fix(deps): Update ghcr.io/astral-sh/uv Docker tag to v0.11.8

[cloudquery-ci]

This PR contains the following updates:

Package	Type	Update	Change
ghcr.io/astral-sh/uv	final	patch	0.11.2 → 0.11.8

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

astral-sh/uv (ghcr.io/astral-sh/uv)

v0.11.8

Compare Source

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#​19092)
• Fetch uv from Astral mirror during self-update (#​18682)
• Support pip uninstall -y (#​19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#​19024)
• Only show the version number in uv self version --short (#​19019)
• Silence warnings on empty SSL_CERT_DIR directory (#​19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#​19022, #​19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#​19035)
• Add an environment variable for UV_NO_PROJECT (#​19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#​19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#​19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#​19088)
• Redact pre-signed upload URLs in verbose output (#​19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#​19076, #​19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#​19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#​19102)
• Fix Python variant tagging in the Windows registry (#​19012)
• Ban external symlinks in .tar.zst wheels (#​19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#​19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#​19030)
• Update PyTorch documentation for PyTorch 2.11 (#​19095)

v0.11.7

Compare Source

Released on 2026-04-15.

Python

• Upgrade CPython build to 2026041 including an OpenSSL security upgrade (#​19004)

Enhancements

• Elevate configuration errors to required-version mismatches (#​18977)
• Further improve TLS certificate validation messages (#​18933)
• Improve --exclude-newer hints (#​18952)

Preview features

• Fix --script handling in uv audit (#​18970)
• Fix traversal of extras in uv audit (#​18970)

Bug fixes

• De-quote workspace metadata in linehaul data (#​18966)
• Avoid installing tool workspace member dependencies as editable (#​18891)
• Emit JSON report for uv sync --check failures (#​18976)
• Filter and warn on invalid TLS certificates (#​18951)
• Fix equality comparisons for version specifiers with ~= operators (#​18960)
• Fix stale Python upgrade preview feature check in project environment construction (#​18961)
• Improve Windows path normalization (#​18945)

v0.11.6

Compare Source

Released on 2026-04-09.

This release resolves a low severity security advisory in which wheels with malformed RECORD entries could delete arbitrary files on uninstall. See GHSA-pjjw-68hj-v9mw for details.

Bug fixes

• Do not remove files outside the venv on uninstall (#​18942)
• Validate and heal wheel RECORD during installation (#​18943)
• Avoid uv cache clean errors due to Win32 path normalization (#​18856)

v0.11.5

Compare Source

Released on 2026-04-08.

Python

• Add CPython 3.13.13, 3.14.4, and 3.15.0a8 (#​18908)

Enhancements

• Fix build_system.requires error message (#​18911)
• Remove trailing path separators in path normalization (#​18915)
• Improve error messages for unsupported or invalid TLS certificates (#​18924)

Preview features

• Add exclude-newer to [[tool.uv.index]] (#​18839)
• uv audit: add context/warnings for ignored vulnerabilities (#​18905)

Bug fixes

• Normalize persisted fork markers before lock equality checks (#​18612)
• Clear junction properly when uninstalling Python versions on Windows (#​18815)
• Report error cleanly instead of panicking on TLS certificate error (#​18904)

Documentation

• Remove the legacy PIP_COMPATIBILITY.md redirect file (#​18928)
• Fix uv init example-bare --bare examples (#​18822, #​18925)

v0.11.4

Compare Source

Released on 2026-04-07.

Enhancements

• Add support for --upgrade-group (#​18266)
• Merge repeated archive URL hashes by version ID (#​18841)
• Require all direct URL hash algorithms to match (#​18842)

Bug fixes

• Avoid panics in environment finding via cycle detection (#​18828)
• Enforce direct URL hashes for pyproject.toml dependencies (#​18786)
• Error on --locked and --frozen when script lockfile is missing (#​18832)
• Fix uv export extra resolution for workspace member and conflicting extras (#​18888)
• Include conflicts defined in virtual workspace root (#​18886)
• Recompute relative exclude-newer values during uv tree --outdated (#​18899)
• Respect --exclude-newer in uv tool list --outdated (#​18861)
• Sort by comparator to break specifier ties (#​18850)
• Store relative timestamps in tool receipts (#​18901)
• Track newly-activated extras when determining conflicts (#​18852)
• Patch Cargo.lock in uv-build source distributions (#​18831)

Documentation

• Clarify that --exclude-newer compares artifact upload times (#​18830)

v0.11.3

Compare Source

Released on 2026-04-01.

Enhancements

• Add progress bar for hashing phase in uv publish (#​18752)
• Add support for ROCm 7.2 (#​18730)
• Emit abi3t tags for every abi3 version (#​18777)
• Expand uv workspace metadata with dependency information from the lock (#​18356)
• Implement support for PEP 803 (#​18767)
• Pretty-print platform in built wheel errors (#​18738)
• Publish installers to /installers/uv/latest on the mirror (#​18725)
• Show free-threaded Python in built-wheel errors (#​18740)

Preview features

• Add --ignore and --ignore-until-fixed to uv audit (#​18737)

Bug fixes

• Bump simple API cache (#​18797)
• Don't drop blake2b hashes (#​18794)
• Handle broken range request implementations (#​18780)
• Remove powerpc64-unknown-linux-gnu from release build targets (#​18800)
• Respect dependency metadata overrides in uv pip check (#​18742)
• Support debug CPython ABI tags in environment compatibility (#​18739)

Documentation

• Document false opt-out for exclude-newer-package (#​18768, #​18803)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Between 12:00 AM and 03:59 AM, on day 1 of the month (* 0-3 1 * *)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.