chore(deps): update dependency astral-sh/uv to v0.11.21

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
astral-sh/uv	uses-with	patch	0.11.19 → 0.11.21

---

Release Notes

astral-sh/uv (astral-sh/uv)

v0.11.21

Compare Source

Released on 2026-06-11.

Python

• Add CPython 3.13.14 and 3.14.6 (#​19787)

Preview features

• Add environment.root to uv workspace metadata --sync (#​19760)
• Allow uv upgrade to update a single dependency constraint (#​19738)
• Compute and pass uv workspace metadata payload in ty check (#​19763)
• Make packaged applications the default for uv init (#​17841)

Performance

• Add parallel discovery of Python versions for uv python list (#​18684)
• Avoid normalizing source distribution names twice (#​19784)

Bug fixes

• Improve cache robustness and pruning behavior
  • Allow CI cache pruning without an sdist bucket (#​19802)
  • Avoid overflow when reading malformed cache entries (#​19799)
  • Preserve cached Python downloads during cache pruning (#​19795)
  • Reject running inside the cache (#​19659)
• Fix Python discovery and version request edge cases
  • Avoid panics for Unicode Python version requests (#​19797)
  • Fix handling of non-critical errors in uv python list with path requests (#​19774)
  • Fix stop-discovery-at regression (#​19769)
• Harden parsing and validation for package metadata, requirements, markers, URLs, and conflict sets
  • Allow trailing commas in version specifiers (#​19806)
  • Avoid panics for invalid UTF-8 URL credentials (#​19800)
  • Avoid panics for malformed source distribution filenames (#​19776)
  • Avoid panics for trailing extra separators (#​19779)
  • Avoid stack overflow for recursive requirements path aliases (#​19777)
  • Ignore reversed string compatible-release markers (#​19782)
  • Reject duplicate entries in conflict sets (#​19801)
  • Reject malformed hash options in requirements files (#​19783)
  • Reject source distribution filenames without a separator (#​19803)
  • Use UTF-8 lengths for requirement errors (#​19781)
  • Use UTF-8 lengths for trailing marker errors (#​19796)
  • Use byte offsets when peeking over requirements (#​19780)
  • Validate GraalPy ABI suffixes (#​19805)
• Improve wheel entry-point error handling and virtual environment activation quoting
  • Propagate errors when reading wheel entry points (#​19794)
  • Quote virtual environment activation paths with shell metacharacters (#​19798)

v0.11.20

Compare Source

Released on 2026-06-10.

Enhancements

• Add --emit-index-url and --emit-find-links to uv export (#​18370)
• Add --find-links support for uv pip list (#​16103)
• Group executable install errors during uv python install (#​19691)
• Use ICF in macOS release builds to reduce binary sizes (#​19615)

Preview features

• Add initial hidden uv upgrade command (#​19678)
• Reject Git revisions in uv upgrade (#​19742)

Configuration

• Recognize UV_NO_INSTALL_PROJECT, UV_NO_INSTALL_WORKSPACE, UV_NO_INSTALL_LOCAL (#​19323)

Performance

• Speed up discovery of large workspaces (#​18311)

Bug fixes

• Allow unknown preview flags with a warning again (#​19669)
• Apply dependency exclusions to direct requirements (#​19699)
• Avoid following external symlinks during cache clean (#​19682)
• Avoid following symlinks during cache prune (#​19543)
• Fix Git cache keys for worktrees and packed refs (#​19706)
• Make resolver error handling iterative to avoid stack overflows (#​19695)
• Pass VIRTUAL_ENV through cygpath inside fish on Windows (#​19703)
• Rebuild explicit local directory tool installs (#​19591)
• Validate egg top-level entries as identifiers (#​19679)

Documentation

• Document --find-links caching behavior (#​19585)
• Add a small section for malware checks (#​19680)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • Only on Saturday (* * * * 6)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 88.58%. Comparing base (0f6de3a) to head (c638b41).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3905      +/-   ##
==========================================
+ Coverage   88.55%   88.58%   +0.02%     
==========================================
  Files          71       71              
  Lines       10944    10944              
  Branches      961      961              
==========================================
+ Hits         9692     9695       +3     
+ Misses        923      920       -3     
  Partials      329      329              

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.