Skip to content

chore(mise.tasks): Update dependency astral-sh/uv to v0.11.28#274

Merged
charliie-dev merged 1 commit into
devfrom
renovate/mise-task-tools
Jul 13, 2026
Merged

chore(mise.tasks): Update dependency astral-sh/uv to v0.11.28#274
charliie-dev merged 1 commit into
devfrom
renovate/mise-task-tools

Conversation

@renovate

@renovate renovate Bot commented Jul 12, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
astral-sh/uv patch 0.11.260.11.28

Release Notes

astral-sh/uv (astral-sh/uv)

v0.11.28

Compare Source

Released on 2026-07-07.

Security

This release updates our ZIP library, astral-async-zip, to v0.0.20, which includes 15 changes that harden our ZIP handling against parser differentials. uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Python
Enhancements
  • Improve trace logs for unexpected error chains (#​20220)
  • Move lockfile update guidance to a hint (#​20219)
  • Preserve indentation for multiline error causes (#​20156)
  • Render user errors with their cause chains (#​20217)
  • Route final command errors through the printer to respect -q and -qq (#​20163)
  • Use standard rendering for uv build errors (#​20159)
  • Use standard rendering for tool requirement errors (#​20160)
Performance
  • Only compile bytecode for installed distributions in uv pip install (#​19914)
  • Avoid allocating URL-safe Git revisions (#​20194)
  • Avoid allocating canonical Python request strings (#​20193)
  • Avoid allocating custom Astral mirror URLs (#​20204)
  • Avoid allocating expanded compatibility tags (#​20190)
  • Avoid allocating shell strings that need no escaping (#​20196)
  • Avoid allocating static ABI descriptions (#​20201)
  • Avoid allocating static Windows executable names (#​20200)
  • Avoid allocating static dependency table names (#​20199)
  • Avoid allocating static platform triple components (#​20195)
  • Avoid allocating static resolver report labels (#​20198)
  • Avoid allocating static unavailable-version messages (#​20197)
  • Avoid allocating unchanged Python download architectures (#​20202)
  • Avoid allocating unchanged paths during case normalization (#​20203)
  • Avoid allocations when expanding group conflicts (#​20211)
  • Avoid allocations when formatting requirements (#​20206)
  • Avoid cloning credential lookup services (#​20210)
  • Avoid cloning dry-run distributions (#​20209)
  • Avoid cloning owned dependency metadata (#​20212)
  • Avoid redundant direct URL clones (#​20207)
  • Create metadata version errors lazily (#​20205)
  • Optimize expanded tag compatibility checks (#​20171)
  • Optimize parsing of single-digit three-part versions (#​20118)
Bug fixes
  • Avoid overflow when computing HTTP cache age (#​20178)
  • Respect --upgrade when upgrade-package is configured (#​19955)
  • Support uv tree in dependency-group-only projects (#​20167)
  • Treat cache entries as stale at exact expiration (#​20183)

v0.11.27

Compare Source

Released on 2026-07-06.

Enhancements
  • Continue on ignored errors when fetching wheel metadata (#​12255)
  • Use caching for --python-downloads-json-url (#​16749)
Preview features
  • Discover extensionless shebang scripts in uv workspace list --scripts (#​20099)
Performance
  • Avoid full site-packages scans for direct reinstalls (#​20119)
  • Avoid redundant pyproject parsing (#​20076)
  • Cache default dependency markers when reading locks (#​20125)
  • Enable SIMD-accelerated TOML parsing (#​20079)
  • Intern requires-python specifiers in Simple API parsing (#​20104)
  • Read cache entries into exact-sized buffers (#​20120)
  • Reduce VersionSpecifiers parsing allocations (#​20105)
  • Reduce site-packages scan allocation overhead (#​20087)
  • Reuse package names when parsing wheel filenames (#​20110)
  • Sort Simple API files after grouping (#​20112)
Bug fixes
  • Always emit packages table for pylock.toml (#​20145)
  • Avoid blank line for empty uv pip tree (#​20062)
  • Encode hashes in file paths (#​19807)
  • Error on a registry uv.lock package without a version instead of panicking (#​19855)
  • Preserve conditional extra markers in exports (#​20148)
  • Skip the ambiguous authority check for file transport VCS URLs (#​20086)
  • Sync index format when uv add --index updates an existing index URL (#​19818)
Other changes

Configuration

📅 Schedule: (in timezone Asia/Taipei)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested review from a team and Copilot July 12, 2026 16:49
@renovate renovate Bot added dependencies Pull requests that update a dependency file mise labels Jul 12, 2026
@renovate renovate Bot requested a review from charliie-dev as a code owner July 12, 2026 16:49
@renovate renovate Bot added dependencies Pull requests that update a dependency file mise labels Jul 12, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot can't review bot-authored pull requests automatically. A user with Copilot access can request a review manually.

@charliie-dev charliie-dev merged commit 6806769 into dev Jul 13, 2026
8 of 9 checks passed
@charliie-dev charliie-dev deleted the renovate/mise-task-tools branch July 13, 2026 06:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file mise

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants