build(deps-dev): bump the uv-dependencies group with 2 updates

[dependabot]

Updates the requirements on poethepoet and uv-build to permit the latest version.
Updates poethepoet from 0.44.0 to 0.45.0

Release notes

Sourced from poethepoet's releases.

0.45.0

Enhancements

• Add support for forwarding free arguments via $POE_EXTRA_ARGS by @​timrid in nat-n/poethepoet#380

Fixes

• Handle cancelled tasks correctly by @​timrid in nat-n/poethepoet#378
• Preserve quotes in :+/:- operator arguments (#333) by @​nat-n in nat-n/poethepoet#377
• Handle ctrl+c attempt on windows if running bat/cmd scripts by @​NSPC911 in nat-n/poethepoet#382

New Contributors

• @​timrid made their first contribution in nat-n/poethepoet#378

Full Changelog: nat-n/poethepoet@v0.44.0...v0.45.0

Commits

• 244cf0b Bump version to 0.45.0
• 3a6c09a feat: support forwarding free arguments via $POE_EXTRA_ARGS (#380)
• a1edcda fix: preserve quotes in :+/:- operator arguments (#333) (#377)
• 3e60a85 fix: handle cancelled asyncio tasks correctly (#378)
• bbdd435 fix: handle ctrl+c attempt on windows if running bat/cmd scripts (#382)
• See full diff in compare view

Updates uv-build to 0.11.8

Release notes

Sourced from uv-build's releases.

0.11.8

Release Notes

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#19092)
• Fetch uv from Astral mirror during self-update (#18682)
• Support pip uninstall -y (#19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
• Only show the version number in uv self version --short (#19019)
• Silence warnings on empty SSL_CERT_DIR directory (#19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#19035)
• Add an environment variable for UV_NO_PROJECT (#19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#19088)
• Redact pre-signed upload URLs in verbose output (#19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
• Fix Python variant tagging in the Windows registry (#19012)
• Ban external symlinks in .tar.zst wheels (#19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#19030)
• Update PyTorch documentation for PyTorch 2.11 (#19095)

Install uv 0.11.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/uv/releases/download/0.11.8/uv-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from uv-build's changelog.

0.11.8

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#19092)
• Fetch uv from Astral mirror during self-update (#18682)
• Support pip uninstall -y (#19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
• Only show the version number in uv self version --short (#19019)
• Silence warnings on empty SSL_CERT_DIR directory (#19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#19035)
• Add an environment variable for UV_NO_PROJECT (#19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#19088)
• Redact pre-signed upload URLs in verbose output (#19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
• Fix Python variant tagging in the Windows registry (#19012)
• Ban external symlinks in .tar.zst wheels (#19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#19030)
• Update PyTorch documentation for PyTorch 2.11 (#19095)

0.11.7

Released on 2026-04-15.

Python

• Upgrade CPython build to 20260414 including an OpenSSL security upgrade (#19004)

Enhancements

... (truncated)

Commits

• 0e961dd Bump version to 0.11.8 (#19184)
• 3e9c333 Configure logging before globals (#19155)
• 84a3244 Redact pre-signed upload URLs in verbose output (#19146)
• 51448c2 Use a single codepath for extracting a .tar.zst wheel (#19144)
• 5f461d6 Allow scripts/build-trampolines.sh to try podman when it's available (#19134)
• dea9815 uv-build: fixup classifiers (#19130)
• 15118d7 Drop whoami dependency (#19132)
• 992be06 Add rust-toolchain.toml to uv-build sdist (#19131)
• d46a7b6 Fix pip_compile test (#19129)
• 282919c Share pylock.toml reading and resolution in pip commands (#19125)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions