Home Original page

chore(deps-dev): Update uv requirement from 0.9.9 to 0.9.13 by dependabot[bot] · Pull Request #1001 · CycloneDX/cyclonedx-python

Updates the requirements on uv to permit the latest version.

Release notes

Sourced from uv's releases.

0.9.13

Release Notes

Released on 2025-11-26.

Bug fixes

  • Revert "Allow --with-requirements to load extensionless inline-metadata scripts" to fix reading of requirements files from streams (#16861)
  • Validate URL wheel tags against Requires-Python and required environments (#16824)

Documentation

  • Drop unpublished crates from the uv crates.io README (#16847)
  • Fix the links to uv in crates.io member READMEs (#16848)

Install uv 0.9.13

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.9.13/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.9.13/uv-installer.ps1 | iex"

Download uv 0.9.13

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
uv-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.9.13

Released on 2025-11-26.

Bug fixes

  • Revert "Allow --with-requirements to load extensionless inline-metadata scripts" to fix reading of requirements files from streams (#16861)
  • Validate URL wheel tags against Requires-Python and required environments (#16824)

Documentation

  • Drop unpublished crates from the uv crates.io README (#16847)
  • Fix the links to uv in crates.io member READMEs (#16848)

0.9.12

Released on 2025-11-24.

Enhancements

  • Allow --with-requirements to load extensionless inline-metadata scripts (#16744)
  • Collect and upload PEP 740 attestations during uv publish (#16731)
  • Prevent uv export from overwriting pyproject.toml (#16745)

Documentation

  • Add a crates.io README for uv (#16809)
  • Add documentation for intermediate Docker layers in a workspace (#16787)
  • Enumerate workspace members in the uv crate README (#16811)
  • Fix documentation links for crates (#16801)
  • Generate a crates.io README for uv workspace members (#16812)
  • Move the "Export" guide to the projects concept section (#16835)
  • Update the cargo install recommendation to use crates (#16800)
  • Use the word "internal" in crate descriptions (#16810)

0.9.11

Released on 2025-11-20.

Python

  • Add CPython 3.15.0a2

See the python-build-standalone release notes for details.

Enhancements

  • Add SBOM support to uv export (#16523)
  • Publish to crates.io (#16770)

... (truncated)

Commits
  • 7ca92dc Bump setup-uv action to v7 in docs (#16858)
  • 735b870 Bump version to 0.9.13 (#16862)
  • ca62066 Revert "Allow --with-requirements to load extensionless inline-metadata scr...
  • 4d747f6 Avoid eagerly reading input streams in -r (#16857)
  • 4bb219f Fix uv pip install -r /dev/stdin (#16855)
  • bfdee80 Validate URL wheel tags against Requires-Python and required environments (...
  • 17c1061 Fix the links to uv in crates.io member READMEs (#16848)
  • d735e27 Drop unpublished crates from the uv crates.io README (#16847)
  • 0fb1233 Bump version to 0.9.12 (#16840)
  • 7b3199f Collect and upload PEP 740 attestations during uv publish (#16731)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)