chore(deps-dev): Update uv requirement from 0.7.4 to 0.7.8 by dependabot[bot] · Pull Request #902

chore(deps-dev): Update uv requirement from 0.7.4 to 0.7.8 by dependabot[bot] · Pull Request #902 · CycloneDX/cyclonedx-python

Updates the requirements on uv to permit the latest version.

Release notes

Sourced from uv's releases.

0.7.8

Release Notes

Python

We are reverting most of our Python changes from uv 0.7.6 and uv 0.7.7 due to a miscompilation that makes the Python interpreter behave incorrectly, resulting in spurious type-errors involving str. This issue seems to be isolated to x86_64 Linux, and affected at least Python 3.12, 3.13, and 3.14.

The following changes that were introduced in those versions of uv are temporarily being reverted while we test and deploy a proper fix for the miscompilation:

Add Python 3.14 on musl

free-threaded Python on musl

Add Python 3.14.0a7

Statically link libpython into the interpreter on Linux for a significant performance boost

See the issue for details.

Documentation

Remove misleading line in pin documentation (#13611)

Install uv 0.7.8

Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.7.8/uv-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.7.8/uv-installer.ps1 | iex"
Download uv 0.7.8

File Platform Checksum

uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum

uv-x86_64-apple-darwin.tar.gz Intel macOS checksum

uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum

uv-i686-pc-windows-msvc.zip x86 Windows checksum

uv-x86_64-pc-windows-msvc.zip x64 Windows checksum

uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum

uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

uv-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.7.8

Python

We are reverting most of our Python changes from uv 0.7.6 and uv 0.7.7 due to a miscompilation that makes the Python interpreter behave incorrectly, resulting in spurious type-errors involving str. This issue seems to be isolated to x86_64 Linux, and affected at least Python 3.12, 3.13, and 3.14.

The following changes that were introduced in those versions of uv are temporarily being reverted while we test and deploy a proper fix for the miscompilation:

Add Python 3.14 on musl

free-threaded Python on musl

Add Python 3.14.0a7

Statically link libpython into the interpreter on Linux for a significant performance boost

See the issue for details.

Documentation

Remove misleading line in pin documentation (#13611)

0.7.7

Python

Work around third-party packages that (incorrectly) assume the interpreter is dynamically linking libpython

Allow the experimental JIT to be enabled at runtime on Python 3.13 and 3.14 on macOS on aarch64 aka Apple Silicon

See the python-build-standalone release notes for more details.

Bug fixes

Make uv version lock and sync (#13317)

Fix references to ldd in diagnostics to correctly refer to ld.so (#13552)

Documentation

Clarify adding SSH Git dependencies (#13534)

0.7.6

Python

Add Python 3.14 on musl

Add free-threaded Python on musl

Add Python 3.14.0a7

... (truncated)

Commits

0ddcc19 Bump version to 0.7.8 (#13629)
b93ce23 blocklist the linux cpython builds from 20250517 (#13617)
67bf3eb Fix tests due to yanked configargparse (#13623)
680392f Update PubGrub to 06ec5a5 (#13616)
3758c51 Remove misleading line in pin documentation (#13611)
30be27b No GHA token for cross arch tests (#13599)
8580b4b Bump version to 0.7.7 (#13601)
46bc7d3 Build backend: Support stubs packages (#13563)
c847957 Sync latest Python releases (#13593)
c7cabfc Update markdown to v1 and fix CLI reference links (#13166)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)