Skip to content

chore(deps): update all dependencies - autoclosed#112

Closed
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all
Closed

chore(deps): update all dependencies - autoclosed#112
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/all

Conversation

@renovate

@renovate renovate Bot commented Jun 25, 2025

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
actions/checkout action major v6v7
astral-sh/ruff-pre-commit repository patch v0.15.16v0.15.20
astral-sh/ty-pre-commit repository patch v0.0.47v0.0.55
ghcr.io/astral-sh/uv final patch 0.11.190.11.25
oxc-project/mirrors-oxfmt repository minor v0.54.0v0.56.0
python patch 3.14.53.14.6
python stage patch 3.14.5-slim-trixie3.14.6-slim-trixie

Note: The pre-commit manager in Renovate is not supported by the pre-commit maintainers or community. Please do not report any problems there, instead create a Discussion in the Renovate repository if you have any questions.


Release Notes

actions/checkout (actions/checkout)

v7.0.0

Compare Source

v7

Compare Source

astral-sh/ruff-pre-commit (astral-sh/ruff-pre-commit)

v0.15.20

Compare Source

v0.15.19

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.15.19

v0.15.18

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.15.18

v0.15.17

Compare Source

See: https://github.com/astral-sh/ruff/releases/tag/0.15.17

astral-sh/ty-pre-commit (astral-sh/ty-pre-commit)

v0.0.55

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.55

v0.0.54

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.54

v0.0.53

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.53

v0.0.52

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.52

v0.0.51

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.51

v0.0.50

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.50

v0.0.49

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.49

v0.0.48

Compare Source

See: https://github.com/astral-sh/ty/releases/tag/0.0.48

astral-sh/uv (ghcr.io/astral-sh/uv)

v0.11.25

Compare Source

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements
  • Add a full "lockfile" to tool receipts (#​18937)
  • Allow scoped overrides to add dependencies (#​19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#​19933)
  • Factor supported environments out of lockfile markers (#​19969)
  • Recommend our own build backend in the build frontend (#​19994)
  • Reject wheels with multiple .dist-info directories (#​19986)
  • Simplify dependency markers under parent reachability (#​19971)
  • Support scoped dependency exclusions (#​19977)
  • Support scoped dependency overrides (#​19970)
  • Explain why files are skipped in registry index parsing (#​19983)
Preview features
  • Add uv workspace list --scripts (#​20009)
  • Support centralised environments in uv venv (#​19912)
  • Use locked ty versions in uv check (#​19884)
  • Add centralized storage of project environments (#​18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#​19995)
  • Use locked dependency selection for uv check --script (#​19989)
Bug fixes
  • Preserve standalone markers in workspace metadata (#​20011)
  • Reject uv build if the cache dir is enclosed (#​19991)

v0.11.24

Compare Source

Released on 2026-06-23.

Python
Preview features
  • Make project environments relocatable under preview (#​19965)
Performance
  • Use a compact index for lazy version maps (#​19959)
Bug fixes
  • Allow disabling exclude-newer (#​19934)
  • Avoid archive id collisions (#​19949)
  • Reapply "Fix transparent Python upgrades in project environments" (#​19928)
  • Clean up partial tool entrypoint installs (#​19966)
  • Fix relocatable activate.fish and broaden Fish version support (#​19856)

v0.11.23

Compare Source

Released on 2026-06-19.

Bug fixes
  • Revert "Fix transparent Python upgrades in project environments" to mitigate unintended breakage in pre-commit-uv (#​19925)
  • Restore old behavior where workspace members "hidden" by an intermediate pyproject.toml would be treated as standalone projects (#​19926)

v0.11.22

Compare Source

Released on 2026-06-18.

Enhancements
  • Publish wheels before sdists in uv publish (#​19831)
  • Add TY and RUFF env vars for providing paths for binaries used by uv format and uv check (#​19821)
Preview features
  • Allow configuring preview features in uv.toml and pyproject.toml (#​18437)
  • Update the lockfile during uv check --no-sync (#​19909)
  • Add --script to uv check and uv metadata (#​19860)
  • Report workspace-exclusive dependency groups in workspace metadata (#​19862)
  • Support SARIF as a uv audit output (#​19872)
Performance
  • Use a more deadlock-resistant concurrent hashmap in the resolver (#​19532)
Bug fixes
  • Update string marker ordering semantics to match upstream clarified rules (#​19808)
  • Reject extras that have the same normalized name (#​19871)
  • Reject dependency group include-group entries that have additional fields (#​19866)
  • Reject invalid UTF-8 URL credentials (#​19814)
  • Validate that PEP 517 backend-paths exist when building sdists (#​19834)
  • Validate that pylock.toml files do not have an unsupported a lock-version (#​19869)
  • Validate that the environment satisfies the packages.requires-python of a pylock.toml (#​19868)
  • Allow uv to be recursively invoked by PEP 517 build hooks (#​19879)
  • Allow empty credentials.toml files (#​19815)
  • Fix transparent Python upgrades in project environments (#​19890)
  • Handle non-file editable URLs in uv pip list (#​19867)
  • Fix incorrect output from uv tree --invert (#​19910)
  • Fix environment locking of uv venv in a project (#​19837)
  • Fix handling of workspace-exclusive dependency groups in uv tree (#​19905)
Documentation
Other changes
  • Mark more tests as requiring network for vendors that need to run tests offline (#​19819)

v0.11.21

Compare Source

Released on 2026-06-11.

Python
Preview features
  • Add environment.root to uv workspace metadata --sync (#​19760)
  • Allow uv upgrade to update a single dependency constraint (#​19738)
  • Compute and pass uv workspace metadata payload in ty check (#​19763)
  • Make packaged applications the default for uv init (#​17841)
Performance
  • Add parallel discovery of Python versions for uv python list (#​18684)
  • Avoid normalizing source distribution names twice (#​19784)
Bug fixes
  • Improve cache robustness and pruning behavior
    • Allow CI cache pruning without an sdist bucket (#​19802)
    • Avoid overflow when reading malformed cache entries (#​19799)
    • Preserve cached Python downloads during cache pruning (#​19795)
    • Reject running inside the cache (#​19659)
  • Fix Python discovery and version request edge cases
    • Avoid panics for Unicode Python version requests (#​19797)
    • Fix handling of non-critical errors in uv python list with path requests (#​19774)
    • Fix stop-discovery-at regression (#​19769)
  • Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
    • Allow trailing commas in version specifiers (#​19806)
    • Avoid panics for invalid UTF-8 URL credentials (#​19800)
    • Avoid panics for malformed source distribution filenames (#​19776)
    • Avoid panics for trailing extra separators (#​19779)
    • Avoid stack overflow for recursive requirements path aliases (#​19777)
    • Ignore reversed string compatible-release markers (#​19782)
    • Reject duplicate entries in conflict sets (#​19801)
    • Reject malformed hash options in requirements files (#​19783)
    • Reject source distribution filenames without a separator (#​19803)
    • Use UTF-8 lengths for requirement errors (#​19781)
    • Use UTF-8 lengths for trailing marker errors (#​19796)
    • Use byte offsets when peeking over requirements (#​19780)
    • Validate GraalPy ABI suffixes (#​19805)
  • Improve wheel entry-point error handling and virtual environment activation quoting
    • Propagate errors when reading wheel entry points (#​19794)
    • Quote virtual environment activation paths with shell metacharacters (#​19798)

v0.11.20

Compare Source

Released on 2026-06-10.

Enhancements
  • Add --emit-index-url and --emit-find-links to uv export (#​18370)
  • Add --find-links support for uv pip list (#​16103)
  • Group executable install errors during uv python install (#​19691)
  • Use ICF in macOS release builds to reduce binary sizes (#​19615)
Preview features
  • Add initial hidden uv upgrade command (#​19678)
  • Reject Git revisions in uv upgrade (#​19742)
Configuration
  • Recognize UV_NO_INSTALL_PROJECT, UV_NO_INSTALL_WORKSPACE, UV_NO_INSTALL_LOCAL (#​19323)
Performance
  • Speed up discovery of large workspaces (#​18311)
Bug fixes
  • Allow unknown preview flags with a warning again (#​19669)
  • Apply dependency exclusions to direct requirements (#​19699)
  • Avoid following external symlinks during cache clean (#​19682)
  • Avoid following symlinks during cache prune (#​19543)
  • Fix Git cache keys for worktrees and packed refs (#​19706)
  • Make resolver error handling iterative to avoid stack overflows (#​19695)
  • Pass VIRTUAL_ENV through cygpath inside fish on Windows (#​19703)
  • Rebuild explicit local directory tool installs (#​19591)
  • Validate egg top-level entries as identifiers (#​19679)
Documentation
  • Document --find-links caching behavior (#​19585)
  • Add a small section for malware checks (#​19680)
oxc-project/mirrors-oxfmt (oxc-project/mirrors-oxfmt)

v0.56.0

Compare Source

v0.55.0

Compare Source


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot changed the title chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.7.14 chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.7.15 Jun 25, 2025
@renovate renovate Bot changed the title chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.7.15 chore(deps): update all dependencies Jun 26, 2025
@renovate renovate Bot force-pushed the renovate/all branch 5 times, most recently from 8e747e5 to 461d532 Compare July 3, 2025 20:14
@renovate renovate Bot force-pushed the renovate/all branch 3 times, most recently from d0d774f to f81d693 Compare July 11, 2025 16:40
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from f8696d4 to f4b30ca Compare July 18, 2025 03:55
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from c420794 to 322fafe Compare July 24, 2025 23:00
@renovate renovate Bot changed the title chore(deps): update all dependencies chore(deps): update all dependencies - autoclosed Jul 28, 2025
@renovate renovate Bot closed this Jul 28, 2025
@renovate renovate Bot deleted the renovate/all branch July 28, 2025 19:13
@renovate renovate Bot changed the title chore(deps): update all dependencies - autoclosed chore(deps): update all dependencies Jul 30, 2025
@renovate renovate Bot reopened this Jul 30, 2025
@renovate renovate Bot changed the title chore(deps): update all dependencies chore(deps): update pre-commit hook astral-sh/ruff-pre-commit to v0.12.7 Jul 30, 2025
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 361d47f to abdc451 Compare July 30, 2025 20:00
@renovate renovate Bot changed the title chore(deps): update all dependencies chore(deps): update all dependencies - autoclosed Aug 14, 2025
@renovate renovate Bot closed this Aug 14, 2025
@renovate renovate Bot changed the title chore(deps): update all dependencies - autoclosed chore(deps): update all dependencies Aug 15, 2025
@renovate renovate Bot reopened this Aug 15, 2025
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 45cd1fb to 62ae107 Compare August 19, 2025 01:27
@renovate renovate Bot changed the title chore(deps): update all dependencies chore(deps): update all dependencies - autoclosed Aug 20, 2025
@renovate renovate Bot closed this Aug 20, 2025
@renovate renovate Bot changed the title chore(deps): update all dependencies - autoclosed chore(deps): update all dependencies Aug 22, 2025
@renovate renovate Bot reopened this Aug 22, 2025
@renovate renovate Bot force-pushed the renovate/all branch 2 times, most recently from 62ae107 to fcc638a Compare August 22, 2025 05:37
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from 1321b75 to f3ab99b Compare September 4, 2025 21:35
@renovate renovate Bot force-pushed the renovate/all branch 4 times, most recently from c5764e0 to b03d2da Compare September 13, 2025 19:06
@renovate renovate Bot changed the title chore(deps): update all dependencies chore(deps): update all dependencies - autoclosed Sep 17, 2025
@renovate renovate Bot closed this Sep 17, 2025
@renovate renovate Bot changed the title chore(deps): update all dependencies - autoclosed chore(deps): update all dependencies Sep 18, 2025
@renovate renovate Bot reopened this Sep 18, 2025
@renovate renovate Bot changed the title chore(deps): update all dependencies chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.8.18 Sep 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants