chore(deps): update dependency astral-sh/uv to v0.11.21

[agntcy-automation]

This PR contains the following updates:

Package	Type	Update	Change	Pending
astral-sh/uv	uses-with	patch	0.11.15 → 0.11.21	0.11.24 (+2)

---

Release Notes

astral-sh/uv (astral-sh/uv)

v0.11.21

Compare Source

Released on 2026-06-11.

Python

• Add CPython 3.13.14 and 3.14.6 (#​19787)

Preview features

• Add environment.root to uv workspace metadata --sync (#​19760)
• Allow uv upgrade to update a single dependency constraint (#​19738)
• Compute and pass uv workspace metadata payload in ty check (#​19763)
• Make packaged applications the default for uv init (#​17841)

Performance

• Add parallel discovery of Python versions for uv python list (#​18684)
• Avoid normalizing source distribution names twice (#​19784)

Bug fixes

• Improve cache robustness and pruning behavior
  • Allow CI cache pruning without an sdist bucket (#​19802)
  • Avoid overflow when reading malformed cache entries (#​19799)
  • Preserve cached Python downloads during cache pruning (#​19795)
  • Reject running inside the cache (#​19659)
• Fix Python discovery and version request edge cases
  • Avoid panics for Unicode Python version requests (#​19797)
  • Fix handling of non-critical errors in uv python list with path requests (#​19774)
  • Fix stop-discovery-at regression (#​19769)
• Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  • Allow trailing commas in version specifiers (#​19806)
  • Avoid panics for invalid UTF-8 URL credentials (#​19800)
  • Avoid panics for malformed source distribution filenames (#​19776)
  • Avoid panics for trailing extra separators (#​19779)
  • Avoid stack overflow for recursive requirements path aliases (#​19777)
  • Ignore reversed string compatible-release markers (#​19782)
  • Reject duplicate entries in conflict sets (#​19801)
  • Reject malformed hash options in requirements files (#​19783)
  • Reject source distribution filenames without a separator (#​19803)
  • Use UTF-8 lengths for requirement errors (#​19781)
  • Use UTF-8 lengths for trailing marker errors (#​19796)
  • Use byte offsets when peeking over requirements (#​19780)
  • Validate GraalPy ABI suffixes (#​19805)
• Improve wheel entry-point error handling and virtual environment activation quoting
  • Propagate errors when reading wheel entry points (#​19794)
  • Quote virtual environment activation paths with shell metacharacters (#​19798)

v0.11.20

Compare Source

Released on 2026-06-10.

Enhancements

• Add --emit-index-url and --emit-find-links to uv export (#​18370)
• Add --find-links support for uv pip list (#​16103)
• Group executable install errors during uv python install (#​19691)
• Use ICF in macOS release builds to reduce binary sizes (#​19615)

Preview features

• Add initial hidden uv upgrade command (#​19678)
• Reject Git revisions in uv upgrade (#​19742)

Configuration

• Recognize UV_NO_INSTALL_PROJECT, UV_NO_INSTALL_WORKSPACE, UV_NO_INSTALL_LOCAL (#​19323)

Performance

• Speed up discovery of large workspaces (#​18311)

Bug fixes

• Allow unknown preview flags with a warning again (#​19669)
• Apply dependency exclusions to direct requirements (#​19699)
• Avoid following external symlinks during cache clean (#​19682)
• Avoid following symlinks during cache prune (#​19543)
• Fix Git cache keys for worktrees and packed refs (#​19706)
• Make resolver error handling iterative to avoid stack overflows (#​19695)
• Pass VIRTUAL_ENV through cygpath inside fish on Windows (#​19703)
• Rebuild explicit local directory tool installs (#​19591)
• Validate egg top-level entries as identifiers (#​19679)

Documentation

• Document --find-links caching behavior (#​19585)
• Add a small section for malware checks (#​19680)

v0.11.19

Compare Source

Released on 2026-06-03.

Python

• Add CPython 3.15.0b2 (#​19531)

Enhancements

• Always compute SHA256 for remote distributions (#​19662)
• Add PyEmscripten platform (PEP 783) (#​19629)
• Add Pyodide 2025 target triple (#​19653)

Preview features

• Make preview features for commands have names that aren't ambiguous with the command (#​19645)
• Respect --isolated in uv check (#​19666)

Bug fixes

• Continue tool uninstall after dangling receipts (#​19623)
• Skip Unix-specific installation steps when cross-installing Windows Python distributions (#​19424)

v0.11.18

Compare Source

Released on 2026-06-01.

Performance

• Fix performance regression in unzip of local wheels (#​19637)

Preview

• Add uv check to run ty from uv (#​19605)

Bug fixes

• Update activation scripts with upstream fixes (#​19628)

Other changes

• Bump MSRV to 1.94 (#​19600)

v0.11.17

Compare Source

Released on 2026-05-28.

Enhancements

• Add a diagnostic for uv add with standard library modules (#​19572)
• Expose uv workspace and its list subcommand in help output (#​19533)
• Improve the "403 forbidden" hint to suggest ignore-error-codes when applicable (#​19521)
• Skip direct URL lock freshness checks while offline (#​19596)
• Add import-names and import-namespaces support to uv-build (PEP 794) (#​19380)
• Add a --no-editable-package flag to various commands (#​19584)
• Infer Python version requests from source trees in uv tool invocations (#​19577)

Preview features

• Add module owners to uv workspace metadata (#​19122)
• Do not allow uv venv --clear to remove non-virtual environments (#​19595)

Bug fixes

• Improve the performance of large entries in tool.uv.conflicts (#​19538)
• Avoid modifying the parent process' env with --env-file in uv run (#​19567)
• Fix script environment creation for scripts with long filenames (#​19539)
• Fix transitive Git archive dependencies in lockfiles (#​19589)
• Preserve Git repository URLs in direct URL metadata (#​19590)
• Support redirects in --check-url (#​19594)
• Accept case-insensitive HTML tags in --find-links parsing (#​19537)
• Reject duplicate script metadata blocks (#​19544)
• Ban names like "python3" as script entry points (#​19535, #​19536)
• Validate Git LFS artifacts for Git archives (#​19592)
• Use a relative path when creating symlinks in cache to improve relocatability (#​19033)

Documentation

• Fix malformed positional anchors in the CLI reference (#​19575)

v0.11.16

Compare Source

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#​10072)
• Adjust hint rendering (#​18090)

Preview features

• uv audit: specialize malformed OSV error (#​19515)
• Reject locked malware installations (#​18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#​19476)

Bug fixes

• Allow environment variables that take a list to be empty (#​19503)
• Ensure that incompatible wheel hints do not leak secrets (#​19504)
• Reject unsafe entry points in uv-build (#​19495)
• Restrict delimiters in entry point parsing (#​19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#​19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#​19475)