Skip to content

Bump the "uv-ecosystem" group with 2 updates across multiple ecosystems#161

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv_ecosystem-93b0a2f434
Open

Bump the "uv-ecosystem" group with 2 updates across multiple ecosystems#161
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv_ecosystem-93b0a2f434

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 24, 2026

Bumps the uv-ecosystem group with 1 update in the /uv directory: astral-sh/uv.

Updates astral-sh/uv from 0.11.12 to 0.11.16

Release notes

Sourced from astral-sh/uv's releases.

0.11.16

Release Notes

Released on 2026-05-21.

Enhancements

  • Add support for direct archive dependencies in Git (#10072)
  • Adjust hint rendering (#18090)

Preview features

  • uv audit: specialize malformed OSV error (#19515)
  • Reject locked malware installations (#18936)

Configuration

  • Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

  • Allow environment variables that take a list to be empty (#19503)
  • Ensure that incompatible wheel hints do not leak secrets (#19504)
  • Reject unsafe entry points in uv-build (#19495)
  • Restrict delimiters in entry point parsing (#19471)
  • uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

  • Document and test relative exclude-newer support for uv pip (#19475)

Install uv 0.11.16

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.ps1 | iex"

Download uv 0.11.16

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum

... (truncated)

Changelog

Sourced from astral-sh/uv's changelog.

0.11.16

Released on 2026-05-21.

Enhancements

  • Add support for direct archive dependencies in Git (#10072)
  • Adjust hint rendering (#18090)

Preview features

  • uv audit: specialize malformed OSV error (#19515)
  • Reject locked malware installations (#18936)

Configuration

  • Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

  • Allow environment variables that take a list to be empty (#19503)
  • Ensure that incompatible wheel hints do not leak secrets (#19504)
  • Reject unsafe entry points in uv-build (#19495)
  • Restrict delimiters in entry point parsing (#19471)
  • uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

  • Document and test relative exclude-newer support for uv pip (#19475)

0.11.15

Released on 2026-05-18.

Security

Enhancements

  • Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
  • Add support for Azure request signing (#19421)
  • Apply stricter validation to all wheel filename segments (#19364)
  • Reject empty strings as an invalid package name (#19435)
  • Use structured errors for signing authentication failures (#19422)

Preview

  • uv audit: Add JSON output (#19305)

... (truncated)

Commits

Bumps the uv-ecosystem group with 2 updates in the /uv/helpers directory: uv and cython.

Updates uv from 0.11.12 to 0.11.16

Release notes

Sourced from uv's releases.

0.11.16

Release Notes

Released on 2026-05-21.

Enhancements

  • Add support for direct archive dependencies in Git (#10072)
  • Adjust hint rendering (#18090)

Preview features

  • uv audit: specialize malformed OSV error (#19515)
  • Reject locked malware installations (#18936)

Configuration

  • Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

  • Allow environment variables that take a list to be empty (#19503)
  • Ensure that incompatible wheel hints do not leak secrets (#19504)
  • Reject unsafe entry points in uv-build (#19495)
  • Restrict delimiters in entry point parsing (#19471)
  • uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

  • Document and test relative exclude-newer support for uv pip (#19475)

Install uv 0.11.16

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.ps1 | iex"

Download uv 0.11.16

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.16

Released on 2026-05-21.

Enhancements

  • Add support for direct archive dependencies in Git (#10072)
  • Adjust hint rendering (#18090)

Preview features

  • uv audit: specialize malformed OSV error (#19515)
  • Reject locked malware installations (#18936)

Configuration

  • Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

  • Allow environment variables that take a list to be empty (#19503)
  • Ensure that incompatible wheel hints do not leak secrets (#19504)
  • Reject unsafe entry points in uv-build (#19495)
  • Restrict delimiters in entry point parsing (#19471)
  • uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

  • Document and test relative exclude-newer support for uv pip (#19475)

0.11.15

Released on 2026-05-18.

Security

Enhancements

  • Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
  • Add support for Azure request signing (#19421)
  • Apply stricter validation to all wheel filename segments (#19364)
  • Reject empty strings as an invalid package name (#19435)
  • Use structured errors for signing authentication failures (#19422)

Preview

  • uv audit: Add JSON output (#19305)

... (truncated)

Commits

Updates cython from 3.2.4 to 3.2.5

Changelog

Sourced from cython's changelog.

3.2.5 (2026-05-23)

Bugs fixed

  • A compile failure was fixed when using the walrus operator inside of try-except. (Github issue :issue:7462)

  • Expressions with side-effects as object argument to isinstance() could get evaluated multiple times, e.g. when they use the walrus operator. (Github issue :issue:7670)

  • Several problems generating the shared utility module were resolved, including a performance regression with memory views. (Github issues :issue:7487, :issue:7497, :issue:7504, :issue:7558)

  • Some GC and refcounting issues were resolved for Cython functions in the Limited API. (Github issue :issue:7594)

  • Refcounting errors and error handling issues were resolved in some rare error handling cases. (Github issues :issue:7597, :issue:7599, :issue:7612, :issue:7673)

  • Using cython.pymutex in an extension type with cdef methods generated invalid C code missing the required PyMutex declarations. (Github issue :issue:6995)

  • Calling .get_frame() on Cython coroutines could crash in freethreading Python. (Github issue :issue:7632)

  • The vectorcall protocol was not used correctly in .throw() of Cython coroutines when raising the exception only by type (without value or traceback). (Github issue :issue:7677)

  • A problem with cpdef enums in the Limited API of Python 3.11+ was resolved. (Github issue :issue:7503)

  • Unicode predicates like .isdigit() are now allowed to fail in the Limited API. (Github issue :issue:7602)

  • Conditional expressions mixing Python float and int object types could accidentally infer float as the common result type, instead of treating both independently.

  • Using sizeof() in the size declarations of extern arrays failed. (Github issue :issue:7451)

  • Enabling profiling generated invalid C code for non-Python return tuples. (Github issue :issue:7580)

  • abs() on C long long values could generate invalid C code.

... (truncated)

Commits
  • ec15209 Tests: Fix test in Py3.16, following cython/cython#7709
  • aa576c4 Fix test.
  • 2398ddd Prepare release of 3.2.5.
  • abb261f Update changelog.
  • a4bae70 Small cleanup of memoryview assertion (GH-7635)
  • 80d9e7e Prevent walrus operator from being re-evaluated multiple times in isinstance(...
  • 0c69532 CI: Pip PyPy 3.11 version to avoid CI failures.
  • f7d6b7a CI: Allow longer PyPy version strings than "major.minor".
  • b7a1d43 Update changelog.
  • f02df0a Build: Remove outdated license identifier (long replaced by license kw-opti...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump astral-sh/uv in /uv in the uv-ecosystem group across 1 directory
8ccc381 
Bumps the uv-ecosystem group with 1 update in the /uv directory: [astral-sh/uv](https://github.com/astral-sh/uv).


Updates `astral-sh/uv` from 0.11.12 to 0.11.16
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.12...0.11.16)
Bump the uv-ecosystem group across 1 directory with 2 updates

Bumps the uv-ecosystem group with 2 updates in the /uv/helpers directory: [uv](https://github.com/astral-sh/uv) and [cython](https://github.com/cython/cython).


Updates `uv` from 0.11.12 to 0.11.16
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.12...0.11.16)

Updates `cython` from 3.2.4 to 3.2.5
- [Release notes](https://github.com/cython/cython/releases)
- [Changelog](https://github.com/cython/cython/blob/master/CHANGES.rst)
- [Commits](cython/cython@3.2.4...3.2.5)

---
updated-dependencies:
- dependency-name: astral-sh/uv
  dependency-version: 0.11.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-ecosystem
- dependency-name: uv
  dependency-version: 0.11.16
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-ecosystem
- dependency-name: cython
  dependency-version: 3.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: uv-ecosystem
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file docker Pull requests that update docker code labels May 24, 2026
@dependabot dependabot Bot mentioned this pull request May 24, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update docker code L: python:uv

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants