actions/setup-uv
12
0
Fork 0
mirror of https://github.com/astral-sh/setup-uv.git synced 2026-06-28 17:00:43 +00:00
Code Activity Actions
setup-uv/docs
History
Exact
Zsolt Dollenstein c86fe4ef1f
Add a threat model for setup-uv (#923) 
This adds a threat model for `setup-uv` so security scanners can use it
as a baseline in terms of what's in-, and out of scope.

The TM covers credential recipients, executable and cache boundaries,
and release authority. It treats checkout-selected interpreters, paths,
virtual environments, symlinks, and helpers as delegated project
authority unless they override an explicit workflow choice or cross an
independent cache, runner, remote, or publication boundary.
2026-06-27 21:01:45 +02:00
..
advanced-version-configuration.md feat: support uv.lock as a version-file source (#918) 2026-06-19 07:08:57 +02:00
caching.md Bump setup-uv references to v8.1.0 SHA in docs (#862) 2026-04-17 09:25:20 +02:00
customization.md Bump setup-uv references to v8.1.0 SHA in docs (#862) 2026-04-17 09:25:20 +02:00
environment-and-tools.md Bump setup-uv references to v8.1.0 SHA in docs (#862) 2026-04-17 09:25:20 +02:00
threat-model.md Add a threat model for setup-uv (#923) 2026-06-27 21:01:45 +02:00