Skip to content

Update charmcraft.yaml build tools (16/edge) #1137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: 16/edge
Choose a base branch
from
Open

Update charmcraft.yaml build tools (16/edge) #1137

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 21, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Update
pip (changelog) 25.2 -> 25.3 age confidence minor
rust-lang/rust 1.90.0 -> 1.91.1 age confidence minor
uv (source, changelog) 0.9.2 -> 0.9.15 age confidence patch

Release Notes

pypa/pip (pip)

v25.3

Compare Source

rust-lang/rust (rust-lang/rust)

v1.91.1

Compare Source

===========================

v1.91.0

Compare Source

==========================

Language

Compiler

Platform Support

Refer to Rust's platform support page
for more information on Rust's tiered platform support.

Libraries

Stabilized APIs

These previously stable APIs are now stable in const contexts:

Cargo

  • 🎉 Stabilize build.build-dir.
    This config sets the directory where intermediate build artifacts are stored.
    These artifacts are produced by Cargo and rustc during the build process.
    End users usually won't need to interact with them, and the layout inside
    build-dir is an implementation detail that may change without notice.
    (config doc)
    (build cache doc)
    #​15833
    #​15840
  • The --target flag and the build.target configuration can now take literal
    "host-tuple" string, which will internally be substituted by the host
    machine's target triple.
    #​15838
    #​16003
    #​16032

Rustdoc

Compatibility Notes

Cargo compatibility notes:

  • cargo publish no longer keeps .crate tarballs as final build artifacts
    when build.build-dir is set. These tarballs were previously included due to
    an oversight and are now treated as intermediate artifacts.
    To get .crate tarballs as final artifacts, use cargo package.
    In a future version, this change will apply regardless of build.build-dir.
    #​15910
  • Adjust Cargo messages to match rustc diagnostic style.
    This changes some of the terminal colors used by Cargo messages.
    #​15928
  • Tools and projects relying on the
    internal details of Cargo's build-dir
    may not work for users changing their build-dir layout.
    For those doing so, we'd recommend proactively testing these cases
    particularly as we are considering changing the default location of the build-dir in the future
    (cargo#16147).
    If you can't migrate off of Cargo's internal details,
    we'd like to learn more about your use case as we prepare to change the layout of the build-dir
    (cargo#15010).

Internal Changes

These changes do not affect any public interfaces of Rust, but they represent
significant improvements to the performance or internals of rustc and related
tools.

astral-sh/uv (uv)

v0.9.15

Compare Source

Released on 2025-12-02.

Python
  • Add CPython 3.14.1
  • Add CPython 3.13.10
Enhancements
  • Add ROCm 6.4 to --torch-backend=auto (#​16919)
  • Add a Windows manifest to uv binaries (#​16894)
  • Add LFS toggle to Git sources (#​16143)
  • Cache source reads during resolution (#​16888)
  • Include PEP 740 attestations when publishing uv to PyPI (#​16910)
  • Allow reading requirements from scripts without an extension (#​16923)
  • Allow reading requirements from scripts with HTTP(S) paths (#​16891)
Bug fixes
  • Fix uv-trampoline-builder builds from crates.io by moving bundled executables (#​16922)
  • Respect NO_COLOR and always show the command as a header when paging uv help output (#​16908)
  • Use 0o666 permissions for flock files instead of 0o777 (#​16845)
  • Revert "Bump astral-tl to v0.7.10 (#​16887)" to narrow down a regression causing hangs in metadata retrieval (#​16938)
Documentation
  • Link to the uv version in crates.io member READMEs (#​16939)

v0.9.14

Compare Source

Released on 2025-12-01.

Performance
  • Bump astral-tl to v0.7.10 to enable SIMD for HTML parsing (#​16887)
Bug fixes
  • Allow earlier post releases with exclusive ordering (#​16881)
  • Prefer updating existing .zshenv over creating a new one in tool update-shell (#​16866)
  • Respect -e flags in uv add (#​16882)
Enhancements
  • Attach subcommand to User-Agent string (#​16837)
  • Prefer UV_WORKING_DIR over UV_WORKING_DIRECTORY for consistency (#​16884)

v0.9.13

Compare Source

Released on 2025-11-26.

Bug fixes
  • Revert "Allow --with-requirements to load extensionless inline-metadata scripts" to fix reading of requirements files from streams (#​16861)
  • Validate URL wheel tags against Requires-Python and required environments (#​16824)
Documentation
  • Drop unpublished crates from the uv crates.io README (#​16847)
  • Fix the links to uv in crates.io member READMEs (#​16848)

v0.9.12

Compare Source

Released on 2025-11-24.

Enhancements
  • Allow --with-requirements to load extensionless inline-metadata scripts (#​16744)
  • Collect and upload PEP 740 attestations during uv publish (#​16731)
  • Prevent uv export from overwriting pyproject.toml (#​16745)
Documentation
  • Add a crates.io README for uv (#​16809)
  • Add documentation for intermediate Docker layers in a workspace (#​16787)
  • Enumerate workspace members in the uv crate README (#​16811)
  • Fix documentation links for crates (#​16801)
  • Generate a crates.io README for uv workspace members (#​16812)
  • Move the "Export" guide to the projects concept section (#​16835)
  • Update the cargo install recommendation to use crates (#​16800)
  • Use the word "internal" in crate descriptions (#​16810)

v0.9.11

Compare Source

Released on 2025-11-20.

Python
  • Add CPython 3.15.0a2

See the python-build-standalone release notes for details.

Enhancements
Preview features
  • Add uv workspace list --paths (#​16776)
  • Fix the preview warning on uv workspace dir (#​16775)
Bug fixes
  • Fix uv init author serialization via toml_edit inline tables (#​16778)
  • Fix status messages without TTY (#​16785)
  • Preserve end-of-line comment whitespace when editing pyproject.toml (#​16734)
  • Disable always-authenticate when running under Dependabot (#​16773)
Documentation
  • Document the new behavior for free-threaded python versions (#​16781)
  • Improve note about build system in publish guide (#​16788)
  • Move do not upload publish note out of the guide into concepts (#​16789)

v0.9.10

Compare Source

Released on 2025-11-17.

Enhancements
  • Add support for SSL_CERT_DIR (#​16473)
  • Enforce UTF‑8-encoded license files during uv build (#​16699)
  • Error when a project.license-files glob matches nothing (#​16697)
  • pip install --target (and sync) install Python if necessary (#​16694)
  • Account for python_downloads_json_url in pre-release Python version warnings (#​16737)
  • Support HTTP/HTTPS URLs in uv python --python-downloads-json-url (#​16542)
Preview features
  • Add support for --upgrade in uv python install (#​16676)
  • Fix handling of python install --default for pre-release Python versions (#​16706)
  • Add uv workspace list to list workspace members (#​16691)
Bug fixes
  • Don't check file URLs for ambiguously parsed credentials (#​16759)
Documentation
  • Add a "storage" reference document (#​15954)

v0.9.9

Compare Source

Released on 2025-11-12.

Deprecations
  • Deprecate use of --project in uv init (#​16674)
Enhancements
  • Add iOS support to Python interpreter discovery (#​16686)
  • Reject ambiguously parsed URLs (#​16622)
  • Allow explicit values in uv version --bump (#​16555)
  • Warn on use of managed pre-release Python versions when a stable version is available (#​16619)
  • Allow signing trampolines on Windows by using .rcdata to store metadata (#​15068)
  • Add --only-emit-workspace and similar variants to uv export (#​16681)
Preview features
Configuration
  • Add UV_NO_DEFAULT_GROUPS environment variable (#​16645)
Bug fixes
  • Remove torch-model-archiver and torch-tb-profiler from PyTorch backend (#​16655)
  • Fix Pixi environment detection (#​16585)
Documentation
  • Fix CMD path in FastAPI Dockerfile (#​16701)

v0.9.8

Compare Source

Released on 2025-11-07.

Enhancements
  • Accept multiple packages in uv export (#​16603)
  • Accept multiple packages in uv sync (#​16543)
  • Add a uv cache size command (#​16032)
  • Add prerelease guidance for build-system resolution failures (#​16550)
  • Allow Python requests to include +gil to require a GIL-enabled interpreter (#​16537)
  • Avoid pluralizing 'retry' for single value (#​16535)
  • Enable first-class dependency exclusions (#​16528)
  • Fix inclusive constraints on available package versions in resolver errors (#​16629)
  • Improve uv init error for invalid directory names (#​16554)
  • Show help on uv build -h (#​16632)
  • Include the Python variant suffix in "Using Python ..." messages (#​16536)
  • Log most recently modified file for cache-keys (#​16338)
  • Update Docker builds to use nightly Rust toolchain with musl v1.2.5 (#​16584)
Configuration
  • Expose UV_NO_GROUP as an environment variable (#​16529)
  • Add UV_NO_SOURCES as an environment variable (#​15883)
Bug fixes
  • Allow --check and --locked to be used together in uv lock (#​16538)
  • Allow for unnormalized names in the METADATA file (#​16547) (#​16548)
  • Fix missing value_type for default-groups in schema (#​16575)
  • Respect multi-GPU outputs in nvidia-smi (#​15460)
  • Fix DNS lookup errors in Docker containers (#​8450)
Documentation
  • Fix typo in uv tool list doc (#​16625)
  • Note uv pip list name normalization in docs (#​13210)
Other changes
  • Update Rust toolchain to 1.91 and MSRV to 1.89 (#​16531)

v0.9.7

Compare Source

Released on 2025-10-30.

Enhancements
  • Add Windows x86-32 emulation support to interpreter architecture checks (#​13475)
  • Improve readability of progress bars (#​16509)
  • Add GitHub attestations for uv release artifacts (#​11357)
Bug fixes
  • Drop terminal coloring from uv auth token output (#​16504)
  • Don't use UV_LOCKED to enable --check flag (#​16521)

v0.9.6

Compare Source

Released on 2025-10-29.

This release contains an upgrade to Astral's fork of async_zip, which addresses potential sources of ZIP parsing differentials between uv and other Python packaging tooling. See GHSA-pqhf-p39g-3x64 for additional details.

Security
Python
Enhancements
  • Add --clear to uv build to remove old build artifacts (#​16371)
  • Add --no-create-gitignore to uv build (#​16369)
  • Do not error when a virtual environment directory cannot be removed due to a busy error (#​16394)
  • Improve hint on pip install --system when externally managed (#​16392)
  • Running uv lock --check with outdated lockfile will print that --check was passed, instead of --locked (#​16322)
  • Update uv init template for Maturin (#​16449)
  • Improve ordering of Python sources in logs (#​16463)
  • Restore DockerHub release images and annotations (#​16441)
Bug fixes
  • Check for matching Python implementation during uv python upgrade (#​16420)
  • Deterministically order --find-links distributions (#​16446)
  • Don't panic in uv export --frozen when the lockfile is outdated (#​16407)
  • Fix root of uv tree when --package is used with circular dependencies (#​15908)
  • Show package list with pip freeze --quiet (#​16491)
  • Limit uv auth login pyx.dev retries to 60s (#​16498)
  • Add an empty group with uv add --group ... -r ... (#​16490)
Documentation
  • Update docs for maturin build backend init template (#​16469)
  • Update docs to reflect previous changes to signal forwarding semantics (#​16430)
  • Add instructions for installing via MacPorts (#​16039)

v0.9.5

Compare Source

Released on 2025-10-21.

This release contains an upgrade to astral-tokio-tar, which addresses a vulnerability in tar extraction on malformed archives with mismatching size information between the ustar header and PAX extensions. While the astral-tokio-tar advisory has been graded as "high" due its potential broader impact, the specific impact to uv is low due to a lack of novel attacker capability. Specifically, uv only processes tar archives from source distributions, which already possess the capability for full arbitrary code execution by design, meaning that an attacker gains no additional capabilities through astral-tokio-tar.

Regardless, we take the hypothetical risk of parser differentials very seriously. Out of an abundance of caution, we have assigned this upgrade an advisory: GHSA-w476-p2h3-79g9

Security
  • Upgrade astral-tokio-tar to 0.5.6 to address a parsing differential (#​16387)
Enhancements
  • Add required environment marker example to hint (#​16244)
  • Fix typo in MissingTopLevel warning (#​16351)
  • Improve 403 Forbidden error message to indicate package may not exist (#​16353)
  • Add a hint on uv pip install failure if the --system flag is used to select an externally managed interpreter (#​16318)
Bug fixes
  • Fix backtick escaping for PowerShell (#​16307)
Documentation
  • Document metadata consistency expectation (#​15683)
  • Remove outdated aarch64 musl note (#​16385)

v0.9.4

Compare Source

Released on 2025-10-17.

Enhancements
  • Add CUDA 13.0 support (#​16321)
  • Add auto-detection for Intel GPU on Windows (#​16280)
  • Implement display of RFC 9457 HTTP error contexts (#​16199)
Bug fixes
  • Avoid obfuscating pyx tokens in uv auth token output (#​16345)

v0.9.3

Compare Source

Released on 2025-10-14.

Python
  • Add CPython 3.15.0a1
  • Add CPython 3.13.9
Enhancements
  • Obfuscate secret token values in logs (#​16164)
Bug fixes
  • Fix workspace with relative pathing (#​16296)

Configuration

📅 Schedule: Branch creation - Between 01:00 AM and 05:59 AM, only on Tuesday ( * 1-5 * * 2 ) in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from a team, dragomirp, marceloneppel and taurus-forever and removed request for a team October 21, 2025 02:38
github-actions[bot]
github-actions bot previously approved these changes Oct 21, 2025
View reviewed changes
@github-actions github-actions bot added the Libraries: Out of sync The charm libs used are out-of-sync label Oct 21, 2025
@codecov
Copy link

codecov bot commented Oct 21, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.80%. Comparing base (cc58e87) to head (e93c845).
⚠️ Report is 1 commits behind head on 16/edge.

❌ Your project check has failed because the head coverage (65.80%) is below the target coverage (70.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files 
@@           Coverage Diff            @@
##           16/edge    #1137   +/-   ##
========================================
  Coverage    65.80%   65.80%           
========================================
  Files           18       18           
  Lines         4068     4068           
  Branches       600      600           
========================================
  Hits          2677     2677           
  Misses        1189     1189           
  Partials       202      202

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@renovate renovate bot changed the title Update dependency uv to v0.9.4 (16/edge) Update charmcraft.yaml build tools (16/edge) Oct 28, 2025
@renovate renovate bot force-pushed the renovate/16/edge-charmcraft.yaml-build-tools branch 2 times, most recently from c7ee0e5 to be2c8a6 Compare November 4, 2025 04:11
@renovate renovate bot force-pushed the renovate/16/edge-charmcraft.yaml-build-tools branch from be2c8a6 to f5eebae Compare November 11, 2025 04:31
@renovate renovate bot force-pushed the renovate/16/edge-charmcraft.yaml-build-tools branch 2 times, most recently from 557afac to 439bd2e Compare November 25, 2025 02:48
@renovate renovate bot force-pushed the renovate/16/edge-charmcraft.yaml-build-tools branch from 439bd2e to 8631345 Compare December 2, 2025 03:48
@github-actions github-actions bot added Libraries: OK The charm libs used are OK and in-sync and removed Libraries: Out of sync The charm libs used are out-of-sync labels Dec 2, 2025
dragomirp
dragomirp previously approved these changes Dec 2, 2025
View reviewed changes
@renovate renovate bot force-pushed the renovate/16/edge-charmcraft.yaml-build-tools branch from 8631345 to e93c845 Compare December 3, 2025 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dragomirp dragomirp dragomirp left review comments

@github-actions github-actions[bot] github-actions[bot] left review comments

@taurus-forever taurus-forever Awaiting requested review from taurus-forever taurus-forever was automatically assigned from canonical/data-postgresql

@marceloneppel marceloneppel Awaiting requested review from marceloneppel marceloneppel was automatically assigned from canonical/data-postgresql

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

Libraries: OK The charm libs used are OK and in-sync

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dragomirp @juju-charm-bot