Commit f080e0c
authored
![cloudquery-ci[bot]](https://avatars.githubusercontent.com/u/74616112?v=4&size=40){kind=avatar}
fix(deps): Update ghcr.io/astral-sh/uv Docker tag to v0.11.8 (#399)
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| [ghcr.io/astral-sh/uv](https://redirect.github.com/astral-sh/uv) | final | patch | `0.11.2` → `0.11.8` |
---
> [!WARNING]
> Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/379) for more information.
---
### Release Notes
<details>
<summary>astral-sh/uv (ghcr.io/astral-sh/uv)</summary>
### [`v0.11.8`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0118)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.7...0.11.8)
Released on 2026-04-27.
##### Enhancements
- Add `--python-downloads-json-url` to `python pin` ([#​19092](https://redirect.github.com/astral-sh/uv/pull/19092))
- Fetch uv from Astral mirror during self-update ([#​18682](https://redirect.github.com/astral-sh/uv/pull/18682))
- Support `pip uninstall -y` ([#​19082](https://redirect.github.com/astral-sh/uv/pull/19082))
- Allow `exclude-newer` to be missing from the lockfile when `exclude-newer-span` is present ([#​19024](https://redirect.github.com/astral-sh/uv/pull/19024))
- Only show the version number in `uv self version --short` ([#​19019](https://redirect.github.com/astral-sh/uv/pull/19019))
- Silence warnings on empty `SSL_CERT_DIR` directory ([#​19018](https://redirect.github.com/astral-sh/uv/pull/19018))
- Use a sentinel timestamp for relative `exclude-newer` and `exclude-newer-package` values in lockfiles ([#​19022](https://redirect.github.com/astral-sh/uv/pull/19022), [#​19101](https://redirect.github.com/astral-sh/uv/pull/19101))
##### Configuration
- Add `UV_PYTHON_NO_REGISTRY` ([#​19035](https://redirect.github.com/astral-sh/uv/pull/19035))
- Add an environment variable for `UV_NO_PROJECT` ([#​19052](https://redirect.github.com/astral-sh/uv/pull/19052))
- Expose `UV_PYTHON_SEARCH_PATH` for Python discovery `PATH` overrides ([#​19034](https://redirect.github.com/astral-sh/uv/pull/19034))
##### Bug fixes
- Add `rust-toolchain.toml` to uv-build sdist ([#​19131](https://redirect.github.com/astral-sh/uv/pull/19131))
- Ensure uv invocations of git do not inherit repository location environment variables ([#​19088](https://redirect.github.com/astral-sh/uv/pull/19088))
- Redact pre-signed upload URLs in verbose output ([#​19146](https://redirect.github.com/astral-sh/uv/pull/19146))
- Handle transitive URL dependencies in PEP 517 build requirements ([#​19076](https://redirect.github.com/astral-sh/uv/pull/19076), [#​19086](https://redirect.github.com/astral-sh/uv/pull/19086))
- Support `uv lock` on a `pyproject.toml` that only contains dependency-groups ([#​19087](https://redirect.github.com/astral-sh/uv/pull/19087))
- Disable transparent Python upgrades in projects when a patch version is requested via `.python-version` ([#​19102](https://redirect.github.com/astral-sh/uv/pull/19102))
- Fix Python variant tagging in the Windows registry ([#​19012](https://redirect.github.com/astral-sh/uv/pull/19012))
- Ban external symlinks in `.tar.zst` wheels ([#​19144](https://redirect.github.com/astral-sh/uv/pull/19144))
##### Distributions
- Remove deprecated license classifiers from uv-build and add Python 3.14 classifier ([#​19130](https://redirect.github.com/astral-sh/uv/pull/19130))
##### Documentation
- Bump astral-sh/setup-uv version in docs ([#​19030](https://redirect.github.com/astral-sh/uv/pull/19030))
- Update PyTorch documentation for PyTorch 2.11 ([#​19095](https://redirect.github.com/astral-sh/uv/pull/19095))
### [`v0.11.7`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0117)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.6...0.11.7)
Released on 2026-04-15.
##### Python
- Upgrade CPython build to [`2026041`](https://redirect.github.com/astral-sh/uv/commit/20260414) including an OpenSSL security upgrade ([#​19004](https://redirect.github.com/astral-sh/uv/pull/19004))
##### Enhancements
- Elevate configuration errors to `required-version` mismatches ([#​18977](https://redirect.github.com/astral-sh/uv/pull/18977))
- Further improve TLS certificate validation messages ([#​18933](https://redirect.github.com/astral-sh/uv/pull/18933))
- Improve `--exclude-newer` hints ([#​18952](https://redirect.github.com/astral-sh/uv/pull/18952))
##### Preview features
- Fix `--script` handling in `uv audit` ([#​18970](https://redirect.github.com/astral-sh/uv/pull/18970))
- Fix traversal of extras in `uv audit` ([#​18970](https://redirect.github.com/astral-sh/uv/pull/18970))
##### Bug fixes
- De-quote `workspace metadata` in linehaul data ([#​18966](https://redirect.github.com/astral-sh/uv/pull/18966))
- Avoid installing tool workspace member dependencies as editable ([#​18891](https://redirect.github.com/astral-sh/uv/pull/18891))
- Emit JSON report for `uv sync --check` failures ([#​18976](https://redirect.github.com/astral-sh/uv/pull/18976))
- Filter and warn on invalid TLS certificates ([#​18951](https://redirect.github.com/astral-sh/uv/pull/18951))
- Fix equality comparisons for version specifiers with `~=` operators ([#​18960](https://redirect.github.com/astral-sh/uv/pull/18960))
- Fix stale Python upgrade preview feature check in project environment construction ([#​18961](https://redirect.github.com/astral-sh/uv/pull/18961))
- Improve Windows path normalization ([#​18945](https://redirect.github.com/astral-sh/uv/pull/18945))
### [`v0.11.6`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0116)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.5...0.11.6)
Released on 2026-04-09.
This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See [GHSA-pjjw-68hj-v9mw](https://redirect.github.com/astral-sh/uv/security/advisories/GHSA-pjjw-68hj-v9mw) for details.
##### Bug fixes
- Do not remove files outside the venv on uninstall ([#​18942](https://redirect.github.com/astral-sh/uv/pull/18942))
- Validate and heal wheel `RECORD` during installation ([#​18943](https://redirect.github.com/astral-sh/uv/pull/18943))
- Avoid `uv cache clean` errors due to Win32 path normalization ([#​18856](https://redirect.github.com/astral-sh/uv/pull/18856))
### [`v0.11.5`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0115)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.4...0.11.5)
Released on 2026-04-08.
##### Python
- Add CPython 3.13.13, 3.14.4, and 3.15.0a8 ([#​18908](https://redirect.github.com/astral-sh/uv/pull/18908))
##### Enhancements
- Fix `build_system.requires` error message ([#​18911](https://redirect.github.com/astral-sh/uv/pull/18911))
- Remove trailing path separators in path normalization ([#​18915](https://redirect.github.com/astral-sh/uv/pull/18915))
- Improve error messages for unsupported or invalid TLS certificates ([#​18924](https://redirect.github.com/astral-sh/uv/pull/18924))
##### Preview features
- Add `exclude-newer` to `[[tool.uv.index]]` ([#​18839](https://redirect.github.com/astral-sh/uv/pull/18839))
- `uv audit`: add context/warnings for ignored vulnerabilities ([#​18905](https://redirect.github.com/astral-sh/uv/pull/18905))
##### Bug fixes
- Normalize persisted fork markers before lock equality checks ([#​18612](https://redirect.github.com/astral-sh/uv/pull/18612))
- Clear junction properly when uninstalling Python versions on Windows ([#​18815](https://redirect.github.com/astral-sh/uv/pull/18815))
- Report error cleanly instead of panicking on TLS certificate error ([#​18904](https://redirect.github.com/astral-sh/uv/pull/18904))
##### Documentation
- Remove the legacy `PIP_COMPATIBILITY.md` redirect file ([#​18928](https://redirect.github.com/astral-sh/uv/pull/18928))
- Fix `uv init example-bare --bare` examples ([#​18822](https://redirect.github.com/astral-sh/uv/pull/18822), [#​18925](https://redirect.github.com/astral-sh/uv/pull/18925))
### [`v0.11.4`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0114)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.3...0.11.4)
Released on 2026-04-07.
##### Enhancements
- Add support for `--upgrade-group` ([#​18266](https://redirect.github.com/astral-sh/uv/pull/18266))
- Merge repeated archive URL hashes by version ID ([#​18841](https://redirect.github.com/astral-sh/uv/pull/18841))
- Require all direct URL hash algorithms to match ([#​18842](https://redirect.github.com/astral-sh/uv/pull/18842))
##### Bug fixes
- Avoid panics in environment finding via cycle detection ([#​18828](https://redirect.github.com/astral-sh/uv/pull/18828))
- Enforce direct URL hashes for `pyproject.toml` dependencies ([#​18786](https://redirect.github.com/astral-sh/uv/pull/18786))
- Error on `--locked` and `--frozen` when script lockfile is missing ([#​18832](https://redirect.github.com/astral-sh/uv/pull/18832))
- Fix `uv export` extra resolution for workspace member and conflicting extras ([#​18888](https://redirect.github.com/astral-sh/uv/pull/18888))
- Include conflicts defined in virtual workspace root ([#​18886](https://redirect.github.com/astral-sh/uv/pull/18886))
- Recompute relative `exclude-newer` values during `uv tree --outdated` ([#​18899](https://redirect.github.com/astral-sh/uv/pull/18899))
- Respect `--exclude-newer` in `uv tool list --outdated` ([#​18861](https://redirect.github.com/astral-sh/uv/pull/18861))
- Sort by comparator to break specifier ties ([#​18850](https://redirect.github.com/astral-sh/uv/pull/18850))
- Store relative timestamps in tool receipts ([#​18901](https://redirect.github.com/astral-sh/uv/pull/18901))
- Track newly-activated extras when determining conflicts ([#​18852](https://redirect.github.com/astral-sh/uv/pull/18852))
- Patch `Cargo.lock` in `uv-build` source distributions ([#​18831](https://redirect.github.com/astral-sh/uv/pull/18831))
##### Documentation
- Clarify that `--exclude-newer` compares artifact upload times ([#​18830](https://redirect.github.com/astral-sh/uv/pull/18830))
### [`v0.11.3`](https://redirect.github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#0113)
[Compare Source](https://redirect.github.com/astral-sh/uv/compare/0.11.2...0.11.3)
Released on 2026-04-01.
##### Enhancements
- Add progress bar for hashing phase in uv publish ([#​18752](https://redirect.github.com/astral-sh/uv/pull/18752))
- Add support for ROCm 7.2 ([#​18730](https://redirect.github.com/astral-sh/uv/pull/18730))
- Emit abi3t tags for every abi3 version ([#​18777](https://redirect.github.com/astral-sh/uv/pull/18777))
- Expand `uv workspace metadata` with dependency information from the lock ([#​18356](https://redirect.github.com/astral-sh/uv/pull/18356))
- Implement support for PEP 803 ([#​18767](https://redirect.github.com/astral-sh/uv/pull/18767))
- Pretty-print platform in built wheel errors ([#​18738](https://redirect.github.com/astral-sh/uv/pull/18738))
- Publish installers to `/installers/uv/latest` on the mirror ([#​18725](https://redirect.github.com/astral-sh/uv/pull/18725))
- Show free-threaded Python in built-wheel errors ([#​18740](https://redirect.github.com/astral-sh/uv/pull/18740))
##### Preview features
- Add `--ignore` and `--ignore-until-fixed` to `uv audit` ([#​18737](https://redirect.github.com/astral-sh/uv/pull/18737))
##### Bug fixes
- Bump simple API cache ([#​18797](https://redirect.github.com/astral-sh/uv/pull/18797))
- Don't drop `blake2b` hashes ([#​18794](https://redirect.github.com/astral-sh/uv/pull/18794))
- Handle broken range request implementations ([#​18780](https://redirect.github.com/astral-sh/uv/pull/18780))
- Remove `powerpc64-unknown-linux-gnu` from release build targets ([#​18800](https://redirect.github.com/astral-sh/uv/pull/18800))
- Respect dependency metadata overrides in `uv pip check` ([#​18742](https://redirect.github.com/astral-sh/uv/pull/18742))
- Support debug CPython ABI tags in environment compatibility ([#​18739](https://redirect.github.com/astral-sh/uv/pull/18739))
##### Documentation
- Document `false` opt-out for `exclude-newer-package` ([#​18768](https://redirect.github.com/astral-sh/uv/pull/18768), [#​18803](https://redirect.github.com/astral-sh/uv/pull/18803))
</details>
---
### Configuration
📅 **Schedule**: (UTC)
- Branch creation
- Between 12:00 AM and 03:59 AM, on day 1 of the month (`* 0-3 1 * *`)
- Automerge
- At any time (no schedule defined)
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDguMSIsInVwZGF0ZWRJblZlciI6IjQzLjEwOC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiXX0=-->1 parent cfdfbe1 commit f080e0c
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | | - | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
0 commit comments