chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25 #50

Merged
mehalter merged 1 commit from renovate/ghcr.io-astral-sh-uv-0.x into main 2026-06-29 22:29:28 -04:00
Collaborator

This PR contains the following updates:

Package Type Update Change
ghcr.io/astral-sh/uv patch 0.11.240.11.25
ghcr.io/astral-sh/uv stage patch 0.11.24-python3.14-trixie0.11.25-python3.14-trixie

Release Notes

astral-sh/uv (ghcr.io/astral-sh/uv)

v0.11.25

Compare Source

Released on 2026-06-26.

Security

This release updates our tar library, astral-tokio-tar, to v0.6.3, which includes over 20 changes that harden our tar handling against parser differentials. uv may reject source distributions with malformed or ambiguous content that were previously accepted.

See the upstream commits for a full list of changes.

Enhancements
  • Add a full "lockfile" to tool receipts (#​18937)
  • Allow scoped overrides to add dependencies (#​19974)
  • Avoid writing redundant lockfile markers with tool.uv.environments (#​19933)
  • Factor supported environments out of lockfile markers (#​19969)
  • Recommend our own build backend in the build frontend (#​19994)
  • Reject wheels with multiple .dist-info directories (#​19986)
  • Simplify dependency markers under parent reachability (#​19971)
  • Support scoped dependency exclusions (#​19977)
  • Support scoped dependency overrides (#​19970)
  • Explain why files are skipped in registry index parsing (#​19983)
Preview features
  • Add uv workspace list --scripts (#​20009)
  • Support centralised environments in uv venv (#​19912)
  • Use locked ty versions in uv check (#​19884)
  • Add centralized storage of project environments (#​18214)
  • Verify lockfile hashes before reusing a cached ty in uv check (#​19995)
  • Use locked dependency selection for uv check --script (#​19989)
Bug fixes
  • Preserve standalone markers in workspace metadata (#​20011)
  • Reject uv build if the cache dir is enclosed (#​19991)

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [ghcr.io/astral-sh/uv](https://github.com/astral-sh/uv) | | patch | `0.11.24` → `0.11.25` | | [ghcr.io/astral-sh/uv](https://github.com/astral-sh/uv) | stage | patch | `0.11.24-python3.14-trixie` → `0.11.25-python3.14-trixie` | --- ### Release Notes <details> <summary>astral-sh/uv (ghcr.io/astral-sh/uv)</summary> ### [`v0.11.25`](https://github.com/astral-sh/uv/blob/HEAD/CHANGELOG.md#01125) [Compare Source](https://github.com/astral-sh/uv/compare/0.11.24...0.11.25) Released on 2026-06-26. ##### Security This release updates our tar library, [astral-tokio-tar](https://github.com/astral-sh/tokio-tar), to v0.6.3, which includes over 20 changes that harden our tar handling against [parser differentials](https://www.brainonfire.net/blog/2022/04/11/what-is-parser-mismatch/). uv may reject source distributions with malformed or ambiguous content that were previously accepted. See the [upstream commits](https://github.com/astral-sh/tokio-tar/compare/v0.6.2...v0.6.3) for a full list of changes. ##### Enhancements - Add a full "lockfile" to tool receipts ([#&#8203;18937](https://github.com/astral-sh/uv/pull/18937)) - Allow scoped overrides to add dependencies ([#&#8203;19974](https://github.com/astral-sh/uv/pull/19974)) - Avoid writing redundant lockfile markers with `tool.uv.environments` ([#&#8203;19933](https://github.com/astral-sh/uv/pull/19933)) - Factor supported environments out of lockfile markers ([#&#8203;19969](https://github.com/astral-sh/uv/pull/19969)) - Recommend our own build backend in the build frontend ([#&#8203;19994](https://github.com/astral-sh/uv/pull/19994)) - Reject wheels with multiple .dist-info directories ([#&#8203;19986](https://github.com/astral-sh/uv/pull/19986)) - Simplify dependency markers under parent reachability ([#&#8203;19971](https://github.com/astral-sh/uv/pull/19971)) - Support scoped dependency exclusions ([#&#8203;19977](https://github.com/astral-sh/uv/pull/19977)) - Support scoped dependency overrides ([#&#8203;19970](https://github.com/astral-sh/uv/pull/19970)) - Explain why files are skipped in registry index parsing ([#&#8203;19983](https://github.com/astral-sh/uv/pull/19983)) ##### Preview features - Add `uv workspace list --scripts` ([#&#8203;20009](https://github.com/astral-sh/uv/pull/20009)) - Support centralised environments in `uv venv` ([#&#8203;19912](https://github.com/astral-sh/uv/pull/19912)) - Use locked ty versions in `uv check` ([#&#8203;19884](https://github.com/astral-sh/uv/pull/19884)) - Add centralized storage of project environments ([#&#8203;18214](https://github.com/astral-sh/uv/pull/18214)) - Verify lockfile hashes before reusing a cached ty in `uv check` ([#&#8203;19995](https://github.com/astral-sh/uv/pull/19995)) - Use locked dependency selection for `uv check --script` ([#&#8203;19989](https://github.com/astral-sh/uv/pull/19989)) ##### Bug fixes - Preserve standalone markers in workspace metadata ([#&#8203;20011](https://github.com/astral-sh/uv/pull/20011)) - Reject `uv build` if the cache dir is enclosed ([#&#8203;19991](https://github.com/astral-sh/uv/pull/19991)) </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDkuNSIsInVwZGF0ZWRJblZlciI6IjQzLjEwOS41IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->
chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.11.25
All checks were successful
Build Docker Image / build (pull_request) Successful in 48m8s
25f05a9899
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
mehalter/hermes-agent-docker!50
No description provided.