Commit 9eb16d9
authored
chore(deps): update dependency astral-sh/uv to v0.11.28 (#360)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [astral-sh/uv](https://redirect.github.com/astral-sh/uv) | uses-with |
patch | `0.11.16` → `0.11.28` |
---
### Release Notes
<details>
<summary>astral-sh/uv (astral-sh/uv)</summary>
###
[`v0.11.28`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01128)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.27...0.11.28)
Released on 2026-07-07.
##### Security
This release updates our ZIP library,
[astral-async-zip](https://redirect.github.com/astral-sh/rs-async-zip),
to v0.0.20, which includes 15 changes that harden our ZIP handling
against [parser
differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/).
uv may reject ZIP archives with malformed or ambiguous content that were
previously accepted.
See the [upstream
commits](https://redirect.github.com/astral-sh/rs-async-zip/compare/v0.0.18...v0.0.20)
for a full list of changes.
##### Python
- Upgrade GraalPy to 25.1.3
([#​20069](https://redirect.github.com/astral-sh/uv/pull/20069))
##### Enhancements
- Improve trace logs for unexpected error chains
([#​20220](https://redirect.github.com/astral-sh/uv/pull/20220))
- Move lockfile update guidance to a hint
([#​20219](https://redirect.github.com/astral-sh/uv/pull/20219))
- Preserve indentation for multiline error causes
([#​20156](https://redirect.github.com/astral-sh/uv/pull/20156))
- Render user errors with their cause chains
([#​20217](https://redirect.github.com/astral-sh/uv/pull/20217))
- Route final command errors through the printer to respect `-q` and
`-qq`
([#​20163](https://redirect.github.com/astral-sh/uv/pull/20163))
- Use standard rendering for `uv build` errors
([#​20159](https://redirect.github.com/astral-sh/uv/pull/20159))
- Use standard rendering for tool requirement errors
([#​20160](https://redirect.github.com/astral-sh/uv/pull/20160))
##### Performance
- Only compile bytecode for installed distributions in `uv pip install`
([#​19914](https://redirect.github.com/astral-sh/uv/pull/19914))
- Avoid allocating URL-safe Git revisions
([#​20194](https://redirect.github.com/astral-sh/uv/pull/20194))
- Avoid allocating canonical Python request strings
([#​20193](https://redirect.github.com/astral-sh/uv/pull/20193))
- Avoid allocating custom Astral mirror URLs
([#​20204](https://redirect.github.com/astral-sh/uv/pull/20204))
- Avoid allocating expanded compatibility tags
([#​20190](https://redirect.github.com/astral-sh/uv/pull/20190))
- Avoid allocating shell strings that need no escaping
([#​20196](https://redirect.github.com/astral-sh/uv/pull/20196))
- Avoid allocating static ABI descriptions
([#​20201](https://redirect.github.com/astral-sh/uv/pull/20201))
- Avoid allocating static Windows executable names
([#​20200](https://redirect.github.com/astral-sh/uv/pull/20200))
- Avoid allocating static dependency table names
([#​20199](https://redirect.github.com/astral-sh/uv/pull/20199))
- Avoid allocating static platform triple components
([#​20195](https://redirect.github.com/astral-sh/uv/pull/20195))
- Avoid allocating static resolver report labels
([#​20198](https://redirect.github.com/astral-sh/uv/pull/20198))
- Avoid allocating static unavailable-version messages
([#​20197](https://redirect.github.com/astral-sh/uv/pull/20197))
- Avoid allocating unchanged Python download architectures
([#​20202](https://redirect.github.com/astral-sh/uv/pull/20202))
- Avoid allocating unchanged paths during case normalization
([#​20203](https://redirect.github.com/astral-sh/uv/pull/20203))
- Avoid allocations when expanding group conflicts
([#​20211](https://redirect.github.com/astral-sh/uv/pull/20211))
- Avoid allocations when formatting requirements
([#​20206](https://redirect.github.com/astral-sh/uv/pull/20206))
- Avoid cloning credential lookup services
([#​20210](https://redirect.github.com/astral-sh/uv/pull/20210))
- Avoid cloning dry-run distributions
([#​20209](https://redirect.github.com/astral-sh/uv/pull/20209))
- Avoid cloning owned dependency metadata
([#​20212](https://redirect.github.com/astral-sh/uv/pull/20212))
- Avoid redundant direct URL clones
([#​20207](https://redirect.github.com/astral-sh/uv/pull/20207))
- Create metadata version errors lazily
([#​20205](https://redirect.github.com/astral-sh/uv/pull/20205))
- Optimize expanded tag compatibility checks
([#​20171](https://redirect.github.com/astral-sh/uv/pull/20171))
- Optimize parsing of single-digit three-part versions
([#​20118](https://redirect.github.com/astral-sh/uv/pull/20118))
##### Bug fixes
- Avoid overflow when computing HTTP cache age
([#​20178](https://redirect.github.com/astral-sh/uv/pull/20178))
- Respect `--upgrade` when `upgrade-package` is configured
([#​19955](https://redirect.github.com/astral-sh/uv/pull/19955))
- Support `uv tree` in dependency-group-only projects
([#​20167](https://redirect.github.com/astral-sh/uv/pull/20167))
- Treat cache entries as stale at exact expiration
([#​20183](https://redirect.github.com/astral-sh/uv/pull/20183))
###
[`v0.11.27`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01127)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.26...0.11.27)
Released on 2026-07-06.
##### Enhancements
- Continue on ignored errors when fetching wheel metadata
([#​12255](https://redirect.github.com/astral-sh/uv/pull/12255))
- Use caching for `--python-downloads-json-url`
([#​16749](https://redirect.github.com/astral-sh/uv/pull/16749))
##### Preview features
- Discover extensionless shebang scripts in `uv workspace list
--scripts`
([#​20099](https://redirect.github.com/astral-sh/uv/pull/20099))
##### Performance
- Avoid full site-packages scans for direct reinstalls
([#​20119](https://redirect.github.com/astral-sh/uv/pull/20119))
- Avoid redundant pyproject parsing
([#​20076](https://redirect.github.com/astral-sh/uv/pull/20076))
- Cache default dependency markers when reading locks
([#​20125](https://redirect.github.com/astral-sh/uv/pull/20125))
- Enable SIMD-accelerated TOML parsing
([#​20079](https://redirect.github.com/astral-sh/uv/pull/20079))
- Intern `requires-python` specifiers in Simple API parsing
([#​20104](https://redirect.github.com/astral-sh/uv/pull/20104))
- Read cache entries into exact-sized buffers
([#​20120](https://redirect.github.com/astral-sh/uv/pull/20120))
- Reduce VersionSpecifiers parsing allocations
([#​20105](https://redirect.github.com/astral-sh/uv/pull/20105))
- Reduce site-packages scan allocation overhead
([#​20087](https://redirect.github.com/astral-sh/uv/pull/20087))
- Reuse package names when parsing wheel filenames
([#​20110](https://redirect.github.com/astral-sh/uv/pull/20110))
- Sort Simple API files after grouping
([#​20112](https://redirect.github.com/astral-sh/uv/pull/20112))
##### Bug fixes
- Always emit `packages` table for pylock.toml
([#​20145](https://redirect.github.com/astral-sh/uv/pull/20145))
- Avoid blank line for empty `uv pip tree`
([#​20062](https://redirect.github.com/astral-sh/uv/pull/20062))
- Encode hashes in file paths
([#​19807](https://redirect.github.com/astral-sh/uv/pull/19807))
- Error on a registry uv.lock package without a version instead of
panicking
([#​19855](https://redirect.github.com/astral-sh/uv/pull/19855))
- Preserve conditional extra markers in exports
([#​20148](https://redirect.github.com/astral-sh/uv/pull/20148))
- Skip the ambiguous authority check for file transport VCS URLs
([#​20086](https://redirect.github.com/astral-sh/uv/pull/20086))
- Sync index format when `uv add --index` updates an existing index URL
([#​19818](https://redirect.github.com/astral-sh/uv/pull/19818))
##### Other changes
- Re-add `pub` APIs used in Pixi
([#​20074](https://redirect.github.com/astral-sh/uv/pull/20074))
- Update Rust toolchain to 1.96.1
([#​20103](https://redirect.github.com/astral-sh/uv/pull/20103))
###
[`v0.11.26`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01126)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.25...0.11.26)
Released on 2026-06-30.
##### Performance
- Adapt uv to IDs-only PubGrub dependencies
([#​20048](https://redirect.github.com/astral-sh/uv/pull/20048))
- Avoid allocations in `ForkMap::contains`
([#​20023](https://redirect.github.com/astral-sh/uv/pull/20023))
- Reuse resolver work across PubGrub iterations
([#​20020](https://redirect.github.com/astral-sh/uv/pull/20020))
- Speed up candidate selection for disjoint ranges
([#​20026](https://redirect.github.com/astral-sh/uv/pull/20026))
##### Bug fixes
- Warn when the build cache is inside the source directory
([#​20056](https://redirect.github.com/astral-sh/uv/pull/20056))
###
[`v0.11.25`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01125)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.24...0.11.25)
Released on 2026-06-26.
##### Security
This release updates our tar library,
[astral-tokio-tar](https://redirect.github.com/astral-sh/tokio-tar), to
v0.6.3, which includes over 20 changes that harden our tar handling
against [parser
differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/).
uv may reject source distributions with malformed or ambiguous content
that were previously accepted.
See the [upstream
commits](https://redirect.github.com/astral-sh/tokio-tar/compare/v0.6.2...v0.6.3)
for a full list of changes.
##### Enhancements
- Add a full "lockfile" to tool receipts
([#​18937](https://redirect.github.com/astral-sh/uv/pull/18937))
- Allow scoped overrides to add dependencies
([#​19974](https://redirect.github.com/astral-sh/uv/pull/19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments`
([#​19933](https://redirect.github.com/astral-sh/uv/pull/19933))
- Factor supported environments out of lockfile markers
([#​19969](https://redirect.github.com/astral-sh/uv/pull/19969))
- Recommend our own build backend in the build frontend
([#​19994](https://redirect.github.com/astral-sh/uv/pull/19994))
- Reject wheels with multiple .dist-info directories
([#​19986](https://redirect.github.com/astral-sh/uv/pull/19986))
- Simplify dependency markers under parent reachability
([#​19971](https://redirect.github.com/astral-sh/uv/pull/19971))
- Support scoped dependency exclusions
([#​19977](https://redirect.github.com/astral-sh/uv/pull/19977))
- Support scoped dependency overrides
([#​19970](https://redirect.github.com/astral-sh/uv/pull/19970))
- Explain why files are skipped in registry index parsing
([#​19983](https://redirect.github.com/astral-sh/uv/pull/19983))
##### Preview features
- Add `uv workspace list --scripts`
([#​20009](https://redirect.github.com/astral-sh/uv/pull/20009))
- Support centralised environments in `uv venv`
([#​19912](https://redirect.github.com/astral-sh/uv/pull/19912))
- Use locked ty versions in `uv check`
([#​19884](https://redirect.github.com/astral-sh/uv/pull/19884))
- Add centralized storage of project environments
([#​18214](https://redirect.github.com/astral-sh/uv/pull/18214))
- Verify lockfile hashes before reusing a cached ty in `uv check`
([#​19995](https://redirect.github.com/astral-sh/uv/pull/19995))
- Use locked dependency selection for `uv check --script`
([#​19989](https://redirect.github.com/astral-sh/uv/pull/19989))
##### Bug fixes
- Preserve standalone markers in workspace metadata
([#​20011](https://redirect.github.com/astral-sh/uv/pull/20011))
- Reject `uv build` if the cache dir is enclosed
([#​19991](https://redirect.github.com/astral-sh/uv/pull/19991))
###
[`v0.11.24`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01124)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.23...0.11.24)
Released on 2026-06-23.
##### Python
- Add CPython 3.15.0b3
([#​19964](https://redirect.github.com/astral-sh/uv/pull/19964))
##### Preview features
- Make project environments relocatable under preview
([#​19965](https://redirect.github.com/astral-sh/uv/pull/19965))
##### Performance
- Use a compact index for lazy version maps
([#​19959](https://redirect.github.com/astral-sh/uv/pull/19959))
##### Bug fixes
- Allow disabling `exclude-newer`
([#​19934](https://redirect.github.com/astral-sh/uv/pull/19934))
- Avoid archive id collisions
([#​19949](https://redirect.github.com/astral-sh/uv/pull/19949))
- Reapply "Fix transparent Python upgrades in project environments"
([#​19928](https://redirect.github.com/astral-sh/uv/pull/19928))
- Clean up partial tool entrypoint installs
([#​19966](https://redirect.github.com/astral-sh/uv/pull/19966))
- Fix relocatable `activate.fish` and broaden Fish version support
([#​19856](https://redirect.github.com/astral-sh/uv/pull/19856))
###
[`v0.11.23`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01123)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.22...0.11.23)
Released on 2026-06-19.
##### Bug fixes
- Revert "Fix transparent Python upgrades in project environments" to
mitigate unintended breakage in `pre-commit-uv`
([#​19925](https://redirect.github.com/astral-sh/uv/pull/19925))
- Restore old behavior where workspace members "hidden" by an
intermediate `pyproject.toml` would be treated as standalone projects
([#​19926](https://redirect.github.com/astral-sh/uv/pull/19926))
###
[`v0.11.22`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01122)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.21...0.11.22)
Released on 2026-06-18.
##### Enhancements
- Publish wheels before sdists in `uv publish`
([#​19831](https://redirect.github.com/astral-sh/uv/pull/19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by
`uv format` and `uv check`
([#​19821](https://redirect.github.com/astral-sh/uv/pull/19821))
##### Preview features
- Allow configuring preview features in `uv.toml` and `pyproject.toml`
([#​18437](https://redirect.github.com/astral-sh/uv/pull/18437))
- Update the lockfile during `uv check --no-sync`
([#​19909](https://redirect.github.com/astral-sh/uv/pull/19909))
- Add `--script` to `uv check` and `uv metadata`
([#​19860](https://redirect.github.com/astral-sh/uv/pull/19860))
- Report workspace-exclusive dependency groups in `workspace metadata`
([#​19862](https://redirect.github.com/astral-sh/uv/pull/19862))
- Support SARIF as a `uv audit` output
([#​19872](https://redirect.github.com/astral-sh/uv/pull/19872))
##### Performance
- Use a more deadlock-resistant concurrent hashmap in the resolver
([#​19532](https://redirect.github.com/astral-sh/uv/pull/19532))
##### Bug fixes
- Update string marker ordering semantics to match [upstream clarified
rules](https://redirect.github.com/pypa/packaging.python.org/pull/1988)
([#​19808](https://redirect.github.com/astral-sh/uv/pull/19808))
- Reject extras that have the same normalized name
([#​19871](https://redirect.github.com/astral-sh/uv/pull/19871))
- Reject dependency group `include-group` entries that have additional
fields
([#​19866](https://redirect.github.com/astral-sh/uv/pull/19866))
- Reject invalid UTF-8 URL credentials
([#​19814](https://redirect.github.com/astral-sh/uv/pull/19814))
- Validate that PEP 517 `backend-path`s exist when building sdists
([#​19834](https://redirect.github.com/astral-sh/uv/pull/19834))
- Validate that `pylock.toml` files do not have an unsupported a
`lock-version`
([#​19869](https://redirect.github.com/astral-sh/uv/pull/19869))
- Validate that the environment satisfies the `packages.requires-python`
of a `pylock.toml`
([#​19868](https://redirect.github.com/astral-sh/uv/pull/19868))
- Allow `uv` to be recursively invoked by PEP 517 build hooks
([#​19879](https://redirect.github.com/astral-sh/uv/pull/19879))
- Allow empty `credentials.toml` files
([#​19815](https://redirect.github.com/astral-sh/uv/pull/19815))
- Fix transparent Python upgrades in project environments
([#​19890](https://redirect.github.com/astral-sh/uv/pull/19890))
- Handle non-file editable URLs in `uv pip list`
([#​19867](https://redirect.github.com/astral-sh/uv/pull/19867))
- Fix incorrect output from `uv tree --invert`
([#​19910](https://redirect.github.com/astral-sh/uv/pull/19910))
- Fix environment locking of `uv venv` in a project
([#​19837](https://redirect.github.com/astral-sh/uv/pull/19837))
- Fix handling of workspace-exclusive dependency groups in `uv tree`
([#​19905](https://redirect.github.com/astral-sh/uv/pull/19905))
##### Documentation
- Archive the 0.10.x changelog
([#​19813](https://redirect.github.com/astral-sh/uv/pull/19813))
##### Other changes
- Mark more tests as requiring network for vendors that need to run
tests offline
([#​19819](https://redirect.github.com/astral-sh/uv/pull/19819))
###
[`v0.11.21`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01121)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.20...0.11.21)
Released on 2026-06-11.
##### Python
- Add CPython 3.13.14 and 3.14.6
([#​19787](https://redirect.github.com/astral-sh/uv/pull/19787))
##### Preview features
- Add `environment.root` to `uv workspace metadata --sync`
([#​19760](https://redirect.github.com/astral-sh/uv/pull/19760))
- Allow `uv upgrade` to update a single dependency constraint
([#​19738](https://redirect.github.com/astral-sh/uv/pull/19738))
- Compute and pass `uv workspace metadata` payload in `ty check`
([#​19763](https://redirect.github.com/astral-sh/uv/pull/19763))
- Make packaged applications the default for `uv init`
([#​17841](https://redirect.github.com/astral-sh/uv/pull/17841))
##### Performance
- Add parallel discovery of Python versions for `uv python list`
([#​18684](https://redirect.github.com/astral-sh/uv/pull/18684))
- Avoid normalizing source distribution names twice
([#​19784](https://redirect.github.com/astral-sh/uv/pull/19784))
##### Bug fixes
- Improve cache robustness and pruning behavior
- Allow CI cache pruning without an sdist bucket
([#​19802](https://redirect.github.com/astral-sh/uv/pull/19802))
- Avoid overflow when reading malformed cache entries
([#​19799](https://redirect.github.com/astral-sh/uv/pull/19799))
- Preserve cached Python downloads during cache pruning
([#​19795](https://redirect.github.com/astral-sh/uv/pull/19795))
- Reject running inside the cache
([#​19659](https://redirect.github.com/astral-sh/uv/pull/19659))
- Fix Python discovery and version request edge cases
- Avoid panics for Unicode Python version requests
([#​19797](https://redirect.github.com/astral-sh/uv/pull/19797))
- Fix handling of non-critical errors in `uv python list` with path
requests
([#​19774](https://redirect.github.com/astral-sh/uv/pull/19774))
- Fix stop-discovery-at regression
([#​19769](https://redirect.github.com/astral-sh/uv/pull/19769))
- Harden parsing and validation for package metadata, requirements,
markers, URLs, and conflict sets
- Allow trailing commas in version specifiers
([#​19806](https://redirect.github.com/astral-sh/uv/pull/19806))
- Avoid panics for invalid UTF-8 URL credentials
([#​19800](https://redirect.github.com/astral-sh/uv/pull/19800))
- Avoid panics for malformed source distribution filenames
([#​19776](https://redirect.github.com/astral-sh/uv/pull/19776))
- Avoid panics for trailing extra separators
([#​19779](https://redirect.github.com/astral-sh/uv/pull/19779))
- Avoid stack overflow for recursive requirements path aliases
([#​19777](https://redirect.github.com/astral-sh/uv/pull/19777))
- Ignore reversed string compatible-release markers
([#​19782](https://redirect.github.com/astral-sh/uv/pull/19782))
- Reject duplicate entries in conflict sets
([#​19801](https://redirect.github.com/astral-sh/uv/pull/19801))
- Reject malformed hash options in requirements files
([#​19783](https://redirect.github.com/astral-sh/uv/pull/19783))
- Reject source distribution filenames without a separator
([#​19803](https://redirect.github.com/astral-sh/uv/pull/19803))
- Use UTF-8 lengths for requirement errors
([#​19781](https://redirect.github.com/astral-sh/uv/pull/19781))
- Use UTF-8 lengths for trailing marker errors
([#​19796](https://redirect.github.com/astral-sh/uv/pull/19796))
- Use byte offsets when peeking over requirements
([#​19780](https://redirect.github.com/astral-sh/uv/pull/19780))
- Validate GraalPy ABI suffixes
([#​19805](https://redirect.github.com/astral-sh/uv/pull/19805))
- Improve wheel entry-point error handling and virtual environment
activation quoting
- Propagate errors when reading wheel entry points
([#​19794](https://redirect.github.com/astral-sh/uv/pull/19794))
- Quote virtual environment activation paths with shell metacharacters
([#​19798](https://redirect.github.com/astral-sh/uv/pull/19798))
###
[`v0.11.20`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01120)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.19...0.11.20)
Released on 2026-06-10.
##### Enhancements
- Add `--emit-index-url` and `--emit-find-links` to `uv export`
([#​18370](https://redirect.github.com/astral-sh/uv/pull/18370))
- Add `--find-links` support for `uv pip list`
([#​16103](https://redirect.github.com/astral-sh/uv/pull/16103))
- Group executable install errors during `uv python install`
([#​19691](https://redirect.github.com/astral-sh/uv/pull/19691))
- Use ICF in macOS release builds to reduce binary sizes
([#​19615](https://redirect.github.com/astral-sh/uv/pull/19615))
##### Preview features
- Add initial hidden `uv upgrade` command
([#​19678](https://redirect.github.com/astral-sh/uv/pull/19678))
- Reject Git revisions in `uv upgrade`
([#​19742](https://redirect.github.com/astral-sh/uv/pull/19742))
##### Configuration
- Recognize `UV_NO_INSTALL_PROJECT`, `UV_NO_INSTALL_WORKSPACE`,
`UV_NO_INSTALL_LOCAL`
([#​19323](https://redirect.github.com/astral-sh/uv/pull/19323))
##### Performance
- Speed up discovery of large workspaces
([#​18311](https://redirect.github.com/astral-sh/uv/pull/18311))
##### Bug fixes
- Allow unknown preview flags with a warning again
([#​19669](https://redirect.github.com/astral-sh/uv/pull/19669))
- Apply dependency exclusions to direct requirements
([#​19699](https://redirect.github.com/astral-sh/uv/pull/19699))
- Avoid following external symlinks during cache clean
([#​19682](https://redirect.github.com/astral-sh/uv/pull/19682))
- Avoid following symlinks during cache prune
([#​19543](https://redirect.github.com/astral-sh/uv/pull/19543))
- Fix Git cache keys for worktrees and packed refs
([#​19706](https://redirect.github.com/astral-sh/uv/pull/19706))
- Make resolver error handling iterative to avoid stack overflows
([#​19695](https://redirect.github.com/astral-sh/uv/pull/19695))
- Pass `VIRTUAL_ENV` through `cygpath` inside `fish` on Windows
([#​19703](https://redirect.github.com/astral-sh/uv/pull/19703))
- Rebuild explicit local directory tool installs
([#​19591](https://redirect.github.com/astral-sh/uv/pull/19591))
- Validate egg top-level entries as identifiers
([#​19679](https://redirect.github.com/astral-sh/uv/pull/19679))
##### Documentation
- Document `--find-links` caching behavior
([#​19585](https://redirect.github.com/astral-sh/uv/pull/19585))
- Add a small section for malware checks
([#​19680](https://redirect.github.com/astral-sh/uv/pull/19680))
###
[`v0.11.19`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01119)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.18...0.11.19)
Released on 2026-06-03.
##### Python
- Add CPython 3.15.0b2
([#​19531](https://redirect.github.com/astral-sh/uv/pull/19531))
##### Enhancements
- Always compute SHA256 for remote distributions
([#​19662](https://redirect.github.com/astral-sh/uv/pull/19662))
- Add PyEmscripten platform (PEP 783)
([#​19629](https://redirect.github.com/astral-sh/uv/pull/19629))
- Add Pyodide 2025 target triple
([#​19653](https://redirect.github.com/astral-sh/uv/pull/19653))
##### Preview features
- Make preview features for commands have names that aren't ambiguous
with the command
([#​19645](https://redirect.github.com/astral-sh/uv/pull/19645))
- Respect `--isolated` in `uv check`
([#​19666](https://redirect.github.com/astral-sh/uv/pull/19666))
##### Bug fixes
- Continue tool uninstall after dangling receipts
([#​19623](https://redirect.github.com/astral-sh/uv/pull/19623))
- Skip Unix-specific installation steps when cross-installing Windows
Python distributions
([#​19424](https://redirect.github.com/astral-sh/uv/pull/19424))
###
[`v0.11.18`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01118)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.17...0.11.18)
Released on 2026-06-01.
##### Performance
- Fix performance regression in unzip of local wheels
([#​19637](https://redirect.github.com/astral-sh/uv/pull/19637))
##### Preview
- Add `uv check` to run `ty` from uv
([#​19605](https://redirect.github.com/astral-sh/uv/pull/19605))
##### Bug fixes
- Update activation scripts with upstream fixes
([#​19628](https://redirect.github.com/astral-sh/uv/pull/19628))
##### Other changes
- Bump MSRV to 1.94
([#​19600](https://redirect.github.com/astral-sh/uv/pull/19600))
###
[`v0.11.17`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01117)
[Compare
Source](https://redirect.github.com/astral-sh/uv/compare/0.11.16...0.11.17)
Released on 2026-05-28.
##### Enhancements
- Add a diagnostic for `uv add` with standard library modules
([#​19572](https://redirect.github.com/astral-sh/uv/pull/19572))
- Expose `uv workspace` and its `list` subcommand in help output
([#​19533](https://redirect.github.com/astral-sh/uv/pull/19533))
- Improve the "403 forbidden" hint to suggest `ignore-error-codes` when
applicable
([#​19521](https://redirect.github.com/astral-sh/uv/pull/19521))
- Skip direct URL lock freshness checks while offline
([#​19596](https://redirect.github.com/astral-sh/uv/pull/19596))
- Add `import-names` and `import-namespaces` support to `uv-build` ([PEP
794](https://peps.python.org/pep-0794/))
([#​19380](https://redirect.github.com/astral-sh/uv/pull/19380))
- Add a `--no-editable-package` flag to various commands
([#​19584](https://redirect.github.com/astral-sh/uv/pull/19584))
- Infer Python version requests from source trees in `uv tool`
invocations
([#​19577](https://redirect.github.com/astral-sh/uv/pull/19577))
##### Preview features
- Add module owners to `uv workspace metadata`
([#​19122](https://redirect.github.com/astral-sh/uv/pull/19122))
- Do not allow `uv venv --clear` to remove non-virtual environments
([#​19595](https://redirect.github.com/astral-sh/uv/pull/19595))
##### Bug fixes
- Improve the performance of large entries in `tool.uv.conflicts`
([#​19538](https://redirect.github.com/astral-sh/uv/pull/19538))
- Avoid modifying the parent process' env with `--env-file` in `uv run`
([#​19567](https://redirect.github.com/astral-sh/uv/pull/19567))
- Fix script environment creation for scripts with long filenames
([#​19539](https://redirect.github.com/astral-sh/uv/pull/19539))
- Fix transitive Git archive dependencies in lockfiles
([#​19589](https://redirect.github.com/astral-sh/uv/pull/19589))
- Preserve Git repository URLs in direct URL metadata
([#​19590](https://redirect.github.com/astral-sh/uv/pull/19590))
- Support redirects in `--check-url`
([#​19594](https://redirect.github.com/astral-sh/uv/pull/19594))
- Accept case-insensitive HTML tags in `--find-links` parsing
([#​19537](https://redirect.github.com/astral-sh/uv/pull/19537))
- Reject duplicate script metadata blocks
([#​19544](https://redirect.github.com/astral-sh/uv/pull/19544))
- Ban names like "python3" as script entry points
([#​19535](https://redirect.github.com/astral-sh/uv/pull/19535),
[#​19536](https://redirect.github.com/astral-sh/uv/pull/19536))
- Validate Git LFS artifacts for Git archives
([#​19592](https://redirect.github.com/astral-sh/uv/pull/19592))
- Use a relative path when creating symlinks in cache to improve
relocatability
([#​19033](https://redirect.github.com/astral-sh/uv/pull/19033))
##### Documentation
- Fix malformed positional anchors in the CLI reference
([#​19575](https://redirect.github.com/astral-sh/uv/pull/19575))
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Between 12:00 AM and 03:59 AM, on day 1 of the month (`* 0-3 1 * *`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/danielgafni/dagster-ray).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMiIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>1 parent 79ca132 commit 9eb16d9
3 files changed
Lines changed: 7 additions & 7 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
31 | 31 | | |
32 | 32 | | |
33 | 33 | | |
34 | | - | |
| 34 | + | |
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
67 | 67 | | |
68 | 68 | | |
69 | 69 | | |
70 | | - | |
| 70 | + | |
71 | 71 | | |
72 | 72 | | |
73 | 73 | | |
| |||
97 | 97 | | |
98 | 98 | | |
99 | 99 | | |
100 | | - | |
| 100 | + | |
101 | 101 | | |
102 | 102 | | |
103 | 103 | | |
| |||
141 | 141 | | |
142 | 142 | | |
143 | 143 | | |
144 | | - | |
| 144 | + | |
145 | 145 | | |
146 | 146 | | |
147 | 147 | | |
| |||
163 | 163 | | |
164 | 164 | | |
165 | 165 | | |
166 | | - | |
| 166 | + | |
167 | 167 | | |
168 | 168 | | |
169 | 169 | | |
| |||
182 | 182 | | |
183 | 183 | | |
184 | 184 | | |
185 | | - | |
| 185 | + | |
186 | 186 | | |
187 | 187 | | |
188 | 188 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
30 | 30 | | |
31 | 31 | | |
32 | 32 | | |
33 | | - | |
| 33 | + | |
34 | 34 | | |
35 | 35 | | |
36 | 36 | | |
| |||
0 commit comments