Skip to content

Only compile bytecode for installed distributions in uv pip install#19914

Merged
zanieb merged 7 commits into
astral-sh:mainfrom
zaniebot:zb/pip-install-compile-bytecode
Jul 7, 2026
Merged

Only compile bytecode for installed distributions in uv pip install#19914
zanieb merged 7 commits into
astral-sh:mainfrom
zaniebot:zb/pip-install-compile-bytecode

Conversation

@zaniebot

@zaniebot zaniebot commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

Related to #2637

Ahead of time bytecode compilation is beneficial for large environments, since we can perform compilation eagerly in parallel. However, in iterative installs into large environments, we spend a significant amount of time walking site-packages in order to verify that existing packages have compiled bytecode.

In this change, we only compile the subset of changed (i.e., installed or reinstalled) packages in uv pip install (notably we do not change the behavior for uv pip sync or uv sync). We use the RECORD for changed packages to determine the subset of site-packages files to compile.

This has a dramatic affect on bytecode compilation time as the number of existing source files in the environment increases.

OS Existing source files main branch Change (95% bootstrap CI)
Linux 100 47.0 ms 43.4 ms -1.4% (-10.8% to +4.9%), neutral
Linux 5,000 78.0 ms 47.7 ms -42.3% (-43.9% to -36.7%)
Linux 50,000 316.0 ms 45.6 ms -85.7% (-86.6% to -83.9%)
macOS 100 106.2 ms 102.6 ms -3.6% (-3.9% to -3.3%)
macOS 5,000 304.8 ms 103.1 ms -66.2% (-66.6% to -65.8%)
macOS 50,000 6.100 s 124.1 ms -97.9% (-98.1% to -96.8%)
Windows 100 62.5 ms 60.2 ms +1.1% (-11.2% to +4.8%), neutral
Windows 5,000 186.4 ms 66.0 ms -65.2% (-68.4% to -62.0%)
Windows 50,000 1.163 s 66.6 ms -94.1% (-94.5% to -93.6%)

I also benchmarked based on the size of the installed wheel, to ensure the new code path is not causing a regression. The initial implementation eagerly collected all RECORD entries, which regressed performance by ~5% relative to main. This was resolved by lazily collecting RECORD entries instead, allowing that work to overlap with compilation.

OS New source files main eager Change (95% bootstrap CI)
Linux 10 47.5 ms 46.7 ms -3.7% (-10.2% to +4.2%), neutral
Linux 100 64.2 ms 66.9 ms +8.1% (+0.5% to +13.4%)
Linux 5,000 2.757 s 2.988 s +7.6% (+0.4% to +12.8%)
Linux 50,000 25.654 s 26.041 s +1.3% (-3.4% to +2.4%), neutral
macOS 10 102.4 ms 102.5 ms +0.3% (+0.1% to +0.6%)
macOS 100 130.9 ms 132.3 ms +0.8% (-0.6% to +2.0%), neutral
macOS 5,000 1.208 s 1.278 s +3.8% (-0.0% to +8.7%), neutral
macOS 50,000 13.706 s 14.751 s +9.3% (+5.9% to +10.1%)
Windows 10 76.6 ms 78.1 ms +1.0% (-3.5% to +8.4%), neutral
Windows 100 91.5 ms 96.5 ms +1.3% (-0.7% to +5.6%), neutral
Windows 5,000 1.007 s 1.077 s +6.8% (+5.5% to +8.8%)
Windows 50,000 8.450 s 9.578 s +11.8% (+9.8% to +15.3%)
OS New source files main streaming Change (95% bootstrap CI)
Linux 10 47.5 ms 46.1 ms -2.5% (-7.4% to +2.8%), neutral
Linux 100 64.2 ms 65.6 ms +1.9% (-5.0% to +6.3%), neutral
Linux 5,000 2.757 s 2.876 s +5.3% (-2.3% to +12.5%), neutral
Linux 50,000 25.654 s 26.486 s -0.9% (-3.3% to +0.6%), neutral
macOS 10 102.4 ms 102.5 ms +0.1% (-0.2% to +0.5%), neutral
macOS 100 130.9 ms 132.3 ms +0.9% (-0.2% to +1.7%), neutral
macOS 5,000 1.208 s 1.178 s -1.0% (-5.2% to +2.6%), neutral
macOS 50,000 13.706 s 13.815 s -0.7% (-2.4% to +8.1%), neutral
Windows 10 76.6 ms 75.0 ms -3.0% (-5.6% to +3.1%), neutral
Windows 100 91.5 ms 95.2 ms -0.4% (-4.7% to +6.0%), neutral
Windows 5,000 1.007 s 1.011 s -0.1% (-1.8% to +1.7%), neutral
Windows 50,000 8.450 s 8.252 s +0.9% (-4.0% to +2.3%), neutral

I also explored an alternative approach, in which we preserve full-environment compilation but attempt to reduce site-packages traversal costs by reading *.dist-info/RECORD files instead. This did not yield a performance benefit due to the cost of parsing CSVs.

@astral-sh-bot

astral-sh-bot Bot commented Jun 18, 2026

Copy link
Copy Markdown

uv test inventory changes

This PR changes the tests when compared with the latest main baseline.

  • Added tests: 4
  • Removed tests: 0
  • Changed suites: 2
uv: +1 / -0

Added:

  • uv::commands::pip::operations::tests::record_python_sources_stay_in_site_packages

Removed: none

uv::pip_install: +3 / -0

Added:

  • uv::pip_install::pip_install::compile_bytecode_for_installed_distributions
  • uv::pip_install::pip_install::compile_bytecode_for_relative_install_root
  • uv::pip_install::pip_install::compile_bytecode_with_symlink_link_mode

Removed: none

@zanieb zanieb changed the title Compile bytecode only for installed distributions in uv pip install Only compile bytecode for installed distributions in uv pip install Jun 18, 2026
@zanieb

zanieb commented Jul 6, 2026

Copy link
Copy Markdown
Member

A reviewer noted that it's still important to compile the standard library, however, per #20154 we currently are not doing so.

Comment thread crates/uv-cli/src/lib.rs Outdated
@zanieb zanieb marked this pull request as ready for review July 7, 2026 13:41
@zsol zsol self-requested a review July 7, 2026 14:02

@zsol zsol left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, mostly nits

Comment thread crates/uv-install-wheel/src/wheel.rs Outdated
Comment thread crates/uv-installer/src/compile.rs Outdated
Comment on lines +164 to +165
/// All compilation errors are muted (like pip). There is a 60s timeout for each file to handle
/// a broken `python`.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe mention the env var that lets you override the timeout?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This comment was moved without change. We should change it in a separate pull if desired.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Followed up in #20186.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Replacement targeting main: #20189. #20186 was merged into the temporary stacked base after #19914 landed.

/// We only compile all files, but we don't update the RECORD, relying on PEP 491:
/// > Uninstallers should be smart enough to remove .pyc even if it is not mentioned in RECORD.
///
/// We've confirmed that both uv and pip (as of 24.0.0) remove the `__pycache__` directory.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is out of place here IMO

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is copied verbatim from the existing code. Can you say more?

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i.e., it just moved

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That last sentence feels like it was lifted from a comment on a PR implementing this change originally, I wouldn't expect it on a function-level docstring - the PEP 491 quote is more than enough. That said, I didn't realize this was copied; feel free to ignore my comment here :)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Followed up in #20187, moving the rationale next to the installation logic it explains.

site_packages: &[PathBuf],
) -> Option<PathBuf> {
let path = Path::new(entry);
if path.extension().is_none_or(|extension| extension != "py") {

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hmm this made me wonder if we should compile pyw too (as a separate change)

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked into the upstream history. CPython deliberately made .pyw importable on Windows in python/cpython#34880, where explicit bytecode compilation was mentioned as a workaround. Later, a maintainer noted that compileall silently ignoring explicitly named non-.py files was likely a bug (discussion), while confirming that .pyw is importable and normally cached on Windows (clarification).

However, that observation was never split into a dedicated issue or fixed. compileall still explicitly supports only .py, and pip also filters bytecode compilation to .py files. Since .pyw files are generally GUI entry scripts, and Python does not use stored bytecode when executing a script directly, compiling them usually provides no benefit.

Supporting .pyw in uv would require bypassing compileall with custom py_compile handling, including duplicating its freshness and error-handling behavior. I do not think we should add that complexity here. If this behavior is wanted, it should probably be addressed in CPython first.

@zanieb zanieb merged commit 893df5d into astral-sh:main Jul 7, 2026
178 of 185 checks passed
zanieb added a commit that referenced this pull request Jul 7, 2026
Document the existing `UV_COMPILE_BYTECODE_TIMEOUT` override alongside
the compilation helper, including that a value of `0` disables the
timeout. This replaces #20186, which was merged into its temporary
stacked base after #19914 had already landed rather than into `main`.

Co-authored-by: Zanie Blue <contact@zanie.dev>
tmeijn pushed a commit to tmeijn/dotfiles that referenced this pull request Jul 9, 2026
This MR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [uv](https://github.com/astral-sh/uv) | patch | `0.11.21` → `0.11.28` |

MR created with the help of [el-capitano/tools/renovate-bot](https://gitlab.com/el-capitano/tools/renovate-bot).

**Proposed changes to behavior should be submitted there as MRs.**

---

### Release Notes

<details>
<summary>astral-sh/uv (uv)</summary>

### [`v0.11.28`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01128)

[Compare Source](astral-sh/uv@0.11.27...0.11.28)

Released on 2026-07-07.

##### Security

This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes.

##### Python

- Upgrade GraalPy to 25.1.3 ([#&#8203;20069](astral-sh/uv#20069))

##### Enhancements

- Improve trace logs for unexpected error chains ([#&#8203;20220](astral-sh/uv#20220))
- Move lockfile update guidance to a hint ([#&#8203;20219](astral-sh/uv#20219))
- Preserve indentation for multiline error causes ([#&#8203;20156](astral-sh/uv#20156))
- Render user errors with their cause chains ([#&#8203;20217](astral-sh/uv#20217))
- Route final command errors through the printer to respect `-q` and `-qq` ([#&#8203;20163](astral-sh/uv#20163))
- Use standard rendering for `uv build` errors ([#&#8203;20159](astral-sh/uv#20159))
- Use standard rendering for tool requirement errors ([#&#8203;20160](astral-sh/uv#20160))

##### Performance

- Only compile bytecode for installed distributions in `uv pip install` ([#&#8203;19914](astral-sh/uv#19914))
- Avoid allocating URL-safe Git revisions ([#&#8203;20194](astral-sh/uv#20194))
- Avoid allocating canonical Python request strings ([#&#8203;20193](astral-sh/uv#20193))
- Avoid allocating custom Astral mirror URLs ([#&#8203;20204](astral-sh/uv#20204))
- Avoid allocating expanded compatibility tags ([#&#8203;20190](astral-sh/uv#20190))
- Avoid allocating shell strings that need no escaping ([#&#8203;20196](astral-sh/uv#20196))
- Avoid allocating static ABI descriptions ([#&#8203;20201](astral-sh/uv#20201))
- Avoid allocating static Windows executable names ([#&#8203;20200](astral-sh/uv#20200))
- Avoid allocating static dependency table names ([#&#8203;20199](astral-sh/uv#20199))
- Avoid allocating static platform triple components ([#&#8203;20195](astral-sh/uv#20195))
- Avoid allocating static resolver report labels ([#&#8203;20198](astral-sh/uv#20198))
- Avoid allocating static unavailable-version messages ([#&#8203;20197](astral-sh/uv#20197))
- Avoid allocating unchanged Python download architectures ([#&#8203;20202](astral-sh/uv#20202))
- Avoid allocating unchanged paths during case normalization ([#&#8203;20203](astral-sh/uv#20203))
- Avoid allocations when expanding group conflicts ([#&#8203;20211](astral-sh/uv#20211))
- Avoid allocations when formatting requirements ([#&#8203;20206](astral-sh/uv#20206))
- Avoid cloning credential lookup services ([#&#8203;20210](astral-sh/uv#20210))
- Avoid cloning dry-run distributions ([#&#8203;20209](astral-sh/uv#20209))
- Avoid cloning owned dependency metadata ([#&#8203;20212](astral-sh/uv#20212))
- Avoid redundant direct URL clones ([#&#8203;20207](astral-sh/uv#20207))
- Create metadata version errors lazily ([#&#8203;20205](astral-sh/uv#20205))
- Optimize expanded tag compatibility checks ([#&#8203;20171](astral-sh/uv#20171))
- Optimize parsing of single-digit three-part versions ([#&#8203;20118](astral-sh/uv#20118))

##### Bug fixes

- Avoid overflow when computing HTTP cache age ([#&#8203;20178](astral-sh/uv#20178))
- Respect `--upgrade` when `upgrade-package` is configured ([#&#8203;19955](astral-sh/uv#19955))
- Support `uv tree` in dependency-group-only projects ([#&#8203;20167](astral-sh/uv#20167))
- Treat cache entries as stale at exact expiration ([#&#8203;20183](astral-sh/uv#20183))

### [`v0.11.27`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01127)

[Compare Source](astral-sh/uv@0.11.26...0.11.27)

Released on 2026-07-06.

##### Enhancements

- Continue on ignored errors when fetching wheel metadata ([#&#8203;12255](astral-sh/uv#12255))
- Use caching for `--python-downloads-json-url` ([#&#8203;16749](astral-sh/uv#16749))

##### Preview features

- Discover extensionless shebang scripts in `uv workspace list --scripts` ([#&#8203;20099](astral-sh/uv#20099))

##### Performance

- Avoid full site-packages scans for direct reinstalls ([#&#8203;20119](astral-sh/uv#20119))
- Avoid redundant pyproject parsing ([#&#8203;20076](astral-sh/uv#20076))
- Cache default dependency markers when reading locks ([#&#8203;20125](astral-sh/uv#20125))
- Enable SIMD-accelerated TOML parsing ([#&#8203;20079](astral-sh/uv#20079))
- Intern `requires-python` specifiers in Simple API parsing ([#&#8203;20104](astral-sh/uv#20104))
- Read cache entries into exact-sized buffers ([#&#8203;20120](astral-sh/uv#20120))
- Reduce VersionSpecifiers parsing allocations ([#&#8203;20105](astral-sh/uv#20105))
- Reduce site-packages scan allocation overhead ([#&#8203;20087](astral-sh/uv#20087))
- Reuse package names when parsing wheel filenames ([#&#8203;20110](astral-sh/uv#20110))
- Sort Simple API files after grouping ([#&#8203;20112](astral-sh/uv#20112))

##### Bug fixes

- Always emit `packages` table for pylock.toml ([#&#8203;20145](astral-sh/uv#20145))
- Avoid blank line for empty `uv pip tree` ([#&#8203;20062](astral-sh/uv#20062))
- Encode hashes in file paths ([#&#8203;19807](astral-sh/uv#19807))
- Error on a registry uv.lock package without a version instead of panicking ([#&#8203;19855](astral-sh/uv#19855))
- Preserve conditional extra markers in exports ([#&#8203;20148](astral-sh/uv#20148))
- Skip the ambiguous authority check for file transport VCS URLs ([#&#8203;20086](astral-sh/uv#20086))
- Sync index format when `uv add --index` updates an existing index URL ([#&#8203;19818](astral-sh/uv#19818))

##### Other changes

- Re-add `pub` APIs used in Pixi ([#&#8203;20074](astral-sh/uv#20074))
- Update Rust toolchain to 1.96.1 ([#&#8203;20103](astral-sh/uv#20103))

### [`v0.11.26`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01126)

[Compare Source](astral-sh/uv@0.11.25...0.11.26)

Released on 2026-06-30.

##### Performance

- Adapt uv to IDs-only PubGrub dependencies ([#&#8203;20048](astral-sh/uv#20048))
- Avoid allocations in `ForkMap::contains` ([#&#8203;20023](astral-sh/uv#20023))
- Reuse resolver work across PubGrub iterations ([#&#8203;20020](astral-sh/uv#20020))
- Speed up candidate selection for disjoint ranges ([#&#8203;20026](astral-sh/uv#20026))

##### Bug fixes

- Warn when the build cache is inside the source directory ([#&#8203;20056](astral-sh/uv#20056))

### [`v0.11.25`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01125)

[Compare Source](astral-sh/uv@0.11.24...0.11.25)

Released on 2026-06-26.

##### Security

This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes.

##### Enhancements

- Add a full "lockfile" to tool receipts ([#&#8203;18937](astral-sh/uv#18937))
- Allow scoped overrides to add dependencies ([#&#8203;19974](astral-sh/uv#19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments` ([#&#8203;19933](astral-sh/uv#19933))
- Factor supported environments out of lockfile markers ([#&#8203;19969](astral-sh/uv#19969))
- Recommend our own build backend in the build frontend ([#&#8203;19994](astral-sh/uv#19994))
- Reject wheels with multiple .dist-info directories ([#&#8203;19986](astral-sh/uv#19986))
- Simplify dependency markers under parent reachability ([#&#8203;19971](astral-sh/uv#19971))
- Support scoped dependency exclusions ([#&#8203;19977](astral-sh/uv#19977))
- Support scoped dependency overrides ([#&#8203;19970](astral-sh/uv#19970))
- Explain why files are skipped in registry index parsing ([#&#8203;19983](astral-sh/uv#19983))

##### Preview features

- Add `uv workspace list --scripts` ([#&#8203;20009](astral-sh/uv#20009))
- Support centralised environments in `uv venv` ([#&#8203;19912](astral-sh/uv#19912))
- Use locked ty versions in `uv check` ([#&#8203;19884](astral-sh/uv#19884))
- Add centralized storage of project environments ([#&#8203;18214](astral-sh/uv#18214))
- Verify lockfile hashes before reusing a cached ty in `uv check` ([#&#8203;19995](astral-sh/uv#19995))
- Use locked dependency selection for `uv check --script` ([#&#8203;19989](astral-sh/uv#19989))

##### Bug fixes

- Preserve standalone markers in workspace metadata ([#&#8203;20011](astral-sh/uv#20011))
- Reject `uv build` if the cache dir is enclosed ([#&#8203;19991](astral-sh/uv#19991))

### [`v0.11.24`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01124)

[Compare Source](astral-sh/uv@0.11.23...0.11.24)

Released on 2026-06-23.

##### Python

- Add CPython 3.15.0b3 ([#&#8203;19964](astral-sh/uv#19964))

##### Preview features

- Make project environments relocatable under preview ([#&#8203;19965](astral-sh/uv#19965))

##### Performance

- Use a compact index for lazy version maps ([#&#8203;19959](astral-sh/uv#19959))

##### Bug fixes

- Allow disabling `exclude-newer` ([#&#8203;19934](astral-sh/uv#19934))
- Avoid archive id collisions ([#&#8203;19949](astral-sh/uv#19949))
- Reapply "Fix transparent Python upgrades in project environments" ([#&#8203;19928](astral-sh/uv#19928))
- Clean up partial tool entrypoint installs ([#&#8203;19966](astral-sh/uv#19966))
- Fix relocatable `activate.fish` and broaden Fish version support ([#&#8203;19856](astral-sh/uv#19856))

### [`v0.11.23`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01123)

[Compare Source](astral-sh/uv@0.11.22...0.11.23)

Released on 2026-06-19.

##### Bug fixes

- Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#&#8203;19925](astral-sh/uv#19925))
- Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#&#8203;19926](astral-sh/uv#19926))

### [`v0.11.22`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01122)

[Compare Source](astral-sh/uv@0.11.21...0.11.22)

Released on 2026-06-18.

##### Enhancements

- Publish wheels before sdists in `uv publish` ([#&#8203;19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#&#8203;19821](astral-sh/uv#19821))

##### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#&#8203;18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#&#8203;19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#&#8203;19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#&#8203;19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#&#8203;19872](astral-sh/uv#19872))

##### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#&#8203;19532](astral-sh/uv#19532))

##### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#&#8203;19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#&#8203;19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#&#8203;19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#&#8203;19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#&#8203;19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#&#8203;19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#&#8203;19868](astral-sh/uv#19868))
- Allow `uv` to be recursively invoked by PEP 517 build hooks ([#&#8203;19879](astral-sh/uv#19879))
- Allow empty `credentials.toml` files ([#&#8203;19815](astral-sh/uv#19815))
- Fix transparent Python upgrades in project environments ([#&#8203;19890](astral-sh/uv#19890))
- Handle non-file editable URLs in `uv pip list` ([#&#8203;19867](astral-sh/uv#19867))
- Fix incorrect output from `uv tree --invert` ([#&#8203;19910](astral-sh/uv#19910))
- Fix environment locking of `uv venv` in a project ([#&#8203;19837](astral-sh/uv#19837))
- Fix handling of workspace-exclusive dependency groups in `uv tree` ([#&#8203;19905](astral-sh/uv#19905))

##### Documentation

- Archive the 0.10.x changelog ([#&#8203;19813](astral-sh/uv#19813))

##### Other changes

- Mark more tests as requiring network for vendors that need to run tests offline ([#&#8203;19819](astral-sh/uv#19819))

</details>

---

### Configuration

📅 **Schedule**: (UTC)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this MR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yMjkuMiIsInVwZGF0ZWRJblZlciI6IjQzLjIzMi4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJSZW5vdmF0ZSBCb3QiLCJhdXRvbWF0aW9uOmJvdC1hdXRob3JlZCIsImRlcGVuZGVuY3ktdHlwZTo6cGF0Y2giXX0=-->
hbjydev pushed a commit to hbjydev/phoebe that referenced this pull request Jul 10, 2026
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [uv](https://github.com/astral-sh/uv) | patch | `0.11.24` → `0.11.28` |

---

### Release Notes

<details>
<summary>astral-sh/uv (uv)</summary>

### [`v0.11.28`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01128)

[Compare Source](astral-sh/uv@0.11.27...0.11.28)

Released on 2026-07-07.

##### Security

This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes.

##### Python

- Upgrade GraalPy to 25.1.3 ([#&#8203;20069](astral-sh/uv#20069))

##### Enhancements

- Improve trace logs for unexpected error chains ([#&#8203;20220](astral-sh/uv#20220))
- Move lockfile update guidance to a hint ([#&#8203;20219](astral-sh/uv#20219))
- Preserve indentation for multiline error causes ([#&#8203;20156](astral-sh/uv#20156))
- Render user errors with their cause chains ([#&#8203;20217](astral-sh/uv#20217))
- Route final command errors through the printer to respect `-q` and `-qq` ([#&#8203;20163](astral-sh/uv#20163))
- Use standard rendering for `uv build` errors ([#&#8203;20159](astral-sh/uv#20159))
- Use standard rendering for tool requirement errors ([#&#8203;20160](astral-sh/uv#20160))

##### Performance

- Only compile bytecode for installed distributions in `uv pip install` ([#&#8203;19914](astral-sh/uv#19914))
- Avoid allocating URL-safe Git revisions ([#&#8203;20194](astral-sh/uv#20194))
- Avoid allocating canonical Python request strings ([#&#8203;20193](astral-sh/uv#20193))
- Avoid allocating custom Astral mirror URLs ([#&#8203;20204](astral-sh/uv#20204))
- Avoid allocating expanded compatibility tags ([#&#8203;20190](astral-sh/uv#20190))
- Avoid allocating shell strings that need no escaping ([#&#8203;20196](astral-sh/uv#20196))
- Avoid allocating static ABI descriptions ([#&#8203;20201](astral-sh/uv#20201))
- Avoid allocating static Windows executable names ([#&#8203;20200](astral-sh/uv#20200))
- Avoid allocating static dependency table names ([#&#8203;20199](astral-sh/uv#20199))
- Avoid allocating static platform triple components ([#&#8203;20195](astral-sh/uv#20195))
- Avoid allocating static resolver report labels ([#&#8203;20198](astral-sh/uv#20198))
- Avoid allocating static unavailable-version messages ([#&#8203;20197](astral-sh/uv#20197))
- Avoid allocating unchanged Python download architectures ([#&#8203;20202](astral-sh/uv#20202))
- Avoid allocating unchanged paths during case normalization ([#&#8203;20203](astral-sh/uv#20203))
- Avoid allocations when expanding group conflicts ([#&#8203;20211](astral-sh/uv#20211))
- Avoid allocations when formatting requirements ([#&#8203;20206](astral-sh/uv#20206))
- Avoid cloning credential lookup services ([#&#8203;20210](astral-sh/uv#20210))
- Avoid cloning dry-run distributions ([#&#8203;20209](astral-sh/uv#20209))
- Avoid cloning owned dependency metadata ([#&#8203;20212](astral-sh/uv#20212))
- Avoid redundant direct URL clones ([#&#8203;20207](astral-sh/uv#20207))
- Create metadata version errors lazily ([#&#8203;20205](astral-sh/uv#20205))
- Optimize expanded tag compatibility checks ([#&#8203;20171](astral-sh/uv#20171))
- Optimize parsing of single-digit three-part versions ([#&#8203;20118](astral-sh/uv#20118))

##### Bug fixes

- Avoid overflow when computing HTTP cache age ([#&#8203;20178](astral-sh/uv#20178))
- Respect `--upgrade` when `upgrade-package` is configured ([#&#8203;19955](astral-sh/uv#19955))
- Support `uv tree` in dependency-group-only projects ([#&#8203;20167](astral-sh/uv#20167))
- Treat cache entries as stale at exact expiration ([#&#8203;20183](astral-sh/uv#20183))

### [`v0.11.27`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01127)

[Compare Source](astral-sh/uv@0.11.26...0.11.27)

Released on 2026-07-06.

##### Enhancements

- Continue on ignored errors when fetching wheel metadata ([#&#8203;12255](astral-sh/uv#12255))
- Use caching for `--python-downloads-json-url` ([#&#8203;16749](astral-sh/uv#16749))

##### Preview features

- Discover extensionless shebang scripts in `uv workspace list --scripts` ([#&#8203;20099](astral-sh/uv#20099))

##### Performance

- Avoid full site-packages scans for direct reinstalls ([#&#8203;20119](astral-sh/uv#20119))
- Avoid redundant pyproject parsing ([#&#8203;20076](astral-sh/uv#20076))
- Cache default dependency markers when reading locks ([#&#8203;20125](astral-sh/uv#20125))
- Enable SIMD-accelerated TOML parsing ([#&#8203;20079](astral-sh/uv#20079))
- Intern `requires-python` specifiers in Simple API parsing ([#&#8203;20104](astral-sh/uv#20104))
- Read cache entries into exact-sized buffers ([#&#8203;20120](astral-sh/uv#20120))
- Reduce VersionSpecifiers parsing allocations ([#&#8203;20105](astral-sh/uv#20105))
- Reduce site-packages scan allocation overhead ([#&#8203;20087](astral-sh/uv#20087))
- Reuse package names when parsing wheel filenames ([#&#8203;20110](astral-sh/uv#20110))
- Sort Simple API files after grouping ([#&#8203;20112](astral-sh/uv#20112))

##### Bug fixes

- Always emit `packages` table for pylock.toml ([#&#8203;20145](astral-sh/uv#20145))
- Avoid blank line for empty `uv pip tree` ([#&#8203;20062](astral-sh/uv#20062))
- Encode hashes in file paths ([#&#8203;19807](astral-sh/uv#19807))
- Error on a registry uv.lock package without a version instead of panicking ([#&#8203;19855](astral-sh/uv#19855))
- Preserve conditional extra markers in exports ([#&#8203;20148](astral-sh/uv#20148))
- Skip the ambiguous authority check for file transport VCS URLs ([#&#8203;20086](astral-sh/uv#20086))
- Sync index format when `uv add --index` updates an existing index URL ([#&#8203;19818](astral-sh/uv#19818))

##### Other changes

- Re-add `pub` APIs used in Pixi ([#&#8203;20074](astral-sh/uv#20074))
- Update Rust toolchain to 1.96.1 ([#&#8203;20103](astral-sh/uv#20103))

### [`v0.11.26`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01126)

[Compare Source](astral-sh/uv@0.11.25...0.11.26)

Released on 2026-06-30.

##### Performance

- Adapt uv to IDs-only PubGrub dependencies ([#&#8203;20048](astral-sh/uv#20048))
- Avoid allocations in `ForkMap::contains` ([#&#8203;20023](astral-sh/uv#20023))
- Reuse resolver work across PubGrub iterations ([#&#8203;20020](astral-sh/uv#20020))
- Speed up candidate selection for disjoint ranges ([#&#8203;20026](astral-sh/uv#20026))

##### Bug fixes

- Warn when the build cache is inside the source directory ([#&#8203;20056](astral-sh/uv#20056))

### [`v0.11.25`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01125)

[Compare Source](astral-sh/uv@0.11.24...0.11.25)

Released on 2026-06-26.

##### Security

This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes.

##### Enhancements

- Add a full "lockfile" to tool receipts ([#&#8203;18937](astral-sh/uv#18937))
- Allow scoped overrides to add dependencies ([#&#8203;19974](astral-sh/uv#19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments` ([#&#8203;19933](astral-sh/uv#19933))
- Factor supported environments out of lockfile markers ([#&#8203;19969](astral-sh/uv#19969))
- Recommend our own build backend in the build frontend ([#&#8203;19994](astral-sh/uv#19994))
- Reject wheels with multiple .dist-info directories ([#&#8203;19986](astral-sh/uv#19986))
- Simplify dependency markers under parent reachability ([#&#8203;19971](astral-sh/uv#19971))
- Support scoped dependency exclusions ([#&#8203;19977](astral-sh/uv#19977))
- Support scoped dependency overrides ([#&#8203;19970](astral-sh/uv#19970))
- Explain why files are skipped in registry index parsing ([#&#8203;19983](astral-sh/uv#19983))

##### Preview features

- Add `uv workspace list --scripts` ([#&#8203;20009](astral-sh/uv#20009))
- Support centralised environments in `uv venv` ([#&#8203;19912](astral-sh/uv#19912))
- Use locked ty versions in `uv check` ([#&#8203;19884](astral-sh/uv#19884))
- Add centralized storage of project environments ([#&#8203;18214](astral-sh/uv#18214))
- Verify lockfile hashes before reusing a cached ty in `uv check` ([#&#8203;19995](astral-sh/uv#19995))
- Use locked dependency selection for `uv check --script` ([#&#8203;19989](astral-sh/uv#19989))

##### Bug fixes

- Preserve standalone markers in workspace metadata ([#&#8203;20011](astral-sh/uv#20011))
- Reject `uv build` if the cache dir is enclosed ([#&#8203;19991](astral-sh/uv#19991))

</details>

---

### Configuration

📅 **Schedule**: (in timezone Europe/London)

- Branch creation
  - At any time (no schedule defined)
- Automerge
  - At any time (no schedule defined)

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNDIuMSIsInVwZGF0ZWRJblZlciI6IjQzLjI0Mi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9naXRodWItcmVsZWFzZSIsInR5cGUvcGF0Y2giXX0=-->

Reviewed-on: https://forgejo.hayden.moe/hayden/phoebe/pulls/203
jylenhof pushed a commit to jylenhof/gh-action-pulse that referenced this pull request Jul 16, 2026
Automated mise tool upgrades from local config.

Updated tools:
- `uv`

Command: `mise upgrade --bump --local uv`

<details>
<summary>Version changelog (uv)</summary>

| Tool | Requested | Installed |
|------|-----------|-----------|
| `uv` | `0.11.0` → `0.11.28` | `0.11.0` → `0.11.28` |

</details>

<details>
<summary>Release notes (1 tools)</summary>

<details>
<summary>uv: `0.11.0` → `0.11.28` (astral-sh/uv)</summary>

### 0.11.19

## Release Notes

Released on 2026-06-03.

### Python

- Add CPython 3.15.0b2 ([#19531](astral-sh/uv#19531))

### Enhancements

- Always compute SHA256 for remote distributions ([#19662](astral-sh/uv#19662))
- Add PyEmscripten platform (PEP 783) ([#19629](astral-sh/uv#19629))
- Add Pyodide 2025 target triple ([#19653](astral-sh/uv#19653))

### Preview features

- Make preview features for commands have names that aren't ambiguous with the command ([#19645](astral-sh/uv#19645))
- Respect `--isolated` in `uv check` ([#19666](astral-sh/uv#19666))

### Bug fixes

- Continue tool uninstall after dangling receipts ([#19623](astral-sh/uv#19623))
- Skip Unix-specific installation steps when cross-installing Windows Python distributions ([#19424](astral-sh/uv#19424))

## Install uv 0.11.19

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex"
```

## Download uv 0.11.19

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarc… (truncated)

### 0.11.20

## Release Notes

Released on 2026-06-10.

### Enhancements

- Add `--emit-index-url` and `--emit-find-links` to `uv export` ([#18370](astral-sh/uv#18370))
- Add `--find-links` support for `uv pip list` ([#16103](astral-sh/uv#16103))
- Group executable install errors during `uv python install` ([#19691](astral-sh/uv#19691))
- Use ICF in macOS release builds to reduce binary sizes ([#19615](astral-sh/uv#19615))

### Preview features

- Add initial hidden `uv upgrade` command ([#19678](astral-sh/uv#19678))
- Reject Git revisions in `uv upgrade` ([#19742](astral-sh/uv#19742))

### Configuration

- Recognize `UV_NO_INSTALL_PROJECT`, `UV_NO_INSTALL_WORKSPACE`, `UV_NO_INSTALL_LOCAL` ([#19323](astral-sh/uv#19323))

### Performance

- Speed up discovery of large workspaces ([#18311](astral-sh/uv#18311))

### Bug fixes

- Allow unknown preview flags with a warning again ([#19669](astral-sh/uv#19669))
- Apply dependency exclusions to direct requirements ([#19699](astral-sh/uv#19699))
- Avoid following external symlinks during cache clean ([#19682](astral-sh/uv#19682))
- Avoid following symlinks during cache prune ([#19543](astral-sh/uv#19543))
- Fix Git cache keys for worktrees and packed refs ([#19706](astral-sh/uv#19706))
- Make resolver error handling iterative to avoid stack overflows ([#19695](astral-sh/uv#19695))
- Pass `VIRTUAL_ENV` through `cygpath` inside `fish` on Windows ([#19703](astral-sh/uv#19703))
- Rebuild explicit local directory tool installs ([#19591](astral-sh/uv#19591))
- Validate egg top-level entries as identifiers ([#19679](https://github.com/astral-sh/uv/pull/19… (truncated)

### 0.11.21

## Release Notes

Released on 2026-06-11.

### Python

- Add CPython 3.13.14 and 3.14.6 ([#19787](astral-sh/uv#19787))

### Preview features

- Add `environment.root` to `uv workspace metadata --sync` ([#19760](astral-sh/uv#19760))
- Allow `uv upgrade` to update a single dependency constraint ([#19738](astral-sh/uv#19738))
- Compute and pass `uv workspace metadata` payload in `ty check` ([#19763](astral-sh/uv#19763))
- Make packaged applications the default for `uv init` ([#17841](astral-sh/uv#17841))

### Performance

- Add parallel discovery of Python versions for `uv python list` ([#18684](astral-sh/uv#18684))
- Avoid normalizing source distribution names twice ([#19784](astral-sh/uv#19784))

### Bug fixes

- Improve cache robustness and pruning behavior
  - Allow CI cache pruning without an sdist bucket ([#19802](astral-sh/uv#19802))
  - Avoid overflow when reading malformed cache entries ([#19799](astral-sh/uv#19799))
  - Preserve cached Python downloads during cache pruning ([#19795](astral-sh/uv#19795))
  - Reject running inside the cache ([#19659](astral-sh/uv#19659))
- Fix Python discovery and version request edge cases
  - Avoid panics for Unicode Python version requests ([#19797](astral-sh/uv#19797))
  - Fix handling of non-critical errors in `uv python list` with path requests ([#19774](astral-sh/uv#19774))
  - Fix stop-discovery-at regression ([#19769](astral-sh/uv#19769))
- Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  - Allow trailing commas in version specifiers ([#19806](astral-sh/uv#19806))
  - Avoid panics for invalid UTF-8 URL… (truncated)

### 0.11.22

## Release Notes

Released on 2026-06-18.

### Enhancements

- Publish wheels before sdists in `uv publish` ([#19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#19821](astral-sh/uv#19821))

### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#19872](astral-sh/uv#19872))

### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#19532](astral-sh/uv#19532))

### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#19868](astral-sh/uv#19868))
- Allow `u… (truncated)

### 0.11.23

## Release Notes

Released on 2026-06-19.

### Bug fixes

- Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#19925](astral-sh/uv#19925))
- Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#19926](astral-sh/uv#19926))

## Install uv 0.11.23

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex"
```

## Download uv 0.11.23

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip) | x86 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip.sha256) |
| [uv-x86_64-pc-windows-msvc.zip](http… (truncated)

### 0.11.24

## Release Notes

Released on 2026-06-23.

### Python

- Add CPython 3.15.0b3 ([#19964](astral-sh/uv#19964))

### Preview features

- Make project environments relocatable under preview ([#19965](astral-sh/uv#19965))

### Performance

- Use a compact index for lazy version maps ([#19959](astral-sh/uv#19959))

### Bug fixes

- Allow disabling `exclude-newer` ([#19934](astral-sh/uv#19934))
- Avoid archive id collisions ([#19949](astral-sh/uv#19949))
- Reapply "Fix transparent Python upgrades in project environments" ([#19928](astral-sh/uv#19928))
- Clean up partial tool entrypoint installs ([#19966](astral-sh/uv#19966))
- Fix relocatable `activate.fish` and broaden Fish version support ([#19856](astral-sh/uv#19856))

## Install uv 0.11.24

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex"
```

## Download uv 0.11.24

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.ast… (truncated)

### 0.11.25

## Release Notes

Released on 2026-06-26.

### Security

This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes.

### Enhancements

- Add a full "lockfile" to tool receipts ([#18937](astral-sh/uv#18937))
- Allow scoped overrides to add dependencies ([#19974](astral-sh/uv#19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments` ([#19933](astral-sh/uv#19933))
- Factor supported environments out of lockfile markers ([#19969](astral-sh/uv#19969))
- Recommend our own build backend in the build frontend ([#19994](astral-sh/uv#19994))
- Reject wheels with multiple .dist-info directories ([#19986](astral-sh/uv#19986))
- Simplify dependency markers under parent reachability ([#19971](astral-sh/uv#19971))
- Support scoped dependency exclusions ([#19977](astral-sh/uv#19977))
- Support scoped dependency overrides ([#19970](astral-sh/uv#19970))
- Explain why files are skipped in registry index parsing ([#19983](astral-sh/uv#19983))

### Preview features

- Add `uv workspace list --scripts` ([#20009](astral-sh/uv#20009))
- Support centralised environments in `uv venv` ([#19912](astral-sh/uv#19912))
- Use locked ty versions in `uv check` ([#19884](astral-sh/uv#19884))
- Add centralized storage of project environ… (truncated)

### 0.11.26

## Release Notes

Released on 2026-06-30.

### Performance

- Adapt uv to IDs-only PubGrub dependencies ([#20048](astral-sh/uv#20048))
- Avoid allocations in `ForkMap::contains` ([#20023](astral-sh/uv#20023))
- Reuse resolver work across PubGrub iterations ([#20020](astral-sh/uv#20020))
- Speed up candidate selection for disjoint ranges ([#20026](astral-sh/uv#20026))

### Bug fixes

- Warn when the build cache is inside the source directory ([#20056](astral-sh/uv#20056))

## Install uv 0.11.26

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.ps1 | iex"
```

## Download uv 0.11.26

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-i686-pc-window… (truncated)

### 0.11.27

## Release Notes

Released on 2026-07-06.

### Enhancements

- Continue on ignored errors when fetching wheel metadata ([#12255](astral-sh/uv#12255))
- Use caching for `--python-downloads-json-url` ([#16749](astral-sh/uv#16749))

### Preview features

- Discover extensionless shebang scripts in `uv workspace list --scripts` ([#20099](astral-sh/uv#20099))

### Performance

- Avoid full site-packages scans for direct reinstalls ([#20119](astral-sh/uv#20119))
- Avoid redundant pyproject parsing ([#20076](astral-sh/uv#20076))
- Cache default dependency markers when reading locks ([#20125](astral-sh/uv#20125))
- Enable SIMD-accelerated TOML parsing ([#20079](astral-sh/uv#20079))
- Intern `requires-python` specifiers in Simple API parsing ([#20104](astral-sh/uv#20104))
- Read cache entries into exact-sized buffers ([#20120](astral-sh/uv#20120))
- Reduce VersionSpecifiers parsing allocations ([#20105](astral-sh/uv#20105))
- Reduce site-packages scan allocation overhead ([#20087](astral-sh/uv#20087))
- Reuse package names when parsing wheel filenames ([#20110](astral-sh/uv#20110))
- Sort Simple API files after grouping ([#20112](astral-sh/uv#20112))

### Bug fixes

- Always emit `packages` table for pylock.toml ([#20145](astral-sh/uv#20145))
- Avoid blank line for empty `uv pip tree` ([#20062](astral-sh/uv#20062))
- Encode hashes in file paths ([#19807](astral-sh/uv#19807))
- Error on a registry uv.lock package without a version instead of panicking ([#19855](astral-sh/uv#19855))
- Preserve conditional extra markers in exports ([#20148](https://github.com/astra… (truncated)

### 0.11.28

## Release Notes

Released on 2026-07-07.

### Security

This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes.

### Python

- Upgrade GraalPy to 25.1.3 ([#20069](astral-sh/uv#20069))

### Enhancements

- Improve trace logs for unexpected error chains ([#20220](astral-sh/uv#20220))
- Move lockfile update guidance to a hint ([#20219](astral-sh/uv#20219))
- Preserve indentation for multiline error causes ([#20156](astral-sh/uv#20156))
- Render user errors with their cause chains ([#20217](astral-sh/uv#20217))
- Route final command errors through the printer to respect `-q` and `-qq` ([#20163](astral-sh/uv#20163))
- Use standard rendering for `uv build` errors ([#20159](astral-sh/uv#20159))
- Use standard rendering for tool requirement errors ([#20160](astral-sh/uv#20160))

### Performance

- Only compile bytecode for installed distributions in `uv pip install` ([#19914](astral-sh/uv#19914))
- Avoid allocating URL-safe Git revisions ([#20194](astral-sh/uv#20194))
- Avoid allocating canonical Python request strings ([#20193](astral-sh/uv#20193))
- Avoid allocating custom Astral mirror URLs ([#20204](astral-sh/uv#20204))
- Avoid allocating expanded compatibility tags ([#20190](astral-sh/uv#20190))
- Avoid allocating shell stri… (truncated)

_Omitted 18 older releases._

</details>

</details>

Modified files:
- `.mise.toml`
jylenhof pushed a commit to jylenhof/gh-action-pulse that referenced this pull request Jul 16, 2026
Automated mise tool upgrades from local config.

Updated tools:
- `uv`

Command: `mise upgrade --bump --local uv`

<details>
<summary>Version changelog (uv)</summary>

| Tool | Requested | Installed |
|------|-----------|-----------|
| `uv` | `0.11.0` → `0.11.28` | `0.11.0` → `0.11.28` |

</details>

<details>
<summary>Release notes (1 tools)</summary>

<details>
<summary>uv: `0.11.0` → `0.11.28` (astral-sh/uv)</summary>

### 0.11.19

## Release Notes

Released on 2026-06-03.

### Python

- Add CPython 3.15.0b2 ([#19531](astral-sh/uv#19531))

### Enhancements

- Always compute SHA256 for remote distributions ([#19662](astral-sh/uv#19662))
- Add PyEmscripten platform (PEP 783) ([#19629](astral-sh/uv#19629))
- Add Pyodide 2025 target triple ([#19653](astral-sh/uv#19653))

### Preview features

- Make preview features for commands have names that aren't ambiguous with the command ([#19645](astral-sh/uv#19645))
- Respect `--isolated` in `uv check` ([#19666](astral-sh/uv#19666))

### Bug fixes

- Continue tool uninstall after dangling receipts ([#19623](astral-sh/uv#19623))
- Skip Unix-specific installation steps when cross-installing Windows Python distributions ([#19424](astral-sh/uv#19424))

## Install uv 0.11.19

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-installer.ps1 | iex"
```

## Download uv 0.11.19

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.19/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarc… (truncated)

### 0.11.20

## Release Notes

Released on 2026-06-10.

### Enhancements

- Add `--emit-index-url` and `--emit-find-links` to `uv export` ([#18370](astral-sh/uv#18370))
- Add `--find-links` support for `uv pip list` ([#16103](astral-sh/uv#16103))
- Group executable install errors during `uv python install` ([#19691](astral-sh/uv#19691))
- Use ICF in macOS release builds to reduce binary sizes ([#19615](astral-sh/uv#19615))

### Preview features

- Add initial hidden `uv upgrade` command ([#19678](astral-sh/uv#19678))
- Reject Git revisions in `uv upgrade` ([#19742](astral-sh/uv#19742))

### Configuration

- Recognize `UV_NO_INSTALL_PROJECT`, `UV_NO_INSTALL_WORKSPACE`, `UV_NO_INSTALL_LOCAL` ([#19323](astral-sh/uv#19323))

### Performance

- Speed up discovery of large workspaces ([#18311](astral-sh/uv#18311))

### Bug fixes

- Allow unknown preview flags with a warning again ([#19669](astral-sh/uv#19669))
- Apply dependency exclusions to direct requirements ([#19699](astral-sh/uv#19699))
- Avoid following external symlinks during cache clean ([#19682](astral-sh/uv#19682))
- Avoid following symlinks during cache prune ([#19543](astral-sh/uv#19543))
- Fix Git cache keys for worktrees and packed refs ([#19706](astral-sh/uv#19706))
- Make resolver error handling iterative to avoid stack overflows ([#19695](astral-sh/uv#19695))
- Pass `VIRTUAL_ENV` through `cygpath` inside `fish` on Windows ([#19703](astral-sh/uv#19703))
- Rebuild explicit local directory tool installs ([#19591](astral-sh/uv#19591))
- Validate egg top-level entries as identifiers ([#19679](https://github.com/astral-sh/uv/pull/19… (truncated)

### 0.11.21

## Release Notes

Released on 2026-06-11.

### Python

- Add CPython 3.13.14 and 3.14.6 ([#19787](astral-sh/uv#19787))

### Preview features

- Add `environment.root` to `uv workspace metadata --sync` ([#19760](astral-sh/uv#19760))
- Allow `uv upgrade` to update a single dependency constraint ([#19738](astral-sh/uv#19738))
- Compute and pass `uv workspace metadata` payload in `ty check` ([#19763](astral-sh/uv#19763))
- Make packaged applications the default for `uv init` ([#17841](astral-sh/uv#17841))

### Performance

- Add parallel discovery of Python versions for `uv python list` ([#18684](astral-sh/uv#18684))
- Avoid normalizing source distribution names twice ([#19784](astral-sh/uv#19784))

### Bug fixes

- Improve cache robustness and pruning behavior
  - Allow CI cache pruning without an sdist bucket ([#19802](astral-sh/uv#19802))
  - Avoid overflow when reading malformed cache entries ([#19799](astral-sh/uv#19799))
  - Preserve cached Python downloads during cache pruning ([#19795](astral-sh/uv#19795))
  - Reject running inside the cache ([#19659](astral-sh/uv#19659))
- Fix Python discovery and version request edge cases
  - Avoid panics for Unicode Python version requests ([#19797](astral-sh/uv#19797))
  - Fix handling of non-critical errors in `uv python list` with path requests ([#19774](astral-sh/uv#19774))
  - Fix stop-discovery-at regression ([#19769](astral-sh/uv#19769))
- Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  - Allow trailing commas in version specifiers ([#19806](astral-sh/uv#19806))
  - Avoid panics for invalid UTF-8 URL… (truncated)

### 0.11.22

## Release Notes

Released on 2026-06-18.

### Enhancements

- Publish wheels before sdists in `uv publish` ([#19831](astral-sh/uv#19831))
- Add `TY` and `RUFF` env vars for providing paths for binaries used by `uv format` and `uv check` ([#19821](astral-sh/uv#19821))

### Preview features

- Allow configuring preview features in `uv.toml` and `pyproject.toml` ([#18437](astral-sh/uv#18437))
- Update the lockfile during `uv check --no-sync` ([#19909](astral-sh/uv#19909))
- Add `--script` to `uv check` and `uv metadata` ([#19860](astral-sh/uv#19860))
- Report workspace-exclusive dependency groups in `workspace metadata` ([#19862](astral-sh/uv#19862))
- Support SARIF as a `uv audit` output ([#19872](astral-sh/uv#19872))

### Performance

- Use a more deadlock-resistant concurrent hashmap in the resolver ([#19532](astral-sh/uv#19532))

### Bug fixes

- Update string marker ordering semantics to match [upstream clarified rules](pypa/packaging.python.org#1988) ([#19808](astral-sh/uv#19808))
- Reject extras that have the same normalized name ([#19871](astral-sh/uv#19871))
- Reject dependency group `include-group` entries that have additional fields ([#19866](astral-sh/uv#19866))
- Reject invalid UTF-8 URL credentials ([#19814](astral-sh/uv#19814))
- Validate that PEP 517 `backend-path`s exist when building sdists ([#19834](astral-sh/uv#19834))
- Validate that `pylock.toml` files do not have an unsupported a `lock-version` ([#19869](astral-sh/uv#19869))
- Validate that the environment satisfies the `packages.requires-python` of a `pylock.toml` ([#19868](astral-sh/uv#19868))
- Allow `u… (truncated)

### 0.11.23

## Release Notes

Released on 2026-06-19.

### Bug fixes

- Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in `pre-commit-uv` ([#19925](astral-sh/uv#19925))
- Restore old behavior where workspace members "hidden" by an intermediate `pyproject.toml` would be treated as standalone projects ([#19926](astral-sh/uv#19926))

## Install uv 0.11.23

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-installer.ps1 | iex"
```

## Download uv 0.11.23

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip) | x86 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.23/uv-i686-pc-windows-msvc.zip.sha256) |
| [uv-x86_64-pc-windows-msvc.zip](http… (truncated)

### 0.11.24

## Release Notes

Released on 2026-06-23.

### Python

- Add CPython 3.15.0b3 ([#19964](astral-sh/uv#19964))

### Preview features

- Make project environments relocatable under preview ([#19965](astral-sh/uv#19965))

### Performance

- Use a compact index for lazy version maps ([#19959](astral-sh/uv#19959))

### Bug fixes

- Allow disabling `exclude-newer` ([#19934](astral-sh/uv#19934))
- Avoid archive id collisions ([#19949](astral-sh/uv#19949))
- Reapply "Fix transparent Python upgrades in project environments" ([#19928](astral-sh/uv#19928))
- Clean up partial tool entrypoint installs ([#19966](astral-sh/uv#19966))
- Fix relocatable `activate.fish` and broaden Fish version support ([#19856](astral-sh/uv#19856))

## Install uv 0.11.24

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-installer.ps1 | iex"
```

## Download uv 0.11.24

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.24/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.ast… (truncated)

### 0.11.25

## Release Notes

Released on 2026-06-26.

### Security

This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/tokio-tar@v0.6.2...v0.6.3) for a full list of changes.

### Enhancements

- Add a full "lockfile" to tool receipts ([#18937](astral-sh/uv#18937))
- Allow scoped overrides to add dependencies ([#19974](astral-sh/uv#19974))
- Avoid writing redundant lockfile markers with `tool.uv.environments` ([#19933](astral-sh/uv#19933))
- Factor supported environments out of lockfile markers ([#19969](astral-sh/uv#19969))
- Recommend our own build backend in the build frontend ([#19994](astral-sh/uv#19994))
- Reject wheels with multiple .dist-info directories ([#19986](astral-sh/uv#19986))
- Simplify dependency markers under parent reachability ([#19971](astral-sh/uv#19971))
- Support scoped dependency exclusions ([#19977](astral-sh/uv#19977))
- Support scoped dependency overrides ([#19970](astral-sh/uv#19970))
- Explain why files are skipped in registry index parsing ([#19983](astral-sh/uv#19983))

### Preview features

- Add `uv workspace list --scripts` ([#20009](astral-sh/uv#20009))
- Support centralised environments in `uv venv` ([#19912](astral-sh/uv#19912))
- Use locked ty versions in `uv check` ([#19884](astral-sh/uv#19884))
- Add centralized storage of project environ… (truncated)

### 0.11.26

## Release Notes

Released on 2026-06-30.

### Performance

- Adapt uv to IDs-only PubGrub dependencies ([#20048](astral-sh/uv#20048))
- Avoid allocations in `ForkMap::contains` ([#20023](astral-sh/uv#20023))
- Reuse resolver work across PubGrub iterations ([#20020](astral-sh/uv#20020))
- Speed up candidate selection for disjoint ranges ([#20026](astral-sh/uv#20026))

### Bug fixes

- Warn when the build cache is inside the source directory ([#20056](astral-sh/uv#20056))

## Install uv 0.11.26

### Install prebuilt binaries via shell script

```sh
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.sh | sh
```

### Install prebuilt binaries via powershell script

```sh
powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-installer.ps1 | iex"
```

## Download uv 0.11.26

|  File  | Platform | Checksum |
|--------|----------|----------|
| [uv-aarch64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz) | Apple Silicon macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-apple-darwin.tar.gz.sha256) |
| [uv-x86_64-apple-darwin.tar.gz](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz) | Intel macOS | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-x86_64-apple-darwin.tar.gz.sha256) |
| [uv-aarch64-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip) | ARM64 Windows | [checksum](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-aarch64-pc-windows-msvc.zip.sha256) |
| [uv-i686-pc-windows-msvc.zip](https://releases.astral.sh/github/uv/releases/download/0.11.26/uv-i686-pc-window… (truncated)

### 0.11.27

## Release Notes

Released on 2026-07-06.

### Enhancements

- Continue on ignored errors when fetching wheel metadata ([#12255](astral-sh/uv#12255))
- Use caching for `--python-downloads-json-url` ([#16749](astral-sh/uv#16749))

### Preview features

- Discover extensionless shebang scripts in `uv workspace list --scripts` ([#20099](astral-sh/uv#20099))

### Performance

- Avoid full site-packages scans for direct reinstalls ([#20119](astral-sh/uv#20119))
- Avoid redundant pyproject parsing ([#20076](astral-sh/uv#20076))
- Cache default dependency markers when reading locks ([#20125](astral-sh/uv#20125))
- Enable SIMD-accelerated TOML parsing ([#20079](astral-sh/uv#20079))
- Intern `requires-python` specifiers in Simple API parsing ([#20104](astral-sh/uv#20104))
- Read cache entries into exact-sized buffers ([#20120](astral-sh/uv#20120))
- Reduce VersionSpecifiers parsing allocations ([#20105](astral-sh/uv#20105))
- Reduce site-packages scan allocation overhead ([#20087](astral-sh/uv#20087))
- Reuse package names when parsing wheel filenames ([#20110](astral-sh/uv#20110))
- Sort Simple API files after grouping ([#20112](astral-sh/uv#20112))

### Bug fixes

- Always emit `packages` table for pylock.toml ([#20145](astral-sh/uv#20145))
- Avoid blank line for empty `uv pip tree` ([#20062](astral-sh/uv#20062))
- Encode hashes in file paths ([#19807](astral-sh/uv#19807))
- Error on a registry uv.lock package without a version instead of panicking ([#19855](astral-sh/uv#19855))
- Preserve conditional extra markers in exports ([#20148](https://github.com/astra… (truncated)

### 0.11.28

## Release Notes

Released on 2026-07-07.

### Security

This release updates our ZIP library, [astral-async-zip](https://github.com/astral-sh/rs-async-zip), to v0.0.20, which includes 15 changes that harden our ZIP handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject ZIP archives with malformed or ambiguous content that were previously accepted.

See the [upstream commits](astral-sh/rs-async-zip@v0.0.18...v0.0.20) for a full list of changes.

### Python

- Upgrade GraalPy to 25.1.3 ([#20069](astral-sh/uv#20069))

### Enhancements

- Improve trace logs for unexpected error chains ([#20220](astral-sh/uv#20220))
- Move lockfile update guidance to a hint ([#20219](astral-sh/uv#20219))
- Preserve indentation for multiline error causes ([#20156](astral-sh/uv#20156))
- Render user errors with their cause chains ([#20217](astral-sh/uv#20217))
- Route final command errors through the printer to respect `-q` and `-qq` ([#20163](astral-sh/uv#20163))
- Use standard rendering for `uv build` errors ([#20159](astral-sh/uv#20159))
- Use standard rendering for tool requirement errors ([#20160](astral-sh/uv#20160))

### Performance

- Only compile bytecode for installed distributions in `uv pip install` ([#19914](astral-sh/uv#19914))
- Avoid allocating URL-safe Git revisions ([#20194](astral-sh/uv#20194))
- Avoid allocating canonical Python request strings ([#20193](astral-sh/uv#20193))
- Avoid allocating custom Astral mirror URLs ([#20204](astral-sh/uv#20204))
- Avoid allocating expanded compatibility tags ([#20190](astral-sh/uv#20190))
- Avoid allocating shell stri… (truncated)

_Omitted 18 older releases._

</details>

</details>

Modified files:
- `.mise.toml`

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants