fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	Pending	Age	Confidence
astral-sh/setup-uv	action	minor	v8.1.0 → v8.2.0
datamodel-code-generator	dependency-groups	minor	>=0.59.0 → >=0.64.0	0.65.0 (+1)
docling (changelog)	project.dependencies	minor	>=2.96.1 → >=2.102.2	2.106.0 (+3)
github/codeql-action	action	patch	v4.36.0 → v4.36.2
ibm-watsonx-ai (changelog)	project.optional-dependencies	patch	>=1.5.12 → >=1.5.13	1.5.14
ipython	dependency-groups	patch	>=9.14.0 → >=9.14.1
pyright	dependency-groups	patch	>=1.1.409 → >=1.1.410
pytest (changelog)	dependency-groups	minor	>=9.0.3 → >=9.1.0	9.1.1
ruff (source, changelog)	dependency-groups	patch	>=0.15.15 → >=0.15.17	0.15.18
tox (changelog)	dependency-groups	patch	>=4.55.0 → >=4.55.1
tqdm (changelog)	project.dependencies	minor	>=4.67.3 → >=4.68.2	4.68.3
types-tqdm (changelog)	dependency-groups	minor	>=4.67.3.20260518 → >=4.68.0.20260608
uv_build (source, changelog)	build-system.requires	patch	>=0.11.17,<0.11.18 → >=0.11.21,<0.11.22	0.11.23 (+1)

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

astral-sh/setup-uv (astral-sh/setup-uv)

v8.2.0: 🌈 New inputs quiet and download-from-astral-mirror

Compare Source

Changes

This release brings two new inputs and a few bug fixes.

New inputs

Lets talk about the new inputs first.

quiet

Pretty simple. It turns of all info loggings. Useful if you use this in a composite action and are not interested in all the details.
In the upcoming releases we will add log groups to fully implement support for "less noise"

[!NOTE]
Warnings and errors are always logged.

download-from-astral-mirror

In some cases you may want to directly use the fallback of checking for available versions and downloading releases from GitHub instead of using the astral.sh mirror. Setting download-from-astral-mirror: false allows you to do that.

Bugfixes

When using the astral.sh mirror to query available versions and download releases (done by default) we now stop sending the GitHub token in the header. The mirror never looked at it but we shouldn't be handing out that data even if it is just a short lived token.
All other bugfixes try to limit the impact of failed GitHub queries due to retries and other faults.

We couldn't pinpoint all rootcauses yet but added more logging for error cases to track them down.

🐛 Bug fixes

• fix: report unexpected cache save failures @​eifinger (#​896)
• fix: report unexpected setup failures @​eifinger (#​895)
• fix: add timeout to fetch to prevent silent hangs @​eifinger-bot (#​883)
• Limit GitHub tokens to github.com download URLs @​zsol (#​878)
• increase libuv-workaround timeout to 100ms @​eifinger (#​880)

🚀 Enhancements

• Add quiet input to suppress info-level log output @​eifinger (#​898)
• feat: add download-from-astral-mirror input @​eifinger (#​897)

🧰 Maintenance

• docs: update dependabot rollup biome guidance @​eifinger (#​902)
• chore: update known checksums for 0.11.18 @​github-actions[bot] (#​899)
• chore: update known checksums for 0.11.17 @​github-actions[bot] (#​892)
• chore: update known checksums for 0.11.16 @​github-actions[bot] (#​889)
• chore: update known checksums for 0.11.15 @​github-actions[bot] (#​885)
• chore: update known checksums for 0.11.14 @​github-actions[bot] (#​879)
• chore: update known checksums for 0.11.13 @​github-actions[bot] (#​877)
• chore: update known checksums for 0.11.12 @​github-actions[bot] (#​876)
• chore: update known checksums for 0.11.11 @​github-actions[bot] (#​873)
• chore: update known checksums for 0.11.9/0.11.10 @​github-actions[bot] (#​871)
• chore: update known checksums for 0.11.8 @​github-actions[bot] (#​867)
• Bump setup-uv references to v8.1.0 SHA in docs @​eifinger (#​862)
• Add update-docs.yml workflow @​eifinger (#​861)

⬆️ Dependency updates

• chore(deps): roll up dependabot updates @​eifinger (#​903)
• chore(deps): roll up dependabot updates @​eifinger (#​901)
• chore(deps): bump release-drafter/release-drafter from 7.3.0 to 7.3.1 @​dependabot[bot] (#​900)
• chore(deps): bump eifinger/actionlint-action from 1.10.1 to 1.10.2 @​dependabot[bot] (#​842)
• chore(deps): bump github/codeql-action from 4.35.4 to 4.36.0 @​dependabot[bot] (#​893)
• chore(deps): bump zizmorcore/zizmor-action from 0.5.5 to 0.5.6 @​dependabot[bot] (#​891)
• chore(deps): bump release-drafter/release-drafter from 7.2.0 to 7.3.0 @​dependabot[bot] (#​884)
• chore(deps): bump zizmorcore/zizmor-action from 0.5.3 to 0.5.5 @​dependabot[bot] (#​888)
• chore(deps): bump github/codeql-action from 4.35.3 to 4.35.4 @​dependabot[bot] (#​881)
• chore(deps): bump github/codeql-action from 4.32.2 to 4.35.3 @​dependabot[bot] (#​875)
• chore(deps): bump actions/setup-node from 6.3.0 to 6.4.0 @​dependabot[bot] (#​866)
• chore(deps): bump zizmorcore/zizmor-action from 0.5.2 to 0.5.3 @​dependabot[bot] (#​864)
• chore(deps): bump peter-evans/create-pull-request from 8.1.0 to 8.1.1 @​dependabot[bot] (#​863)

koxudaxi/datamodel-code-generator (datamodel-code-generator)

v0.64.0

Compare Source

v0.63.0

Compare Source

v0.62.0

Compare Source

v0.61.0

Compare Source

docling-project/docling (docling)

v2.102.2

Compare Source

Fix

• service: Make presigned_url target default on service client, handle HTTP download errors correctly (#​3609) (75733f6)
• jats: Preserve structured abstract sections (#​3584) (0db276d)
• Allow newer typer versions (#​3594) (de0c55a)
• Approved API fix for doclang in docling/pipeline/vlm_pipeline.py (#​3591) (e1ae136)

Documentation

• Add API server usage pages (#​3596) (ef9bb95)

v2.102.1

Compare Source

Fix

• service: Defaults for image_export_mode (#​3595) (2d2e3dc)

v2.102.0

Compare Source

Feature

• service: Retrieve convert()/convert_all() results via presigned artifacts (#​3578) (521e86b)

v2.101.0

Compare Source

Feature

• service: Add explicit generate_page_images control in ConvertDocumentsOptions (#​3574) (1b80839)

Fix

• Update _DocumentConversionInput to avoid construction with too large HTTP inputs (#​3577) (2288658)

v2.100.0

Compare Source

Feature

• Add DocLang backend (#​3573) (7c37732)
• Add EPUB document backend with full conversion support (#​3571) (bffe900)

Fix

• Expose CLI entry points when installing docling meta-package (#​3572) (c5fa6e3)
• Propagate the orientation of the TableData (#​3570) (b108ca8)

v2.99.0

Compare Source

Feature

• service: Add S3Coordinates.max_num_elements (#​3565) (d3159d7)
• service: Proper failure mode handling and user-interpretable error output (#​3554) (057241c)

Fix

• Ensure backward compatibility of service data models to previous serve/jobkit versions (#​3563) (271d3c7)
• msword: Detect lists when numbering is defined in paragraph styles (#​3552) (8c61a78)

Documentation

• Polish OCR documentation wording (#​3559) (dbae180)
• Fix rendering for Code & Formula enrichment example (#​3558) (dca008c)

github/codeql-action (github/codeql-action)

v4.36.2

Compare Source

• Cache CodeQL CLI version information across Actions steps. #​3943
• Reduce requests while waiting for analysis processing by using exponential backoff when polling SARIF processing status. #​3937
• Update default CodeQL bundle version to 2.25.6. #​3948

v4.36.1

Compare Source

No user facing changes.

RobertCraigie/pyright-python (pyright)

v1.1.410

Compare Source

pytest-dev/pytest (pytest)

v9.1.0

Compare Source

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #​14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested:
  When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration).
  Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module.
  This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #​10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #​12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #​13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration,
  leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times,
  using class-level parametrize decorators,
  or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #​13946: The private config.inicfg attribute is now deprecated.
  Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #​14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

  Use the node parameter instead for fixture scoping. This enables more robust node-based
  matching instead of string prefix matching.
  If you've used nodeid=None, pass node=session instead.

  This will be removed in pytest 10.

• #​14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10.
  See hook-markers for more details.

• #​14434: The --pastebin option is now deprecated.
  The same functionality is now available in an external plugin, pytest-pastebin.
  See pastebin-deprecated for more details.

• #​14513: The private FixtureDef.has_location attribute is now deprecated and will be removed in pytest 10.
  See fixturedef-has-location-deprecated for details.

• #​1764: pytest.console_main is now deprecated and will be removed in pytest 10.
  It was never intended for programmatic use; use pytest.main instead.

New features

• #​12376: Added pytest.register_fixture() to register fixtures using an imperative interface.

  This is an advanced function intended for use by plugins.

  Normally, fixtures should be registered declaratively using the @pytest.fixture <pytest.fixture> decorator.
  Pytest looks for these fixture definitions during the collection phase and registers them automatically.
  For some plugin usecases the declarative interface can be cumbersome or unviable, in which case this imperative interface can be used.

• #​14023: Added --report-chars long CLI option.

• #​14371: Added --max-warnings command-line option and max_warnings configuration option to fail the test run when the number of warnings exceeds a given threshold -- by miketheman.

• #​6757: Added the assertion_text_diff_style configuration option, allowing
  string equality failures to be rendered as separate Left: and Right:
  blocks instead of ndiff output.

• #​8395: Added support for ~datetime.datetime and ~datetime.timedelta comparisons with pytest.approx. An explicit abs or rel tolerance as a ~datetime.timedelta is required and relative tolerance is not supported for datetime comparisons -- by hamza-mobeen.

Improvements in existing functionality

• #​11225: pytest.warns now shows "Regex pattern did not match" instead of "DID NOT WARN" when warnings were emitted but the match pattern did not match.

• #​11295: Improved output of --fixtures-per-test by excluding internal-implementation fixtures generated by @pytest.mark.parametrize and similar.

• #​13241: pytest.raises, pytest.warns and pytest.deprecated_call now uses ParamSpec for the type hint to the (old and not recommended) callable overload, instead of Any. This allows type checkers to raise errors when passing incorrect function parameters.
  func can now also be passed as a kwarg, which the type hint previously showed as possible but didn't accept.

• #​13862: Improved the readability of "DID NOT RAISE" error messages by using the exception type's name instead of its repr.

• #​14026: Added test coverage for compiled regex patterns in pytest.raises match parameter.

• #​14137: pytest.ScopeName is now public to allow using it in function signatures.

• #​14342: Marked yield_fixture as deprecated to type checkers using the deprecated decorator. Note it
  has originally been deprecated <yield-fixture-deprecated> in pytest 6.2 already.

• #​14373: Added type annotations for pytest.approx.

• #​14430: When using --setup-show, a space is now printed after the test name (and possibly used fixtures), to separate it from the test result.

• #​14441: Reduced the default number of gc.collect() passes in the unraisableexception plugin from 5 to 1 on CPython, where reference counting makes a single pass sufficient. PyPy retains 5 passes due to object resurrection via __del__. This can noticeably speed up test suites that trigger many pytester runs.

• #​14461: Improved assertion failure explanations for equality comparisons between mapping objects that are not dict instances.

• #​14513: The order in which fixture definitions overriding each other are resolved is now determined first by their visibility in the collection tree rather than by the order in which they are registered.

  A fixture defined for a more specific node (e.g. a module or an item) now always takes precedence over one with the same name defined for a more general node (e.g. the session), even when the more general one was registered later.
  Fixtures with non-comparable visibility or the same visibility keep the existing behavior of "last registered wins".
  This change is supposed to only affect plugins which register multiple fixtures programmatically with the same name.

• #​14524: Add official Python 3.15 support.

• #​1764: Improved argparse program name to show pytest, python -m pytest, or pytest.main() based on how pytest was invoked, making help and error messages clearer.

• #​8265: Emit a PytestCollectionWarning when a module-level __getattr__ returns None for pytestmark instead of raising AttributeError.

  Previously this caused a cryptic TypeError: got None instead of Mark error.
  Now pytest issues a helpful warning and continues collecting the module normally.

Bug fixes

• #​13192: Fixed | (pipe) not being treated as a regex meta-character that needs escaping in pytest.raises(match=...) <pytest.raises>.

• #​13484: Fixed -W option values being duplicated in Config.known_args_namespace.

• #​13626: Fixed function-scoped fixture values being kept alive after a test was interrupted by KeyboardInterrupt or early exit,
  allowing them to potentially be released more promptly.

• #​13784: Fixed capteesys producing doubled output when used with --capture=no (-s).

• #​13817: Fixed a secondary AttributeError masking the original error when an option argument fails to initialize.

• #​13884: Fixed rare internal IndexError caused by builtins.compile being overridden in client code.

• #​13885: Fixed autouse fixtures defined inside a unittest.TestCase class running even when the class is decorated with unittest.skip or unittest.skipIf -- regression since pytest 8.1.0.

• #​13917: unittest.SkipTest is no longer considered an interactive exception, i.e. pytest_exception_interact is no longer called for it.

• #​13963: Fixed subtests running with pytest-xdist when their contexts contain objects that are not JSON-serializable.

  Fixes pytest-dev/pytest-xdist#1273.

• #​14004: Fixed conftest.py fixture scoping when testpaths points outside of the rootdir <rootdir>.

  Previously, fixtures from nested conftest.py files would incorrectly leak to sibling directories
  when using a relative testpaths like ../tests/sdk.

  Conftest fixtures are now parsed during Directory <pytest.Directory> collection, using the Directory node for proper scoping.

• #​14050: Display dictionary differences in assertion failures using the original key insertion order instead of sorted order.

• #​14080: fix missing type annotations on Pytester.makepyfile and Pytester.maketxtfile methods.

• #​14114: An exception from pytest_fixture_post_finalizer no longer prevents fixtures from being torn down, causing additional errors in the following tests.

• #​14161: Fixed monkeypatch.setattr() <pytest.MonkeyPatch.setattr> leaving a stale entry on the undo stack when the underlying setattr() call fails (e.g. on immutable targets), causing an AttributeError crash during teardown.

• #​14214: Fixed -v hint in pytest.raises match diff not working because assertion verbosity was not propagated.

• #​14234: Allow pytest.HIDDEN_PARAM <hidden-param> in @pytest.mark.parametrize(ids=...) <pytest.mark.parametrize ref> typing.

• #​14248: Fixed direct parametrization causing the static fixture closure (as reflected in request.fixturenames <pytest.FixtureRequest.fixturenames>) to omit fixtures that are requested transitively from overridden fixtures.

• #​14263: Unraisable exceptions from finalizers are now collected during pytest_unconfigure, before pytest tears down the warning filters installed for the session. Previously the collection ran from a cleanup callback whose order relative to other plugins' cleanups was not guaranteed, so an active error filter could be removed before the exception surfaced and a late resource leak would pass silently. A -W error filter, or any filter matching pytest.PytestUnraisableExceptionWarning, now promotes these exceptions to failures regardless of plugin cleanup order.

• #​14377: Fixed crash in Config.get_terminal_writer when an assertion fails with the terminalreporter plugin disabled.

• #​14381: Fixed -V (short form of --version) to properly display the current version.

• #​14389: Improved pytest.raises(..., match=...) <pytest.raises> failures to suppress the mismatched exception as a cause of the resulting AssertionError.

• #​14392: Fixed a bug in pytest.raises(match=...) <pytest.raises> "fully escaped" detection, causing the regex diff display to be shown in some instances when the raw string diff display should be shown instead.

• #​14442: Fixed a regression in pytest 9.0 where --strict-markers and --strict-config specified through addopts were silently ignored.

  Note that when targeting pytest >= 9.0, it's nicer to use strict_markers and strict_config, or strict mode <strict mode>.

• #​14456: Fixed pytest.approx not recognizing types with __array_interface__ as numpy-like arrays.

• #​14474: Fixed a regression where -k and -m expressions containing both backslash characters in identifiers and string literal arguments would incorrectly raise a SyntaxError about escaping.

• #​14483: Fixed JUnit XML report incorrectly escaping high Unicode codepoints (supplementary plane characters like emoji) in test failure messages. -- by EternalRights

• #​14492: Fixed Code.getargs() incorrectly including local variable names in the returned argument tuple for functions with *args and/or **kwargs. The method was using co_flags bitmask values (4 and 8) directly as counts instead of converting them to 1 via bool(), and was not accounting for co_kwonlyargcount when var=True.

• #​3697: Logging capture now works for non-propagating loggers.
  Previously only logs which reached the root logger were captured.
  This includes caplog and the "Captured log calls" test reporting.

• #​3850: Fixed JUnit XML report: the tests attribute of the <testsuite> element now always matches the number of <testcase> elements in the file. In some cases (test passes but fails during teardown) the tests attribute would report an incorrect number of testcases in the XML file.

• #​5848: pytest_fixture_post_finalizer is no longer called extra times for the same fixture teardown in some cases.

• #​719: Fixed @pytest.mark.parametrize <pytest.mark.parametrize ref> not unpacking single-element tuple values when using a string argnames with a trailing comma (e.g., "arg,").

  The trailing comma form now correctly behaves like the tuple form ("arg",), treating argvalues as a list of tuples to unpack.

Improved documentation

• #​11022: Document safer alternatives and scope guidance for monkeypatching standard library functions.
• #​11307: Document that @pytest.hookimpl(specname=...) only works for function names starting with pytest_.
• #​13038: Document that doctests do not support parametrized fixtures, including parametrized autouse fixtures.
• #​13155: Clarified how the request fixture provides indirect parametrization values via request.param.
• #​13304: Clarified in the documentation that hook implementations defined in conftest.py files are not available to other plugins during their pytest_addoption() execution, as conftest files are discovered and loaded after builtin and third-party plugins have been initialized. However, initial conftest files themselves can implement pytest_addoption() to add their own command-line options.
• #​13902: Clarified how subtest progress markers are shown in the documentation.
• #​14012: The ini options ref section of the API Reference now specified the type and default value of every configuration option.
• #​14148: Documented a safe pytestconfig.cache access pattern when the
  cacheprovider plugin is disabled.
• #​14303: The documentation is now built with Sphinx >= 9.
• #​14465: Updated the hooks how-to page to link the newhooks.py file in pytest-xdist at tag v3.8.0 instead of an unrelated 2017-era commit under the old layout. Pointing at a tag keeps the example in sync with the version users actually install, while remaining stable when the project's main branch moves on.

Miscellaneous internal changes

• #​14582: Improved the recursion traceback test to exercise all requested traceback styles.

astral-sh/ruff (ruff)

v0.15.17

Compare Source

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#​25614)
• Fix handling of ignore comments within a disable/enable pair (#​25845)
• Prioritize human-readable names in CLI output (#​25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#​25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#​25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#​25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#​25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#​23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#​25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#​25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#​25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#​25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#​25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#​25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#​25641)

CLI

• Allow rule names in ruff rule (#​25640)

Other changes

• Fix playground diagnostics scrollbars (#​25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm
• @​ntBre
• @​11happy
• @​Kilo59
• @​oconnor663
• @​LeonidasZhak
• @​DavisVaughan
• @​MeGaGiGaGon
• @​jonathandung
• @​MichaReiser
• @​brianmego

tqdm/tqdm (tqdm)

v4.68.2

Compare Source

v4.68.1

Compare Source

v4.68.0

Compare Source

astral-sh/uv (uv_build)

v0.11.21

Compare Source

Released on 2026-06-11.

Python

• Add CPython 3.13.14 and 3.14.6 (#​19787)

Preview features

• Add environment.root to uv workspace metadata --sync (#​19760)
• Allow uv upgrade to update a single dependency constraint (#​19738)
• Compute and pass uv workspace metadata payload in ty check (#​19763)
• Make packaged applications the default for uv init (#​17841)

Performance

• Add parallel discovery of Python versions for uv python list (#​18684)
• Avoid normalizing source distribution names twice (#​19784)

Bug fixes

• Improve cache robustness and pruning behavior
  • Allow CI cache pruning without an sdist bucket (#​19802)
  • Avoid overflow when reading malformed cache entries (#​19799)
  • Preserve cached Python downloads during cache pruning (#​19795)
  • Reject running inside the cache (#​19659)
• Fix Python discovery and version request edge cases
  • Avoid panics for Unicode Python version requests (#​19797)
  • Fix handling of non-critical errors in uv python list with path requests (#​19774)
  • Fix stop-discovery-at regression (#​19769)
• Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  • Allow trailing commas in version specifiers (#​19806)
  • Avoid panics for invalid UTF-8 URL credentials (#​19800)
  • Avoid panics for malformed source distribution filenames (#​19776)
  • Avoid panics for trailing extra separators (#​19779)
  • Avoid stack overflow for recursive requirements path aliases (#​19777)
  • Ignore reversed string compatible-release markers (#​19782)
  • Reject duplicate entries in conflict sets (#​19801)
  • Reject malformed hash options in requirements files (#​19783)
  • Reject source distribution filenames without a separator (#​19803)
  • Use UTF-8 lengths for requirement errors (#​19781)
  • Use UTF-8 lengths for trailing marker errors (#​19796)
  • Use byte offsets when peeking over requirements (#​19780)
  • Validate GraalPy ABI suffixes (#​19805)
• Improve wheel entry-point error handling and virtual environment activation quoting
  • Propagate errors when reading wheel entry points (#​19794)
  • Quote virtual environment activation paths with shell metacharacters (#​19798)

v0.11.20

Compare Source

Released on 2026-06-10.

Enhancements

• Add --emit-index-url and --emit-find-links to uv export (#​18370)
• Add --find-links support for uv pip list (#​16103)
• Group executable install errors during uv python install (#​19691)
• Use ICF in macOS release builds to reduce binary sizes (#​19615)

Preview features

• Add initial hidden uv upgrade command (#​19678)
• Reject Git revisions in uv upgrade (#​19742)

Configuration

• Recognize UV_NO_INSTALL_PROJECT, UV_NO_INSTALL_WORKSPACE, UV_NO_INSTALL_LOCAL (#​19323)

Performance

• Speed up discovery of large workspaces (#​18311)

Bug fixes

• Allow unknown preview flags with a warning again (#​19669)
• Apply dependency exclusions to direct requirements (#​19699)
• Avoid following external symlinks during cache clean (#​19682)
• Avoid following symlinks during cache prune (#​19543)
• Fix Git cache keys for worktrees and packed refs (#​19706)
• Make resolver error handling iterative to avoid stack overflows (#​19695)
• Pass VIRTUAL_ENV through cygpath inside fish on Windows (#​19703)
• Rebuild explicit local directory tool installs (#​19591)
• Validate egg top-level entries as identifiers (#​19679)

Documentation

• Document --find-links caching behavior (#​19585)
• Add a small section for malware checks (#​19680)

v0.11.19

Compare Source

Released on 2026-06-03.

Python

• Add CPython 3.15.0b2 (#​19531)

Enhancements

• Always compute SHA256 for remote distributions (#​19662)
• Add PyEmscripten platform (PEP 783) (#​19629)
• Add Pyodide 2025 target triple (#​19653)

Preview features

• Make preview features for commands have names that aren't ambiguous with the command (#​19645)
• Respect --isolated in uv check (#​19666)

Bug fixes

• Continue tool uninstall after dangling receipts (#​19623)
• Skip Unix-specific installation steps when cross-installing Windows Python distributions (#​19424)

v0.11.18

Compare Source

Released on 2026-06-01.

Performance

• Fix performance regression in unzip of local wheels (#​19637)

Preview

• Add uv check to run ty from uv (#​19605)

Bug fixes

• Update activation scripts with upstream fixes (#​19628)

Other changes

• Bump MSRV to 1.94 (#​19600)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Only on Sunday and Saturday (* * * * 0,6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pyproject.toml

Artifact update for docling resolved to version 2.105.0, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 2.102.2
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for tqdm resolved to version 4.68.3, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 4.68.2
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for datamodel-code-generator resolved to version 0.65.0, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.64.0
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for pytest resolved to version 9.1.1, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 9.1.0
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for ruff resolved to version 0.15.18, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 0.15.17
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for ibm-watsonx-ai resolved to version 1.5.14, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 1.5.13
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/