Bump the all group across 1 directory with 3 updates

[dependabot]

Bumps the all group with 3 updates in the / directory: anthropics/claude-code-action, astral-sh/setup-uv and pypa/gh-action-pypi-publish.

Updates anthropics/claude-code-action from 1.0.29 to 1.0.92

Release notes

Sourced from anthropics/claude-code-action's releases.

v1.0.92

Full Changelog: anthropics/claude-code-action@v1...v1.0.92

v1.0.91

What's Changed

• Use pinned bun binary for post-steps when allowed_non_write_users is set by @​OctavianGuzu in anthropics/claude-code-action#1190

Full Changelog: anthropics/claude-code-action@v1...v1.0.91

v1.0.90

What's Changed

• fix: forward MCP_TIMEOUT, MCP_TOOL_TIMEOUT, MAX_MCP_OUTPUT_TOKENS to action step by @​qozle in anthropics/claude-code-action#1162
• security: reject PATH_TO_CLAUDE_CODE_EXECUTABLE with control characters by @​qozle in anthropics/claude-code-action#1185

Full Changelog: anthropics/claude-code-action@v1...v1.0.90

v1.0.89

What's Changed

• fix: skip token revocation when no token was acquired by @​Dave-London in anthropics/claude-code-action#918
• Use env vars for workflow_run context values in example workflows by @​ddworken in anthropics/claude-code-action#1125
• docs: document include/exclude_comments_by_actor inputs by @​yuribodo in anthropics/claude-code-action#1130
• fix: use correct fallback type for reviewData in fetcher by @​MaxwellCalkin in anthropics/claude-code-action#1034
• Strip OIDC token request env vars from Claude session by @​chyipin in anthropics/claude-code-action#1011
• fix: skip retries for non-retryable errors in retryWithBackoff by @​ei-grad in anthropics/claude-code-action#1082
• fix: restore ripgrep execute bits after bun install --production by @​qozle in anthropics/claude-code-action#1163
• fix: allow # in branch names for PR checkout and base restore by @​qozle in anthropics/claude-code-action#1167
• fix: prevent hang in restoreConfigFromBase on repos with .gitmodules by @​qozle in anthropics/claude-code-action#1166
• fix: strip shell comment lines before parsing claude_args by @​VoidChecksum in anthropics/claude-code-action#1055
• fix: snapshot PR's .claude/ to .claude-pr/ before security restore by @​qozle in anthropics/claude-code-action#1172
• chore: fix prettier formatting by @​ashwin-ant in anthropics/claude-code-action#1171
• chore: fix prettier formatting in parse-sdk-options.test.ts by @​ashwin-ant in anthropics/claude-code-action#1176
• fix: pin bun runtime config and improve log hygiene by @​ashwin-ant in anthropics/claude-code-action#1174

New Contributors

• @​yuribodo made their first contribution in anthropics/claude-code-action#1130
• @​MaxwellCalkin made their first contribution in anthropics/claude-code-action#1034
• @​chyipin made their first contribution in anthropics/claude-code-action#1011
• @​ei-grad made their first contribution in anthropics/claude-code-action#1082
• @​qozle made their first contribution in anthropics/claude-code-action#1163
• @​VoidChecksum made their first contribution in anthropics/claude-code-action#1055

Full Changelog: anthropics/claude-code-action@v1...v1.0.89

v1.0.88

Full Changelog: anthropics/claude-code-action@v1...v1.0.88

v1.0.87

Full Changelog: anthropics/claude-code-action@v1...v1.0.87

... (truncated)

Commits

• 905d4eb chore: bump Claude Code to 2.1.110 and Agent SDK to 0.2.110
• 5fb8995 chore: bump Claude Code to 2.1.109 and Agent SDK to 0.2.109
• c3bf66d fix: handle fork PRs by fetching via refs/pull/N/head (#962) (#963)
• 3943183 chore: bump Claude Code to 2.1.108 and Agent SDK to 0.2.108
• 65f29cf chore: bump Claude Code to 2.1.107 and Agent SDK to 0.2.107
• 1c8b699 chore: bump Claude Code to 2.1.105 and Agent SDK to 0.2.105
• ff49ec5 Prepend system bin dirs to PATH when allowed_non_write_users is set (#1208)
• 25474bf chore: bump Claude Code to 2.1.104 and Agent SDK to 0.2.104
• b47fd72 chore: bump Claude Code to 2.1.101 and Agent SDK to 0.2.101
• c26cb64 chore: bump Claude Code to 2.1.100 and Agent SDK to 0.2.98
• Additional commits viewable in compare view

Updates astral-sh/setup-uv from 7.6.0 to 8.0.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

• Remove update-major-minor-tags workflow @​eifinger (#826)
• Remove deprecrated custom manifest @​eifinger (#813)

🧰 Maintenance

• Shortcircuit latest version from manifest @​eifinger (#828)
• Simplify inputs.ts @​eifinger (#827)
• Bump release-drafter to v7.1.1 @​eifinger (#825)
• Refactor inputs @​eifinger (#823)
• Replace inline compile args with tsconfig @​eifinger (#824)
• chore: update known checksums for 0.11.2 @github-actions[bot] (#821)
• chore: update known checksums for 0.11.1 @github-actions[bot] (#817)
• chore: update known checksums for 0.11.0 @github-actions[bot] (#815)
• Fix latest-version workflow check @​eifinger (#812)
• chore: update known checksums for 0.10.11/0.10.12 @github-actions[bot] (#811)

Commits

• cec2083 Shortcircuit latest version from manifest (#828)
• 4dd8ab4 Simplify inputs.ts (#827)
• 7fdbe7c Remove update-major-minor-tags workflow (#826)
• 485abd0 Bump release-drafter to v7.1.1 (#825)
• f82eb19 Refactor inputs (#823)
• 868d1f7 Replace inline compile args with tsconfig (#824)
• 447e6d0 chore: update known checksums for 0.11.2 (#821)
• 5c62c59 chore: update known checksums for 0.11.1 (#817)
• e1a7373 chore: update known checksums for 0.11.0 (#815)
• 8970931 Remove deprecrated custom manifest (#813)
• Additional commits viewable in compare view

Updates pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0

Release notes

Sourced from pypa/gh-action-pypi-publish's releases.

v1.14.0

✨ What's Changed

The main change in this release is that verbose and print-hash inputs are now on by default. This was contributed by @​whitequark💰 in #397.

📝 Docs

@​woodruffw💰 updated the mentions of PEP 740 to stop implying that it might be experimental (it hasn't been for quite a while!) in #388 and @​him2him2💰 brushed up some grammar in the README and SECURITY docs via #395.

🛠️ Internal Updates

@​woodruffw💰 bumped sigstore and pypi-attestations in the lock file (#391) and @​webknjaz💰 added infra for using type annotations in the project (#381).

💪 New Contributors

• @​him2him2 made their first contribution in #395
• @​whitequark made their first contribution in #397

🪞 Full Diff: pypa/gh-action-pypi-publish@v1.13.0...v1.14.0

🧔‍♂️ Release Manager: @​webknjaz 🇺🇦

🙏 Special Thanks to @​facutuesca💰 and @​woodruffw💰 for helping maintain this project when I can't!

💬 Discuss on Bluesky 🦋, on Mastodon 🐘 and on GitHub.

Commits

• cef2210 Merge pull request #397 from whitequark/patch-1
• b4595e2 Enable verbose and print-hash by default.
• e2bab26 Merge pull request #395 from him2him2/docs/fix-typos-and-grammar
• 7495c38 docs: fix typos and grammar in README and SECURITY
• 03f86fe Merge pull request #388 from woodruffw-forks/ww/rm-experimental
• 4c78f1c Merge branch 'unstable/v1' into ww/rm-experimental
• b5a6e8b deps: bump sigstore and pypi-attestations
• a48a03e remove another experimental mention
• 8087a88 action: remove a lingering mention of PEP 740 being experimental
• 3317ede 🧪 Integrate actionlint via pre-commit framework
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.