build(deps): Bump astral-sh/setup-uv from 6.8.0 to 8.0.0

[dependabot]

Bumps astral-sh/setup-uv from 6.8.0 to 8.0.0.

Release notes

Sourced from astral-sh/setup-uv's releases.

v8.0.0 🌈 Immutable releases and secure tags

This is the first immutable release of setup-uv 🥳

All future releases are also immutable, if you want to know more about what this means checkout the docs.

This release also has two breaking changes

New format for manifest-file

The previously deprecated way of defining a custom version manifest to control which uv versions are available and where to download them from got removed. The functionality is still there but you have to use the new format.

No more major and minor tags

To increase security even more we will stop publishing minor tags. You won't be able to use @v8 or @v8.0 any longer. We do this because pinning to major releases opens up users to supply chain attacks like what happened to tj-actions.

[!TIP] Use the immutable tag as a version astral-sh/setup-uv@v8.0.0 Or even better the githash astral-sh/setup-uv@cec208311dfd045dd5311c1add060b2062131d57

🚨 Breaking changes

• Remove update-major-minor-tags workflow @​eifinger (#826)
• Remove deprecrated custom manifest @​eifinger (#813)

🧰 Maintenance

• Shortcircuit latest version from manifest @​eifinger (#828)
• Simplify inputs.ts @​eifinger (#827)
• Bump release-drafter to v7.1.1 @​eifinger (#825)
• Refactor inputs @​eifinger (#823)
• Replace inline compile args with tsconfig @​eifinger (#824)
• chore: update known checksums for 0.11.2 @github-actions[bot] (#821)
• chore: update known checksums for 0.11.1 @github-actions[bot] (#817)
• chore: update known checksums for 0.11.0 @github-actions[bot] (#815)
• Fix latest-version workflow check @​eifinger (#812)
• chore: update known checksums for 0.10.11/0.10.12 @github-actions[bot] (#811)

v7.6.0 🌈 Fetch uv from Astral's mirror by default

Changes

We now default to download uv from releases.astral.sh. This means by default we don't hit the GitHub API at all and shouldn't see any rate limits and timeouts any more.

🚀 Enhancements

• Fetch uv from Astral's mirror by default @​zsol (#809)

🧰 Maintenance

• Switch to ESM for source and test, use CommonJS for dist @​eifinger (#806)
• chore: update known checksums for 0.10.10 @github-actions[bot] (#804)

... (truncated)

Commits

• cec2083 Shortcircuit latest version from manifest (#828)
• 4dd8ab4 Simplify inputs.ts (#827)
• 7fdbe7c Remove update-major-minor-tags workflow (#826)
• 485abd0 Bump release-drafter to v7.1.1 (#825)
• f82eb19 Refactor inputs (#823)
• 868d1f7 Replace inline compile args with tsconfig (#824)
• 447e6d0 chore: update known checksums for 0.11.2 (#821)
• 5c62c59 chore: update known checksums for 0.11.1 (#817)
• e1a7373 chore: update known checksums for 0.11.0 (#815)
• 8970931 Remove deprecrated custom manifest (#813)
• Additional commits viewable in compare view

[kilo-code-bot]

Code Review Summary

Status: No Issues Found | Recommendation: Merge

Files Reviewed (17 files)

• .github/workflows/ci.yml - setup-uv updated to cec208311dfd045dd5311c1add060b2062131d57 (2 occurrences) [carried forward]
• .github/workflows/publish.yml - setup-uv updated; renamed artifact; renamed concurrency group to hol-guard-publish; added hol-guard package build; added uv tool install hol-guard to changelog
• .github/workflows/publish-action-repo.yml - Major refactor to sync canonical and compatibility repos [carried forward]
• README.md - Major restructure: renamed to "HOL Guard"; added Guard quickstart section; reorganized around local-first protection then CI scanning
• pyproject.toml - Renamed primary package to hol-guard; added hol-guard and plugin-guard script entries; added hatch excludes for e2e directories
• action/README.md - Renamed; added new inputs for PR comments [carried forward]
• action/README.legacy.md - New file [carried forward]
• action/action.yml - Renamed action; added inputs/outputs [carried forward]
• docs/guard/architecture.md - Added guard/shims module documentation; added product loop section
• docs/guard/get-started.md - New file with comprehensive Guard onboarding guide
• docs/guard/local-vs-cloud.md - Updated to reference hol-guard commands
• docs/guard/testing-matrix.md - Updated to reference hol-guard commands; added first-party canaries section
• src/codex_plugin_scanner/cli.py - Added Guard root parser for direct hol-guard invocation; added _is_guard_program() detection
• src/codex_plugin_scanner/guard/adapters/base.py - Added shim installation during adapter install/uninstall
• src/codex_plugin_scanner/guard/adapters/claude_code.py - Added shim support for Claude Code hook; updated hook command to include --guard-home
• src/codex_plugin_scanner/guard/cli/__init__.py - Added add_guard_root_parser export
• src/codex_plugin_scanner/guard/cli/commands.py - Major expansion: added start/status commands; added publisher scope; added guard-home arg; added interactive prompt resolution
• src/codex_plugin_scanner/guard/cli/product.py - New file for start and status payloads
• src/codex_plugin_scanner/guard/cli/prompt.py - New file for interactive artifact approval prompts
• src/codex_plugin_scanner/guard/shims.py - New file for launcher shim creation

---

_{Reviewed by minimax-m2.5-20260211}

---

_{Reviewed by minimax-m2.5-20260211 · 228,780 tokens}

[dependabot]

Dependabot can't parse your publish.yml. Because of this, Dependabot cannot update this pull request.

[dependabot]

Dependabot can't parse your publish.yml. Because of this, Dependabot cannot update this pull request.

[kantorcodes]

Reviewed dependency update; scope and change are appropriate.