chore(deps): update all non-major dependencies to v0.9.25

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
astral-sh/uv	uses-with	patch	0.9.21 → 0.9.25
ghcr.io/astral-sh/uv	final	patch	0.9.21 → 0.9.25

---

Release Notes

astral-sh/uv (astral-sh/uv)

v0.9.25

Compare Source

Released on 2026-01-13.

Python

• Add CPython 3.15.0a4
• Upgrade Tcl/Tk used by CPython to 9.0

Enhancements

• Add --compile-bytecode to uv python install and uv python upgrade to compile the standard library (#​17088)
• Allow disabling exclude-newer per package (#​16854)
• Broadcast WM_SETTINGCHANGE on uv tool update-shell (#​17404)

Preview features

• Detect workspace from uv run target (#​17423)

Bug fixes

• Avoid unwrapping size for file responses (#​17434)
• Use keyring authentication when retrieving tool@latest version (#​17448)
• Use latest Pyodide version for each python version (#​17372)
• Improve trampoline file handle closing (#​17374)
• Fix error message when installing musl python on armv7 (#​17213)

v0.9.24

Compare Source

Released on 2026-01-09.

Bug fixes

• Fix handling of UV_NO_SYNC=1 uv run ... (#​17391)
• Rebuild dynamic distribution when version changes with --no-cache (#​17387)

Documentation

• Add Rust language classifier (#​17389)

v0.9.23

Compare Source

Released on 2026-01-09.

Enhancements

• Only write portable paths in RECORD files (#​17339)
• Support relative paths in UV_PYTHON_BIN_DIR and UV_TOOL_BIN_DIR (#​17367)

Preview features

• Enable uploads to S3 via pre-signed URLs (#​17349)

Configuration

• Allow setting proxy variables via global / user configuration (#​16918)
• Manually parse and reconcile Boolean environment variables (#​17321)

Bug fixes

• Avoid broken build artifacts on build failure (#​17276)
• Fix missing dependencies on synthetic root in SBOM export (#​17363)
• Recognize armv8l as an alias for armv7l in platform tag parsing (#​17384)
• Fix redaction of a URL in a middleware trace log (#​17346)

Documentation

• Add index.md suggestion to llms.txt (#​17362)
• Clarify that uv run uses inexact syncing by default (#​17366)

v0.9.22

Compare Source

Released on 2026-01-06.

Enhancements

• Use a dedicated error message when lockfile can't be found (#​17318)

Bug fixes

• Filter unusable wheels from the lockfile for more architectures (#​17317)
• Correctly count retries originating from early middleware errors (#​17274)

Documentation

• Clarify requirements file format in docs (#​17284)

---

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[claude]

Pull Request Review: Update uv to v0.9.25

Summary

This PR updates the uv package manager from version 0.9.21 to 0.9.25 across CI workflows and the Docker build configuration. This is an automated dependency update by Renovate.

Code Quality ✅

• Clean changes: The updates are surgical and focused, touching only version numbers in three locations
• Consistency: All references to uv are updated uniformly (GitHub Actions workflows and Dockerfile)
• Standard practice: Using specific version pins for build tools is a best practice for reproducibility

Changes Review

Files Modified:

1. .github/workflows/ci.yml - CI workflow uv version bump
2. .github/workflows/publish-client.yml - Client publishing workflow uv version bump
3. Dockerfile - Docker image base uv version bump

Version Update Analysis

The update from 0.9.21 → 0.9.25 includes several bug fixes and enhancements:

Notable improvements:

• v0.9.25: Added --compile-bytecode for Python installations, improved error handling for file responses, better keyring authentication for tools
• v0.9.24: Fixed UV_NO_SYNC=1 uv run handling and dynamic distribution rebuilding with --no-cache
• v0.9.23: Better handling of portable paths in RECORD files, relative path support for bin directories
• v0.9.22: Better lockfile error messages, improved wheel filtering for architectures

Potential Issues 🔍

None identified - This is a low-risk dependency update:

• All changes are patch-level increments (0.9.x series)
• No breaking changes in the release notes
• The updated features are additive and don't affect existing functionality
• Bug fixes align with stability improvements

Security Considerations ✅

• No security vulnerabilities noted in the release notes
• Official uv releases from astral-sh GitHub repository and ghcr.io registry
• Version pinning prevents supply chain drift

Testing Recommendations 📋

While this is a straightforward dependency update, verify:

1. ✅ CI pipeline completes successfully (linting + tests with coverage)
2. ✅ Docker builds succeed for all targets (development, production)
3. ✅ uv sync works correctly in the development environment
4. ✅ Container startup and application functionality remain intact

Performance Considerations ⚡

• Potential minor performance improvements from bug fixes in wheel filtering and file handling
• Compiled bytecode feature now available (though not yet used in this project)
• No negative performance impacts expected

Test Coverage 📊

• No test changes needed - this is purely a tooling update
• Existing CI tests will validate compatibility
• The CI workflow includes comprehensive checks: linting, tests with coverage, Docker container lifecycle

Recommendations 💡

Approve and merge - This is a safe, beneficial update with:

• Multiple bug fixes that improve reliability
• No breaking changes
• Consistent with the project's automerge policy for non-major dependency updates
• Renovate has properly configured automerge for this type of update

Optional future enhancement:
Consider leveraging the new --compile-bytecode flag in the Dockerfile for potential startup performance improvements:

ENV UV_COMPILE_BYTECODE=1  # Already present in Dockerfile:9

Good news: Your Dockerfile already sets this! The uv 0.9.25 update adds --compile-bytecode support for uv python install, which complements your existing configuration.

Conclusion ✅

LGTM - This is a well-structured automated dependency update that:

• Follows semantic versioning practices
• Includes multiple stability improvements
• Maintains consistency across all tooling references
• Poses minimal risk with clear benefits

The automerge configuration is appropriate for this type of update.