release workflow @zanieb (ci(dojo): link to cpkPath OR to ./Copilotkit/packages #839)
- chore: update known checksums for 0.11.3 @github-actions[bot] (Mastra Adapter seems to be handling
text-endincorrectly #836)
📚 Documentation
- Update ignore-nothing-to-cache documentation @eifinger (fix(langgraph): pass fork config correctly in prepare_regenerate_stream #833)
- Pin setup-uv docs to v8 @eifinger (feat: add support for Open Agent Spec #829)
⬆️ Dependency updates
- chore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 @dependabot[bot] ([Snyk] Upgrade org.springframework.boot:spring-boot-configuration-processor from 3.4.3 to 3.5.8 #855)
v8.0.0 — v8.0.0 🌈 Immutable releases and secure tags
This is the first immutable release of setup-uv 🥳
All future releases are also immutable, if you want to know more about what this means checkout the docs.
This release also has two breaking changes
New format for manifest-file
The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.
No more major and minor tags
To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.
Tip
Use the immutable tag as a version astral-sh/setup-uv@v8.0.0
Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57
🚨 Breaking changes
- Remove update-major-minor-tags workflow @eifinger (chore(kotlin-sdk): sync protocol with Python SDK v0.2.4 #826)
- Remove deprecrated custom manifest @eifinger (fix(adk): improve duplicate detection for Claude and accumulated text streams #813)
🧰 Maintenance
- Shortcircuit latest version from manifest @eifinger (Add AG-UI integration with Open Agent Spec #828)
- Simplify inputs.ts @eifinger (Questions about the draft proposal on interrupts #827)
- Bump release-drafter to v7.1.1 @eifinger (Add a2a+a2ui support #825)
- Refactor inputs @eifinger (Chore/a2ui launch changes #823)
- Replace inline compile args with tsconfig @eifinger (Strands integration - AgentCore considerations #824)
- chore: update known checksums for 0.11.2 @github-actions[bot] ([Integration][aws-strands] Bug: StrandsAgent creates fresh instances per thread without preserving initial state #821)
- chore: update known checksums for 0.11.1 @github-actions[bot] (Final A2UI Launch Changes #817)
- chore: update known checksums for 0.11.0 @github-actions[bot] (feat(adk): add HTTP header extraction to FastAPI endpoint #815)
- Fix latest-version workflow check @eifinger (fix(adk): improve duplicate detection for Claude and accumulated text streams #812)
- chore
...truncated
v7.6.0 — v7.6.0 🌈 Fetch uv from Astral's mirror by default
Changes
We now default to download uv from releases.astral.sh.
This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.
🚀 Enhancements
- Fetch uv from Astral's mirror by default @zsol (docs(adk): document thread_id to session_id mapping and initial state #809)
🧰 Maintenance
- Switch to ESM for source and test, use CommonJS for dist @eifinger ([Integration][aws-strands] Thinking events not supported #806)
- chore: update known checksums for 0.10.10 @github-actions[bot] (fix(adk): emit final text response after backend tool completion #804)
⬆️ Dependency updates
- chore(deps): bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 @dependabot[bot] (docs(adk): document thread_id to session_id mapping and initial state #808)
- Bump deps @eifinger (fix(adk): route skip_summarization events through translate() for ToolCallResult #805)
v7.5.0 — v7.5.0 🌈 Use astral-sh/versions as version provider
No more rate-limits
This release addresses a long-standing source of timeouts and rate-limit failures in setup-uv.
Previously, the action resolved version identifiers like 0.5.x by iterating over available uv releases via the GitHub API to find the best match. In contrast, latest and exact versions such as 0.5.0 skipped version resolution entirely and downloaded uv directly.
The manifest-file input was an earlier attempt to improve this. It allows providing an url to a file that lists available versions, checksums, and even custom download URLs. The action also shipped with such a manifest.
However, because that bundled file could become outdated whenever new uv releases were published, the action still had to fall back to the GitHub API in many cases.
This release solves the problem by sourcing version data from Astral’s versions repository via the raw content endpoint:
https://raw.githubusercontent.com/astral-sh/versions/refs/heads/main/v1/uv.ndjson
By using the raw endpoint instead of the GitHub API, version resolution no longer depends on API authentication and is much less likely to run into rate limits or timeouts.
Tip
The next section is only interesting for users of the manifest-file input
The manifest-file input lets you override that source with your own URL, for example to test custom uv builds or alternate download locations.
The manifest file must be in NDJSON format, where each line is a JSON object representing a version and its artifacts. For example:
{"version":"0.10.7","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}
{"version":"0.10.6","artifacts":[{"platform":"x86_64-unknown-linux-gnu","variant":"default","url":"https://example.com/uv-x86_64-unknown-linux-gnu.tar.gz","archive_format":"tar.gz","sha256":"..."}]}Warning
The old format stil
...truncated
v7.4.0 — v7.4.0 🌈 Add riscv64 architecture support to platform detection
Changes
Thank you @luhenry for adding support for riscv64 arch
🚀 Enhancements
- Add riscv64 architecture support to platform detection @luhenry (Contextablemark/filter synthetic events #791)
🧰 Maintenance
- Delete .github/workflows/dependabot-build.yml @eifinger (Add AWS strands server typescript integration #789)
- Harden Dependabot build workflow @eifinger (Add predictive state updates to ADK Integration #788)
- Fix: check PR author instead of event sender for Dependabot detection @eifinger-bot (Enable predictive state updates feature for ADK middleware in Dojo #787)
- chore: update known checksums for 0.10.9 @github-actions[bot] (Fix issue #742 #783)
- Add workflow to auto-build dist on Dependabot PRs @eifinger-bot (Address duplicate text message content #782)
- chore: update known checksums for 0.10.8 @github-actions[bot] (fix(adk): resolve multi-turn conversation failure with None user_message #779)
- chore: update known checksums for 0.10.7 @github-actions[bot] (bug: make_json_safe causes RecursionError on objects with circular references #775)
⬆️ Dependency updates
- chore(deps): bump versions @eifinger (Where can I check the version change logs? #792)
- Bump actions/setup-node from 6.2.0 to 6.3.0 @dependabot[bot] (fix: filter synthetic confirm_changes tool results in ADK middleware #790)
- Bump eifinger/actionlint-action from 1.10.0 to 1.10.1 @dependabot[bot] (fix: fix peer dependencies listing in LG and release #778)
v7.3.1 — v7.3.1 🌈 fall back to VERSION_CODENAME when VERSION_ID is not available
Changes
This release adds support for running in containers like debian:testing or debian:unstable
🐛 Bug fixes
- fix: fall back to VERSION_CODENAME when VERSION_ID is not available @eifinger-bot (Bump version from 0.3.4 to 0.3.5 #774)
🧰 Maintenance
- chore: update known checksums for 0.10.6 @github-actions[bot] (bug: Implementation of the SSE Specification is incorrect (Typescript SDK) #771)
- chore: update known checksums for 0.10.5 @github-actions[bot] (fix(adk): resolve multi-turn conversation failure with None user_message #770)
- chore: update known checksums for 0.10.4 @github-actions[bot] ([ADK] ag-ui ignores after_agent_callback behavior for RemoteA2aAgent #768)
- chore: update known checksums for 0.10.3 @github-actions[bot] (Set strands agui version to 0.1.0 #767)
- chore: update known checksums for 0.10.2 @github-actions[bot] ([AG-UI-ADK] Missing
ToolCallResultfortool_context.actions.skip_summarization = True#765) - chore: update known checksums for 0.10.1 @github-actions[bot] (add strands to contentjson #764)
⬆️ Dependency updates
- Bump github/codeql-action from 4.31.9 to 4.32.2 @dependabot[bot] (Error: Both invocation_id and new_message are None. #766)
- Bump zizmorcore/zizmor-action from 0.4.1 to 0.5.0 @dependabot[bot] (feat(a2a): add missing ag-ui bridge features #763)
v7.3.0 — v7.3.0 🌈 New features and bug fixes for activate-environment
Changes
This release contains a few bug fixes and a new feature for the activate-environment functionality.
🐛 Bug fixes
- fix: warn instead of error when no python to cache @eifinger (Add missing AG-UI features to A2AAgent bridge (shared state, HITL, Task/Artifact updates) #762)
- fix: use --clear to create venv @eifinger (fix(strands): make integration stateless and fix duplicate tool rendering #761)
🚀 Enhancements
- feat: add venv-path input for activate-environment @eifinger (fix(adk-middleware): filter empty text events to prevent frontend crash #746)
🧰 Maintenance
- chore: update known checksums for 0.10.0 @github-actions[bot] (fix(dojo): ensure that LangGraph always generates emojis instead of ANSI or icons #759)
- refactor: tilde-expansion tests as unittests and no self-hosted tests @eifinger (What makes ag-ui a protocol? #760)
- chore: update known checksums for 0.9.30 @github-actions[bot] (How to integrate adk-java #756)
- chore: update known checksums for 0.9.29 @github-actions[bot] (Test for PR 745 #748)
📚 Documentation
⬆️ Dependency updates
- Bump typesafegithub/github-actions-typing from 2.2.1 to 2.2.2 @dependabot[bot] (fix(python): add missing thinking events to Event union #753)
- Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 @dependabot[bot] (fix: add
agentic_generative_uiagent to ADK #751) - Bump actions/checkout from 6.0.1 to 6.0.2 @dependabot[bot] ([ADK] Extract user_id from headers #740)
- Bump release-drafter/release-drafter from 6.1.0 to 6.2.0 @dependabot[bot] (Loosen the Fastapi dependency version for ag-ui-langgraph #743)
- Bump eifinger/actionlint-action from 1.9.3 to 1.10.0 @dependabot[bot] (feat: update iframe capabilities for dojo (2) #731)
- Bump actions/setup-node from 6.1.0 to 6.2.0 @dependabot[bot] (Testing: Mastra v1 beta compat #738)
v7.2.1 — v7.2.1 🌈 update known checksums up to 0.9.28
Changes
🧰 Maintenance
- chore: update known checksums for 0.9.28 @github-actions[bot] (feat: support TextMessageChunkEvent Marshal for GO SDK #744)
- chore: update known checksums for 0.9.27 @github-actions[bot] ([ADK] TextMessageContentEvent emits duplicate content in streaming mode before tool calls #742)
- chore: update known checksums for 0.9.26 @github-actions[bot] (ag-ui-adk validation error for TextMessageContentEvent if combined_text is empty #734)
- chore: update known checksums for 0.9.25 @github-actions[bot] (A user-triggered stopGeneration causes a server error (ECONNRESET) instead of performing a clean abort. #733)
- chore: update known checksums for 0.9.24 @github-actions[bot] (In case of Mastra, why is agui adapter wrapping runtimecontext in `agui` key? #730)
📚 Documentation
- Clarify impact of using actions/setup-python @eifinger (feat: implement new helper function to keep param state in sync #732)
⬆️ Dependency updates
- Bump zizmorcore/zizmor-action from 0.3.0 to 0.4.1 @dependabot[bot] (Quick rewrite of dojo readme #741)
v7.2.0 — v7.2.0 🌈 add outputs python-version and python-cache-hit
Changes
Among some minor typo fixes and quality of life features for developers of actions the main feature of this release are new outputs:
- python-version: The Python version that was set (same content as existing
UV_PYTHON) - python-cache-hit: A boolean value to indicate the Python cache entry was found
While implementing this it became clear, that it is easier to handle the Python binaries in a separate cache entry. The added benefit for users is that the "normal" cache containing the dependencies can be used in all runs no matter if these cache the Python binaries or not.
Note
This release will invalidate caches that contain the Python binaries. This happens a single time.
🐛 Bug fixes
- chore: remove stray space from UV_PYTHON_INSTALL_DIR message @akx (Does AG-UI have Go Language Adaptation for ADK Framework? #720)
🚀 Enhancements
- add outputs python-version and python-cache-hit @eifinger (feat: Update AG-UI protocol with Generative UI support #728)
- Add action typings with validation @krzema12 (fix: add python to snippet generator, and run #721)
🧰 Maintenance
- fix: use uv_build backend for old-python-constraint-project @eifinger (bump adk version for publishing #729)
- chore: update known checksums for 0.9.22 @github-actions[bot] (fix: only process new user messages when looking at latest tool result #727)
- chore: update known checksums for 0.9.21 @github-actions[bot] (fix: fix how intermediate state is read and persisted #726)
- chore: update known checksums for 0.9.20 @github-actions[bot] (feat: support ActivityEvent and ActivityMessage for Go SDK #725)
- chore: update known checksums for 0.9.18 @github-actions[bot] (chore(adk-middleware): release 0.3.3 #718)
⬆️ Dependency updates
- Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 @dependabot[bot] (chore(adk-middleware): release 0.3.3 #719)
- Bump github/codeql-action from 4.31.6 to 4.31.9 @dependabot[bot] (fix(mastra): @ag-ui/mastra 0.3.0 #723)
v7.1.6 — v7.1.6 🌈 add OS version to cache key to prevent binary incompatibility
Changes
This release will invalidate your cache existing keys!
The os version e.g. ubuntu-22.04 is now part of the cache key. This prevents failing builds when a cache got populated with wheels built with different tools (e.g. glibc) than are present on the runner where the cache got restored.
🐛 Bug fixes
- feat: add OS version to cache key to prevent binary incompatibility @eifinger (Does AG-UI have Go Language Adaptation for ADK Framework? #716)
🧰 Maintenance
- chore: update known checksums for 0.9.17 @github-actions[bot] (Rewrite the stream option in registerCopilotKit by Mastra according to the context. #714)
⬆️ Dependency updates
- Bump actions/checkout from 5.0.0 to 6.0.1 @dependabot[bot] (Chat UI repeats the previous assistant message after sequential function calls or new user messages #712)
- Bump actions/setup-node from 6.0.0 to 6.1.0 @dependabot[bot] (ag-ui streamOptions example #715)
Next Steps
- Review breaking changes above
- Check if workflow inputs/outputs changed
- Verify compatibility with your CI/CD configuration
Full changelog: https://github.com/astral-sh/setup-uv/releases
Generated automatically for Dependabot major version PRs.
@ag-ui/a2a-middleware
@ag-ui/a2ui-middleware
@ag-ui/event-throttle-middleware
@ag-ui/mcp-apps-middleware
@ag-ui/middleware-starter
@ag-ui/a2a
@ag-ui/adk
@ag-ui/ag2
@ag-ui/agno
@ag-ui/aws-strands
@ag-ui/claude-agent-sdk
@ag-ui/crewai
@ag-ui/langchain
@ag-ui/langgraph
@ag-ui/langroid
@ag-ui/llamaindex
@ag-ui/mastra
@ag-ui/pydantic-ai
@ag-ui/server-starter
@ag-ui/server-starter-all-features
@ag-ui/vercel-ai-sdk
@ag-ui/watsonx
create-ag-ui-app
@ag-ui/client
@ag-ui/core
@ag-ui/encoder
@ag-ui/proto
commit: |
Python Preview PackagesVersion
Install with uvAdd the TestPyPI index to your [[tool.uv.index]]
name = "testpypi"
url = "https://test.pypi.org/simple/"
explicit = trueThen install the packages you need: # Core SDK
uv add 'ag-ui-protocol==0.0.0.dev1778864237' --index testpypi
# Integrations (each already depends on the matching ag-ui-protocol preview)
uv add 'ag-ui-langgraph==0.0.0.dev1778864237' --index testpypi
uv add 'ag-ui-crewai==0.0.0.dev1778864237' --index testpypi
# NOTE: ag-ui-agent-spec depends on pyagentspec (git-only, not on PyPI).
# You will need to install pyagentspec separately from its git repo.
uv add 'ag-ui-agent-spec==0.0.0.dev1778864237' --index testpypi
uv add 'ag_ui_adk==0.0.0.dev1778864237' --index testpypi
uv add 'ag_ui_strands==0.0.0.dev1778864237' --index testpypiInstall with pippip install \
--index-url https://test.pypi.org/simple/ \
--extra-index-url https://pypi.org/simple/ \
ag-ui-protocol==0.0.0.dev1778864237
Commit: 5e1a21c |
1 participant
Bumps astral-sh/setup-uv from 6.8.0 to 8.1.0.
Release notes
Sourced from astral-sh/setup-uv's releases.
... (truncated)
Commits
0880764fix: grant contents:write to validate-release job (#860)717d6abAdd a release-gate step to the release workflow (#859)5a911ebDraft commitish releases (#858)080c31eAdd action-types.yml to instructions (#857)b3e97d2Add input no-project in combination with activate-environment (#856)7dd591dchore(deps): bump release-drafter/release-drafter from 7.1.1 to 7.2.0 (#855)1541b77chore: update known checksums for 0.11.7 (#853)cdfb2eeRefactor version resolving (#852)cb84d12chore: update known checksums for 0.11.6 (#850)1912cc6chore: update known checksums for 0.11.5 (#845)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)