Skip to content

Bump the python group across 2 directories with 2 updates#82

Merged
stefanvanburen merged 4 commits intomainfrom
dependabot/uv/example/python-a1f7f27acc
Jan 13, 2026
Merged

Bump the python group across 2 directories with 2 updates#82
stefanvanburen merged 4 commits intomainfrom
dependabot/uv/example/python-a1f7f27acc

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 12, 2026

Updates the requirements on starlette and uv-build to permit the latest version.
Updates starlette from 0.50.0 to 0.51.0

Release notes

Sourced from starlette's releases.

Version 0.51.0

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

  • Increase warning stacklevel on DeprecationWarning for wsgi module #3082.

New Contributors

Full Changelog: Kludex/starlette@0.50.0...0.51.0

Changelog

Sourced from starlette's changelog.

0.51.0 (January 10, 2026)

Added

  • Add allow_private_network in CORSMiddleware #3065.

Changed

  • Increase warning stacklevel on DeprecationWarning for wsgi module #3082.
Commits

Updates uv-build to 0.9.24

Release notes

Sourced from uv-build's releases.

0.9.24

Release Notes

Released on 2026-01-09.

Bug fixes

  • Fix handling of UV_NO_SYNC=1 uv run ... (#17391)
  • Rebuild dynamic distribution when version changes with --no-cache (#17387)

Documentation

  • Add Rust language classifier (#17389)

Install uv 0.9.24

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.9.24/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/uv/releases/download/0.9.24/uv-installer.ps1 | iex"

Download uv 0.9.24

File Platform Checksum
uv-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
uv-x86_64-apple-darwin.tar.gz Intel macOS checksum
uv-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
uv-i686-pc-windows-msvc.zip x86 Windows checksum
uv-x86_64-pc-windows-msvc.zip x64 Windows checksum
uv-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
uv-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
uv-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum
uv-powerpc64le-unknown-linux-gnu.tar.gz PPC64LE Linux checksum
uv-riscv64gc-unknown-linux-gnu.tar.gz RISCV Linux checksum
uv-s390x-unknown-linux-gnu.tar.gz S390x Linux checksum
uv-x86_64-unknown-linux-gnu.tar.gz x64 Linux checksum
uv-armv7-unknown-linux-gnueabihf.tar.gz ARMv7 Linux checksum
uv-aarch64-unknown-linux-musl.tar.gz ARM64 MUSL Linux checksum
uv-i686-unknown-linux-musl.tar.gz x86 MUSL Linux checksum
uv-x86_64-unknown-linux-musl.tar.gz x64 MUSL Linux checksum
uv-arm-unknown-linux-musleabihf.tar.gz ARMv6 MUSL Linux (Hardfloat) checksum
uv-armv7-unknown-linux-musleabihf.tar.gz ARMv7 MUSL Linux checksum

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.9.24

Released on 2026-01-09.

Bug fixes

  • Fix handling of UV_NO_SYNC=1 uv run ... (#17391)
  • Rebuild dynamic distribution when version changes with --no-cache (#17387)

Documentation

  • Add Rust language classifier (#17389)

0.9.23

Released on 2026-01-09.

Enhancements

  • Only write portable paths in RECORD files (#17339)
  • Support relative paths in UV_PYTHON_BIN_DIR and UV_TOOL_BIN_DIR (#17367)

Preview features

  • Enable uploads to S3 via pre-signed URLs (#17349)

Configuration

  • Allow setting proxy variables via global / user configuration (#16918)
  • Manually parse and reconcile Boolean environment variables (#17321)

Bug fixes

  • Avoid broken build artifacts on build failure (#17276)
  • Fix missing dependencies on synthetic root in SBOM export (#17363)
  • Recognize armv8l as an alias for armv7l in platform tag parsing (#17384)
  • Fix redaction of a URL in a middleware trace log (#17346)

Documentation

  • Add index.md suggestion to llms.txt (#17362)
  • Clarify that uv run uses inexact syncing by default (#17366)

0.9.22

Released on 2026-01-06.

Enhancements

  • Use a dedicated error message when lockfile can't be found (#17318)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the python group across 2 directories with 2 updates
d0ffe23 
Updates the requirements on [starlette](https://github.com/Kludex/starlette) and [uv-build](https://github.com/astral-sh/uv) to permit the latest version.

Updates `starlette` from 0.50.0 to 0.51.0
- [Release notes](https://github.com/Kludex/starlette/releases)
- [Changelog](https://github.com/Kludex/starlette/blob/main/docs/release-notes.md)
- [Commits](Kludex/starlette@0.50.0...0.51.0)

Updates `uv-build` to 0.9.24
- [Release notes](https://github.com/astral-sh/uv/releases)
- [Changelog](https://github.com/astral-sh/uv/blob/main/CHANGELOG.md)
- [Commits](astral-sh/uv@0.8.13...0.9.24)

---
updated-dependencies:
- dependency-name: starlette
  dependency-version: 0.51.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: uv-build
  dependency-version: 0.9.24
  dependency-type: direct:development
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jan 12, 2026
@stefanvanburen stefanvanburen changed the title chore(deps): bump the python group across 2 directories with 2 updates Bump the python group across 2 directories with 2 updates Jan 12, 2026
@stefanvanburen
Run uv lock
e51c9e9 
Signed-off-by: Stefan VanBuren <svanburen@buf.build>
@stefanvanburen
Fix protoc plugin pyproject.toml license-files
8aebea6 
Signed-off-by: Stefan VanBuren <svanburen@buf.build>
stefanvanburen
stefanvanburen reviewed Jan 13, 2026
View reviewed changes
protoc-gen-connect-python/pyproject.toml

[build-system]
requires = ["uv_build>=0.8.13,<0.9.0"]
requires = ["uv_build>=0.8.13,<0.10.0"]
Copy link
Member

@stefanvanburen stefanvanburen Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the bump to >0.9 must have improved the validation of license-files, hence the above fix.

@stefanvanburen
Switch from license-files to license for metadata
b2bb3fc 
Since we can't reference a relative LICENSE, let's just specify the
license SPDX ID.

Signed-off-by: Stefan VanBuren <svanburen@buf.build>
@stefanvanburen
Copy link
Member

stefanvanburen commented Jan 13, 2026

I changed the pyproject.toml to just use an SPDX expression instead of the LICENSE file, because it seems like we can't publish the protoc plugin sub-project with a non-existent LICENSE file in that directory. 🤷, open to other approaches

@stefanvanburen stefanvanburen merged commit 531083b into main Jan 13, 2026
62 of 74 checks passed
@stefanvanburen stefanvanburen deleted the dependabot/uv/example/python-a1f7f27acc branch January 13, 2026 19:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@stefanvanburen stefanvanburen stefanvanburen approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefanvanburen