Update charmcraft.yaml build tools (main)

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Update
pip (changelog)	25.1 -> 25.1.1					patch
poetry (changelog)	2.1.2 -> 2.1.3					patch
rust-lang/rust	1.86.0 -> 1.87.0					minor
uv (source, changelog)	0.6.17 -> 0.7.9					minor

---

Release Notes

pypa/pip (pip)

v25.1.1

Compare Source

python-poetry/poetry (poetry)

v2.1.3

Compare Source

Changed

• Require importlib-metadata<8.7 for Python 3.9 because of a breaking change in importlib-metadata 8.7 (#​10374).

Fixed

• Fix an issue where re-locking failed for incomplete multiple-constraints dependencies with explicit sources (#​10324).
• Fix an issue where the --directory option did not work if a plugin, which accesses the poetry instance during its activation, was installed (#​10352).
• Fix an issue where poetry env activate -v printed additional information to stdout instead of stderr so that the output could not be used as designed (#​10353).
• Fix an issue where the original error was not printed if building a git dependency failed (#​10366).
• Fix an issue where wheels for the wrong platform were installed in rare cases. (#​10361).

poetry-core (2.1.3)

• Fix an issue where the union of specific inverse or partially inverse markers was not simplified (#​858).
• Fix an issue where optional dependencies defined in the project section were treated as non-optional when a source was defined for them in the tool.poetry section (#​857).
• Fix an issue where markers with === were not parsed correctly (#​860).
• Fix an issue where local versions with upper case letters caused an error (#​859).
• Fix an issue where extra markers with a value starting with "in" were not validated correctly (#​862).

rust-lang/rust (rust-lang/rust)

v1.87.0

Compare Source

==========================

Language

• Stabilize asm_goto feature
• Allow parsing open beginning ranges (..EXPR) after unary operators !, -, and *.
• Don't require method impls for methods with Self: Sized bounds in impls for unsized types
• Stabilize feature(precise_capturing_in_traits) allowing use<...> bounds on return position impl Trait in traits

Compiler

• x86: make SSE2 required for i686 targets and use it to pass SIMD types

Platform Support

• Remove i586-pc-windows-msvc target

Refer to Rust's platform support page
for more information on Rust's tiered platform support.

Libraries

• Stabilize the anonymous pipe API
• Add support for unbounded left/right shift operations
• Print pointer metadata in Debug impl of raw pointers
• Vec::with_capacity guarantees it allocates with the amount requested, even if Vec::capacity returns a different number.
• Most std::arch intrinsics which don't take pointer arguments can now be called from safe code if the caller has the appropriate target features already enabled (https://github.com/rust-lang/stdarch/pull/1714, https://github.com/rust-lang/stdarch/pull/1716, https://github.com/rust-lang/stdarch/pull/1717)
• Undeprecate env::home_dir
• Denote ControlFlow as #[must_use]
• Macros such as assert_eq! and vec! now support const {...} expressions

Stabilized APIs

• Vec::extract_if
• vec::ExtractIf
• LinkedList::extract_if
• linked_list::ExtractIf
• <[T]>::split_off
• <[T]>::split_off_mut
• <[T]>::split_off_first
• <[T]>::split_off_first_mut
• <[T]>::split_off_last
• <[T]>::split_off_last_mut
• String::extend_from_within
• os_str::Display
• OsString::display
• OsStr::display
• io::pipe
• io::PipeReader
• io::PipeWriter
• impl From<PipeReader> for OwnedHandle
• impl From<PipeWriter> for OwnedHandle
• impl From<PipeReader> for Stdio
• impl From<PipeWriter> for Stdio
• impl From<PipeReader> for OwnedFd
• impl From<PipeWriter> for OwnedFd
• Box<MaybeUninit<T>>::write
• impl TryFrom<Vec<u8>> for String
• <*const T>::offset_from_unsigned
• <*const T>::byte_offset_from_unsigned
• <*mut T>::offset_from_unsigned
• <*mut T>::byte_offset_from_unsigned
• NonNull::offset_from_unsigned
• NonNull::byte_offset_from_unsigned
• <uN>::cast_signed
• NonZero::<uN>::cast_signed.
• <iN>::cast_unsigned.
• NonZero::<iN>::cast_unsigned.
• <uN>::is_multiple_of
• <uN>::unbounded_shl
• <uN>::unbounded_shr
• <iN>::unbounded_shl
• <iN>::unbounded_shr
• <iN>::midpoint
• <str>::from_utf8
• <str>::from_utf8_mut
• <str>::from_utf8_unchecked
• <str>::from_utf8_unchecked_mut

These previously stable APIs are now stable in const contexts:

• core::str::from_utf8_mut
• <[T]>::copy_from_slice
• SocketAddr::set_ip
• SocketAddr::set_port,
• SocketAddrV4::set_ip
• SocketAddrV4::set_port,
• SocketAddrV6::set_ip
• SocketAddrV6::set_port
• SocketAddrV6::set_flowinfo
• SocketAddrV6::set_scope_id
• char::is_digit
• char::is_whitespace
• <[[T; N]]>::as_flattened
• <[[T; N]]>::as_flattened_mut
• String::into_bytes
• String::as_str
• String::capacity
• String::as_bytes
• String::len
• String::is_empty
• String::as_mut_str
• String::as_mut_vec
• Vec::as_ptr
• Vec::as_slice
• Vec::capacity
• Vec::len
• Vec::is_empty
• Vec::as_mut_slice
• Vec::as_mut_ptr

Cargo

• Add terminal integration via ANSI OSC 9;4 sequences
• chore: bump openssl to v3
• feat(package): add --exclude-lockfile flag

Compatibility Notes

• Rust now raises an error for macro invocations inside the #![crate_name] attribute
• Unstable fields are now always considered to be inhabited
• Macro arguments of unary operators followed by open beginning ranges may now be matched differently
• Make Debug impl of raw pointers print metadata if present
• Warn against function pointers using unsupported ABI strings in dependencies
• Associated types on dyn types are no longer deduplicated
• Forbid attributes on .. inside of struct patterns (let Struct { #[attribute] .. }) =
• Make ptr_cast_add_auto_to_object lint into hard error
• Many std::arch intrinsics are now safe to call in some contexts, there may now be new unused_unsafe warnings in existing codebases.
• Limit width and precision formatting options to 16 bits on all targets
• Turn order dependent trait objects future incompat warning into a hard error
• Denote ControlFlow as #[must_use]
• Windows: The standard library no longer links advapi32, except on win7. Code such as C libraries that were relying on this assumption may need to explicitly link advapi32.
• Proc macros can no longer observe expanded cfg(true) attributes.
• Start changing the internal representation of pasted tokens. Certain invalid declarative macros that were previously accepted in obscure circumstances are now correctly rejected by the compiler. Use of a tt fragment specifier can often fix these macros.
• Don't allow flattened format_args in const.

Internal Changes

These changes do not affect any public interfaces of Rust, but they represent
significant improvements to the performance or internals of rustc and related
tools.

• Update to LLVM 20

astral-sh/uv (uv)

v0.7.9

Compare Source

Python

The changes reverted in 0.7.8 have been restored.

See the
python-build-standalone release notes
for more details.

Enhancements

• Improve obfuscation of credentials in URLs (#​13560)
• Allow running non-default Python implementations via uvx (#​13583)
• Add uvw as alias for uv without console window on Windows (#​11786)
• Allow discovery of x86-64 managed Python builds on macOS (#​13722)
• Differentiate between implicit vs explicit architecture requests (#​13723)
• Implement ordering for Python architectures to prefer native installations (#​13709)
• Only show the first match per platform (and architecture) by default in uv python list (#​13721)
• Write the path of the parent environment to an extends-environment key in the pyvenv.cfg file of an ephemeral environment (#​13598)
• Improve the error message when libc cannot be found, e.g., when using the distroless containers (#​13549)

Performance

• Avoid rendering info log level (#​13642)
• Improve performance of uv-python crate's manylinux submodule (#​11131)
• Optimize Version display (#​13643)
• Reduce number of reference-checks for uv cache clean (#​13669)

Bug fixes

• Avoid reinstalling dependency group members with --all-packages (#​13678)
• Don't fail direct URL hash checking with dependency metadata (#​13736)
• Exit early on self update if global --offline is set (#​13663)
• Fix cases where the uv lock is incorrectly marked as out of date (#​13635)
• Include pre-release versions in uv python install --reinstall (#​13645)
• Set LC_ALL=C for git when checking git worktree (#​13637)
• Avoid rejecting Windows paths for remote Python download JSON targets (#​13625)

Preview

• Add uv add --bounds to configure version constraints (#​12946)

Documentation

• Add documentation about Python versions to Tools concept page (#​7673)
• Add example of enabling Dependabot (#​13692)
• Fix exclude-newer date format for persistent configuration files (#​13706)
• Quote versions variables in GitLab documentation (#​13679)
• Update Dependabot support status (#​13690)
• Explicitly specify to add a new repo entry to the repos list item in the .pre-commit-config.yaml (#​10243)
• Add integration with marimo guide (#​13691)
• Add pronunciation to README (#​5336)

v0.7.8

Compare Source

Python

We are reverting most of our Python changes from uv 0.7.6 and uv 0.7.7 due to
a miscompilation that makes the Python interpreter behave incorrectly, resulting
in spurious type-errors involving str. This issue seems to be isolated to
x86_64 Linux, and affected at least Python 3.12, 3.13, and 3.14.

The following changes that were introduced in those versions of uv are temporarily
being reverted while we test and deploy a proper fix for the miscompilation:

• Add Python 3.14 on musl
• free-threaded Python on musl
• Add Python 3.14.0a7
• Statically link libpython into the interpreter on Linux for a significant performance boost

See the issue for details.

Documentation

• Remove misleading line in pin documentation (#​13611)

v0.7.7

Compare Source

Python

• Work around third-party packages that (incorrectly) assume the interpreter is dynamically linking libpython
• Allow the experimental JIT to be enabled at runtime on Python 3.13 and 3.14 on macOS on aarch64 aka Apple Silicon

See the
python-build-standalone release notes
for more details.

Bug fixes

• Make uv version lock and sync (#​13317)
• Fix references to ldd in diagnostics to correctly refer to ld.so (#​13552)

Documentation

• Clarify adding SSH Git dependencies (#​13534)

v0.7.6

Compare Source

Python

• Add Python 3.14 on musl
• Add free-threaded Python on musl
• Add Python 3.14.0a7
• Statically link libpython into the interpreter on Linux for a significant performance boost

See the
python-build-standalone release notes
for more details.

Enhancements

• Improve compatibility of VIRTUAL_ENV_PROMPT value (#​13501)
• Bump MSRV to 1.85 and Edition 2024 (#​13516)

Bug fixes

• Respect default extras in uv remove (#​13380)

Documentation

• Fix PowerShell code blocks (#​13511)

v0.7.5

Compare Source

Bug fixes

• Support case-sensitive module discovery in the build backend (#​13468)
• Bump Simple cache bucket to v16 (#​13498)
• Don't error when the script is too short for the buffer (#​13488)
• Add missing word in "script not supported" error (#​13483)

v0.7.4

Compare Source

Enhancements

• Add more context to external errors (#​13351)
• Align indentation of long arguments (#​13394)
• Preserve order of dependencies which are sorted naively (#​13334)
• Align progress bars by largest name length (#​13266)
• Reinstall local packages in uv add (#​13462)
• Rename --raw-sources to --raw (#​13348)
• Show 'Downgraded' when self update is used to install an older version (#​13340)
• Suggest uv self update if required uv version is newer (#​13305)
• Add 3.14 beta images to uv Docker images (#​13390)
• Add comma after "i.e." in Conda environment error (#​13423)
• Be more precise in unpinned packages warning (#​13426)
• Fix detection of sorted dependencies when include-group is used (#​13354)
• Fix display of HTTP responses in trace logs for retry of errors (#​13339)
• Log skip reasons during Python installation key interpreter match checks (#​13472)
• Redact credentials when displaying URLs (#​13333)

Bug fixes

• Avoid erroring on pylock.toml dependency entries (#​13384)
• Avoid panics for cannot-be-a-base URLs (#​13406)
• Ensure cached realm credentials are applied if no password is found for index URL (#​13463)
• Fix .tgz parsing to respect true extension (#​13382)
• Fix double self-dependency (#​13366)
• Reject pylock.toml in uv add -r (#​13421)
• Retain dot-separated wheel tags during cache prune (#​13379)
• Retain trailing comments after PEP 723 metadata block (#​13460)

Documentation

• Use "export" instead of "install" in uv export arguments (#​13430)
• Remove extra newline (#​13461)

Preview features

• Build backend: Normalize glob paths (#​13465)

v0.7.3

Compare Source

Enhancements

• Add --dry-run support to uv self update (#​9829)
• Add --show-with to uv tool list to list packages included by --with (#​13264)
• De-duplicate fetched index URLs (#​13205)
• Support more zip compression formats: bzip2, lzma, xz, zstd (#​13285)
• Add support for downloading GraalPy (#​13172)
• Improve error message when a virtual environment Python symlink is broken (#​12168)
• Use fs_err for paths in symlinking errors (#​13303)
• Minify and embed managed Python JSON at compile time (#​12967)

Preview features

• Build backend: Make preview default and add configuration docs (#​12804)
• Build backend: Allow escaping in globs (#​13313)
• Build backend: Make builds reproducible across operating systems (#​13171)

Configuration

• Add python-downloads-json-url option for uv.toml to configure custom Python installations via JSON URL (#​12974)

Bug fixes

• Check nested IO errors for retries (#​13260)
• Accept musllinux_1_0 as a valid platform tag (#​13289)
• Fix discovery of pre-release managed Python versions in range requests (#​13330)
• Respect locked script preferences in uv run --with (#​13283)
• Retry streaming downloads on broken pipe errors (#​13281)
• Treat already-installed base environment packages as preferences in uv run --with (#​13284)
• Avoid enumerating sources in errors for path Python requests (#​13335)
• Avoid re-creating virtual environment with --no-sync (#​13287)

Documentation

• Remove outdated description of index strategy (#​13326)
• Update "Viewing the version" docs (#​13241)

v0.7.2

Compare Source

Enhancements

• Improve trace log for retryable errors (#​13228)
• Use "error" instead of "warning" for self-update message (#​13229)
• Error when uv version is used with project-specific flags but no project is found (#​13203)

Bug fixes

• Fix incorrect virtual environment invalidation for pre-release Python versions (#​13234)
• Fix patching of clang in managed Python sysconfig (#​13237)
• Respect --project in uv version (#​13230)

v0.7.1

Compare Source

Enhancement

• Add support for BLAKE2b-256 (#​13204)

Bugfix

• Revert fix handling of authentication when encountering redirects (#​13215)

v0.7.0

Compare Source

This release contains various changes that improve correctness and user experience, but could break some workflows; many changes have been marked as breaking out of an abundance of caution. We expect most users to be able to upgrade without making changes.

Breaking changes

• Update uv version to display and update project versions (#​12349)

  Previously, uv version displayed uv's version. Now, uv version will display or update the project's version. This interface was heavily requested and, after much consideration, we decided that transitioning the top-level command was the best option.

  Here's a brief example:

  $ uv init example
  Initialized project `example` at `./example`
  $ cd example
  $ uv version
  example 0.1.0
  $ uv version --bump major
  example 0.1.0 => 1.0.0
  $ uv version --short
  1.0.0

  If used outside of a project, uv will fallback to showing its own version still:

  $ uv version
  warning: failed to read project: No `pyproject.toml` found in current directory or any parent directory
    running `uv self version` for compatibility with old `uv version` command.
    this fallback will be removed soon, pass `--preview` to make this an error.
  
  uv 0.7.0 (4433f41c9 2025-04-29)

  As described in the warning, --preview can be used to error instead:

  $ uv version --preview
  error: No `pyproject.toml` found in current directory or any parent directory

  The previous functionality of uv version was moved to uv self version.

• Avoid fallback to subsequent indexes on authentication failure (#​12805)

  When using the first-index strategy (the default), uv will stop searching indexes for a package once it is found on a single index. Previously, uv considered a package as "missing" from an index during authentication failures, such as an HTTP 401 or HTTP 403 (normally, missing packages are represented by an HTTP 404). This behavior was motivated by unusual responses from some package indexes, but reduces the safety of uv's index strategy when authentication fails. Now, uv will consider an authentication failure as a stop-point when searching for a package across indexes. The index.ignore-error-codes option can be used to recover the existing behavior, e.g.:

  [[tool.uv.index]]
  name = "pytorch"
  url = "https://download.pytorch.org/whl/cpu"
  ignore-error-codes = [401, 403]

  Since PyTorch's indexes always return a HTTP 403 for missing packages, uv special-cases indexes on the pytorch.org domain to ignore that error code by default.

• Require the command in uvx <name> to be available in the Python environment (#​11603)

  Previously, uvx would attempt to execute a command even if it was not provided by a Python package. For example, if we presume foo is an empty Python package which provides no command, uvx foo would invoke the foo command on the PATH (if present). Now, uv will error early if the foo executable is not provided by the requested Python package. This check is not enforced when --from is used, so patterns like uvx --from foo bash -c "..." are still valid. uv also still allows uvx foo where the foo executable is provided by a dependency of foo instead of foo itself, as this is fairly common for packages which depend on a dedicated package for their command-line interface.

• Use index URL instead of package URL for keyring credential lookups (#​12651)

  When determining credentials for querying a package URL, uv previously sent the full URL to the keyring command. However, some keyring plugins expect to receive the index URL (which is usually a parent of the package URL). Now, uv requests credentials for the index URL instead. This behavior matches pip.

• Remove --version from subcommands (#​13108)

  Previously, uv allowed the --version flag on arbitrary subcommands, e.g., uv run --version. However, the --version flag is useful for other operations since uv is a package manager. Consequently, we've removed the --version flag from subcommands — it is only available as uv --version.

• Omit Python 3.7 downloads from managed versions (#​13022)

  Python 3.7 is EOL and not formally supported by uv; however, Python 3.7 was previously available for download on a subset of platforms.

• Reject non-PEP 751 TOML files in install, compile, and export commands (#​13120, #​13119)

  Previously, uv treated arbitrary .toml files passed to commands (e.g., uv pip install -r foo.toml or uv pip compile -o foo.toml) as requirements.txt-formatted files. Now, uv will error instead. If using PEP 751 lockfiles, use the standardized format for custom names instead, e.g., pylock.foo.toml.

• Ignore arbitrary Python requests in version files (#​12909)

  uv allows arbitrary strings to be used for Python version requests, in which they are treated as an executable name to search for in the PATH. However, using this form of request in .python-version files is non-standard and conflicts with pyenv-virtualenv which writes environment names to .python-version files. In this release, uv will now ignore requests that are arbitrary strings when found in .python-version files.

• Error on unknown dependency object specifiers (12811)

  The [dependency-groups] entries can include "object specifiers", e.g. set-phasers-to = ... in:

  [dependency-groups]
  foo = ["pyparsing"]
  bar = [{set-phasers-to = "stun"}]

  However, the only current spec-compliant object specifier is include-group. Previously, uv would ignore unknown object specifiers. Now, uv will error.

• Make --frozen and --no-sources conflicting options (#​12671)

  Using --no-sources always requires a new resolution and --frozen will always fail when used with it. Now, this conflict is encoded in the CLI options for clarity.

• Treat empty UV_PYTHON_INSTALL_DIR and UV_TOOL_DIR as unset (#​12907, #​12905)

  Previously, these variables were treated as set to the current working directory when set to an empty string. Now, uv will ignore these variables when empty. This matches uv's behavior for other environment variables which configure directories.

Enhancements

• Disallow mixing requirements across PyTorch indexes (#​13179)
• Add optional managed Python archive download cache (#​12175)
• Add poetry-core as a uv init build backend option (#​12781)
• Show tag hints when failing to find a compatible wheel in pylock.toml (#​13136)
• Report Python versions in pyvenv.cfg version mismatch (#​13027)

Bug fixes

• Avoid erroring on omitted wheel-only packages in pylock.toml (#​13132)
• Fix display name for uvx --version (#​13109)
• Restore handling of authentication when encountering redirects (#​13050)
• Respect build options (--no-binary et al) in pylock.toml (#​13134)
• Use upload-time rather than upload_time in uv.lock (#​13176)

Documentation

• Changed fish completions append >> to overwrite > (#​13130)
• Add pylock.toml mentions where relevant (#​13115)
• Add ROCm example to the PyTorch guide (#​13200)
• Upgrade PyTorch guide to CUDA 12.8 and PyTorch 2.7 (#​13199)

---

Configuration

📅 Schedule: Branch creation - Between 01:00 AM and 05:59 AM, only on Tuesday ( * 1-5 * * 2 ) in timezone Etc/UTC, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.76%. Comparing base (f72c974) to head (e98e867).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #871   +/-   ##
=======================================
  Coverage   71.76%   71.76%           
=======================================
  Files          16       16           
  Lines        4102     4102           
  Branches      617      617           
=======================================
  Hits         2944     2944           
  Misses        964      964           
  Partials      194      194           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.