Bump uv from 0.2.23 to 0.2.27

[dependabot]

Bumps uv from 0.2.23 to 0.2.27.

Release notes

Sourced from uv's releases.

0.2.27

Release Notes

Enhancements

• Add GraalPy support (#5141)
• Add a --verify-hashes hash-checking mode (#4007)
• Discover all python3.x executables in the PATH (#5148)
• Support --link-mode=symlink (#5208)
• Warn about unconstrained direct deps in lowest resolution (#5142)
• Log origin of version selection (#5186)
• Key hash policy on version, rather than package (#5169)

CLI

• Make missing project table a tracing warning (#5194)
• Remove trailing period from user-facing messages (#5218)

Bug fixes

• Make entrypoint writes atomic to avoid overwriting symlinks (#5165)
• Use which-retrieved path directly when spawning pager (#5198)
• Don't apply irrelevant constraints when validating site-packages (#5321)
• Respect local versions for all user requirements (#5232)

Install uv 0.2.27

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/uv/releases/download/0.2.27/uv-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -c "irm https://github.com/astral-sh/uv/releases/download/0.2.27/uv-installer.ps1 | iex"

Download uv 0.2.27

File	Platform	Checksum
uv-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
uv-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
uv-i686-pc-windows-msvc.zip	x86 Windows	checksum
uv-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
uv-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
uv-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
uv-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum

... (truncated)

Changelog

Sourced from uv's changelog.

0.2.27

Enhancements

• Add GraalPy support (#5141)
• Add a --verify-hashes hash-checking mode (#4007)
• Discover all python3.x executables in the PATH (#5148)
• Support --link-mode=symlink (#5208)
• Warn about unconstrained direct deps in lowest resolution (#5142)
• Log origin of version selection (#5186)
• Key hash policy on version, rather than package (#5169)

CLI

• Make missing project table a tracing warning (#5194)
• Remove trailing period from user-facing messages (#5218)

Bug fixes

• Make entrypoint writes atomic to avoid overwriting symlinks (#5165)
• Use which-retrieved path directly when spawning pager (#5198)
• Don't apply irrelevant constraints when validating site-packages (#5231)
• Respect local versions for all user requirements (#5232)

0.2.26

CLI

• Add --no-progress global option to hide all progress animations (#5098)

Performance

• Cache downloaded wheel when range requests aren't supported (#5089)

Bug fixes

• Download wheel to disk when streaming unzip failed with HTTP streaming error (#5094)
• Filter out invalid wheels based on requires-python (#5084)
• Filter out none ABI wheels with mismatched Python versions (#5087)
• Lock Git cache on resolve (#5051)
• Change order of pip compile command checks to handle exact argument first (#5111)

Documentation

• Document that --universal implies --no-strip-markers (#5121)

0.2.25

Enhancements

... (truncated)

Commits

• 833097b Bump version to 0.2.27 (#5230)
• bb73edb Respect local versions for all user requirements (#5232)
• 92e1102 Downgrade to winsafe v0.0.19 (#5233)
• a253913 Don't apply irrelevant constraints when validating site-packages (#5231)
• 583a6e5 Write tools concept doc (#5207)
• 3ee3db2 Check python pin compatibility with Requires-Python (#4989)
• 7762d78 Add color to python pin CLI (#5215)
• 12dd450 Implement uv init (#4791)
• 2169902 Avoid TOCTOU errors in .python-version reads (#5223)
• ed9b820 Remove trailing period from user-facing messages (#5218)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #1461.