Skip to content

Update dependency uv to v0.11.26#109

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/uv-0.x
Open

Update dependency uv to v0.11.26#109
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/uv-0.x

Conversation

@renovate

@renovate renovate Bot commented May 31, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
uv patch 0.11.160.11.26

Release Notes

astral-sh/uv (uv)

v0.11.26

Compare Source

Released on 2026-06-30.

Performance
  • Adapt uv to IDs-only PubGrub dependencies (#​20048)
  • Avoid allocations in ForkMap::contains (#​20023)
  • Reuse resolver work across PubGrub iterations (#​20020)
  • Speed up candidate selection for disjoint ranges (#​20026)
Bug fixes
  • Warn when the build cache is inside the source directory (#​20056)

v0.11.25

Compare Source

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements
  • Add a full "lockfile" to tool receipts (#​18937)
  • Allow scoped overrides to add dependencies (#​19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#​19933)
  • Factor supported environments out of lockfile markers (#​19969)
  • Recommend our own build backend in the build frontend (#​19994)
  • Reject wheels with multiple .dist-info directories (#​19986)
  • Simplify dependency markers under parent reachability (#​19971)
  • Support scoped dependency exclusions (#​19977)
  • Support scoped dependency overrides (#​19970)
  • Explain why files are skipped in registry index parsing (#​19983)
Preview features
  • Add uv workspace list --scripts (#​20009)
  • Support centralised environments in uv venv (#​19912)
  • Use locked ty versions in uv check (#​19884)
  • Add centralized storage of project environments (#​18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#​19995)
  • Use locked dependency selection for uv check --script (#​19989)
Bug fixes
  • Preserve standalone markers in workspace metadata (#​20011)
  • Reject uv build if the cache dir is enclosed (#​19991)

v0.11.24

Compare Source

Released on 2026-06-23.

Python
Preview features
  • Make project environments relocatable under preview (#​19965)
Performance
  • Use a compact index for lazy version maps (#​19959)
Bug fixes
  • Allow disabling exclude-newer (#​19934)
  • Avoid archive id collisions (#​19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#​19928)
  • Clean up partial tool entrypoint installs (#​19966)
  • Fix relocatable activate.fish and broaden Fish version support (#​19856)

v0.11.23

Compare Source

Released on 2026-06-19.

Bug fixes
  • Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#​19925)
  • Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#​19926)

v0.11.22

Compare Source

Released on 2026-06-18.

Enhancements
  • Publish wheels before sdists in uv publish (#​19831)
  • Add TY and RUFF env vars for providing paths for binaries used by uv format and uv check (#​19821)
Preview features
  • Allow configuring preview features in uv.toml and pyproject.toml (#​18437)
  • Update the lockfile during uv check --no-sync (#​19909)
  • Add --script to uv check and uv metadata (#​19860)
  • Report workspace-exclusive dependency groups in workspace metadata (#​19862)
  • Support SARIF as a uv audit output (#​19872)
Performance
  • Use a more deadlock-resistant concurrent hashmap in the resolver (#​19532)
Bug fixes
  • Update string marker ordering semantics to match upstream clarified rules (#​19808)
  • Reject extras that have the same normalized name (#​19871)
  • Reject dependency group include-group entries that have additional fields (#​19866)
  • Reject invalid UTF-8 URL credentials (#​19814)
  • Validate that PEP 517 backend-paths exist when building sdists (#​19834)
  • Validate that pylock.toml files do not have an unsupported a lock-version (#​19869)
  • Validate that the environment satisfies the packages.requires-python of a pylock.toml (#​19868)
  • Allow uv to be recursively invoked by PEP 517 build hooks (#​19879)
  • Allow empty credentials.toml files (#​19815)
  • Fix transparent Python upgrades in project environments (#​19890)
  • Handle non-file editable URLs in uv pip list (#​19867)
  • Fix incorrect output from uv tree --invert (#​19910)
  • Fix environment locking of uv venv in a project (#​19837)
  • Fix handling of workspace-exclusive dependency groups in uv tree (#​19905)
Documentation
Other changes
  • Mark more tests as requiring network for vendors that need to run tests offline (#​19819)

v0.11.21

Compare Source

Released on 2026-06-11.

Python
Preview features
  • Add environment.root to uv workspace metadata --sync (#​19760)
  • Allow uv upgrade to update a single dependency constraint (#​19738)
  • Compute and pass uv workspace metadata payload in ty check (#​19763)
  • Make packaged applications the default for uv init (#​17841)
Performance
  • Add parallel discovery of Python versions for uv python list (#​18684)
  • Avoid normalizing source distribution names twice (#​19784)
Bug fixes
  • Improve cache robustness and pruning behavior
    • Allow CI cache pruning without an sdist bucket (#​19802)
    • Avoid overflow when reading malformed cache entries (#​19799)
    • Preserve cached Python downloads during cache pruning (#​19795)
    • Reject running inside the cache (#​19659)
  • Fix Python discovery and version request edge cases
    • Avoid panics for Unicode Python version requests (#​19797)
    • Fix handling of non-critical errors in uv python list with path requests (#​19774)
    • Fix stop-discovery-at regression (#​19769)
  • Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
    • Allow trailing commas in version specifiers (#​19806)
    • Avoid panics for invalid UTF-8 URL credentials (#​19800)
    • Avoid panics for malformed source distribution filenames (#​19776)
    • Avoid panics for trailing extra separators (#​19779)
    • Avoid stack overflow for recursive requirements path aliases (#​19777)
    • Ignore reversed string compatible-release markers (#​19782)
    • Reject duplicate entries in conflict sets (#​19801)
    • Reject malformed hash options in requirements files (#​19783)
    • Reject source distribution filenames without a separator (#​19803)
    • Use UTF-8 lengths for requirement errors (#​19781)
    • Use UTF-8 lengths for trailing marker errors (#​19796)
    • Use byte offsets when peeking over requirements (#​19780)
    • Validate GraalPy ABI suffixes (#​19805)
  • Improve wheel entry-point error handling and virtual environment activation quoting
    • Propagate errors when reading wheel entry points (#​19794)
    • Quote virtual environment activation paths with shell metacharacters (#​19798)

v0.11.20

Compare Source

Released on 2026-06-10.

Enhancements
  • Add --emit-index-url and --emit-find-links to uv export (#​18370)
  • Add --find-links support for uv pip list (#​16103)
  • Group executable install errors during uv python install (#​19691)
  • Use ICF in macOS release builds to reduce binary sizes (#​19615)
Preview features
  • Add initial hidden uv upgrade command (#​19678)
  • Reject Git revisions in uv upgrade (#​19742)
Configuration
  • Recognize UV_NO_INSTALL_PROJECT, UV_NO_INSTALL_WORKSPACE, UV_NO_INSTALL_LOCAL (#​19323)
Performance
  • Speed up discovery of large workspaces (#​18311)
Bug fixes
  • Allow unknown preview flags with a warning again (#​19669)
  • Apply dependency exclusions to direct requirements (#​19699)
  • Avoid following external symlinks during cache clean (#​19682)
  • Avoid following symlinks during cache prune (#​19543)
  • Fix Git cache keys for worktrees and packed refs (#​19706)
  • Make resolver error handling iterative to avoid stack overflows (#​19695)
  • Pass VIRTUAL_ENV through cygpath inside fish on Windows (#​19703)
  • Rebuild explicit local directory tool installs (#​19591)
  • Validate egg top-level entries as identifiers (#​19679)
Documentation
  • Document --find-links caching behavior (#​19585)
  • Add a small section for malware checks (#​19680)

v0.11.19

Compare Source

Released on 2026-06-03.

Python
Enhancements
  • Always compute SHA256 for remote distributions (#​19662)
  • Add PyEmscripten platform (PEP 783) (#​19629)
  • Add Pyodide 2025 target triple (#​19653)
Preview features
  • Make preview features for commands have names that aren't ambiguous with the command (#​19645)
  • Respect --isolated in uv check (#​19666)
Bug fixes
  • Continue tool uninstall after dangling receipts (#​19623)
  • Skip Unix-specific installation steps when cross-installing Windows Python distributions (#​19424)

v0.11.18

Compare Source

Released on 2026-06-01.

Performance
  • Fix performance regression in unzip of local wheels (#​19637)
Preview
Bug fixes
  • Update activation scripts with upstream fixes (#​19628)
Other changes

v0.11.17

Compare Source

Released on 2026-05-28.

Enhancements
  • Add a diagnostic for uv add with standard library modules (#​19572)
  • Expose uv workspace and its list subcommand in help output (#​19533)
  • Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#​19521)
  • Skip direct URL lock freshness checks while offline (#​19596)
  • Add import-names and import-namespaces support to uv-build (PEP 794) (#​19380)
  • Add a --no-editable-package flag to various commands (#​19584)
  • Infer Python version requests from source trees in uv tool invocations (#​19577)
Preview features
  • Add module owners to uv workspace metadata (#​19122)
  • Do not allow uv venv --clear to remove non-virtual environments (#​19595)
Bug fixes
  • Improve the performance of large entries in tool.uv.conflicts (#​19538)
  • Avoid modifying the parent process' env with --env-file in uv run (#​19567)
  • Fix script environment creation for scripts with long filenames (#​19539)
  • Fix transitive Git archive dependencies in lockfiles (#​19589)
  • Preserve Git repository URLs in direct URL metadata (#​19590)
  • Support redirects in --check-url (#​19594)
  • Accept case-insensitive HTML tags in --find-links parsing (#​19537)
  • Reject duplicate script metadata blocks (#​19544)
  • Ban names like "python3" as script entry points (#​19535, #​19536)
  • Validate Git LFS artifacts for Git archives (#​19592)
  • Use a relative path when creating symlinks in cache to improve relocatability (#​19033)
Documentation
  • Fix malformed positional anchors in the CLI reference (#​19575)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/uv-0.x branch from d2320c4 to 71e737d Compare June 4, 2026 21:48
@renovate renovate Bot changed the title Update dependency uv to v0.11.17 Update dependency uv to v0.11.18 Jun 4, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from 71e737d to ad9bba3 Compare June 7, 2026 01:39
@renovate renovate Bot changed the title Update dependency uv to v0.11.18 Update dependency uv to v0.11.19 Jun 7, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from ad9bba3 to 4667bc5 Compare June 13, 2026 18:05
@renovate renovate Bot changed the title Update dependency uv to v0.11.19 Update dependency uv to v0.11.20 Jun 13, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from 4667bc5 to 85bfc62 Compare June 14, 2026 21:28
@renovate renovate Bot changed the title Update dependency uv to v0.11.20 Update dependency uv to v0.11.21 Jun 14, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from 85bfc62 to 0f481e8 Compare June 22, 2026 03:08
@renovate renovate Bot changed the title Update dependency uv to v0.11.21 Update dependency uv to v0.11.22 Jun 22, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from 0f481e8 to 69a92b9 Compare June 22, 2026 20:05
@renovate renovate Bot changed the title Update dependency uv to v0.11.22 Update dependency uv to v0.11.23 Jun 22, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from 69a92b9 to d4496ab Compare June 26, 2026 23:30
@renovate renovate Bot changed the title Update dependency uv to v0.11.23 Update dependency uv to v0.11.24 Jun 26, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from d4496ab to aaf9570 Compare June 30, 2026 03:49
@renovate renovate Bot changed the title Update dependency uv to v0.11.24 Update dependency uv to v0.11.25 Jun 30, 2026
@renovate renovate Bot force-pushed the renovate/uv-0.x branch from aaf9570 to f735ca6 Compare July 3, 2026 18:15
@renovate renovate Bot changed the title Update dependency uv to v0.11.25 Update dependency uv to v0.11.26 Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants