Skip to content

Update all non-major dependencies#263

Merged
renovate[bot] merged 1 commit intomainfrom
renovate/all-minor-patch
Nov 17, 2025
Merged

Update all non-major dependencies#263
renovate[bot] merged 1 commit intomainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 17, 2025

This PR contains the following updates:

Package Type Update Change
astral-sh/uv uses-with patch 0.9.8 -> 0.9.9
docker/dockerfile syntax minor 1.19-labs -> 1.20-labs
ghcr.io/astral-sh/uv final patch 0.9.8 -> 0.9.9

Release Notes

astral-sh/uv (astral-sh/uv)

v0.9.9

Compare Source

Released on 2025-11-12.

Deprecations
  • Deprecate use of --project in uv init (#​16674)
Enhancements
  • Add iOS support to Python interpreter discovery (#​16686)
  • Reject ambiguously parsed URLs (#​16622)
  • Allow explicit values in uv version --bump (#​16555)
  • Warn on use of managed pre-release Python versions when a stable version is available (#​16619)
  • Allow signing trampolines on Windows by using .rcdata to store metadata (#​15068)
  • Add --only-emit-workspace and similar variants to uv export (#​16681)
Preview features
Configuration
  • Add UV_NO_DEFAULT_GROUPS environment variable (#​16645)
Bug fixes
  • Remove torch-model-archiver and torch-tb-profiler from PyTorch backend (#​16655)
  • Fix Pixi environment detection (#​16585)
Documentation
  • Fix CMD path in FastAPI Dockerfile (#​16701)

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@claude
Copy link

claude bot commented Nov 17, 2025

Pull Request Review: Update all non-major dependencies

Overview

This PR updates uv from version 0.9.8 to 0.9.9 and the Docker Dockerfile syntax from 1.19-labs to 1.20-labs. This is an automated dependency update from Renovate.

Code Quality & Best Practices ✅

  • Clean and focused: The changes are minimal and well-scoped to version bumps only
  • Consistent updates: All three locations where uv version is referenced have been updated (.github/workflows/ci.yml, .github/workflows/publish-client.yml, and Dockerfile)
  • Docker syntax update: The Dockerfile syntax version bump is appropriate and keeps the project current with Docker BuildKit features

Potential Issues 🔍

No significant issues identified, but consider the following:

  1. uv 0.9.9 Deprecations: According to the release notes, this version deprecates --project in uv init. While this should not affect the current codebase (as it is already initialized), be aware if you use this flag anywhere in scripts or documentation.

  2. Breaking Changes Check: The release includes "Reject ambiguously parsed URLs" which could potentially affect dependency resolution if any dependencies use ambiguous URL formats. Monitor the CI pipeline to ensure all dependencies resolve correctly.

  3. Pixi Environment Detection Fix: If your development team uses Pixi environments, this fix might change behavior slightly.

Performance Considerations ⚡

Positive impacts:

  • The new uv version includes performance improvements and bug fixes
  • Windows signing trampolines improvement (though likely not relevant for this Linux-based project)
  • The Docker BuildKit 1.20-labs update may include performance improvements for builds

Security Concerns 🔒

Low risk:

  • These are patch-level updates from a trusted source (Astral's uv and Docker's BuildKit)
  • Renovate bot is configured with automerge enabled, which is appropriate for patch updates
  • No security vulnerabilities mentioned in the changelog

Recommendation: Continue to rely on Renovate's security scanning for these types of updates.

Test Coverage 🧪

Automated testing needed:

  • ✅ The PR should trigger the CI workflow which will test with the new uv version
  • ✅ The workflow includes linting, tests with coverage, and Docker image building
  • ⚠️ Recommendation: Ensure CI passes before automerge kicks in

Since automerge is enabled, I recommend:

  1. Verify that the CI workflow completes successfully with no failures
  2. Check that Docker images build correctly with the new BuildKit syntax version
  3. Ensure no warnings appear during dependency resolution with uv 0.9.9

Additional Observations

  • The TODO comment on line 1 of the Dockerfile (# TODO remove when ADD --exclude is stable) remains relevant as the syntax is still using labs version
  • The update maintains the project's commitment to staying current with tooling

Verdict

LGTM with monitoring: This is a straightforward dependency update that should be safe to merge once CI passes. The changes are minimal, well-scoped, and follow the project's maintenance practices. No code review blockers identified.

Action Items:

  • ✅ Wait for CI to pass
  • ✅ Monitor for any unexpected behavior after merge
  • 📝 Consider documenting the uv --project deprecation if used elsewhere in the project

Review generated by Claude Code

@renovate renovate bot merged commit 6c88961 into main Nov 17, 2025
2 checks passed
@renovate renovate bot deleted the renovate/all-minor-patch branch November 17, 2025 05:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants