Bump uv from 0.11.15 to 0.11.16

[dependabot]

Bumps uv from 0.11.15 to 0.11.16.

Release notes

Sourced from uv's releases.

0.11.16

Release Notes

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#10072)
• Adjust hint rendering (#18090)

Preview features

• uv audit: specialize malformed OSV error (#19515)
• Reject locked malware installations (#18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

• Allow environment variables that take a list to be empty (#19503)
• Ensure that incompatible wheel hints do not leak secrets (#19504)
• Reject unsafe entry points in uv-build (#19495)
• Restrict delimiters in entry point parsing (#19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#19475)

Install uv 0.11.16

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/uv/releases/download/0.11.16/uv-installer.ps1 | iex"

Download uv 0.11.16

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.11.16

Released on 2026-05-21.

Enhancements

• Add support for direct archive dependencies in Git (#10072)
• Adjust hint rendering (#18090)

Preview features

• uv audit: specialize malformed OSV error (#19515)
• Reject locked malware installations (#18936)

Configuration

• Allow disabling reading the system config with UV_NO_SYSTEM_CONFIG (#19476)

Bug fixes

• Allow environment variables that take a list to be empty (#19503)
• Ensure that incompatible wheel hints do not leak secrets (#19504)
• Reject unsafe entry points in uv-build (#19495)
• Restrict delimiters in entry point parsing (#19471)
• uv-netrc: fix multi-word no-space comment lines causing parse errors (#19494)

Documentation

• Document and test relative exclude-newer support for uv pip (#19475)

Commits

• 135a363 Bump version to 0.11.16 (#19522)
• 3b5f994 Add a uv lock check to CI (#19524)
• 4ffb506 Improve crates.io new crate error message (#19523)
• 51ba989 Add support for direct archive dependencies in Git (#10072)
• c07a6ef Reject locked malware installations (#18936)
• 58a6734 Allow environment variables that take a list to be empty (#19503)
• c1477e2 Use UV_NO_SYSTEM_CONFIG in tests to avoid reading machine-global config (#1...
• 4648a0b uv audit: specialize malformed OSV error (#19515)
• e2375ab Test create_junction changes from #19402 (#19487)
• 547bf2f Avoid unwrapping from OnceMap (#19510)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)