chore(deps-dev): Update uv requirement from 0.9.13 to 0.9.28 by dependabot[bot] · Pull Request #1017

chore(deps-dev): Update uv requirement from 0.9.13 to 0.9.28 by dependabot[bot] · Pull Request #1017 · CycloneDX/cyclonedx-python

Updates the requirements on uv to permit the latest version.

Release notes

Sourced from uv's releases.

0.9.28

Release Notes

Released on 2026-01-29.

Python

Update CPython to use OpenSSL 3.5.5 which includes fixes for high severity CVEs (python-build-standalone#960)

Enhancements

Add support for Pyodide interpreter on Windows (#17658)

Warn if multiple indexes include default = true (#17713)

Skip uploads when validation reports 'Already uploaded' (#17412)

Configuration

Add a reflink alias for the "clone" link mode (#17724)

Bug fixes

Ensure uv.exe exits when uvw.exe or uvx.exe is killed (#17500)

Install uv 0.9.28

Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.9.28/uv-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.9.28/uv-installer.ps1 | iex"
Download uv 0.9.28

File Platform Checksum

uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum

uv-x86_64-apple-darwin.tar.gz Intel macOS checksum

uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum

uv-i686-pc-windows-msvc.zip x86 Windows checksum

uv-x86_64-pc-windows-msvc.zip x64 Windows checksum

uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum

uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

uv-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum

uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.9.28

Released on 2026-01-29.

Python

Update CPython to use OpenSSL 3.5.5 which includes fixes for high severity CVEs (python-build-standalone#960)

Enhancements

Add support for Pyodide interpreter on Windows (#17658)

Warn if multiple indexes include default = true (#17713)

Skip uploads when validation reports 'Already uploaded' (#17412)

Configuration

Add a reflink alias for the "clone" link mode (#17724)

Bug fixes

Ensure uv.exe exits when uvw.exe or uvx.exe is killed (#17500)

0.9.27

Released on 2026-01-26.

Python

Upgrade Pyodide to 0.29.2 (#17652)

Upgrade to GraalPy 25.0.2 (#17634)

Enhancements

Add -t shortform for --target to uv pip subcommands (#17501)

Add support for ROCm 7.0 and 7.1 accelerator backends (#17681)

Further improve free-threading ABI incompatibility errors (#17491)

Implement uv pip freeze --exclude flag (#17045)

Improve warnings for --system and --no-system in uv venv (#17647)

Make uv pip compile attempt to download a specified --python-version if it can. (#17249)

Support Trusted Publishing with pyx (#17438)

Fix JSON schema for exclude-newer-package (#17665)

Preview features

Better detection for conflicting packages (#17623)

Upgrade based on outdated build versions in uv python upgrade (#17653)

Bug fixes

Change chocolatey system test to ensure uv uses the right python (#17533)

... (truncated)

Commits

0e1351e Bump version to 0.9.28 (#17738)
29b59d6 Add a workflow to publish versions to another repository (#17648)
1b4407f Ensure uv.exe exits when uvw.exe or uvx.exe is killed (#17500)
b273747 Warn if multiple indexes include default = true (#17713)
583414f Add a reflink alias for the "clone" link mode (#17724)
c377edc Sync latest Python releases (#17726)
3a5c343 Skip uploads when validation reports 'Already uploaded' (#17412)
b73f6cb Update debian Docker tag to v13 (#17695)
e007d3f Require fs-err 3.2.2 (for File::set_modified) (#17718)
2183c3f Use Rust 1.91 features Duration::from_mins and Path::with_added_extension...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)