Skip to content

chore(deps-dev): update uv-build requirement from <0.12,>=0.6 to >=0.11.8,<0.12#38

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uv-build-gte-0.11.8-and-lt-0.12
Closed

chore(deps-dev): update uv-build requirement from <0.12,>=0.6 to >=0.11.8,<0.12#38
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/uv-build-gte-0.11.8-and-lt-0.12

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 29, 2026
edited
Loading

Updates the requirements on uv-build to permit the latest version.

Release notes

Sourced from uv-build's releases.

0.11.8

Release Notes

Released on 2026-04-27.

Enhancements

  • Add --python-downloads-json-url to python pin (#19092)
  • Fetch uv from Astral mirror during self-update (#18682)
  • Support pip uninstall -y (#19082)
  • Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
  • Only show the version number in uv self version --short (#19019)
  • Silence warnings on empty SSL_CERT_DIR directory (#19018)
  • Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

  • Add UV_PYTHON_NO_REGISTRY (#19035)
  • Add an environment variable for UV_NO_PROJECT (#19052)
  • Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

  • Add rust-toolchain.toml to uv-build sdist (#19131)
  • Ensure uv invocations of git do not inherit repository location environment variables (#19088)
  • Redact pre-signed upload URLs in verbose output (#19146)
  • Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
  • Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
  • Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
  • Fix Python variant tagging in the Windows registry (#19012)
  • Ban external symlinks in .tar.zst wheels (#19144)

Distributions

  • Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

  • Bump astral-sh/setup-uv version in docs (#19030)
  • Update PyTorch documentation for PyTorch 2.11 (#19095)

Install uv 0.11.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.8/uv-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.8

Released on 2026-04-27.

Enhancements

  • Add --python-downloads-json-url to python pin (#19092)
  • Fetch uv from Astral mirror during self-update (#18682)
  • Support pip uninstall -y (#19082)
  • Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
  • Only show the version number in uv self version --short (#19019)
  • Silence warnings on empty SSL_CERT_DIR directory (#19018)
  • Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

  • Add UV_PYTHON_NO_REGISTRY (#19035)
  • Add an environment variable for UV_NO_PROJECT (#19052)
  • Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

  • Add rust-toolchain.toml to uv-build sdist (#19131)
  • Ensure uv invocations of git do not inherit repository location environment variables (#19088)
  • Redact pre-signed upload URLs in verbose output (#19146)
  • Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
  • Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
  • Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
  • Fix Python variant tagging in the Windows registry (#19012)
  • Ban external symlinks in .tar.zst wheels (#19144)

Distributions

  • Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

  • Bump astral-sh/setup-uv version in docs (#19030)
  • Update PyTorch documentation for PyTorch 2.11 (#19095)

0.11.7

Released on 2026-04-15.

Python

  • Upgrade CPython build to 20260414 including an OpenSSL security upgrade (#19004)

Enhancements

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps-dev): update uv-build requirement
f957f52 
Updates the requirements on [uv-build](https://github.com/astral-sh/uv) to permit the latest version.
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.6.0...0.11.8)

---
updated-dependencies:
- dependency-name: uv-build
  dependency-version: 0.11.8
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 29, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@smorin
Copy link
Copy Markdown
Owner

smorin commented May 16, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 16, 2026

Looks like uv-build is no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this May 16, 2026
@dependabot dependabot Bot deleted the dependabot/pip/uv-build-gte-0.11.8-and-lt-0.12 branch May 16, 2026 06:11
@smorin
Copy link
Copy Markdown
Owner

smorin commented May 16, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 16, 2026

Looks like this PR is closed. If the branch still exists, you can re-open the PR and then use @dependabot rebase or @dependabot recreate. If the branch was deleted, Dependabot will create a new PR on the next scheduled run, or you can trigger an update from the Dependency graph page.

smorin added a commit that referenced this pull request May 16, 2026
@smorin
chore(deps): bump uv_build build-system floor to >=0.11.8 (PR #38)
20ddc8b 
Lands the uv-build constraint narrowing from dependabot PR #38 directly
since the PR closed mid-rebase. Bumps the [build-system] requires from
">=0.6,<0.12" to ">=0.11.8,<0.12" — enforcing a more recent floor on
the build backend.

Build still succeeds with current CI uv versions. uv.lock incidentally
absorbed the latest openai patch (2.36.0 -> 2.37.0) during the resync.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@smorin