Skip to content

chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.7#613

Open
jbot4400 wants to merge 1 commit intomainfrom
renovate/ghcr.io-astral-sh-uv-0.x
Open

chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.7#613
jbot4400 wants to merge 1 commit intomainfrom
renovate/ghcr.io-astral-sh-uv-0.x

Conversation

@jbot4400
Copy link
Copy Markdown
Collaborator

@jbot4400 jbot4400 commented Apr 8, 2026
edited
Loading

This PR contains the following updates:

Package Type Update Change
ghcr.io/astral-sh/uv final patch 0.11.30.11.7

Release Notes

astral-sh/uv (ghcr.io/astral-sh/uv)

v0.11.7

Compare Source

Released on 2026-04-15.

Python
  • Upgrade CPython build to 2026041 including an OpenSSL security upgrade (#​19004)
Enhancements
  • Elevate configuration errors to required-version mismatches (#​18977)
  • Further improve TLS certificate validation messages (#​18933)
  • Improve --exclude-newer hints (#​18952)
Preview features
  • Fix --script handling in uv audit (#​18970)
  • Fix traversal of extras in uv audit (#​18970)
Bug fixes
  • De-quote workspace metadata in linehaul data (#​18966)
  • Avoid installing tool workspace member dependencies as editable (#​18891)
  • Emit JSON report for uv sync --check failures (#​18976)
  • Filter and warn on invalid TLS certificates (#​18951)
  • Fix equality comparisons for version specifiers with ~= operators (#​18960)
  • Fix stale Python upgrade preview feature check in project environment construction (#​18961)
  • Improve Windows path normalization (#​18945)

v0.11.6

Compare Source

Released on 2026-04-09.

This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.

Bug fixes
  • Do not remove files outside the venv on uninstall (#​18942)
  • Validate and heal wheel RECORD during installation (#​18943)
  • Avoid uv cache clean errors due to Win32 path normalization (#​18856)

v0.11.5

Compare Source

Released on 2026-04-08.

Python
  • Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#​18908)
Enhancements
  • Fix build_system.requires error message (#​18911)
  • Remove trailing path separators in path normalization (#​18915)
  • Improve error messages for unsupported or invalid TLS certificates (#​18924)
Preview features
  • Add exclude-newer to [[tool.uv.index]] (#​18839)
  • uv audit: add context/warnings for ignored vulnerabilities (#​18905)
Bug fixes
  • Normalize persisted fork markers before lock equality checks (#​18612)
  • Clear junction properly when uninstalling Python versions on Windows (#​18815)
  • Report error cleanly instead of panicking on TLS certificate error (#​18904)
Documentation

v0.11.4

Compare Source

Released on 2026-04-07.

Enhancements
  • Add support for --upgrade-group (#​18266)
  • Merge repeated archive URL hashes by version ID (#​18841)
  • Require all direct URL hash algorithms to match (#​18842)
Bug fixes
  • Avoid panics in environment finding via cycle detection (#​18828)
  • Enforce direct URL hashes for pyproject.toml dependencies (#​18786)
  • Error on --locked and --frozen when script lockfile is missing (#​18832)
  • Fix uv export extra resolution for workspace member and conflicting extras (#​18888)
  • Include conflicts defined in virtual workspace root (#​18886)
  • Recompute relative exclude-newer values during uv tree --outdated (#​18899)
  • Respect --exclude-newer in uv tool list --outdated (#​18861)
  • Sort by comparator to break specifier ties (#​18850)
  • Store relative timestamps in tool receipts (#​18901)
  • Track newly-activated extras when determining conflicts (#​18852)
  • Patch Cargo.lock in uv-build source distributions (#​18831)
Documentation
  • Clarify that --exclude-newer compares artifact upload times (#​18830)

Configuration

📅 Schedule: (in timezone America/Denver)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@jbot4400 jbot4400 added dep:docker Updated Docker dependency dependencies Pull requests that update a dependency file renovate Pull requests opened by renovate[bot] labels Apr 8, 2026
@jbot4400 jbot4400 force-pushed the renovate/ghcr.io-astral-sh-uv-0.x branch from d009b9f to ce8d423 Compare April 8, 2026 20:59
@jbot4400 jbot4400 changed the title chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.4 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.5 Apr 8, 2026
@jbot4400 jbot4400 force-pushed the renovate/ghcr.io-astral-sh-uv-0.x branch from ce8d423 to 84186d8 Compare April 9, 2026 11:57
@jbot4400 jbot4400 changed the title chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.5 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.6 Apr 9, 2026
@jbot4400 jbot4400 force-pushed the renovate/ghcr.io-astral-sh-uv-0.x branch from 84186d8 to f5913ce Compare April 15, 2026 21:58
@jbot4400 jbot4400 changed the title chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.6 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.7 Apr 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dep:docker Updated Docker dependency dependencies Pull requests that update a dependency file renovate Pull requests opened by renovate[bot]

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jbot4400 @renovate-bot