chore(deps-dev): Update uv requirement from 0.10.7 to 0.10.9 by dependabot[bot] · Pull Request #1025

chore(deps-dev): Update uv requirement from 0.10.7 to 0.10.9 by dependabot[bot] · Pull Request #1025 · CycloneDX/cyclonedx-python

Updates the requirements on uv to permit the latest version.

Release notes

Sourced from uv's releases.

0.10.9

Release Notes

Released on 2026-03-06.

Enhancements

Add fbgemm-gpu, fbgemm-gpu-genai, torchrec, and torchtune to the PyTorch list (#18338)

Add torchcodec to PyTorch List (#18336)

Log the duration we took before erroring (#18231)

Warn when using uv_build settings without uv_build (#15750)

Add fallback to /usr/lib/os-release on Linux system lookup failure (#18349)

Use cargo auditable to include SBOM in uv builds (#18276)

Configuration

Add an environment variable for UV_VENV_RELOCATABLE (#18331)

Performance

Avoid toml Document overhead (#18306)

Use a single global workspace cache (#18307)

Bug fixes

Continue on trampoline job assignment failures (#18291)

Handle the hard link limit gracefully instead of failing (#17699)

Respect build constraints for workspace members (#18350)

Revalidate editables and other dependencies in scripts (#18328)

Support Python 3.13+ on Android (#18301)

Support cp3-none-any (#17064)

Skip tool environments with broken links to Python on Windows (#17176)

Documentation

Add documentation for common marker values (#18327)

Improve documentation on virtual dependencies (#18346)

Install uv 0.10.9

Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.10.9/uv-installer.sh | sh
Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from uv's changelog.

0.10.9

Released on 2026-03-06.

Enhancements

Add fbgemm-gpu, fbgemm-gpu-genai, torchrec, and torchtune to the PyTorch list (#18338)

Add torchcodec to PyTorch List (#18336)

Log the duration we took before erroring (#18231)

Warn when using uv_build settings without uv_build (#15750)

Add fallback to /usr/lib/os-release on Linux system lookup failure (#18349)

Use cargo auditable to include SBOM in uv builds (#18276)

Configuration

Add an environment variable for UV_VENV_RELOCATABLE (#18331)

Performance

Avoid toml Document overhead (#18306)

Use a single global workspace cache (#18307)

Bug fixes

Continue on trampoline job assignment failures (#18291)

Handle the hard link limit gracefully instead of failing (#17699)

Respect build constraints for workspace members (#18350)

Revalidate editables and other dependencies in scripts (#18328)

Support Python 3.13+ on Android (#18301)

Support cp3-none-any (#17064)

Skip tool environments with broken links to Python on Windows (#17176)

Documentation

Add documentation for common marker values (#18327)

Improve documentation on virtual dependencies (#18346)

0.10.8

Released on 2026-03-03.

Python

Add CPython 3.10.20

Add CPython 3.11.15

Add CPython 3.12.13

Enhancements

... (truncated)

Commits

f675560 Bump version to 0.10.9 (#18357)
8fedd25 Use uv 0.10.8 for internal workflows (#18354)
03b4d8a Use optimized rustfmt step in .pre-commit-config.yaml (#18355)
9345450 Use cargo auditable to include SBOM in uv builds (#18276)
12caaf3 Respect build constraints for workspace members (#18350)
24e9b47 Add fallback to /usr/lib/os-release on Linux (#18349)
7520fe6 Improve documentation on virtual dependencies (#18346)
9dea237 Revalidate editables and other dependencies in scripts (#18328)
a13ba94 Add a development build of aarch64-linux-android to CI (#18333)
bb8970a Add a Termux integration test (#18332)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)