Skip to content

chore(deps): bump uv 0.9.9 → 0.11.26 (mise pinned)#165

Open
toshke wants to merge 1 commit into
developfrom
chore/uv-upgrade-0.11.26
Open

chore(deps): bump uv 0.9.9 → 0.11.26 (mise pinned)#165
toshke wants to merge 1 commit into
developfrom
chore/uv-upgrade-0.11.26

Conversation

@toshke

@toshke toshke commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Upgrades uv from 0.9.9 to 0.11.26 in mise configuration.

Why 0.11.26?

uv 0.11.x introduces native dependency cooldown via [tool.uv] exclude-newer. This resolver setting blocks packages published to PyPI within the last N days, protecting against supply-chain attacks before they reach your lockfile.

How to enable cooldown (optional follow-up)

In pyproject.toml:

[tool.uv]
exclude-newer = "7 days"

Exempt private indexes so internal releases are never blocked:

[[tool.uv.index]]
name = "uptick"
url = "https://pypi.uptick.com.au/..."
exclude-newer = false

Also add to renovate.json to gate automated PRs on the same window:

{ "minimumReleaseAge": "7 days" }

This PR

Only bumps the uv binary in mise. No lock file changes — mise manages the uv binary separately from Python packages. Run mise install to pull the new binary.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@toshke toshke requested a review from BradMclain as a code owner July 1, 2026 07:32
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Docker Images

Commit: ec75e4603a6c5a7e5219f775e85e5ff6e44dafd8

Tag
610829907584.dkr.ecr.ap-southeast-2.amazonaws.com/gitops:test-ec75e46

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant