Skip to content

chore(deps): update all non-major dependencies#52

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch
Open

chore(deps): update all non-major dependencies#52
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all-minor-patch

Conversation

@renovate

@renovate renovate Bot commented May 26, 2025

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change Age Confidence
astral-sh/ruff-action action minor v4.0.0v4.1.0 age confidence
astral-sh/setup-uv action minor v8.1.0v8.3.2 age confidence
pyright (source) uses-with patch 1.1.4081.1.411 age confidence
unitypy project.dependencies minor ==1.22.5==1.25.2 age confidence
uv_build (source, changelog) build-system.requires minor >=0.8.4,<0.9.0>=0.11.28,<0.12.0 age confidence

Release Notes

astral-sh/ruff-action (astral-sh/ruff-action)

v4.1.0: 🌈 Skip Astral mirror and support uv.lock

Compare Source

Changes

Among some minor bugfixes this release adds the option to skip the astral-sh mirror and download directly from GitHub releases. Useful if the Astral mirror can't or shouldn't be used.

Also big thanks to @​somaz94 for adding support for reading the desired ruff version from uv.lock.
This works automatically if you haven't overridden the version discovery by using the inputs version or version-file

🐛 Bug fixes
🚀 Enhancements
🧰 Maintenance
📚 Documentation
⬆️ Dependency updates
astral-sh/setup-uv (astral-sh/setup-uv)

v8.3.2

Compare Source

v8.3.1

Compare Source

v8.3.0

Compare Source

v8.2.0: 🌈 New inputs quiet and download-from-astral-mirror

Compare Source

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details.
In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes
🚀 Enhancements
🧰 Maintenance
⬆️ Dependency updates
Microsoft/pyright (pyright)

v1.1.411: Published 1.1.411

Compare Source

Changes:

See More

This list of changes was auto generated.

v1.1.410: Published 1.1.410

Compare Source

Changes:

This list of changes was auto generated.

v1.1.409: Published 1.1.409

Compare Source

Changes:

See More

This list of changes was auto generated.

astral-sh/uv (uv_build)

v0.11.28

Compare Source

Released on 2026-07-07.

Security

This release updates our ZIP library, astral-async-zip, to v0.0.20, which includes 15 changes that harden our ZIP handling against parser differentials. uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Python
Enhancements
  • Improve trace logs for unexpected error chains (#​20220)
  • Move lockfile update guidance to a hint (#​20219)
  • Preserve indentation for multiline error causes (#​20156)
  • Render user errors with their cause chains (#​20217)
  • Route final command errors through the printer to respect -q and -qq (#​20163)
  • Use standard rendering for uv build errors (#​20159)
  • Use standard rendering for tool requirement errors (#​20160)
Performance
  • Only compile bytecode for installed distributions in uv pip install (#​19914)
  • Avoid allocating URL-safe Git revisions (#​20194)
  • Avoid allocating canonical Python request strings (#​20193)
  • Avoid allocating custom Astral mirror URLs (#​20204)
  • Avoid allocating expanded compatibility tags (#​20190)
  • Avoid allocating shell strings that need no escaping (#​20196)
  • Avoid allocating static ABI descriptions (#​20201)
  • Avoid allocating static Windows executable names (#​20200)
  • Avoid allocating static dependency table names (#​20199)
  • Avoid allocating static platform triple components (#​20195)
  • Avoid allocating static resolver report labels (#​20198)
  • Avoid allocating static unavailable-version messages (#​20197)
  • Avoid allocating unchanged Python download architectures (#​20202)
  • Avoid allocating unchanged paths during case normalization (#​20203)
  • Avoid allocations when expanding group conflicts (#​20211)
  • Avoid allocations when formatting requirements (#​20206)
  • Avoid cloning credential lookup services (#​20210)
  • Avoid cloning dry-run distributions (#​20209)
  • Avoid cloning owned dependency metadata (#​20212)
  • Avoid redundant direct URL clones (#​20207)
  • Create metadata version errors lazily (#​20205)
  • Optimize expanded tag compatibility checks (#​20171)
  • Optimize parsing of single-digit three-part versions (#​20118)
Bug fixes
  • Avoid overflow when computing HTTP cache age (#​20178)
  • Respect --upgrade when upgrade-package is configured (#​19955)
  • Support uv tree in dependency-group-only projects (#​20167)
  • Treat cache entries as stale at exact expiration (#​20183)

v0.11.27

Compare Source

Released on 2026-07-06.

Enhancements
  • Continue on ignored errors when fetching wheel metadata (#​12255)
  • Use caching for --python-downloads-json-url (#​16749)
Preview features
  • Discover extensionless shebang scripts in uv workspace list --scripts (#​20099)
Performance
  • Avoid full site-packages scans for direct reinstalls (#​20119)
  • Avoid redundant pyproject parsing (#​20076)
  • Cache default dependency markers when reading locks (#​20125)
  • Enable SIMD-accelerated TOML parsing (#​20079)
  • Intern requires-python specifiers in Simple API parsing (#​20104)
  • Read cache entries into exact-sized buffers (#​20120)
  • Reduce VersionSpecifiers parsing allocations (#​20105)
  • Reduce site-packages scan allocation overhead (#​20087)
  • Reuse package names when parsing wheel filenames (#​20110)
  • Sort Simple API files after grouping (#​20112)
Bug fixes
  • Always emit packages table for pylock.toml (#​20145)
  • Avoid blank line for empty uv pip tree (#​20062)
  • Encode hashes in file paths (#​19807)
  • Error on a registry uv.lock package without a version instead of panicking (#​19855)
  • Preserve conditional extra markers in exports (#​20148)
  • Skip the ambiguous authority check for file transport VCS URLs (#​20086)
  • Sync index format when uv add --index updates an existing index URL (#​19818)
Other changes

v0.11.26

Compare Source

Released on 2026-06-30.

Performance
  • Adapt uv to IDs-only PubGrub dependencies (#​20048)
  • Avoid allocations in ForkMap::contains (#​20023)
  • Reuse resolver work across PubGrub iterations (#​20020)
  • Speed up candidate selection for disjoint ranges (#​20026)
Bug fixes
  • Warn when the build cache is inside the source directory (#​20056)

v0.11.25

Compare Source

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements
  • Add a full "lockfile" to tool receipts (#​18937)
  • Allow scoped overrides to add dependencies (#​19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#​19933)
  • Factor supported environments out of lockfile markers (#​19969)
  • Recommend our own build backend in the build frontend (#​19994)
  • Reject wheels with multiple .dist-info directories (#​19986)
  • Simplify dependency markers under parent reachability (#​19971)
  • Support scoped dependency exclusions (#​19977)
  • Support scoped dependency overrides (#​19970)
  • Explain why files are skipped in registry index parsing (#​19983)
Preview features
  • Add uv workspace list --scripts (#​20009)
  • Support centralised environments in uv venv (#​19912)
  • Use locked ty versions in uv check (#​19884)
  • Add centralized storage of project environments (#​18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#​19995)
  • Use locked dependency selection for uv check --script (#​19989)
Bug fixes
  • Preserve standalone markers in workspace metadata (#​20011)
  • Reject uv build if the cache dir is enclosed (#​19991)

v0.11.24

Compare Source

Released on 2026-06-23.

Python
Preview features
  • Make project environments relocatable under preview (#​19965)
Performance
  • Use a compact index for lazy version maps (#​19959)
Bug fixes
  • Allow disabling exclude-newer (#​19934)
  • Avoid archive id collisions (#​19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#​19928)
  • Clean up partial tool entrypoint installs (#​19966)
  • Fix relocatable activate.fish and broaden Fish version support (#​19856)

v0.11.23

Compare Source

Released on 2026-06-19.

Bug fixes
  • Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#​19925)
  • Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#​19926)

v0.11.22

Compare Source

Released on 2026-06-18.

Enhancements
  • Publish wheels before sdists in uv publish (#​19831)
  • Add TY and RUFF env vars for providing paths for binaries used by uv format and uv check (#​19821)
Preview features
  • Allow configuring preview features in uv.toml and pyproject.toml (#​18437)
  • Update the lockfile during uv check --no-sync (#​19909)
  • Add --script to uv check and uv metadata (#​19860)
  • Report workspace-exclusive dependency groups in workspace metadata (#​19862)
  • Support SARIF as a uv audit output (#​19872)
Performance
  • Use a more deadlock-resistant concurrent hashmap in the resolver (#​19532)
Bug fixes
  • Update string marker ordering semantics to match upstream clarified rules (#​19808)
  • Reject extras that have the same normalized name (#​19871)
  • Reject dependency group include-group entries that have additional fields (#​19866)
  • Reject invalid UTF-8 URL credentials (#​19814)
  • Validate that PEP 517 backend-paths exist when building sdists (#​19834)
  • Validate that pylock.toml files do not have an unsupported a lock-version (#​19869)
  • Validate that the environment satisfies the packages.requires-python of a pylock.toml (#​19868)
  • Allow uv to be recursively invoked by PEP 517 build hooks (#​19879)
  • Allow empty credentials.toml files (#​19815)
  • Fix transparent Python upgrades in project environments (#​19890)
  • Handle non-file editable URLs in uv pip list (#​19867)
  • Fix incorrect output from uv tree --invert (#​19910)
  • Fix environment locking of uv venv in a project (#​19837)
  • Fix handling of workspace-exclusive dependency groups in uv tree (#​19905)
Documentation
Other changes
  • Mark more tests as requiring network for vendors that need to run tests offline (#​19819)

v0.11.21

Compare Source

Released on 2026-06-11.

Python
Preview features
  • Add environment.root to uv workspace metadata --sync (#​19760)
  • Allow uv upgrade to update a single dependency constraint (#​19738)
  • Compute and pass uv workspace metadata payload in ty check (#​19763)
  • Make packaged applications the default for uv init (#​17841)
Performance
  • Add parallel discovery of Python versions for uv python list (#​18684)
  • Avoid normalizing source distribution names twice (#​19784)
Bug fixes
  • Improve cache robustness and pruning behavior
    • Allow CI cache pruning without an sdist bucket (#​19802)
    • Avoid overflow when reading malformed cache entries (#​19799)
    • Preserve cached Python downloads during cache pruning (#​19795)
    • Reject running inside the cache (#​19659)
  • Fix Python discovery and version request edge cases
    • Avoid panics for Unicode Python version requests (#​19797)
    • Fix handling of non-critical errors in uv python list with path requests (#​19774)
    • Fix stop-discovery-at regression (#​19769)
  • Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
    • Allow trailing commas in version specifiers (#​19806)
    • Avoid panics for invalid UTF-8 URL credentials (#​19800)
    • Avoid panics for malformed source distribution filenames (#​19776)
    • Avoid panics for trailing extra separators (#​19779)
    • Avoid stack overflow for recursive requirements path aliases (#​19777)
    • Ignore reversed string compatible-release markers (#​19782)
    • Reject duplicate entries in conflict sets (#​19801)
    • Reject malformed hash options in requirements files (#​19783)
    • Reject source distribution filenames without a separator (#​19803)
    • Use UTF-8 lengths for requirement errors (#​19781)
    • Use UTF-8 lengths for trailing marker errors (#​19796)
    • Use byte offsets when peeking over requirements (#​19780)
    • Validate GraalPy ABI suffixes (#​19805)
  • Improve wheel entry-point error handling and virtual environment activation quoting
    • Propagate errors when reading wheel entry points (#​19794)
    • Quote virtual environment activation paths with shell metacharacters (#​19798)

v0.11.20

Compare Source

Released on 2026-06-10.

Enhancements
  • Add --emit-index-url and --emit-find-links to uv export (#​18370)
  • Add --find-links support for uv pip list (#​16103)
  • Group executable install errors during uv python install (#​19691)
  • Use ICF in macOS release builds to reduce binary sizes (#​19615)
Preview features
  • Add initial hidden uv upgrade command (#​19678)
  • Reject Git revisions in uv upgrade (#​19742)
Configuration
  • Recognize UV_NO_INSTALL_PROJECT, UV_NO_INSTALL_WORKSPACE, UV_NO_INSTALL_LOCAL (#​19323)
Performance
  • Speed up discovery of large workspaces (#​18311)
Bug fixes
  • Allow unknown preview flags with a warning again (#​19669)
  • Apply dependency exclusions to direct requirements (#​19699)
  • Avoid following external symlinks during cache clean (#​19682)
  • Avoid following symlinks during cache prune (#​19543)
  • Fix Git cache keys for worktrees and packed refs (#​19706)
  • Make resolver error handling iterative to avoid stack overflows (#​19695)
  • Pass VIRTUAL_ENV through cygpath inside fish on Windows (#​19703)
  • Rebuild explicit local directory tool installs (#​19591)
  • Validate egg top-level entries as identifiers (#​19679)
Documentation
  • Document --find-links caching behavior (#​19585)
  • Add a small section for malware checks (#​19680)

v0.11.19

Compare Source

Released on 2026-06-03.

Python
Enhancements
  • Always compute SHA256 for remote distributions (#​19662)
  • Add PyEmscripten platform (PEP 783) (#​19629)
  • Add Pyodide 2025 target triple (#​19653)
Preview features
  • Make preview features for commands have names that aren't ambiguous with the command (#​19645)
  • Respect --isolated in uv check (#​19666)
Bug fixes
  • Continue tool uninstall after dangling receipts (#​19623)
  • Skip Unix-specific installation steps when cross-installing Windows Python distributions (#​19424)

v0.11.18

Compare Source

Released on 2026-06-01.

Performance
  • Fix performance regression in unzip of local wheels (#​19637)
Preview
Bug fixes
  • Update activation scripts with upstream fixes (#​19628)
Other changes

v0.11.17

Compare Source

Released on 2026-05-28.

Enhancements
  • Add a diagnostic for uv add with standard library modules (#​19572)
  • Expose uv workspace and its list subcommand in help output (#​19533)
  • Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#​19521)
  • Skip direct URL lock freshness checks while offline (#​19596)
  • Add import-names and import-namespaces support to uv-build (PEP 794) (#​19380)
  • Add a --no-editable-package flag to various commands (#​19584)
  • Infer Python version requests from source trees in uv tool invocations (#​19577)
Preview features
  • Add module owners to uv workspace metadata (#​19122)
  • Do not allow uv venv --clear to remove non-virtual environments (#​19595)
Bug fixes
  • Improve the performance of large entries in tool.uv.conflicts (#​19538)
  • Avoid modifying the parent process' env with --env-file in uv run (#​19567)
  • Fix script environment creation for scripts with long filenames (#​19539)
  • Fix transitive Git archive dependencies in lockfiles (#​19589)
  • Preserve Git repository URLs in direct URL metadata (#​19590)
  • Support redirects in --check-url (#​19594)
  • Accept case-insensitive HTML tags in --find-links parsing (#​19537)
  • Reject duplicate script metadata blocks (#​19544)
  • Ban names like "python3" as script entry points (#​19535, #​19536)
  • Validate Git LFS artifacts for Git archives (#​19592)
  • Use a relative path when creating symlinks in cache to improve relocatability (#​19033)
Documentation
  • Fix malformed positional anchors in the CLI reference (#​19575)

v0.11.16

Compare Source

Released on 2026-05-21.

Enhancements
  • Add support for direct archive dependencies in Git (#​10072)
  • Adjust hint rendering (#​18090)
Preview features
  • uv audit: specialize malformed OSV error (#​19515)
  • Reject locked malware installations (#​18936)
Configuration
  • Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#​19476)
Bug fixes
  • Allow environment variables that

Note

PR body was truncated to here.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label May 26, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 1fc0bbc to 5f7cd22 Compare May 28, 2025 18:45
@renovate renovate Bot changed the title chore(deps): update dependency unitypy to v1.22.3 chore(deps): update dependency unitypy to v1.22.4 May 28, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 5f7cd22 to 092a1ec Compare June 1, 2025 02:13
@renovate renovate Bot changed the title chore(deps): update dependency unitypy to v1.22.4 chore(deps): update dependency unitypy to v1.22.5 Jun 1, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 092a1ec to 70d15c1 Compare June 15, 2025 01:02
@renovate renovate Bot changed the title chore(deps): update dependency unitypy to v1.22.5 chore(deps): update dependency unitypy to v1.23.0 Jun 15, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 70d15c1 to a2cdd61 Compare June 17, 2025 17:03
@renovate renovate Bot changed the title chore(deps): update dependency unitypy to v1.23.0 chore(deps): update all non-major dependencies Jun 17, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from a2cdd61 to 539fdfa Compare July 8, 2025 15:40
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from 539fdfa to 71d7853 Compare July 8, 2025 15:43
@renovate renovate Bot changed the title chore(deps): update all non-major dependencies chore(deps): update dependency unitypy to v1.23.0 Jul 9, 2025
@renovate renovate Bot changed the title chore(deps): update dependency unitypy to v1.23.0 chore(deps): update all non-major dependencies Jul 9, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from d0fbf1e to 8fe23b4 Compare July 27, 2025 08:12
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 14bed75 to 744ec59 Compare July 31, 2025 13:38
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from d413260 to fd55458 Compare August 14, 2025 17:53
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from fd55458 to de7a71f Compare August 19, 2025 13:00
@renovate renovate Bot changed the title chore(deps): update all non-major dependencies chore(deps): update dependency unitypy to v1.23.0 Aug 19, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from de7a71f to adf3d66 Compare August 24, 2025 10:03
@renovate renovate Bot changed the title chore(deps): update dependency unitypy to v1.23.0 chore(deps): update all non-major dependencies Aug 24, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 0e45dd6 to e84a25a Compare September 4, 2025 21:25
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from e84a25a to bbc6fb0 Compare September 5, 2025 06:16
@renovate renovate Bot changed the title chore(deps): update all non-major dependencies chore(deps): update dependency unitypy to v1.23.0 Sep 5, 2025
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch from bbc6fb0 to a7e95c0 Compare September 10, 2025 17:37
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from c927192 to 84c35af Compare October 17, 2025 13:00
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 38e2524 to 674e7b1 Compare October 23, 2025 20:57
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from bbc38e7 to 9d2875a Compare October 31, 2025 03:45
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 61717de to 9cadb67 Compare November 12, 2025 19:04
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 2a5fae4 to 3c2416e Compare November 21, 2025 01:02
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 6485f99 to 8ba0c52 Compare November 26, 2025 18:28
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from 99a6c6c to 226f626 Compare December 4, 2025 17:04
@renovate renovate Bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 4d510b5 to be51c12 Compare December 10, 2025 04:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants