Bump astral-sh/setup-uv from 6.0.1 to 6.1.0

[dependabot]

Bumps astral-sh/setup-uv from 6.0.1 to 6.1.0.

Release notes

Sourced from astral-sh/setup-uv's releases.

v6.1.0 🌈

Changes

This release adds the input server-url which defaults to https://github.com. You can set this to a custom url to control where this action downloads the uv release from. This is useful for users of gitea and comparable solutions.

@​sebadevo pointed out that we don't invalidate the cache when the prune-cache input is changed. This leads to unnessecarily big caches. The input is now used to compute the cache key, properly invalidating the cache when it is changed.

[!NOTE]
For most users this release will invalidate the cache once. You will see the known warning no-github-actions-cache-found-for-key This is expected and will only appear once.

🐛 Bug fixes

• Purge cache in cache key @​eifinger (#423)

🚀 Enhancements

• feat: support custom github url @​Zoupers (#414)

🧰 Maintenance

• chore: update known versions for 0.7.7 @github-actions[bot] (#422)
• chore: update known versions for 0.7.6 @github-actions[bot] (#415)
• chore: update known versions for 0.7.5 @github-actions[bot] (#412)
• chore: update known versions for 0.7.4 @github-actions[bot] (#410)
• chore: update known versions for 0.7.3 @github-actions[bot] (#405)
• Fix path to known-checksums.ts @​eifinger (#404)
• Fix update-known-versions workflow argument @​eifinger (#401)
• Fix update-known-versions workflow @​eifinger (#400)
• Create version-manifest.json on uv release @​eifinger (#399)
• Run infrastructure workflows on arm runners @​eifinger (#396)
• chore: update known checksums for 0.7.2 @github-actions[bot] (#395)
• chore: update known checksums for 0.7.0 @github-actions[bot] (#390)

📚 Documentation

• Add section to README explaining if packages are installed by setup-uv @​pirate (#398)

⬆️ Dependency updates

• Bump dependencies @​eifinger (#424)
• Bump typescript from 5.8.2 to 5.8.3 @dependabot[bot] (#393)

Commits

• f0ec1fc Bump dependencies (#424)
• e3d2ea5 Purge cache in cache key (#423)
• b3d7ca7 chore: update known versions for 0.7.7 (#422)
• 0e0f4bf feat: support custom github url (#414)
• 71bb882 chore: update known versions for 0.7.6 (#415)
• 1417e89 chore: update known versions for 0.7.5 (#412)
• 1761eea chore: update known versions for 0.7.4 (#410)
• 9864bc9 chore: update known versions for 0.7.3 (#405)
• 0e9cccb Fix path to known-checksums.ts (#404)
• b6f9e9c Bump typescript from 5.8.2 to 5.8.3 (#393)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Added: /tmp/current-commit/node_modules/undici/docs/docs/api/H2CClient.md [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname, and port
+MEDIUM	net/socket/listen	listen on a socket	socket listen
+LOW	c2/tool_transfer/os	references a specific operating system	https:// http:// Windows
+LOW	net/http	Uses the HTTP protocol	http HTTP
+LOW	net/http/2	Uses the HTTP/2 protocol	HTTP/2
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Keep-Alive https://httpwg.org/specs/rfc7540.html https://tools.ietf.org/html/rfc8305 https://nodejs.org/api/net.html

Added: /tmp/current-commit/src/download/version-manifest.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/download	download files	downloadUrl of downloadUrls
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	data/encoding/json_encode	encodes JSON	JSON.stringify
+LOW	fs/file/read	reads files	fs.readFile
+LOW	fs/file/write	writes to file	writeFile

Added: /tmp/current-commit/src/update-known-versions.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./download ./utils
+MEDIUM	net/download	download files	const artifactDownloadUrls const checksumDownloadUrls browser_download_url

Added: /tmp/current-commit/node_modules/undici/types/h2c-client.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./dispatcher ./connector
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+LOW	net/http	Uses the HTTP protocol	http HTTP
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://tools.ietf.org/html/rfc7230

Added: /tmp/current-commit/node_modules/undici/lib/dispatcher/h2c-client.js [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	net/ip/host_port	connects to an arbitrary hostname:port	hostname, port
+MEDIUM	net/socket/connect	initiate a connection on a socket	connect
+LOW	net/http	Uses the HTTP protocol	http
+LOW	net/url/parse	Handles URL strings	new URL

Added: /tmp/current-commit/node_modules/undici/types/client-stats.d.ts [🟡 MEDIUM]

RISK	KEY	DESCRIPTION	EVIDENCE
+MEDIUM	fs/path/relative	references and possibly executes relative path	./client

Changed (20 added, 0 removed): /tmp/current-commit/node_modules/@azure/ms-rest-js/node_modules/node-fetch/lib/index.mjs [🔵 → 🛑 HIGH]

20 new behaviors

RISK	KEY	DESCRIPTION	EVIDENCE
+HIGH	exec/remote_commands/code_eval	Executes code from a complex expression	exec(res.pop())
+MEDIUM	exec/program	executes external program	exec(res.pop()) exec(urlStr)) exec(str) exec(ct) require
+MEDIUM	impact/remote_access/agent	references an 'agent'	agent
+MEDIUM	net/http/form_upload	upload content via HTTP form	application/x-www-form-urlencoded POST
+MEDIUM	net/http/post	submits content to websites	Content-Type HTTP http POST
+MEDIUM	net/url/encode	encodes URL, likely to pass GET variables	urlencode
+MEDIUM	net/url/request	requests resources via URL	http.request
+LOW	data/compression/gzip	works with gzip files	gzip
+LOW	data/compression/zlib	uses zlib	zlib
+LOW	data/encoding/int	parses integers	parseInt(
+LOW	data/encoding/json_decode	Decodes JSON messages	JSON.parse
+LOW	exec/imports/python	imports python modules	import whatwgUrl import Stream import https import zlib import Url
+LOW	net/http	Uses the HTTP protocol	http HTTP
+LOW	net/http/accept_encoding	set HTTP response encoding format (example: gzip)	Accept-Encoding
+LOW	net/http/auth	makes HTTP requests with basic authentication	www-authenticate
+LOW	net/http/request	makes HTTP requests	User-Agent
+LOW	net/socket/send	send a message to a socket	socket send
+LOW	net/url/embedded	contains embedded HTTPS URLs	https://github.com/tmpvar/jsdom/blob/aa85b2abf07766ff7bf5c1f6daafb3726f2f node-fetch/node-fetch#296 https://tools.ietf.org/html/rfc3986 https://hsivonen.fi/encoding-menu/ https://fetch.spec.whatwg.org/
+LOW	net/url/parse	Handles URL strings	new URL
+LOW	os/fd/write	writes to a file handle	dest.write(body)