Skip to content

Bump uv from 0.11.8 to 0.11.16#139

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uv-0.11.14
Closed

Bump uv from 0.11.8 to 0.11.16#139
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uv-0.11.14

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps uv from 0.11.8 to 0.11.16.

Release notes

Sourced from uv's releases.

0.11.16

Release Notes

Released on 2026-05-21.

Enhancements

  • Add support for direct archive dependencies in Git (#10072)
  • Adjust hint rendering (#18090)

Preview features

  • uv audit: specialize malformed OSV error (#19515)
  • Reject locked malware installations (#18936)

Configuration

  • Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

  • Allow environment variables that take a list to be empty (#19503)
  • Ensure that incompatible wheel hints do not leak secrets (#19504)
  • Reject unsafe entry points in uv-build (#19495)
  • Restrict delimiters in entry point parsing (#19471)
  • uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

  • Document and test relative exclude-newer support for uv pip (#19475)

Install uv 0.11.16

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.ps1 | iex"

Download uv 0.11.16

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.16

Released on 2026-05-21.

Enhancements

  • Add support for direct archive dependencies in Git (#10072)
  • Adjust hint rendering (#18090)

Preview features

  • uv audit: specialize malformed OSV error (#19515)
  • Reject locked malware installations (#18936)

Configuration

  • Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

  • Allow environment variables that take a list to be empty (#19503)
  • Ensure that incompatible wheel hints do not leak secrets (#19504)
  • Reject unsafe entry points in uv-build (#19495)
  • Restrict delimiters in entry point parsing (#19471)
  • uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

  • Document and test relative exclude-newer support for uv pip (#19475)

0.11.15

Released on 2026-05-18.

Security

Enhancements

  • Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
  • Add support for Azure request signing (#19421)
  • Apply stricter validation to all wheel filename segments (#19364)
  • Reject empty strings as an invalid package name (#19435)
  • Use structured errors for signing authentication failures (#19422)

Preview

  • uv audit: Add JSON output (#19305)

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 14, 2026
@dependabot dependabot Bot mentioned this pull request May 14, 2026
Closed
@dependabot
Bump uv from 0.11.8 to 0.11.16
7cb350b 
Bumps [uv](https://github.com/astral-sh/uv) from 0.11.8 to 0.11.16.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.8...0.11.16)

---
updated-dependencies:
- dependency-name: uv
  dependency-version: 0.11.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot changed the title Bump uv from 0.11.8 to 0.11.14 Bump uv from 0.11.8 to 0.11.16 May 27, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/uv-0.11.14 branch from 5573d54 to 7cb350b Compare May 27, 2026 09:05
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #186.

@dependabot dependabot Bot closed this Jun 22, 2026
@dependabot dependabot Bot deleted the dependabot/pip/uv-0.11.14 branch June 22, 2026 14:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants