chore(deps): update dependency uv to v0.11.15

[renovate]

This PR contains the following updates:

Package	Update	Change	Pending
uv	patch	0.11.1 → 0.11.15	0.11.16

---

Release Notes

astral-sh/uv (uv)

v0.11.15

Compare Source

Released on 2026-05-18.

Security

• Fix a TAR partial differential, see GHSA-3cv2-h65g-fgmm (#​19463)
• Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#​19464)

Enhancements

• Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#​18741)
• Add support for Azure request signing (#​19421)
• Apply stricter validation to all wheel filename segments (#​19364)
• Reject empty strings as an invalid package name (#​19435)
• Use structured errors for signing authentication failures (#​19422)

Preview

• uv audit: Add JSON output (#​19305)

Configuration

• Respect required-environments in uv pip compile (#​19378)

Performance

• Avoid parsing JSON manifest when local Python is available (#​19398)
• Avoid walking nested directories in linker conflict registration (#​19382)
• Optimize async wheel ZIP writing (#​19383)
• Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#​19425)

Bug fixes

• Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#​19423)
• Skip empty directories in uv build outputs (#​19437)
• Fix Git submodule handling when using relative paths (#​12156)
• Fix line number reporting in netrc parsing (#​19452)

Documentation

• Move Bazel auth helper setup into integration guide (#​19392)

v0.11.14

Compare Source

Released on 2026-05-12.

Enhancements

• Add Astral mirror URL override (#​19206)
• Ignore top_level.txt entries in uninstall that are not valid Python identifiers (#​19340)

Bug fixes

• Avoid applying .env files in parent process (#​19343)
• Filter ANSI codes in logging output (#​19311)
• Fix uv tree showing extra-conditional deps for packages required without extras (#​19332)
• Respect build options (e.g., --no-build) during lock validation (#​19366)

v0.11.13

Compare Source

Released on 2026-05-10.

Bug fixes

• Include data files in editable builds (#​19312)
• Respect --require-hashes when installing from pylock.toml files (#​19334)

Python

• Add CPython 3.14.5

v0.11.12

Compare Source

Released on 2026-05-08.

Python

• Add CPython 3.15.0b1

Enhancements

• Add --no-editable support to uv pip install (#​19306)
• Require git refs in URLs to be percent-encoded (#​19320)

Bug fixes

• Respect --no-dev over UV_DEV=1 (#​19313)

• Don't suggest non-existent --no-frozen flag (#​19290) (#​19294)

Documentation

• Fix bug from inconsistent workflow name in GHA-PyPI guide example (#​19309)

v0.11.11

Compare Source

Released on 2026-05-06.

Bug fixes

• Accept legacy ID format from pre-0.11.9 cache entries (#​19301)

v0.11.10

Compare Source

Released on 2026-05-05.

Bug fixes

• Allow pre-release Python requests with non-zero patch versions (#​19286)

v0.11.9

Compare Source

Released on 2026-05-04.

This release includes a special release candidate for the next Python 3.14 patch release. Python 3.14 included a new garbage collection implementation, which reduced pause times but caused significant unexpected memory pressure in production environments. In 3.14.5 and 3.15, the previous garbage collection implementation will be restored.

We would greatly appreciate if you tested the 3.14.5rc1 version included in this release. The stable version is expected to be released soon and any feedback on potential issues would be helpful to the Python development team.

For more context, see the announcement, issue, and pull request.

Issues with the new release can be reported in the uv or CPython issue trackers.

Python

• Upgrade PyPy to v7.3.22
• Add CPython 3.14.5rc1
• On macOS, CPython statically links libpython to match Linux

Enhancements

• Omit compatible release desugaring for pre-release hints (#​19267)
• Fix file locks on Android (#​18323)

Preview

• uv audit add reporting for adverse project statuses (#​19128)

Bug fixes

• Discover versioned Python executables when requires-python pins a version (#​18700)
• Fix URL prefix matching to require path boundaries (#​19154)
• Fix transitive Git path dependencies in lockfiles (#​19269)
• Handle incorrect unlock error in LockedFile::drop on Wine (#​19229)
• Prevent uninstalling site-packages for empty top_level.txt in .egg-info (#​19114)
• Use symlinks instead of junctions on Wine (#​19213)
• Fix floating-point environment handling on ARMv7 (#​19157)
• Redact credentials from remote requirements URL in offline errors (#​19216)
• Windows tramplolines no longer set PYTHONHOME and only set __PYVENV_LAUNCHER__ for virtual environments (#​19199)

Documentation

• Mark --native-tls and UV_NATIVE_TLS as deprecated (#​18705)
• Re-add pytorch-triton-rocm to PyTorch ROCm docs (#​19241)
• Tweak changelog entries for 0.11.8 (#​19188)
• Add 'Exporting lockfiles' to the Concepts->Projects index (#​19209)
• Clarify that uv init creates git files / folders in the projects guide (#​19183)

v0.11.8

Compare Source

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#​19092)
• Fetch uv from Astral mirror during self-update (#​18682)
• Support pip uninstall -y (#​19082)
• Add UV_PYTHON_NO_REGISTRY (#​19035)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#​19024)
• Only show the version number in uv self version --short (#​19019)
• Silence warnings on empty SSL_CERT_DIR directory (#​19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#​19022, #​19101)

Configuration

• Add an environment variable for UV_NO_PROJECT (#​19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#​19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#​19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#​19088)
• Redact pre-signed upload URLs in verbose output (#​19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#​19076, #​19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#​19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#​19102)
• Fix Python variant tagging in the Windows registry (#​19012)
• Use a single codepath for extracting a .tar.zst wheel, disallowing external symlinks (#​19144)

Documentation

• Bump astral-sh/setup-uv version in docs (#​19030)
• Update PyTorch documentation for PyTorch 2.11 (#​19095)
• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#​19130)

v0.11.7

Compare Source

Released on 2026-04-15.

Python

• Upgrade CPython build to 2026041 including an OpenSSL security upgrade (#​19004)

Enhancements

• Elevate configuration errors to required-version mismatches (#​18977)
• Further improve TLS certificate validation messages (#​18933)
• Improve --exclude-newer hints (#​18952)

Preview features

• Fix --script handling in uv audit (#​18970)
• Fix traversal of extras in uv audit (#​18970)

Bug fixes

• De-quote workspace metadata in linehaul data (#​18966)
• Avoid installing tool workspace member dependencies as editable (#​18891)
• Emit JSON report for uv sync --check failures (#​18976)
• Filter and warn on invalid TLS certificates (#​18951)
• Fix equality comparisons for version specifiers with ~= operators (#​18960)
• Fix stale Python upgrade preview feature check in project environment construction (#​18961)
• Improve Windows path normalization (#​18945)

v0.11.6

Compare Source

Released on 2026-04-09.

Bug fixes

• Do not remove files outside the venv on uninstall (#​18942)
• Validate and heal wheel RECORD during installation (#​18943)
• Avoid uv cache clean errors due to Win32 path normalization (#​18856)

v0.11.5

Compare Source

Released on 2026-04-08.

Python

• Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#​18908)

Enhancements

• Fix build_system.requires error message (#​18911)
• Remove trailing path separators in path normalization (#​18915)
• Improve error messages for unsupported or invalid TLS certificates (#​18924)

Preview features

• Add exclude-newer to [[tool.uv.index]] (#​18839)
• uv audit: add context/warnings for ignored vulnerabilities (#​18905)

Bug fixes

• Normalize persisted fork markers before lock equality checks (#​18612)
• Clear junction properly when uninstalling Python versions on Windows (#​18815)
• Report error cleanly instead of panicking on TLS certificate error (#​18904)

Documentation

• Remove the legacy PIP_COMPATIBILITY.md redirect file (#​18928)
• Fix uv init example-bare --bare examples (#​18822, #​18925)

v0.11.4

Compare Source

Released on 2026-04-07.

Python

• Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#​18908)

Enhancements

• Add support for --upgrade-group (#​18266)
• Merge repeated archive URL hashes by version ID (#​18841)
• Require all direct URL hash algorithms to match (#​18842)

Bug fixes

• Avoid panics in environment finding via cycle detection (#​18828)
• Enforce direct URL hashes for pyproject.toml dependencies (#​18786)
• Error on --locked and --frozen when script lockfile is missing (#​18832)
• Fix uv export extra resolution for workspace member and conflicting extras (#​18888)
• Include conflicts defined in virtual workspace root (#​18886)
• Recompute relative exclude-newer values during uv tree --outdated (#​18899)
• Respect --exclude-newer in uv tool list --outdated (#​18861)
• Sort by comparator to break specifier ties (#​18850)
• Store relative timestamps in tool receipts (#​18901)
• Track newly-activated extras when determining conflicts (#​18852)
• Patch Cargo.lock in uv-build source distributions (#​18831)

Documentation

• Clarify that --exclude-newer compares artifact upload times (#​18830)

v0.11.3

Compare Source

Released on 2026-04-01.

Enhancements

• Add progress bar for hashing phase in uv publish (#​18752)
• Add support for ROCm 7.2 (#​18730)
• Emit abi3t tags for every abi3 version (#​18777)
• Expand uv workspace metadata with dependency information from the lock (#​18356)
• Implement support for PEP 803 (#​18767)
• Pretty-print platform in built wheel errors (#​18738)
• Publish installers to /installers/uv/latest on the mirror (#​18725)
• Show free-threaded Python in built-wheel errors (#​18740)

Preview features

• Add --ignore and --ignore-until-fixed to uv audit (#​18737)

Bug fixes

• Bump simple API cache (#​18797)
• Don't drop blake2b hashes (#​18794)
• Handle broken range request implementations (#​18780)
• Remove powerpc64-unknown-linux-gnu from release build targets (#​18800)
• Respect dependency metadata overrides in uv pip check (#​18742)
• Support debug CPython ABI tags in environment compatibility (#​18739)

Documentation

• Document false opt-out for exclude-newer-package (#​18768, #​18803)

v0.11.2

Compare Source

Released on 2026-03-26.

Enhancements

• Add a dedicated Windows PE editing error (#​18710)
• Make uv self update fetch the manifest from the mirror first (#​18679)
• Use uv reqwest client for self update (#​17982)
• Show uv self update success and failure messages with --quiet (#​18645)

Preview features

• Evaluate extras and groups when determining auditable packages (#​18511)

Bug fixes

• Skip redundant project configuration parsing for uv run (#​17890)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Coverage report

This PR does not seem to contain any modification to coverable code.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: mise.lock

mise ERROR error parsing config file: /tmp/renovate/repos/github/claranet/tfwrapper/mise.toml
mise ERROR Config files in /tmp/renovate/repos/github/claranet/tfwrapper/mise.toml are not trusted.
Trust them with `mise trust`. See https://mise.en.dev/cli/trust.html for more information.
mise ERROR Run with --verbose or MISE_VERBOSE=1 for more information

Command failed: mise lock uv
mise ERROR error parsing config file: /tmp/renovate/repos/github/claranet/tfwrapper/mise.toml
mise ERROR Config files in /tmp/renovate/repos/github/claranet/tfwrapper/mise.toml are not trusted.
Trust them with `mise trust`. See https://mise.en.dev/cli/trust.html for more information.
mise ERROR Run with --verbose or MISE_VERBOSE=1 for more information