Update charmcraft.yaml build tools (4/edge)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Update
poetry (changelog)	2.2.1 → 2.3.2			minor
poetry-plugin-export	1.9.0 → 1.10.0			minor
rust-lang/rust	1.92.0 → 1.93.1			minor
uv (source, changelog)	0.9.26 → 0.10.2			minor

---

Release Notes

python-poetry/poetry (poetry)

v2.3.2

Compare Source

Changed

• Allow dulwich>=1.0 (#​10701).

poetry-core (2.3.1)

• Fix an issue where platform_release could not be parsed on Windows Server (#​911).

v2.3.1

Compare Source

Fixed

• Fix an issue where cached information about each package was always considered outdated (#​10699).

Docs

• Document SHELL_VERBOSITY environment variable (#​10678).

v2.3.0

Compare Source

Added

• Add support for exporting pylock.toml files with poetry-plugin-export (#​10677).
• Add support for specifying build constraints for dependencies (#​10388).
• Add support for publishing artifacts whose version is determined dynamically by the build-backend (#​10644).
• Add support for editable project plugins (#​10661).
• Check requires-poetry before any other validation (#​10593).
• Validate the content of project.readme when running poetry check (#​10604).
• Add the option to clear all caches by making the cache name in poetry cache clear optional (#​10627).
• Automatically update the cache for packages where the locked files differ from cached files (#​10657).
• Suggest to clear the cache if running a command with --no-cache solves an issue (#​10585).
• Propose poetry init when trying poetry new for an existing directory (#​10563).
• Add support for poetry publish --skip-existing for new Nexus OSS versions (#​10603).
• Show Poetry's own Python's path in poetry debug info (#​10588).

Changed

• Drop support for Python 3.9 (#​10634).
• Change the default of installer.re-resolve from true to false (#​10622).
• PEP 735 dependency groups are considered in the lock file hash (#​10621).
• Deprecate poetry.utils._compat.metadata, which is sometimes used in plugins, in favor of importlib.metadata (#​10634).
• Improve managing free-threaded Python versions with poetry python (#​10606).
• Prefer JSON API to HTML API in legacy repositories (#​10672).
• When running poetry init, only add the readme field in the pyproject.toml if the readme file exists (#​10679).
• Raise an error if no hash can be determined for any distribution link of a package (#​10673).
• Require dulwich>=0.25.0 (#​10674).

Fixed

• Fix an issue where poetry remove did not work for PEP 735 dependency groups with include-group items (#​10587).
• Fix an issue where poetry remove caused dangling include-group references in PEP 735 dependency groups (#​10590).
• Fix an issue where poetry add did not work for PEP 735 dependency groups with include-group items (#​10636).
• Fix an issue where PEP 735 dependency groups were not considered in the lock file hash (#​10621).
• Fix an issue where wrong markers were locked for a dependency that was required by several groups with different markers (#​10613).
• Fix an issue where non-deterministic markers were created in a method used by poetry-plugin-export (#​10667).
• Fix an issue where wrong wheels were chosen for installation in free-threaded Python environments if Poetry itself was not installed with free-threaded Python (#​10614).
• Fix an issue where poetry publish used the metadata of the project instead of the metadata of the build artifact (#​10624).
• Fix an issue where poetry env use just used another Python version instead of failing when the requested version was not supported by the project (#​10685).
• Fix an issue where poetry env activate returned the wrong command for dash (#​10696).
• Fix an issue where data-dir and python.installation-dir could not be set (#​10595).
• Fix an issue where Python and pip executables were not correctly detected on Windows (#​10645).
• Fix an issue where invalid template variables in virtualenvs.prompt caused an incomprehensible error message (#​10648).

Docs

• Add a warning about ~/.netrc for Poetry credential configuration (#​10630).
• Clarify that the local configuration takes precedence over the global configuration (#​10676).
• Add an explanation in which cases packages are automatically detected (#​10680).

poetry-core (2.3.0)

• Normalize versions (#​893).
• Fix an issue where unsatisfiable requirements did not raise an error (#​891).
• Fix an issue where the implicit main group did not exist if it was explicitly declared as not having any dependencies (#​892).
• Fix an issue where python_full_version markers with pre-release versions were parsed incorrectly (#​893).

python-poetry/poetry-plugin-export (poetry-plugin-export)

v1.10.0

Compare Source

Added

• Add support for exporting pylock.toml files (#​357).

Changed

• Drop support for Python 3.9 (#​349).

Fixed

• Fix an issue where a "dependency walk failed" error message gave an outdated advice (#​353).

rust-lang/rust (rust-lang/rust)

v1.93.1

Compare Source

===========================

• Don't try to recover keyword as non-keyword identifier, fixing an ICE that especially affected rustfmt.
• Fix clippy::panicking_unwrap false-positive on field access with implicit deref.
• Revert "Update wasm-related dependencies in CI", fixing file descriptor leaks on the wasm32-wasip2 target.

v1.93.0

Compare Source

==========================

Language

• Stabilize several s390x vector-related target features and the is_s390x_feature_detected! macro
• Stabilize declaration of C-style variadic functions for the system ABI
• Emit error when using some keyword as a cfg predicate
• Stabilize asm_cfg
• During const-evaluation, support copying pointers byte-by-byte
• LUB coercions now correctly handle function item types, and functions with differing safeties
• Allow const items that contain mutable references to static (which is very unsafe, but not always UB)
• Add warn-by-default const_item_interior_mutations lint to warn against calls which mutate interior mutable const items
• Add warn-by-default function_casts_as_integer lint

Compiler

• Stabilize -Cjump-tables=bool. The flag was previously called -Zno-jump-tables.

Platform Support

• Promote riscv64a23-unknown-linux-gnu to Tier 2 (without host tools)

Refer to Rust's platform support page
for more information on Rust's tiered platform support.

Libraries

• Stop internally using specialization on the Copy trait as it is unsound in the presence of lifetime dependent Copy implementations. This may result in some performance regressions as some standard library APIs may now call Clone::clone instead of performing bitwise copies
• Allow the global allocator to use thread-local storage and std::thread::current()
• Make BTree::append not update existing keys when appending an entry which already exists
• Don't require T: RefUnwindSafe for vec::IntoIter<T>: UnwindSafe

Stabilized APIs

• <[MaybeUninit<T>]>::assume_init_drop
• <[MaybeUninit<T>]>::assume_init_ref
• <[MaybeUninit<T>]>::assume_init_mut
• <[MaybeUninit<T>]>::write_copy_of_slice
• <[MaybeUninit<T>]>::write_clone_of_slice
• String::into_raw_parts
• Vec::into_raw_parts
• <iN>::unchecked_neg
• <iN>::unchecked_shl
• <iN>::unchecked_shr
• <uN>::unchecked_shl
• <uN>::unchecked_shr
• <[T]>::as_array
• <[T]>::as_mut_array
• <*const [T]>::as_array
• <*mut [T]>::as_mut_array
• VecDeque::pop_front_if
• VecDeque::pop_back_if
• Duration::from_nanos_u128
• char::MAX_LEN_UTF8
• char::MAX_LEN_UTF16
• std::fmt::from_fn
• std::fmt::FromFn

Cargo

• Enable CARGO_CFG_DEBUG_ASSERTIONS in build scripts based on profile
• In cargo tree, support long forms for --format variables
• Add --workspace to cargo clean

Rustdoc

• Remove #![doc(document_private_items)]
• Include attribute and derive macros in search filters for "macros"
• Include extern crates in search filters for import
• Validate usage of crate-level doc attributes. This means if any of html_favicon_url, html_logo_url, html_playground_url, issue_tracker_base_url, or html_no_source either has a missing value, an unexpected value, or a value of the wrong type, rustdoc will emit the deny-by-default lint rustdoc::invalid_doc_attributes.

Compatibility Notes

• Introduce pin_v2 into the builtin attributes namespace
• Update bundled musl to 1.2.5
• On Emscripten, the unwinding ABI used when compiling with panic=unwind was changed from the JS exception handling ABI to the wasm exception handling ABI. If linking C/C++ object files with Rust objects, -fwasm-exceptions must be passed to the linker now. On nightly Rust, it is possible to get the old behavior with -Zwasm-emscripten-eh=false -Zbuild-std, but it will be removed in a future release.
• The #[test] attribute, used to define tests, was previously ignored in various places where it had no meaning (e.g on trait methods or types). Putting the #[test] attribute in these places is no longer ignored, and will now result in an error; this may also result in errors when generating rustdoc. Error when test attribute is applied to structs
• Cargo now sets the CARGO_CFG_DEBUG_ASSERTIONS environment variable in more situations. This will cause crates depending on static-init versions 1.0.1 to 1.0.3 to fail compilation with "failed to resolve: use of unresolved module or unlinked crate parking_lot". See the linked issue for details.
• User written types in the offset_of! macro are now checked to be well formed.
• cargo publish no longer emits .crate files as a final artifact for user access when the build.build-dir config is unset
• Upgrade the deref_nullptr lint from warn-by-default to deny-by-default
• Add future-incompatibility warning for ... function parameters without a pattern outside of extern blocks
• Introduce future-compatibility warning for repr(C) enums whose discriminant values do not fit into a c_int or c_uint
• Introduce future-compatibility warning against ignoring repr(C) types as part of repr(transparent)

astral-sh/uv (uv)

v0.10.2

Compare Source

Released on 2026-02-10.

Enhancements

• Deprecate unexpected ZIP compression methods (#​17946)

Bug fixes

• Fix cargo-install failing due to missing uv-test dependency (#​17954)

v0.10.1

Compare Source

Released on 2026-02-10.

Enhancements

• Don't panic on metadata read errors (#​17904)
• Skip empty workspace members instead of failing (#​17901)
• Don't fail creating a read-only sdist-vX/.git if it already exists (#​17825)

Documentation

• Suggest uv python update-shell over uv tool update-shell in Python docs (#​17941)

v0.10.0

Compare Source

Since we released uv 0.9.0 in October of 2025, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

This release also includes the stabilization of preview features. Python upgrades are now stable, including the uv python upgrade command, uv python install --upgrade, and automatically upgrading Python patch versions in virtual environments when a new version is installed. The add-bounds and extra-build-dependencies settings are now stable. Finally, the uv workspace dir and uv workspace list utilities for writing scripts against workspace members are now stable.

Breaking changes

• Require --clear to remove existing virtual environments in uv venv (#​17757)

  Previously, uv venv would prompt for confirmation before removing an existing virtual environment in interactive contexts, and remove it without confirmation in non-interactive contexts. Now, uv venv requires the --clear flag to remove an existing virtual environment. A warning for this change was added in uv 0.8.

  You can opt out of this behavior by passing the --clear flag or setting UV_VENV_CLEAR=1.

• Error if multiple indexes include default = true (#​17011)

  Previously, uv would silently accept multiple indexes with default = true and use the first one. Now, uv will error if multiple indexes are marked as the default.

  You cannot opt out of this behavior. Remove default = true from all but one index.

• Error when an explicit index is unnamed (#​17777)

  Explicit indexes can only be used via the [tool.uv.sources] table, which requires referencing the index by name. Previously, uv would silently accept unnamed explicit indexes, which could never be referenced. Now, uv will error if an explicit index does not have a name.

  You cannot opt out of this behavior. Add a name to the explicit index or remove the entry.

• Install alternative Python executables using their implementation name (#​17756, #​17760)

  Previously, uv python install would install PyPy, GraalPy, and Pyodide executables with names like python3.10 into the bin directory. Now, these executables will be named using their implementation name, e.g., pypy3.10, graalpy3.10, and pyodide3.12, to avoid conflicting with CPython installations.

  You cannot opt out of this behavior.

• Respect global Python version pins in uv tool run and uv tool install (#​14112)

  Previously, uv tool run and uv tool install did not respect the global Python version pin (set via uv python pin --global). Now, these commands will use the global Python version when no explicit version is requested.

  For uv tool install, if the tool is already installed, the Python version will not change unless --reinstall or --python is provided. If the tool was previously installed with an explicit --python flag, the global pin will not override it.

  You can opt out of this behavior by providing an explicit --python flag.

• Remove Debian Bookworm, Alpine 3.21, and Python 3.8 Docker images (#​17755)

  The Debian Bookworm and Alpine 3.21 images were replaced by Debian Trixie and Alpine 3.22 as defaults in uv 0.9. These older images are now removed. Python 3.8 images are also removed, as Python 3.8 is no longer supported in the Trixie or Alpine base images.

  The following image tags are no longer published:

  • uv:bookworm, uv:bookworm-slim
  • uv:alpine3.21
  • uv:python3.8-*

  Use uv:debian or uv:trixie instead of uv:bookworm, uv:alpine or uv:alpine3.22 instead of uv:alpine3.21, and a newer Python version instead of uv:python3.8-*.

• Drop PPC64 (big endian) builds (#​17626)

  uv no longer provides pre-built binaries for PPC64 (big endian). This platform appears to be largely unused and is only supported on a single manylinux version. PPC64LE (little endian) builds are unaffected.

  Building uv from source is still supported for this platform.

• Skip generating activate.csh for relocatable virtual environments (#​17759)

  Previously, uv venv --relocatable would generate an activate.csh script that contained hardcoded paths, making it incompatible with relocation. Now, the activate.csh script is not generated for relocatable virtual environments.

  You cannot opt out of this behavior.

• Require username when multiple credentials match a URL (#​16983)

  When using uv auth login to store credentials, you can register multiple username and password combinations for the same host. Previously, when uv needed to authenticate and multiple credentials matched the URL (e.g., when retrieving a token with uv auth token), uv would pick the first match. Now, uv will error instead.

  You cannot opt out of this behavior. Include the username in the request, e.g., uv auth token --username foo example.com.

• Avoid invalidating the lockfile versions after an exclude-newer change (#​17721)

  Previously, changing the exclude-newer setting would cause package versions to be upgraded, ignoring the lockfile entirely. Now, uv will only change package versions if they are no longer within the exclude-newer range.

  You can restore the previous behavior by using --upgrade or --upgrade-package to opt-in to package version changes.

• Upgrade uv format to Ruff 0.15.0 (#​17838)

  uv format now uses Ruff 0.15.0, which uses the 2026 style guide. See the blog post for details.

  The formatting of code is likely to change. You can opt out of this behavior by requesting an older Ruff version, e.g., uv format --version 0.14.14.

• Update uv crate test features to use test- as a prefix (#​17860)

  This change only affects redistributors of uv. The Cargo features used to gate test dependencies, e.g., pypi, have been renamed with a test- prefix for clarity, e.g., test-pypi.

Stabilizations

• uv python upgrade and uv python install --upgrade (#​17766)

  When installing Python versions, an intermediary directory without the patch version attached will be created, and virtual environments will be transparently upgraded to new patch versions.

  See the Python version documentation for more details.

• uv add --bounds and the add-bounds configuration option (#​17660)

  This does not come with any behavior changes. You will no longer see an experimental warning when using uv add --bounds or add-bounds in configuration.

• uv workspace list and uv workspace dir (#​17768)

  This does not come with any behavior changes. You will no longer see an experimental warning when using these commands.

• extra-build-dependencies (#​17767)

  This does not come with any behavior changes. You will no longer see an experimental warning when using extra-build-dependencies in configuration.

Enhancements

• Improve ABI tag error message phrasing (#​17878)
• Introduce a 10s connect timeout (#​17733)
• Allow using pyx.dev as a target in uv auth commands despite PYX_API_URL differing (#​17856)

Bug fixes

• Support all CPython ABI tag suffixes properly (#​17817)
• Add support for detecting PowerShell on Linux and macOS (#​17870)
• Retry timeout errors for streams (#​17875)

v0.9.30

Compare Source

Released on 2026-02-04.

Python

• Add CPython 3.14.3 and 3.13.12 (#​17849)

Enhancements

• Allow comma-separated values for --extra option (#​17525)
• Check all files during a dry-run publish instead of stopping at the first failure (#​17785)
• Clarify UV_HTTP_TIMEOUT error message (#​17493)

Preview features

• Use relocatable virtual environments by default (#​17770)

Bug fixes

• Fix deadlock on token refresh in uv publish when using pyx (#​17832)
• Ignore global Python pins when incompatible with project (#​15473)

v0.9.29

Compare Source

Released on 2026-02-03.

Python

• Update to Pyodide 0.29.3 (#​17730)

Enhancements

• Add wheel-tag-style aliases for manylinux platform names (#​17750)
• Hint on uv version --bump dev similar to pre-release bumps (#​17796)
• Improve display of RFC 9457 Problem Detail responses in uv publish server errors (#​17787)
• Improve the wording of publish errors during dry-run (#​17782)
• Set backoff to 10 retries (#​17816)
• Add properties to synthentic and project roots in Cyclone DX exports (#​17820)
• Identify the invidividual clients in uv publish trace logs (#​17784)

Preview features

• Remove special casing for base and default conda environment names (#​17758)

Bug fixes

• Fix PYTHONHOME inheritance when spawning different Python versions (#​17821)
• Fix wheel rejections on freethreading+debug builds (#​17812)
• Pad with zeros during comparisons in EqualStar and NotEqualStar operators (#​17751)
• Reject unknown field names in conflict declarations (#​17727)
• Fix panics in system-configuration in sandboxes (#​17829)

Documentation

• Update pip pre-release compatibility information (#​17788)

Security

• Hide a subset of environment variable values in --help (#​17745)

v0.9.28

Compare Source

Released on 2026-01-29.

Python

• Update CPython to use OpenSSL 3.5.5 which includes fixes for high severity CVEs (python-build-standalone#960)

Enhancements

• Add support for Pyodide interpreter on Windows (#​17658)
• Warn if multiple indexes include default = true (#​17713)
• Skip uploads when validation reports 'Already uploaded' (#​17412)

Configuration

• Add a reflink alias for the "clone" link mode (#​17724)

Bug fixes

• Ensure uv.exe exits when uvw.exe or uvx.exe is killed (#​17500)

v0.9.27

Compare Source

Released on 2026-01-26.

Python

• Upgrade Pyodide to 0.29.2 (#​17652)
• Upgrade to GraalPy 25.0.2 (#​17634)

Enhancements

• Add -t shortform for --target to uv pip subcommands (#​17501)
• Add support for ROCm 7.0 and 7.1 accelerator backends (#​17681)
• Further improve free-threading ABI incompatibility errors (#​17491)
• Implement uv pip freeze --exclude flag (#​17045)
• Improve warnings for --system and --no-system in uv venv (#​17647)
• Make uv pip compile attempt to download a specified --python-version if it can. (#​17249)
• Support Trusted Publishing with pyx (#​17438)
• Fix JSON schema for exclude-newer-package (#​17665)

Preview features

• Better detection for conflicting packages (#​17623)
• Upgrade based on outdated build versions in uv python upgrade (#​17653)

Bug fixes

• Change chocolatey system test to ensure uv uses the right python (#​17533)
• Fix infinite loop when SSL_CERT_FILE is a directory (#​17503)

Documentation

• Add cargo-xwin to the CONTRIBUTING guide (#​17507)
• Fix typo in the documentation of UV_PUBLISH_INDEX (#​17672)
• Move MSRV to platform support section (#​17534)
• Update the testing instructions in the CONTRIBUTING guide (#​17528)
• Use --locked to install cargo-xwin in guide (#​17530)
• Warn about PyPy being unmaintained (#​17643)
• docs: Correct gitlab-ci.yml to .gitlab-ci.yml (#​17682)

Other changes

• Update MSRV to 1.91 (#​17677)

---

Configuration

📅 Schedule: Branch creation - Between 03:00 AM and 03:59 AM, only on Friday ( * 3 * * 5 ) in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.