chore(deps-dev): Update uv requirement from 0.8.19 to 0.8.22 by dependabot[bot] · Pull Request #975 · CycloneDX/cyclonedx-python
Updates the requirements on uv to permit the latest version.
Release notes
Sourced from uv's releases.
0.8.22
Release Notes
Released on 2025-09-23.
Python
- Upgrade Pyodide to 0.28.3 (#15999)
Security
- Upgrade
astral-tokio-tarto 0.5.5 which hardens tar archive extraction (#16004)Install uv 0.8.22
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.8.22/uv-installer.sh | shInstall prebuilt binaries via powershell script
powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.8.22/uv-installer.ps1 | iex"Download uv 0.8.22
Changelog
Sourced from uv's changelog.
0.8.22
Released on 2025-09-23.
Python
- Upgrade Pyodide to 0.28.3 (#15999)
Security
- Upgrade
astral-tokio-tarto 0.5.5 which hardens tar archive extraction (#16004)0.8.21
Released on 2025-09-23.
Enhancements
- Refresh lockfile when
--refreshis provided (#15994)Preview features
Add support for S3 request signing (#15925)
0.8.20
Released on 2025-09-22.
Enhancements
- Add
--forceflag foruv cache clean(#15992)- Improve resolution errors with proxied packages (#15200)
Preview features
- Allow upgrading pre-release versions of the same minor Python version (#15959)
Bug fixes
- Hide
freethreaded+debugPython downloads inuv python list(#15985)- Retain the cache lock and temporary caches during
uv runanduvx(#15990)Documentation
... (truncated)
Commits
ade2bdbBump version to 0.8.22 (#16005)92cd9cfdeps: bump astral-tokio-tar to 0.5.5 (#16004)268f132Upgrade Pyodide to 0.28.3 (#15999)f64da27Bump version to v0.8.21 (#16001)9af64ccUpdate Rust crate anyhow to v1.0.100 (#15974)8d6b369Refresh lockfile when--refreshis provided (#15991) (#15994)7f7fac8Add S3 request signing (#15925)3e6fd0bBump version to 0.8.20 (#15998)107d4e0Add--forceflag foruv cache clean(#15992)c21b11eRevert "Refresh lockfile when--refreshis provided (#15991)" (#15993)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)