chore(deps): bump uv from 0.10.9 to 0.11.15 by dependabot[bot] · Pull Request #262 · GetStream/stream-py

dependabot · 2026-05-29T21:30:13Z

Bumps uv from 0.10.9 to 0.11.15.

Release notes

0.11.15

Release Notes

Released on 2026-05-18.

Security

Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)

Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)

Add support for Azure request signing (#19421)

Apply stricter validation to all wheel filename segments (#19364)

Reject empty strings as an invalid package name (#19435)

Use structured errors for signing authentication failures (#19422)

Preview

uv audit: Add JSON output (#19305)

Configuration

Respect required-environments in uv pip compile (#19378)

Performance

Avoid parsing JSON manifest when local Python is available (#19398)

Avoid walking nested directories in linker conflict registration (#19382)

Optimize async wheel ZIP writing (#19383)

Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)

Skip empty directories in uv build outputs (#19437)

Fix Git submodule handling when using relative paths (#12156)

Fix line number reporting in netrc parsing (#19452)

Documentation

Move Bazel auth helper setup into integration guide (#19392)

Install uv 0.11.15

Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.15/uv-installer.sh | sh
</tr></table> 

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.15

Released on 2026-05-18.

Security

Fix a TAR parser differential, see GHSA-3cv2-h65g-fgmm (#19463)

Enforce that entry points cannot escape in the scripts directory, see GHSA-4gg8-gxpx-9rph (#19464)

Enhancements

Add TOML v1.1 -> v1.0 backwards compatibility for source distributions (#18741)

Add support for Azure request signing (#19421)

Apply stricter validation to all wheel filename segments (#19364)

Reject empty strings as an invalid package name (#19435)

Use structured errors for signing authentication failures (#19422)

Preview

uv audit: Add JSON output (#19305)

Configuration

Respect required-environments in uv pip compile (#19378)

Performance

Avoid parsing JSON manifest when local Python is available (#19398)

Avoid walking nested directories in linker conflict registration (#19382)

Optimize async wheel ZIP writing (#19383)

Fix dead "already trimmed" fast-path in Version::only_release_trimmed (#19425)

Bug fixes

Apply workspace-member [tool.uv.sources] credentials under uv sync --frozen (#19423)

Skip empty directories in uv build outputs (#19437)

Fix Git submodule handling when using relative paths (#12156)

Fix line number reporting in netrc parsing (#19452)

Documentation

Move Bazel auth helper setup into integration guide (#19392)

0.11.14

Released on 2026-05-12.

Enhancements

Add Astral mirror URL override (#19206)

... (truncated)

Commits

3cffe97 Fix crates.io publish script lockfile (#19473)
de16a7b Bump version to 0.11.15 (#19472)
cf826cc Disable test_simultaneous_create_set_then_move on Linux (#19469)
2d566bc Allow retry of custom-publish-crates separately from announce (#19470)
0588b8f Run release builds on maturin version bumps in CI (#19466)
9a65753 Enforce that entry points cannot escape in the scripts directory (#19464)
d77d849 Revert "Update maturin to v1.13.2 (#19445)" (#19465)
5373e96 Update Rust crate rustls to v0.23.40 (#19250)
fb8d3d4 Update Rust crate rustls-pki-types to v1.14.1 (#19251)
078480d Configure maturin and uv so uv run can be used to work on uv itself (#19461)
Additional commits viewable in compare view

Bumps [uv](https://github.com/astral-sh/uv) from 0.10.9 to 0.11.15. - [Release notes](https://github.com/astral-sh/uv/releases) - [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md) - [Commits](astral-sh/uv@0.10.9...0.11.15) --- updated-dependencies: - dependency-name: uv dependency-version: 0.11.15 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 29, 2026

dependabot Bot had a problem deploying to ci May 29, 2026 21:30 Failure

dependabot Bot mentioned this pull request May 29, 2026

chore(deps): bump uv from 0.10.9 to 0.11.6 #250

Closed

dependabot Bot had a problem deploying to ci May 29, 2026 21:30 Failure

dependabot Bot force-pushed the dependabot/uv/uv-0.11.15 branch from 12d750f to 40930f4 Compare June 1, 2026 10:33

dependabot Bot had a problem deploying to ci June 1, 2026 10:33 Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump uv from 0.10.9 to 0.11.15#262

chore(deps): bump uv from 0.10.9 to 0.11.15#262
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/uv-0.11.15

dependabot Bot commented on behalf of github May 29, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 29, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

0.11.15

Release Notes

Security

Enhancements

Preview

Configuration

Performance

Bug fixes

Documentation

Install uv 0.11.15

Install prebuilt binaries via shell script

0.11.15

Security

Enhancements

Preview

Configuration

Performance

Bug fixes

Documentation

0.11.14

Enhancements

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 29, 2026 •

edited

Loading