Skip to content

Update string marker ordering semantics#19808

Merged
charliermarsh merged 1 commit into
mainfrom
charlie/update-string-marker-ordering
Jun 13, 2026
Merged

Update string marker ordering semantics#19808
charliermarsh merged 1 commit into
mainfrom
charlie/update-string-marker-ordering

Conversation

@charliermarsh

@charliermarsh charliermarsh commented Jun 11, 2026

Copy link
Copy Markdown
Member

Summary

Prior to this change, we used lexicographic ordering for pure string-valued environment markers. For example, with os_name = "posix", both os_name > "nt" and os_name >= "nt" evaluated to true.

The current dependency specification, updated by pypa/packaging.python.org#1988, defines strict string comparisons (> and <) as always false, while inclusive comparisons (>= and <=) are equivalent to equality. This applies those rules to every pure String marker field, including reversed operand forms.

platform_release and platform_version remain on their existing comparison path because the specification types them as Version | String rather than pure strings.

@astral-sh-bot

astral-sh-bot Bot commented Jun 11, 2026

Copy link
Copy Markdown

uv test inventory changes

This PR changes the tests when compared with the latest main baseline.

  • Added tests: 16
  • Removed tests: 0
  • Changed suites: 7
uv-auth: +2 / -0

Added:

  • uv-auth::credentials::tests::from_url_invalid_utf8_password
  • uv-auth::credentials::tests::from_url_invalid_utf8_username

Removed: none

uv-client::it: +1 / -0

Added:

  • uv-client::it::cached_client::reject_overflowing_cache_policy_length

Removed: none

uv-install-wheel: +1 / -0

Added:

  • uv-install-wheel::wheel::test::invalid_utf8_entry_points

Removed: none

uv-pep508: +5 / -0

Added:

  • uv-pep508::marker::tree::test::test_marker_expression_non_ascii_trailing
  • uv-pep508::marker::tree::test::test_string_ordering_comparisons
  • uv-pep508::tests::invalid_version_specifier_commas
  • uv-pep508::tests::parenthesized_trailing_comma
  • uv-pep508::tests::versions_trailing_comma

Removed: none

uv-shell: +3 / -0

Added:

  • uv-shell::shlex::tests::posix_empty_path
  • uv-shell::shlex::tests::posix_path_with_metacharacters
  • uv-shell::shlex::tests::posix_safe_path

Removed: none

uv::build: +2 / -0

Added:

  • uv::build::cache_prune::prune_ci_empty_cache
  • uv::build::cache_prune::prune_python_downloads

Removed: none

uv::project: +2 / -0

Added:

  • uv::project::check::check_no_sync_ignores_invalid_lockfile
  • uv::project::check::check_passes_workspace_metadata_to_ty

Removed: none

@charliermarsh charliermarsh added the compatibility Compatibility with a specification or another tool label Jun 11, 2026
@charliermarsh charliermarsh marked this pull request as ready for review June 11, 2026 18:00
@charliermarsh charliermarsh added the bug Something isn't working label Jun 11, 2026
@charliermarsh charliermarsh merged commit c462cc0 into main Jun 13, 2026
56 checks passed
@charliermarsh charliermarsh deleted the charlie/update-string-marker-ordering branch June 13, 2026 18:27
hbjydev pushed a commit to hbjydev/phoebe that referenced this pull request Jun 19, 2026
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [uv](https://github.com/astral-sh/uv) | patch | `0.11.21` → `0.11.22` |

---

### Release Notes

<details>
<summary>astral-sh/uv (uv)</summary>

### [`v0.11.22`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01122)

[Compare Source](astral-sh/uv@0.11.21...0.11.22)

Released on 2026-06-18.

##### Enhancements

- Publish wheels before sdists in `uv publish` ([#&#8203;19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#&#8203;19821](astral-sh/uv#19821))

##### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#&#8203;18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#&#8203;19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#&#8203;19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#&#8203;19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#&#8203;19872](astral-sh/uv#19872))

##### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#&#8203;19532](astral-sh/uv#19532))

##### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#&#8203;19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#&#8203;19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#&#8203;19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#&#8203;19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#&#8203;19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#&#8203;19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#&#8203;19868](astral-sh/uv#19868))
- Allow `uv` to be recursively invoked by PEP 517 build hooks ([#&#8203;19879](astral-sh/uv#19879))
- Allow empty `credentials.toml` files ([#&#8203;19815](astral-sh/uv#19815))
- Fix transparent Python upgrades in project environments ([#&#8203;19890](astral-sh/uv#19890))
- Handle non-file editable URLs in `uv pip list` ([#&#8203;19867](astral-sh/uv#19867))
- Fix incorrect output from `uv tree --invert` ([#&#8203;19910](astral-sh/uv#19910))
- Fix environment locking of `uv venv` in a project ([#&#8203;19837](astral-sh/uv#19837))
- Fix handling of workspace-exclusive dependency groups in `uv tree` ([#&#8203;19905](astral-sh/uv#19905))

##### Documentation

- Archive the 0.10.x changelog ([#&#8203;19813](astral-sh/uv#19813))

##### Other changes

- Mark more tests as requiring network for vendors that need to run tests offline ([#&#8203;19819](astral-sh/uv#19819))

</details>

---

### Configuration

📅 **Schedule**: (in timezone Europe/London)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMzIuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIzMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9naXRodWItcmVsZWFzZSIsInR5cGUvcGF0Y2giXX0=-->

Reviewed-on: https://forgejo.hayden.moe/hayden/phoebe/pulls/151
blake-hamm added a commit to blake-hamm/bhamm-lab that referenced this pull request Jun 20, 2026
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [ghcr.io/astral-sh/uv](https://github.com/astral-sh/uv) | stage | patch | `0.11.21` → `0.11.23` |

---

> ⚠️ **Warning**
>
> Some dependencies could not be looked up. Check the [Dependency Dashboard](issues/155) for more information.

---

### Release Notes

<details>
<summary>astral-sh/uv (ghcr.io/astral-sh/uv)</summary>

### [`v0.11.23`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01123)

[Compare Source](astral-sh/uv@0.11.22...0.11.23)

Released on 2026-06-19.

##### Bug fixes

- Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#&#8203;19925](astral-sh/uv#19925))
- Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#&#8203;19926](astral-sh/uv#19926))

### [`v0.11.22`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01122)

[Compare Source](astral-sh/uv@0.11.21...0.11.22)

Released on 2026-06-18.

##### Enhancements

- Publish wheels before sdists in `uv publish` ([#&#8203;19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#&#8203;19821](astral-sh/uv#19821))

##### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#&#8203;18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#&#8203;19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#&#8203;19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#&#8203;19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#&#8203;19872](astral-sh/uv#19872))

##### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#&#8203;19532](astral-sh/uv#19532))

##### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#&#8203;19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#&#8203;19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#&#8203;19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#&#8203;19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#&#8203;19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#&#8203;19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#&#8203;19868](astral-sh/uv#19868))
- Allow `uv` to be recursively invoked by PEP 517 build hooks ([#&#8203;19879](astral-sh/uv#19879))
- Allow empty `credentials.toml` files ([#&#8203;19815](astral-sh/uv#19815))
- Fix transparent Python upgrades in project environments ([#&#8203;19890](astral-sh/uv#19890))
- Handle non-file editable URLs in `uv pip list` ([#&#8203;19867](astral-sh/uv#19867))
- Fix incorrect output from `uv tree --invert` ([#&#8203;19910](astral-sh/uv#19910))
- Fix environment locking of `uv venv` in a project ([#&#8203;19837](astral-sh/uv#19837))
- Fix handling of workspace-exclusive dependency groups in `uv tree` ([#&#8203;19905](astral-sh/uv#19905))

##### Documentation

- Archive the 0.10.x changelog ([#&#8203;19813](astral-sh/uv#19813))

##### Other changes

- Mark more tests as requiring network for vendors that need to run tests offline ([#&#8203;19819](astral-sh/uv#19819))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjAuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyMC4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: Renovate Bot <renovate@bhamm-lab.com>
Reviewed-on: https://codeberg.org/blake-hamm/bhamm-lab/pulls/214
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Jul 9, 2026
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [uv](https://github.com/astral-sh/uv) | patch | `0.11.21` → `0.11.28` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (uv)</summary>

### [`v0.11.28`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01128)

[Compare Source](astral-sh/uv@0.11.27...0.11.28)

Released on 2026-07-07.

##### Security

This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes.

##### Python

- Upgrade GraalPy to 25.1.3 ([#&#8203;20069](astral-sh/uv#20069))

##### Enhancements

- Improve trace logs for unexpected error chains ([#&#8203;20220](astral-sh/uv#20220))
- Move lockfile update guidance to a hint ([#&#8203;20219](astral-sh/uv#20219))
- Preserve indentation for multiline error causes ([#&#8203;20156](astral-sh/uv#20156))
- Render user errors with their cause chains ([#&#8203;20217](astral-sh/uv#20217))
- Route final command errors through the printer to respect `-q` and `-qq` ([#&#8203;20163](astral-sh/uv#20163))
- Use standard rendering for `uv build` errors ([#&#8203;20159](astral-sh/uv#20159))
- Use standard rendering for tool requirement errors ([#&#8203;20160](astral-sh/uv#20160))

##### Performance

- Only compile bytecode for installed distributions in `uv pip install` ([#&#8203;19914](astral-sh/uv#19914))
- Avoid allocating URL-safe Git revisions ([#&#8203;20194](astral-sh/uv#20194))
- Avoid allocating canonical Python request strings ([#&#8203;20193](astral-sh/uv#20193))
- Avoid allocating custom Astral mirror URLs ([#&#8203;20204](astral-sh/uv#20204))
- Avoid allocating expanded compatibility tags ([#&#8203;20190](astral-sh/uv#20190))
- Avoid allocating shell strings that need no escaping ([#&#8203;20196](astral-sh/uv#20196))
- Avoid allocating static ABI descriptions ([#&#8203;20201](astral-sh/uv#20201))
- Avoid allocating static Windows executable names ([#&#8203;20200](astral-sh/uv#20200))
- Avoid allocating static dependency table names ([#&#8203;20199](astral-sh/uv#20199))
- Avoid allocating static platform triple components ([#&#8203;20195](astral-sh/uv#20195))
- Avoid allocating static resolver report labels ([#&#8203;20198](astral-sh/uv#20198))
- Avoid allocating static unavailable-version messages ([#&#8203;20197](astral-sh/uv#20197))
- Avoid allocating unchanged Python download architectures ([#&#8203;20202](astral-sh/uv#20202))
- Avoid allocating unchanged paths during case normalization ([#&#8203;20203](astral-sh/uv#20203))
- Avoid allocations when expanding group conflicts ([#&#8203;20211](astral-sh/uv#20211))
- Avoid allocations when formatting requirements ([#&#8203;20206](astral-sh/uv#20206))
- Avoid cloning credential lookup services ([#&#8203;20210](astral-sh/uv#20210))
- Avoid cloning dry-run distributions ([#&#8203;20209](astral-sh/uv#20209))
- Avoid cloning owned dependency metadata ([#&#8203;20212](astral-sh/uv#20212))
- Avoid redundant direct URL clones ([#&#8203;20207](astral-sh/uv#20207))
- Create metadata version errors lazily ([#&#8203;20205](astral-sh/uv#20205))
- Optimize expanded tag compatibility checks ([#&#8203;20171](astral-sh/uv#20171))
- Optimize parsing of single-digit three-part versions ([#&#8203;20118](astral-sh/uv#20118))

##### Bug fixes

- Avoid overflow when computing HTTP cache age ([#&#8203;20178](astral-sh/uv#20178))
- Respect `--upgrade` when `upgrade-package` is configured ([#&#8203;19955](astral-sh/uv#19955))
- Support `uv tree` in dependency-group-only projects ([#&#8203;20167](astral-sh/uv#20167))
- Treat cache entries as stale at exact expiration ([#&#8203;20183](astral-sh/uv#20183))

### [`v0.11.27`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01127)

[Compare Source](astral-sh/uv@0.11.26...0.11.27)

Released on 2026-07-06.

##### Enhancements

- Continue on ignored errors when fetching wheel metadata ([#&#8203;12255](astral-sh/uv#12255))
- Use caching for `--python-downloads-json-url` ([#&#8203;16749](astral-sh/uv#16749))

##### Preview features

- Discover extensionless shebang scripts in `uv workspace list --scripts` ([#&#8203;20099](astral-sh/uv#20099))

##### Performance

- Avoid full site-packages scans for direct reinstalls ([#&#8203;20119](astral-sh/uv#20119))
- Avoid redundant pyproject parsing ([#&#8203;20076](astral-sh/uv#20076))
- Cache default dependency markers when reading locks ([#&#8203;20125](astral-sh/uv#20125))
- Enable SIMD-accelerated TOML parsing ([#&#8203;20079](astral-sh/uv#20079))
- Intern `requires-python` specifiers in Simple API parsing ([#&#8203;20104](astral-sh/uv#20104))
- Read cache entries into exact-sized buffers ([#&#8203;20120](astral-sh/uv#20120))
- Reduce VersionSpecifiers parsing allocations ([#&#8203;20105](astral-sh/uv#20105))
- Reduce site-packages scan allocation overhead ([#&#8203;20087](astral-sh/uv#20087))
- Reuse package names when parsing wheel filenames ([#&#8203;20110](astral-sh/uv#20110))
- Sort Simple API files after grouping ([#&#8203;20112](astral-sh/uv#20112))

##### Bug fixes

- Always emit `packages` table for pylock.toml ([#&#8203;20145](astral-sh/uv#20145))
- Avoid blank line for empty `uv pip tree` ([#&#8203;20062](astral-sh/uv#20062))
- Encode hashes in file paths ([#&#8203;19807](astral-sh/uv#19807))
- Error on a registry uv.lock package without a version instead of panicking ([#&#8203;19855](astral-sh/uv#19855))
- Preserve conditional extra markers in exports ([#&#8203;20148](astral-sh/uv#20148))
- Skip the ambiguous authority check for file transport VCS URLs ([#&#8203;20086](astral-sh/uv#20086))
- Sync index format when `uv add --index` updates an existing index URL ([#&#8203;19818](astral-sh/uv#19818))

##### Other changes

- Re-add `pub` APIs used in Pixi ([#&#8203;20074](astral-sh/uv#20074))
- Update Rust toolchain to 1.96.1 ([#&#8203;20103](astral-sh/uv#20103))

### [`v0.11.26`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01126)

[Compare Source](astral-sh/uv@0.11.25...0.11.26)

Released on 2026-06-30.

##### Performance

- Adapt uv to IDs-only PubGrub dependencies ([#&#8203;20048](astral-sh/uv#20048))
- Avoid allocations in `ForkMap::contains` ([#&#8203;20023](astral-sh/uv#20023))
- Reuse resolver work across PubGrub iterations ([#&#8203;20020](astral-sh/uv#20020))
- Speed up candidate selection for disjoint ranges ([#&#8203;20026](astral-sh/uv#20026))

##### Bug fixes

- Warn when the build cache is inside the source directory ([#&#8203;20056](astral-sh/uv#20056))

### [`v0.11.25`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01125)

[Compare Source](astral-sh/uv@0.11.24...0.11.25)

Released on 2026-06-26.

##### Security

This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes.

##### Enhancements

- Add a full "lockfile" to tool receipts ([#&#8203;18937](astral-sh/uv#18937))
- Allow scoped overrides to add dependencies ([#&#8203;19974](astral-sh/uv#19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments` ([#&#8203;19933](astral-sh/uv#19933))
- Factor supported environments out of lockfile markers ([#&#8203;19969](astral-sh/uv#19969))
- Recommend our own build backend in the build frontend ([#&#8203;19994](astral-sh/uv#19994))
- Reject wheels with multiple .dist-info directories ([#&#8203;19986](astral-sh/uv#19986))
- Simplify dependency markers under parent reachability ([#&#8203;19971](astral-sh/uv#19971))
- Support scoped dependency exclusions ([#&#8203;19977](astral-sh/uv#19977))
- Support scoped dependency overrides ([#&#8203;19970](astral-sh/uv#19970))
- Explain why files are skipped in registry index parsing ([#&#8203;19983](astral-sh/uv#19983))

##### Preview features

- Add `uv workspace list --scripts` ([#&#8203;20009](astral-sh/uv#20009))
- Support centralised environments in `uv venv` ([#&#8203;19912](astral-sh/uv#19912))
- Use locked ty versions in `uv check` ([#&#8203;19884](astral-sh/uv#19884))
- Add centralized storage of project environments ([#&#8203;18214](astral-sh/uv#18214))
- Verify lockfile hashes before reusing a cached ty in `uv check` ([#&#8203;19995](astral-sh/uv#19995))
- Use locked dependency selection for `uv check --script` ([#&#8203;19989](astral-sh/uv#19989))

##### Bug fixes

- Preserve standalone markers in workspace metadata ([#&#8203;20011](astral-sh/uv#20011))
- Reject `uv build` if the cache dir is enclosed ([#&#8203;19991](astral-sh/uv#19991))

### [`v0.11.24`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01124)

[Compare Source](astral-sh/uv@0.11.23...0.11.24)

Released on 2026-06-23.

##### Python

- Add CPython 3.15.0b3 ([#&#8203;19964](astral-sh/uv#19964))

##### Preview features

- Make project environments relocatable under preview ([#&#8203;19965](astral-sh/uv#19965))

##### Performance

- Use a compact index for lazy version maps ([#&#8203;19959](astral-sh/uv#19959))

##### Bug fixes

- Allow disabling `exclude-newer` ([#&#8203;19934](astral-sh/uv#19934))
- Avoid archive id collisions ([#&#8203;19949](astral-sh/uv#19949))
- Reapply "Fix transparent Python upgrades in project environments" ([#&#8203;19928](astral-sh/uv#19928))
- Clean up partial tool entrypoint installs ([#&#8203;19966](astral-sh/uv#19966))
- Fix relocatable `activate.fish` and broaden Fish version support ([#&#8203;19856](astral-sh/uv#19856))

### [`v0.11.23`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01123)

[Compare Source](astral-sh/uv@0.11.22...0.11.23)

Released on 2026-06-19.

##### Bug fixes

- Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#&#8203;19925](astral-sh/uv#19925))
- Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#&#8203;19926](astral-sh/uv#19926))

### [`v0.11.22`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01122)

[Compare Source](astral-sh/uv@0.11.21...0.11.22)

Released on 2026-06-18.

##### Enhancements

- Publish wheels before sdists in `uv publish` ([#&#8203;19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#&#8203;19821](astral-sh/uv#19821))

##### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#&#8203;18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#&#8203;19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#&#8203;19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#&#8203;19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#&#8203;19872](astral-sh/uv#19872))

##### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#&#8203;19532](astral-sh/uv#19532))

##### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#&#8203;19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#&#8203;19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#&#8203;19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#&#8203;19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#&#8203;19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#&#8203;19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#&#8203;19868](astral-sh/uv#19868))
- Allow `uv` to be recursively invoked by PEP 517 build hooks ([#&#8203;19879](astral-sh/uv#19879))
- Allow empty `credentials.toml` files ([#&#8203;19815](astral-sh/uv#19815))
- Fix transparent Python upgrades in project environments ([#&#8203;19890](astral-sh/uv#19890))
- Handle non-file editable URLs in `uv pip list` ([#&#8203;19867](astral-sh/uv#19867))
- Fix incorrect output from `uv tree --invert` ([#&#8203;19910](astral-sh/uv#19910))
- Fix environment locking of `uv venv` in a project ([#&#8203;19837](astral-sh/uv#19837))
- Fix handling of workspace-exclusive dependency groups in `uv tree` ([#&#8203;19905](astral-sh/uv#19905))

##### Documentation

- Archive the 0.10.x changelog ([#&#8203;19813](astral-sh/uv#19813))

##### Other changes

- Mark more tests as requiring network for vendors that need to run tests offline ([#&#8203;19819](astral-sh/uv#19819))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIzMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiLCJhdXRvbWF0aW9uOmJvdC1hdXRob3JlZCIsImRlcGVuZGVuY3ktdHlwZTo6cGF0Y2giXX0=-->
jylenhof pushed a commit to jylenhof/gh-action-pulse that referenced this pull request Jul 16, 2026
Automated mise tool upgrades from local config.

Updated tools:
- `uv`

Command: `mise upgrade --bump --local uv`

<details>
<summary>Version changelog (uv)</summary>

| Tool | Requested | Installed |
|------|-----------|-----------|
| `uv` | `0.11.0` → `0.11.28` | `0.11.0` → `0.11.28` |

</details>

<details>
<summary>Release notes (1 tools)</summary>

<details>
<summary>uv: `0.11.0` → `0.11.28` (astral-sh/uv)</summary>

### 0.11.19

## Release Notes

Released on 2026-06-03.

### Python

- Add CPython 3.15.0b2 ([#19531](astral-sh/uv#19531))

### Enhancements

- Always compute SHA256 for remote distributions ([#19662](astral-sh/uv#19662))
- Add PyEmscripten platform (PEP 783) ([#19629](astral-sh/uv#19629))
- Add Pyodide 2025 target triple ([#19653](astral-sh/uv#19653))

### Preview features

- Make preview features for commands have names that aren't ambiguous with the command ([#19645](astral-sh/uv#19645))
- Respect `--isolated` in `uv check` ([#19666](astral-sh/uv#19666))

### Bug fixes

- Continue tool uninstall after dangling receipts ([#19623](astral-sh/uv#19623))
- Skip Unix-specific installation steps when cross-installing Windows Python distributions ([#19424](astral-sh/uv#19424))

## Install uv 0.11.19

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex"
```

## Download uv 0.11.19

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarc… (truncated)

### 0.11.20

## Release Notes

Released on 2026-06-10.

### Enhancements

- Add `--emit-index-url` and `--emit-find-links` to `uv export` ([#18370](astral-sh/uv#18370))
- Add `--find-links` support for `uv pip list` ([#16103](astral-sh/uv#16103))
- Group executable install errors during `uv python install` ([#19691](astral-sh/uv#19691))
- Use ICF in macOS release builds to reduce binary sizes ([#19615](astral-sh/uv#19615))

### Preview features

- Add initial hidden `uv upgrade` command ([#19678](astral-sh/uv#19678))
- Reject Git revisions in `uv upgrade` ([#19742](astral-sh/uv#19742))

### Configuration

- Recognize `UV_NO_INSTALL_PROJECT`, `UV_NO_INSTALL_WORKSPACE`, `UV_NO_INSTALL_LOCAL` ([#19323](astral-sh/uv#19323))

### Performance

- Speed up discovery of large workspaces ([#18311](astral-sh/uv#18311))

### Bug fixes

- Allow unknown preview flags with a warning again ([#19669](astral-sh/uv#19669))
- Apply dependency exclusions to direct requirements ([#19699](astral-sh/uv#19699))
- Avoid following external symlinks during cache clean ([#19682](astral-sh/uv#19682))
- Avoid following symlinks during cache prune ([#19543](astral-sh/uv#19543))
- Fix Git cache keys for worktrees and packed refs ([#19706](astral-sh/uv#19706))
- Make resolver error handling iterative to avoid stack overflows ([#19695](astral-sh/uv#19695))
- Pass `VIRTUAL_ENV` through `cygpath` inside `fish` on Windows ([#19703](astral-sh/uv#19703))
- Rebuild explicit local directory tool installs ([#19591](astral-sh/uv#19591))
- Validate egg top-level entries as identifiers ([#19679](https://github.com/astral-sh/uv/pull/19… (truncated)

### 0.11.21

## Release Notes

Released on 2026-06-11.

### Python

- Add CPython 3.13.14 and 3.14.6 ([#19787](astral-sh/uv#19787))

### Preview features

- Add `environment.root` to `uv workspace metadata --sync` ([#19760](astral-sh/uv#19760))
- Allow `uv upgrade` to update a single dependency constraint ([#19738](astral-sh/uv#19738))
- Compute and pass `uv workspace metadata` payload in `ty check` ([#19763](astral-sh/uv#19763))
- Make packaged applications the default for `uv init` ([#17841](astral-sh/uv#17841))

### Performance

- Add parallel discovery of Python versions for `uv python list` ([#18684](astral-sh/uv#18684))
- Avoid normalizing source distribution names twice ([#19784](astral-sh/uv#19784))

### Bug fixes

- Improve cache robustness and pruning behavior
  - Allow CI cache pruning without an sdist bucket ([#19802](astral-sh/uv#19802))
  - Avoid overflow when reading malformed cache entries ([#19799](astral-sh/uv#19799))
  - Preserve cached Python downloads during cache pruning ([#19795](astral-sh/uv#19795))
  - Reject running inside the cache ([#19659](astral-sh/uv#19659))
- Fix Python discovery and version request edge cases
  - Avoid panics for Unicode Python version requests ([#19797](astral-sh/uv#19797))
  - Fix handling of non-critical errors in `uv python list` with path requests ([#19774](astral-sh/uv#19774))
  - Fix stop-discovery-at regression ([#19769](astral-sh/uv#19769))
- Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  - Allow trailing commas in version specifiers ([#19806](astral-sh/uv#19806))
  - Avoid panics for invalid UTF-8 URL… (truncated)

### 0.11.22

## Release Notes

Released on 2026-06-18.

### Enhancements

- Publish wheels before sdists in `uv publish` ([#19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#19821](astral-sh/uv#19821))

### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#19872](astral-sh/uv#19872))

### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#19532](astral-sh/uv#19532))

### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#19868](astral-sh/uv#19868))
- Allow `u… (truncated)

### 0.11.23

## Release Notes

Released on 2026-06-19.

### Bug fixes

- Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#19925](astral-sh/uv#19925))
- Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#19926](astral-sh/uv#19926))

## Install uv 0.11.23

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex"
```

## Download uv 0.11.23

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip) | x86 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip.sha256) |
| [uv-x86_64-pc-windows-msvc.zip](http… (truncated)

### 0.11.24

## Release Notes

Released on 2026-06-23.

### Python

- Add CPython 3.15.0b3 ([#19964](astral-sh/uv#19964))

### Preview features

- Make project environments relocatable under preview ([#19965](astral-sh/uv#19965))

### Performance

- Use a compact index for lazy version maps ([#19959](astral-sh/uv#19959))

### Bug fixes

- Allow disabling `exclude-newer` ([#19934](astral-sh/uv#19934))
- Avoid archive id collisions ([#19949](astral-sh/uv#19949))
- Reapply "Fix transparent Python upgrades in project environments" ([#19928](astral-sh/uv#19928))
- Clean up partial tool entrypoint installs ([#19966](astral-sh/uv#19966))
- Fix relocatable `activate.fish` and broaden Fish version support ([#19856](astral-sh/uv#19856))

## Install uv 0.11.24

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex"
```

## Download uv 0.11.24

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.ast… (truncated)

### 0.11.25

## Release Notes

Released on 2026-06-26.

### Security

This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes.

### Enhancements

- Add a full "lockfile" to tool receipts ([#18937](astral-sh/uv#18937))
- Allow scoped overrides to add dependencies ([#19974](astral-sh/uv#19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments` ([#19933](astral-sh/uv#19933))
- Factor supported environments out of lockfile markers ([#19969](astral-sh/uv#19969))
- Recommend our own build backend in the build frontend ([#19994](astral-sh/uv#19994))
- Reject wheels with multiple .dist-info directories ([#19986](astral-sh/uv#19986))
- Simplify dependency markers under parent reachability ([#19971](astral-sh/uv#19971))
- Support scoped dependency exclusions ([#19977](astral-sh/uv#19977))
- Support scoped dependency overrides ([#19970](astral-sh/uv#19970))
- Explain why files are skipped in registry index parsing ([#19983](astral-sh/uv#19983))

### Preview features

- Add `uv workspace list --scripts` ([#20009](astral-sh/uv#20009))
- Support centralised environments in `uv venv` ([#19912](astral-sh/uv#19912))
- Use locked ty versions in `uv check` ([#19884](astral-sh/uv#19884))
- Add centralized storage of project environ… (truncated)

### 0.11.26

## Release Notes

Released on 2026-06-30.

### Performance

- Adapt uv to IDs-only PubGrub dependencies ([#20048](astral-sh/uv#20048))
- Avoid allocations in `ForkMap::contains` ([#20023](astral-sh/uv#20023))
- Reuse resolver work across PubGrub iterations ([#20020](astral-sh/uv#20020))
- Speed up candidate selection for disjoint ranges ([#20026](astral-sh/uv#20026))

### Bug fixes

- Warn when the build cache is inside the source directory ([#20056](astral-sh/uv#20056))

## Install uv 0.11.26

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.ps1 | iex"
```

## Download uv 0.11.26

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-i686-pc-window… (truncated)

### 0.11.27

## Release Notes

Released on 2026-07-06.

### Enhancements

- Continue on ignored errors when fetching wheel metadata ([#12255](astral-sh/uv#12255))
- Use caching for `--python-downloads-json-url` ([#16749](astral-sh/uv#16749))

### Preview features

- Discover extensionless shebang scripts in `uv workspace list --scripts` ([#20099](astral-sh/uv#20099))

### Performance

- Avoid full site-packages scans for direct reinstalls ([#20119](astral-sh/uv#20119))
- Avoid redundant pyproject parsing ([#20076](astral-sh/uv#20076))
- Cache default dependency markers when reading locks ([#20125](astral-sh/uv#20125))
- Enable SIMD-accelerated TOML parsing ([#20079](astral-sh/uv#20079))
- Intern `requires-python` specifiers in Simple API parsing ([#20104](astral-sh/uv#20104))
- Read cache entries into exact-sized buffers ([#20120](astral-sh/uv#20120))
- Reduce VersionSpecifiers parsing allocations ([#20105](astral-sh/uv#20105))
- Reduce site-packages scan allocation overhead ([#20087](astral-sh/uv#20087))
- Reuse package names when parsing wheel filenames ([#20110](astral-sh/uv#20110))
- Sort Simple API files after grouping ([#20112](astral-sh/uv#20112))

### Bug fixes

- Always emit `packages` table for pylock.toml ([#20145](astral-sh/uv#20145))
- Avoid blank line for empty `uv pip tree` ([#20062](astral-sh/uv#20062))
- Encode hashes in file paths ([#19807](astral-sh/uv#19807))
- Error on a registry uv.lock package without a version instead of panicking ([#19855](astral-sh/uv#19855))
- Preserve conditional extra markers in exports ([#20148](https://github.com/astra… (truncated)

### 0.11.28

## Release Notes

Released on 2026-07-07.

### Security

This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes.

### Python

- Upgrade GraalPy to 25.1.3 ([#20069](astral-sh/uv#20069))

### Enhancements

- Improve trace logs for unexpected error chains ([#20220](astral-sh/uv#20220))
- Move lockfile update guidance to a hint ([#20219](astral-sh/uv#20219))
- Preserve indentation for multiline error causes ([#20156](astral-sh/uv#20156))
- Render user errors with their cause chains ([#20217](astral-sh/uv#20217))
- Route final command errors through the printer to respect `-q` and `-qq` ([#20163](astral-sh/uv#20163))
- Use standard rendering for `uv build` errors ([#20159](astral-sh/uv#20159))
- Use standard rendering for tool requirement errors ([#20160](astral-sh/uv#20160))

### Performance

- Only compile bytecode for installed distributions in `uv pip install` ([#19914](astral-sh/uv#19914))
- Avoid allocating URL-safe Git revisions ([#20194](astral-sh/uv#20194))
- Avoid allocating canonical Python request strings ([#20193](astral-sh/uv#20193))
- Avoid allocating custom Astral mirror URLs ([#20204](astral-sh/uv#20204))
- Avoid allocating expanded compatibility tags ([#20190](astral-sh/uv#20190))
- Avoid allocating shell stri… (truncated)

_Omitted 18 older releases._

</details>

</details>

Modified files:
- `.mise.toml`
jylenhof pushed a commit to jylenhof/gh-action-pulse that referenced this pull request Jul 16, 2026
Automated mise tool upgrades from local config.

Updated tools:
- `uv`

Command: `mise upgrade --bump --local uv`

<details>
<summary>Version changelog (uv)</summary>

| Tool | Requested | Installed |
|------|-----------|-----------|
| `uv` | `0.11.0` → `0.11.28` | `0.11.0` → `0.11.28` |

</details>

<details>
<summary>Release notes (1 tools)</summary>

<details>
<summary>uv: `0.11.0` → `0.11.28` (astral-sh/uv)</summary>

### 0.11.19

## Release Notes

Released on 2026-06-03.

### Python

- Add CPython 3.15.0b2 ([#19531](astral-sh/uv#19531))

### Enhancements

- Always compute SHA256 for remote distributions ([#19662](astral-sh/uv#19662))
- Add PyEmscripten platform (PEP 783) ([#19629](astral-sh/uv#19629))
- Add Pyodide 2025 target triple ([#19653](astral-sh/uv#19653))

### Preview features

- Make preview features for commands have names that aren't ambiguous with the command ([#19645](astral-sh/uv#19645))
- Respect `--isolated` in `uv check` ([#19666](astral-sh/uv#19666))

### Bug fixes

- Continue tool uninstall after dangling receipts ([#19623](astral-sh/uv#19623))
- Skip Unix-specific installation steps when cross-installing Windows Python distributions ([#19424](astral-sh/uv#19424))

## Install uv 0.11.19

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex"
```

## Download uv 0.11.19

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarc… (truncated)

### 0.11.20

## Release Notes

Released on 2026-06-10.

### Enhancements

- Add `--emit-index-url` and `--emit-find-links` to `uv export` ([#18370](astral-sh/uv#18370))
- Add `--find-links` support for `uv pip list` ([#16103](astral-sh/uv#16103))
- Group executable install errors during `uv python install` ([#19691](astral-sh/uv#19691))
- Use ICF in macOS release builds to reduce binary sizes ([#19615](astral-sh/uv#19615))

### Preview features

- Add initial hidden `uv upgrade` command ([#19678](astral-sh/uv#19678))
- Reject Git revisions in `uv upgrade` ([#19742](astral-sh/uv#19742))

### Configuration

- Recognize `UV_NO_INSTALL_PROJECT`, `UV_NO_INSTALL_WORKSPACE`, `UV_NO_INSTALL_LOCAL` ([#19323](astral-sh/uv#19323))

### Performance

- Speed up discovery of large workspaces ([#18311](astral-sh/uv#18311))

### Bug fixes

- Allow unknown preview flags with a warning again ([#19669](astral-sh/uv#19669))
- Apply dependency exclusions to direct requirements ([#19699](astral-sh/uv#19699))
- Avoid following external symlinks during cache clean ([#19682](astral-sh/uv#19682))
- Avoid following symlinks during cache prune ([#19543](astral-sh/uv#19543))
- Fix Git cache keys for worktrees and packed refs ([#19706](astral-sh/uv#19706))
- Make resolver error handling iterative to avoid stack overflows ([#19695](astral-sh/uv#19695))
- Pass `VIRTUAL_ENV` through `cygpath` inside `fish` on Windows ([#19703](astral-sh/uv#19703))
- Rebuild explicit local directory tool installs ([#19591](astral-sh/uv#19591))
- Validate egg top-level entries as identifiers ([#19679](https://github.com/astral-sh/uv/pull/19… (truncated)

### 0.11.21

## Release Notes

Released on 2026-06-11.

### Python

- Add CPython 3.13.14 and 3.14.6 ([#19787](astral-sh/uv#19787))

### Preview features

- Add `environment.root` to `uv workspace metadata --sync` ([#19760](astral-sh/uv#19760))
- Allow `uv upgrade` to update a single dependency constraint ([#19738](astral-sh/uv#19738))
- Compute and pass `uv workspace metadata` payload in `ty check` ([#19763](astral-sh/uv#19763))
- Make packaged applications the default for `uv init` ([#17841](astral-sh/uv#17841))

### Performance

- Add parallel discovery of Python versions for `uv python list` ([#18684](astral-sh/uv#18684))
- Avoid normalizing source distribution names twice ([#19784](astral-sh/uv#19784))

### Bug fixes

- Improve cache robustness and pruning behavior
  - Allow CI cache pruning without an sdist bucket ([#19802](astral-sh/uv#19802))
  - Avoid overflow when reading malformed cache entries ([#19799](astral-sh/uv#19799))
  - Preserve cached Python downloads during cache pruning ([#19795](astral-sh/uv#19795))
  - Reject running inside the cache ([#19659](astral-sh/uv#19659))
- Fix Python discovery and version request edge cases
  - Avoid panics for Unicode Python version requests ([#19797](astral-sh/uv#19797))
  - Fix handling of non-critical errors in `uv python list` with path requests ([#19774](astral-sh/uv#19774))
  - Fix stop-discovery-at regression ([#19769](astral-sh/uv#19769))
- Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  - Allow trailing commas in version specifiers ([#19806](astral-sh/uv#19806))
  - Avoid panics for invalid UTF-8 URL… (truncated)

### 0.11.22

## Release Notes

Released on 2026-06-18.

### Enhancements

- Publish wheels before sdists in `uv publish` ([#19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#19821](astral-sh/uv#19821))

### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#19872](astral-sh/uv#19872))

### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#19532](astral-sh/uv#19532))

### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#19868](astral-sh/uv#19868))
- Allow `u… (truncated)

### 0.11.23

## Release Notes

Released on 2026-06-19.

### Bug fixes

- Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#19925](astral-sh/uv#19925))
- Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#19926](astral-sh/uv#19926))

## Install uv 0.11.23

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex"
```

## Download uv 0.11.23

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip) | x86 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip.sha256) |
| [uv-x86_64-pc-windows-msvc.zip](http… (truncated)

### 0.11.24

## Release Notes

Released on 2026-06-23.

### Python

- Add CPython 3.15.0b3 ([#19964](astral-sh/uv#19964))

### Preview features

- Make project environments relocatable under preview ([#19965](astral-sh/uv#19965))

### Performance

- Use a compact index for lazy version maps ([#19959](astral-sh/uv#19959))

### Bug fixes

- Allow disabling `exclude-newer` ([#19934](astral-sh/uv#19934))
- Avoid archive id collisions ([#19949](astral-sh/uv#19949))
- Reapply "Fix transparent Python upgrades in project environments" ([#19928](astral-sh/uv#19928))
- Clean up partial tool entrypoint installs ([#19966](astral-sh/uv#19966))
- Fix relocatable `activate.fish` and broaden Fish version support ([#19856](astral-sh/uv#19856))

## Install uv 0.11.24

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex"
```

## Download uv 0.11.24

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.ast… (truncated)

### 0.11.25

## Release Notes

Released on 2026-06-26.

### Security

This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes.

### Enhancements

- Add a full "lockfile" to tool receipts ([#18937](astral-sh/uv#18937))
- Allow scoped overrides to add dependencies ([#19974](astral-sh/uv#19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments` ([#19933](astral-sh/uv#19933))
- Factor supported environments out of lockfile markers ([#19969](astral-sh/uv#19969))
- Recommend our own build backend in the build frontend ([#19994](astral-sh/uv#19994))
- Reject wheels with multiple .dist-info directories ([#19986](astral-sh/uv#19986))
- Simplify dependency markers under parent reachability ([#19971](astral-sh/uv#19971))
- Support scoped dependency exclusions ([#19977](astral-sh/uv#19977))
- Support scoped dependency overrides ([#19970](astral-sh/uv#19970))
- Explain why files are skipped in registry index parsing ([#19983](astral-sh/uv#19983))

### Preview features

- Add `uv workspace list --scripts` ([#20009](astral-sh/uv#20009))
- Support centralised environments in `uv venv` ([#19912](astral-sh/uv#19912))
- Use locked ty versions in `uv check` ([#19884](astral-sh/uv#19884))
- Add centralized storage of project environ… (truncated)

### 0.11.26

## Release Notes

Released on 2026-06-30.

### Performance

- Adapt uv to IDs-only PubGrub dependencies ([#20048](astral-sh/uv#20048))
- Avoid allocations in `ForkMap::contains` ([#20023](astral-sh/uv#20023))
- Reuse resolver work across PubGrub iterations ([#20020](astral-sh/uv#20020))
- Speed up candidate selection for disjoint ranges ([#20026](astral-sh/uv#20026))

### Bug fixes

- Warn when the build cache is inside the source directory ([#20056](astral-sh/uv#20056))

## Install uv 0.11.26

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.ps1 | iex"
```

## Download uv 0.11.26

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-i686-pc-window… (truncated)

### 0.11.27

## Release Notes

Released on 2026-07-06.

### Enhancements

- Continue on ignored errors when fetching wheel metadata ([#12255](astral-sh/uv#12255))
- Use caching for `--python-downloads-json-url` ([#16749](astral-sh/uv#16749))

### Preview features

- Discover extensionless shebang scripts in `uv workspace list --scripts` ([#20099](astral-sh/uv#20099))

### Performance

- Avoid full site-packages scans for direct reinstalls ([#20119](astral-sh/uv#20119))
- Avoid redundant pyproject parsing ([#20076](astral-sh/uv#20076))
- Cache default dependency markers when reading locks ([#20125](astral-sh/uv#20125))
- Enable SIMD-accelerated TOML parsing ([#20079](astral-sh/uv#20079))
- Intern `requires-python` specifiers in Simple API parsing ([#20104](astral-sh/uv#20104))
- Read cache entries into exact-sized buffers ([#20120](astral-sh/uv#20120))
- Reduce VersionSpecifiers parsing allocations ([#20105](astral-sh/uv#20105))
- Reduce site-packages scan allocation overhead ([#20087](astral-sh/uv#20087))
- Reuse package names when parsing wheel filenames ([#20110](astral-sh/uv#20110))
- Sort Simple API files after grouping ([#20112](astral-sh/uv#20112))

### Bug fixes

- Always emit `packages` table for pylock.toml ([#20145](astral-sh/uv#20145))
- Avoid blank line for empty `uv pip tree` ([#20062](astral-sh/uv#20062))
- Encode hashes in file paths ([#19807](astral-sh/uv#19807))
- Error on a registry uv.lock package without a version instead of panicking ([#19855](astral-sh/uv#19855))
- Preserve conditional extra markers in exports ([#20148](https://github.com/astra… (truncated)

### 0.11.28

## Release Notes

Released on 2026-07-07.

### Security

This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes.

### Python

- Upgrade GraalPy to 25.1.3 ([#20069](astral-sh/uv#20069))

### Enhancements

- Improve trace logs for unexpected error chains ([#20220](astral-sh/uv#20220))
- Move lockfile update guidance to a hint ([#20219](astral-sh/uv#20219))
- Preserve indentation for multiline error causes ([#20156](astral-sh/uv#20156))
- Render user errors with their cause chains ([#20217](astral-sh/uv#20217))
- Route final command errors through the printer to respect `-q` and `-qq` ([#20163](astral-sh/uv#20163))
- Use standard rendering for `uv build` errors ([#20159](astral-sh/uv#20159))
- Use standard rendering for tool requirement errors ([#20160](astral-sh/uv#20160))

### Performance

- Only compile bytecode for installed distributions in `uv pip install` ([#19914](astral-sh/uv#19914))
- Avoid allocating URL-safe Git revisions ([#20194](astral-sh/uv#20194))
- Avoid allocating canonical Python request strings ([#20193](astral-sh/uv#20193))
- Avoid allocating custom Astral mirror URLs ([#20204](astral-sh/uv#20204))
- Avoid allocating expanded compatibility tags ([#20190](astral-sh/uv#20190))
- Avoid allocating shell stri… (truncated)

_Omitted 18 older releases._

</details>

</details>

Modified files:
- `.mise.toml`

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working compatibility Compatibility with a specification or another tool

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant