chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.15 #31

Merged

mehalter merged 1 commit from renovate/ghcr.io-astral-sh-uv-0.x into main

2026-05-18 20:09:58 -04:00

renovate-bot commented

2026-05-18 17:02:21 -04:00

Collaborator

This PR contains the following updates:

Package	Type	Update	Change
ghcr.io/astral-sh/uv		patch	`0.11.14` → `0.11.15`
ghcr.io/astral-sh/uv	stage	patch	`0.11.14-python3.14-trixie` → `0.11.15-python3.14-trixie`

Release Notes

astral-sh/uv (ghcr.io/astral-sh/uv)

`v0.11.15`

Compare Source

Released on 2026-05-18.

Security

Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)
Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)
Add support for Azure request signing (#19421)
Apply stricter validation to all wheel filename segments (#19364)
Reject empty strings as an invalid package name (#19435)
Use structured errors for signing authentication failures (#19422)

Preview

uv audit: Add JSON output (#19305)

Configuration

Respect required-environments in uv pip compile (#19378)

Performance

Avoid parsing JSON manifest when local Python is available (#19398)
Avoid walking nested directories in linker conflict registration (#19382)
Optimize async wheel ZIP writing (#19383)
Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)
Skip empty directories in uv build outputs (#19437)
Fix Git submodule handling when using relative paths (#12156)
Fix line number reporting in netrc parsing (#19452)

Documentation

Move Bazel auth helper setup into integration guide (#19392)

Configuration

📅 Schedule: (UTC)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ghcr.io/astral-sh/uv](https://github.com/astral-sh/uv) | | patch | `0.11.14` → `0.11.15` | | [ghcr.io/astral-sh/uv](https://github.com/astral-sh/uv) | stage | patch | `0.11.14-python3.14-trixie` → `0.11.15-python3.14-trixie` | --- ### Release Notes <details> <summary>astral-sh/uv (ghcr.io/astral-sh/uv)</summary> ### [`v0.11.15`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01115) [Compare Source](https://github.com/astral-sh/uv/compare/0.11.14...0.11.15) Released on 2026-05-18. ##### Security - Fix a TAR parser differential, see [GHSA-3cv2-h65g-fgmm](https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-3cv2-h65g-fgmm) ([#19463](https://github.com/astral-sh/uv/pull/19463)) - Enforce that entry points cannot escape in the scripts directory, see [GHSA-4gg8-gxpx-9rph](https://github.com/astral-sh/uv/security/advisories/GHSA-4gg8-gxpx-9rph) ([#19464](https://github.com/astral-sh/uv/pull/19464)) ##### Enhancements - Add TOML v1.1 -> v1.0 backwards compatibility for source distributions ([#18741](https://github.com/astral-sh/uv/pull/18741)) - Add support for Azure request signing ([#19421](https://github.com/astral-sh/uv/pull/19421)) - Apply stricter validation to all wheel filename segments ([#19364](https://github.com/astral-sh/uv/pull/19364)) - Reject empty strings as an invalid package name ([#19435](https://github.com/astral-sh/uv/pull/19435)) - Use structured errors for signing authentication failures ([#19422](https://github.com/astral-sh/uv/pull/19422)) ##### Preview - uv audit: Add JSON output ([#19305](https://github.com/astral-sh/uv/pull/19305)) ##### Configuration - Respect `required-environments` in `uv pip compile` ([#19378](https://github.com/astral-sh/uv/pull/19378)) ##### Performance - Avoid parsing JSON manifest when local Python is available ([#19398](https://github.com/astral-sh/uv/pull/19398)) - Avoid walking nested directories in linker conflict registration ([#19382](https://github.com/astral-sh/uv/pull/19382)) - Optimize async wheel ZIP writing ([#19383](https://github.com/astral-sh/uv/pull/19383)) - Fix dead "already trimmed" fast-path in `Version::only_release_trimmed` ([#19425](https://github.com/astral-sh/uv/pull/19425)) ##### Bug fixes - Apply workspace-member `[tool.uv.sources]` credentials under `uv sync --frozen` ([#19423](https://github.com/astral-sh/uv/pull/19423)) - Skip empty directories in uv build outputs ([#19437](https://github.com/astral-sh/uv/pull/19437)) - Fix Git submodule handling when using relative paths ([#12156](https://github.com/astral-sh/uv/pull/12156)) - Fix line number reporting in netrc parsing ([#19452](https://github.com/astral-sh/uv/pull/19452)) ##### Documentation - Move Bazel auth helper setup into integration guide ([#19392](https://github.com/astral-sh/uv/pull/19392)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit

2026-05-18 17:02:21 -04:00

chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.15

Build Docker Image / build (pull_request) Successful in 31m19s

Details

Build Docker Image / build (push) Successful in 35s

Details

2b03222136