Update all non-major dependencies to v0.9.16

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
astral-sh/uv	uses-with	patch	0.9.13 -> 0.9.16
ghcr.io/astral-sh/uv	final	patch	0.9.13 -> 0.9.16

---

Release Notes

astral-sh/uv (astral-sh/uv)

v0.9.16

Compare Source

Released on 2025-12-06.

Python

• Add CPython 3.14.2
• Add CPython 3.13.11

Enhancements

• Add a 5m default timeout to acquiring file locks to fail faster on deadlock (#​16342)
• Add a stub debug subcommand to uv pip announcing its intentional absence (#​16966)
• Add bounds in uv add --script (#​16954)
• Add brew specific message for uv self update (#​16838)
• Error when built wheel is for the wrong platform (#​16074)
• Filter wheels from PEP 751 files based on --no-binary et al in uv pip compile (#​16956)
• Support --target and --prefix in uv pip list, uv pip freeze, and uv pip show (#​16955)
• Tweak language for build backend validation errors (#​16720)
• Use explicit credentials cache instead of global static (#​16768)
• Enable SIMD in HTML parsing (#​17010)

Preview features

• Fix missing preview warning in uv workspace metadata (#​16988)
• Add a uv auth helper --protocol bazel command (#​16886)

Bug fixes

• Fix Pyston wheel compatibility tags (#​16972)
• Allow redundant entries in tool.uv.build-backend.module-name but emit warnings (#​16928)
• Fix infinite loop in non-attribute re-treats during HTML parsing (#​17010)

Documentation

• Clarify --project flag help text to indicate project discovery (#​16965)
• Regenerate the crates.io READMEs on release (#​16992)
• Update Docker integration guide to prefer COPY over ADD for simple cases (#​16883)
• Update PyTorch documentation to include information about supporting CUDA 13.0.x (#​16957)
• Update the versioning policy (#​16710)
• Upgrade PyTorch documentation to latest versions (#​16970)

v0.9.15

Compare Source

Released on 2025-12-02.

Python

• Add CPython 3.14.1
• Add CPython 3.13.10

Enhancements

• Add ROCm 6.4 to --torch-backend=auto (#​16919)
• Add a Windows manifest to uv binaries (#​16894)
• Add LFS toggle to Git sources (#​16143)
• Cache source reads during resolution (#​16888)
• Include PEP 740 attestations when publishing uv to PyPI (#​16910)
• Allow reading requirements from scripts without an extension (#​16923)
• Allow reading requirements from scripts with HTTP(S) paths (#​16891)

Bug fixes

• Fix uv-trampoline-builder builds from crates.io by moving bundled executables (#​16922)
• Respect NO_COLOR and always show the command as a header when paging uv help output (#​16908)
• Use 0o666 permissions for flock files instead of 0o777 (#​16845)
• Revert "Bump astral-tl to v0.7.10 (#​16887)" to narrow down a regression causing hangs in metadata retrieval (#​16938)

Documentation

• Link to the uv version in crates.io member READMEs (#​16939)

v0.9.14

Compare Source

Released on 2025-12-01.

Performance

• Bump astral-tl to v0.7.10 to enable SIMD for HTML parsing (#​16887)

Bug fixes

• Allow earlier post releases with exclusive ordering (#​16881)
• Prefer updating existing .zshenv over creating a new one in tool update-shell (#​16866)
• Respect -e flags in uv add (#​16882)

Enhancements

• Attach subcommand to User-Agent string (#​16837)
• Prefer UV_WORKING_DIR over UV_WORKING_DIRECTORY for consistency (#​16884)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Pull Request Review - Update uv to v0.9.16

Summary

This PR updates the uv package manager from version 0.9.13 to 0.9.16 across GitHub Actions workflows and the Dockerfile. This is an automated dependency update by Renovate.

Code Quality and Best Practices ✅

Positive aspects:

• Changes are minimal and focused, updating only version numbers
• All three instances of the version are updated consistently:
  • .github/workflows/ci.yml:19
  • .github/workflows/publish-client.yml:19
  • Dockerfile:26
• The changes follow the existing pattern and style of the codebase
• Renovate has properly identified all locations where the version is referenced

Potential Issues 🟢

No issues identified:

• The changes are straightforward version bumps with no code modifications
• All references to uv version are updated atomically in a single PR
• No breaking changes in the uv releases (0.9.14, 0.9.15, 0.9.16 are all patch releases)

Performance Considerations ⚡

Positive performance impacts from upstream:

Based on the changelog, this update includes several performance improvements:

• v0.9.16: Enables SIMD in HTML parsing for faster package metadata processing
• v0.9.14: SIMD optimization for HTML parsing (astral-tl v0.7.10)
• v0.9.15: Caches source reads during resolution

Notable enhancements:

• 5-minute default timeout on file locks (prevents deadlocks)
• Improved wheel compatibility checking
• Better support for --target and --prefix in pip commands

Security Concerns 🔒

Low risk update:

• No security vulnerabilities mentioned in the changelog
• Patch version updates are generally low-risk
• PEP 740 attestations are now included when publishing to PyPI (security improvement)
• Explicit credentials cache instead of global static (better isolation)

Recommendation: ✅ Safe to merge

Test Coverage 📊

Automated testing:

• Renovate has automerge enabled, suggesting confidence in automated tests
• The CI workflow will validate the update by:
  • Installing dependencies with the new uv version
  • Running linting checks
  • Running the full test suite with coverage
  • Building Docker images with the updated version

Observations:

• No test changes required (version bump only)
• Existing CI pipeline will catch any compatibility issues
• The update spans both CI and production Dockerfile, ensuring consistency

Additional Notes 📝

Changelog highlights (0.9.13 → 0.9.16):

• Python version updates: CPython 3.14.2, 3.13.11
• Improved error messages for build backend validation
• Better support for script dependencies (uv add --script)
• ROCm 6.4 support for PyTorch
• LFS toggle for Git sources
• Multiple bug fixes for edge cases

Migration path:

• No migration steps required
• No breaking changes
• No configuration changes needed

Recommendation 🎯

✅ APPROVED

This is a clean, low-risk dependency update that brings performance improvements and bug fixes. The changes are consistent across all locations, and the CI pipeline will validate compatibility before merge.

Suggested action: Allow Renovate to automerge this PR after CI passes.

---

Review generated with attention to the Google Python Style Guide as specified in CONTRIBUTING.md