[#patch](deps): Bump the actions-deps group with 2 updates

[dependabot]

Bumps the actions-deps group with 2 updates: astral-sh/setup-uv and mlugg/setup-zig.

Updates astral-sh/setup-uv from 7.1.6 to 7.2.0

Release notes

Sourced from astral-sh/setup-uv's releases.

v7.2.0 🌈 add outputs python-version and python-cache-hit

Changes

Among some minor typo fixes and quality of life features for developers of actions the main feature of this release are new outputs:

• python-version: The Python version that was set (same content as existing UV_PYTHON)
• python-cache-hit: A boolean value to indicate the Python cache entry was found

While implementing this it became clear, that it is easier to handle the Python binaries in a separate cache entry. The added benefit for users is that the "normal" cache containing the dependencies can be used in all runs no matter if these cache the Python binaries or not.

[!NOTE]
This release will invalidate caches that contain the Python binaries. This happens a single time.

🐛 Bug fixes

• chore: remove stray space from UV_PYTHON_INSTALL_DIR message @​akx (#720)

🚀 Enhancements

• add outputs python-version and python-cache-hit @​eifinger (#728)
• Add action typings with validation @​krzema12 (#721)

🧰 Maintenance

• fix: use uv_build backend for old-python-constraint-project @​eifinger (#729)
• chore: update known checksums for 0.9.22 @github-actions[bot] (#727)
• chore: update known checksums for 0.9.21 @github-actions[bot] (#726)
• chore: update known checksums for 0.9.20 @github-actions[bot] (#725)
• chore: update known checksums for 0.9.18 @github-actions[bot] (#718)

⬆️ Dependency updates

• Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 @dependabot[bot] (#719)
• Bump github/codeql-action from 4.31.6 to 4.31.9 @dependabot[bot] (#723)

Commits

• 61cb8a9 add outputs python-version and python-cache-hit (#728)
• 11050ed fix: use uv_build backend for old-python-constraint-project (#729)
• 1d22faf Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 (#719)
• f4ed82a Bump github/codeql-action from 4.31.6 to 4.31.9 (#723)
• e0409b4 chore: update known checksums for 0.9.22 (#727)
• 702b425 chore: update known checksums for 0.9.21 (#726)
• 2630c86 chore: update known checksums for 0.9.20 (#725)
• 45cfcb3 Add action typings with validation (#721)
• ce0a899 chore: update known checksums for 0.9.18 (#718)
• 9c8d030 chore: remove stray space from UV_PYTHON_INSTALL_DIR message (#720)
• See full diff in compare view

Updates mlugg/setup-zig from 2.1.0 to 2.2.0

Release notes

Sourced from mlugg/setup-zig's releases.

v2.2.0

• Update dependencies
• Replace libsodium dependency with node:crypto, improving target support
• Use hardcoded mirror list when ziglang.org is inaccessible
• Fix incorrect tarball names when fetching certain versions

[!NOTE] The setup-zig project is now hosted on Codeberg, and this GitHub repository exists as a mirror solely to work around the vendor lock-in mechanisms employed by GitHub Actions. While there are no plans to discontinue GitHub Actions support, I would nonetheless encourage users to consider upgrading to Forgejo Actions on a non-profit forge like Codeberg to avoid being affected by GitHub's profit-driven behavior (such as attempting to charge users by the minute for using their own hardware).

Commits

• e7d1537 Use named capture groups for version string matching
• 43a69a5 Use cur_dev and min_dev in comparison versionLessThan
• 7465018 use hardcoded community mirror list when ziglang.org is inaccessible
• d91b47d tests: fix typo in workflow
• 7296b2b npm update
• 1796bca minisign: replace libsodium dependency with node:crypto
• c09d84c npm: remove direct dependency on unused package
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

KICS version: v2.1.18

Category Results CRITICAL 0 HIGH 0 MEDIUM 0 LOW 0 INFO 0 TRACE 0 TOTAL 0	Metric Values Files scanned 14 Files parsed 14 Files failed to scan 0 Total executed queries 52 Queries failed to execute 0 Execution time 1

Queries Results

| |