build(deps): bump astral-sh/uv from 0.11.14 to 0.11.15

[dependabot]

Bumps astral-sh/uv from 0.11.14 to 0.11.15.

Release notes

Sourced from astral-sh/uv's releases.

0.11.15

Release Notes

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

Configuration

• Respect required-environments in uv pip compile (#19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#19398)
• Avoid walking nested directories in linker conflict registration (#19382)
• Optimize async wheel ZIP writing (#19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
• Skip empty directories in uv build outputs (#19437)
• Fix Git submodule handling when using relative paths (#12156)
• Fix line number reporting in netrc parsing (#19452)

Documentation

• Move Bazel auth helper setup into integration guide (#19392)

Install uv 0.11.15

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.15/uv-installer.sh | sh
</tr></table> 

... (truncated)

Changelog

Sourced from astral-sh/uv's changelog.

0.11.15

Released on 2026-05-18.

Security

• Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
• Add support for Azure request signing (#19421)
• Apply stricter validation to all wheel filename segments (#19364)
• Reject empty strings as an invalid package name (#19435)
• Use structured errors for signing authentication failures (#19422)

Preview

• uv audit: Add JSON output (#19305)

Configuration

• Respect required-environments in uv pip compile (#19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#19398)
• Avoid walking nested directories in linker conflict registration (#19382)
• Optimize async wheel ZIP writing (#19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
• Skip empty directories in uv build outputs (#19437)
• Fix Git submodule handling when using relative paths (#12156)
• Fix line number reporting in netrc parsing (#19452)

Documentation

• Move Bazel auth helper setup into integration guide (#19392)

Commits

• 3cffe97 Fix crates.io publish script lockfile (#19473)
• de16a7b Bump version to 0.11.15 (#19472)
• cf826cc Disable test_simultaneous_create_set_then_move on Linux (#19469)
• 2d566bc Allow retry of custom-publish-crates separately from announce (#19470)
• 0588b8f Run release builds on maturin version bumps in CI (#19466)
• 9a65753 Enforce that entry points cannot escape in the scripts directory (#19464)
• d77d849 Revert "Update maturin to v1.13.2 (#19445)" (#19465)
• 5373e96 Update Rust crate rustls to v0.23.40 (#19250)
• fb8d3d4 Update Rust crate rustls-pki-types to v1.14.1 (#19251)
• 078480d Configure maturin and uv so uv run can be used to work on uv itself (#19461)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---

📚 Documentation preview 📚: https://datacube-ows--1601.org.readthedocs.build/en/1601/

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.31%. Comparing base (b148467) to head (e71fbd5).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #1601   +/-   ##
========================================
  Coverage    92.31%   92.31%           
========================================
  Files           56       56           
  Lines         7262     7262           
========================================
  Hits          6704     6704           
  Misses         558      558           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.