Skip to content

build(deps): bump uv from 0.11.2 to 0.11.8#431

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uv-0.11.8
Closed

build(deps): bump uv from 0.11.2 to 0.11.8#431
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uv-0.11.8

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Bumps uv from 0.11.2 to 0.11.8.

Release notes

Sourced from uv's releases.

0.11.8

Release Notes

Released on 2026-04-27.

Enhancements

  • Add --python-downloads-json-url to python pin (#19092)
  • Fetch uv from Astral mirror during self-update (#18682)
  • Support pip uninstall -y (#19082)
  • Add UV_PYTHON_NO_REGISTRY (#19035)
  • Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
  • Only show the version number in uv self version --short (#19019)
  • Silence warnings on empty SSL_CERT_DIR directory (#19018)
  • Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

  • Add an environment variable for UV_NO_PROJECT (#19052)
  • Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

  • Add rust-toolchain.toml to uv-build sdist (#19131)
  • Ensure uv invocations of git do not inherit repository location environment variables (#19088)
  • Redact pre-signed upload URLs in verbose output (#19146)
  • Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
  • Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
  • Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
  • Fix Python variant tagging in the Windows registry (#19012)
  • Use a single codepath for extracting a .tar.zst wheel, disallowing external symlinks (#19144)

Documentation

  • Bump astral-sh/setup-uv version in docs (#19030)
  • Update PyTorch documentation for PyTorch 2.11 (#19095)
  • Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Install uv 0.11.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.8/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.8/uv-installer.ps1 | iex"
</tr></table>

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.8

Released on 2026-04-27.

Enhancements

  • Add --python-downloads-json-url to python pin (#19092)
  • Fetch uv from Astral mirror during self-update (#18682)
  • Support pip uninstall -y (#19082)
  • Add UV_PYTHON_NO_REGISTRY (#19035)
  • Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
  • Only show the version number in uv self version --short (#19019)
  • Silence warnings on empty SSL_CERT_DIR directory (#19018)
  • Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

  • Add an environment variable for UV_NO_PROJECT (#19052)
  • Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

  • Add rust-toolchain.toml to uv-build sdist (#19131)
  • Ensure uv invocations of git do not inherit repository location environment variables (#19088)
  • Redact pre-signed upload URLs in verbose output (#19146)
  • Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
  • Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
  • Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
  • Fix Python variant tagging in the Windows registry (#19012)
  • Use a single codepath for extracting a .tar.zst wheel, disallowing external symlinks (#19144)

Documentation

  • Bump astral-sh/setup-uv version in docs (#19030)
  • Update PyTorch documentation for PyTorch 2.11 (#19095)
  • Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

0.11.7

Released on 2026-04-15.

Python

  • Upgrade CPython build to 20260414 including an OpenSSL security upgrade (#19004)

Enhancements

  • Elevate configuration errors to required-version mismatches (#18977)
  • Further improve TLS certificate validation messages (#18933)
  • Improve --exclude-newer hints (#18952)

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
build(deps): bump uv from 0.11.2 to 0.11.8
38ae75b 
Bumps [uv](https://github.com/astral-sh/uv) from 0.11.2 to 0.11.8.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.11.2...0.11.8)

---
updated-dependencies:
- dependency-name: uv
  dependency-version: 0.11.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Apr 27, 2026
@dependabot dependabot Bot mentioned this pull request Apr 27, 2026
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 11, 2026

Superseded by #445.

@dependabot dependabot Bot closed this May 11, 2026
@dependabot dependabot Bot deleted the dependabot/pip/uv-0.11.8 branch May 11, 2026 18:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants