Skip to content

Bump the minor group across 1 directory with 2 updates#244

Open
dependabot[bot] wants to merge 1 commit intov1.x.xfrom
dependabot/pip/minor-c6ebed43e9
Open

Bump the minor group across 1 directory with 2 updates#244
dependabot[bot] wants to merge 1 commit intov1.x.xfrom
dependabot/pip/minor-c6ebed43e9

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Bumps the minor group with 2 updates in the / directory: uv and time-machine.

Updates uv from 0.9.17 to 0.10.7

Release notes

Sourced from uv's releases.

0.10.7

Release Notes

Released on 2026-02-27.

Bug fixes

  • Fix handling of junctions in Windows Containers on Windows (#18192)

Enhancements

  • Activate logging for middleware retries (#18200)
  • Upload uv releases to a mirror (#18159)

Install uv 0.10.7

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.10.7/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.10.7/uv-installer.ps1 | iex"

Download uv 0.10.7

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
uv-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum
uv-armv7-unknown-linux-musleabihf.tar.gz ARMv7 MUSL Linux checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.10.7

Released on 2026-02-27.

Bug fixes

  • Fix handling of junctions in Windows Containers on Windows (#18192)

Enhancements

  • Activate logging for middleware retries (#18200)
  • Upload uv releases to a mirror (#18159)

0.10.6

Released on 2026-02-24.

Bug fixes

  • Apply lockfile marker normalization for fork markers (#18116)
  • Fix Python version selection for scripts with a requires-python conflicting with .python-version (#18097)
  • Preserve file permissions when using reflinks on Linux (#18187)

Documentation

  • Remove verbose documentation from optional dependencies help text (#18180)

0.10.5

Released on 2026-02-23.

Enhancements

  • Add hint when named index is found in a parent config file (#18087)
  • Add warning for uv lock --frozen (#17859)
  • Attempt to use reflinks by default on Linux (#18117)
  • Fallback to hardlinks after reflink failure before copying (#18104)
  • Filter pylock.toml wheels by tags and requires-python (#18081)
  • Validate wheel filenames are normalized during uv publish (#17783)
  • Fix message when exclude-newer invalidates the lock file (#18100)
  • Change the missing files log level to debug (#18075)

Performance

  • Improve performance of repeated conflicts with an extra (#18094)

Bug fixes

  • Fix --no-emit-workspace with --all-packages on single-member workspaces (#18098)
  • Fix UV_NO_DEFAULT_GROUPS rejecting truthy values like 1 (#18057)

... (truncated)

Commits

Updates time-machine from 3.1.0 to 3.2.0

Changelog

Sourced from time-machine's changelog.

3.2.0 (2025-12-17)

  • Add :attr:time_machine.naive_mode to control how time-machine interprets naive datetimes.

    The default mode is MIXED, which preserves existing behaviour: naive datetime objects and date objects are interpreted as UTC, while naive datetime strings are interpreted as local time.

    Three alternative modes are available:

    • UTC: naive datetimes are always interpreted as UTC.
    • LOCAL: naive datetimes are interpreted as local time, matching Python's default semantics, and freezegun.
    • ERROR: naive datetimes raise a RuntimeError, ensuring your tests are isolated from the current timezone.

    .. note::

    It’s recommended you use LOCAL or ERROR to avoid confusion around naive datetimes.

    PR [#591](https://github.com/adamchainz/time-machine/issues/591) <https://github.com/adamchainz/time-machine/pull/591>__. Thanks to Paolo Melchiorre for review.

    Thanks to PhML, Stefaan Lippens, Matthieu Rigal, Nikita Demir, Steve Mavens, Andy Freeland, and Paul Ganssle for their input on Issue [#257](https://github.com/adamchainz/time-machine/issues/257) <https://github.com/adamchainz/time-machine/issues/257>__.

  • Raise RuntimeError when attempting to start time travelling if freezegun <https://pypi.org/project/freezegun/>__ is active.

    This change should help avoid surprises when migrating complex test suites from freezegun to time-machine.

    PR [#590](https://github.com/adamchainz/time-machine/issues/590) <https://github.com/adamchainz/time-machine/pull/590>__.

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the minor group across 1 directory with 2 updates
f801b11 
Bumps the minor group with 2 updates in the / directory: [uv](https://github.com/astral-sh/uv) and [time-machine](https://github.com/adamchainz/time-machine).


Updates `uv` from 0.9.17 to 0.10.7
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.9.17...0.10.7)

Updates `time-machine` from 3.1.0 to 3.2.0
- [Changelog](https://github.com/adamchainz/time-machine/blob/main/docs/changelog.rst)
- [Commits](adamchainz/time-machine@3.1.0...3.2.0)

---
updated-dependencies:
- dependency-name: uv
  dependency-version: 0.10.7
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor
- dependency-name: time-machine
  dependency-version: 3.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users labels Mar 1, 2026
@dependabot dependabot bot requested a review from a team as a code owner March 1, 2026 04:53
@dependabot dependabot bot requested review from stefan-brus-frequenz and removed request for a team March 1, 2026 04:53
@dependabot dependabot bot added part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users labels Mar 1, 2026
@github-actions github-actions bot added part:dispatcher Affects the high-level dispatcher interface auto-merged Auto-approved Dependabot PRs labels Mar 1, 2026
@github-actions github-actions bot enabled auto-merge March 1, 2026 04:54
@github-actions github-actions bot added this pull request to the merge queue Mar 1, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to no response for status checks Mar 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@stefan-brus-frequenz stefan-brus-frequenz Awaiting requested review from stefan-brus-frequenz stefan-brus-frequenz is a code owner automatically assigned from frequenz-floss/api-dispatch-team

Assignees

No one assigned

Labels

auto-merged Auto-approved Dependabot PRs part:dispatcher Affects the high-level dispatcher interface part:tooling Affects the development tooling (CI, deployment, dependency management, etc.) type:tech-debt Improves the project without visible changes for users

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants