chore(deps-dev): Update uv requirement from 0.9.28 to 0.10.0 (#1018)

Updates the requirements on [uv](https://github.com/astral-sh/uv) to
permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/uv/releases">uv's
releases</a>.</em></p>
<blockquote>
<h2>0.10.0</h2>
<h2>Release Notes</h2>
<p>Since we released uv <a
href="https://github.com/astral-sh/uv/releases/tag/0.9.0">0.9.0</a> in
October of 2025, we've accumulated various changes that improve
correctness and user experience, but could break some workflows. This
release contains those changes; many have been marked as breaking out of
an abundance of caution. We expect most users to be able to upgrade
without making changes.</p>
<p>This release also includes the stabilization of preview features.
Python upgrades are now stable, including the <code>uv python
upgrade</code> command, <code>uv python install --upgrade</code>, and
automatically upgrading Python patch versions in virtual environments
when a new version is installed. The <code>add-bounds</code> and
<code>extra-build-dependencies</code> settings are now stable. Finally,
the <code>uv workspace dir</code> and <code>uv workspace list</code>
utilities for writing scripts against workspace members are now
stable.</p>
<h3>Breaking changes</h3>
<ul>
<li>
<p><strong>Require <code>--clear</code> to remove existing virtual
environments in <code>uv venv</code></strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17757">#17757</a>)</p>
<p>Previously, <code>uv venv</code> would prompt for confirmation before
removing an existing virtual environment in interactive contexts, and
remove it without confirmation in non-interactive contexts. Now,
<code>uv venv</code> requires the <code>--clear</code> flag to remove an
existing virtual environment. A warning for this change was added in <a
href="https://github.com/astral-sh/uv/blob/main/changelogs/0.8.x.md#breaking-changes">uv
0.8</a>.</p>
<p>You can opt out of this behavior by passing the <code>--clear</code>
flag or setting <code>UV_VENV_CLEAR=1</code>.</p>
</li>
<li>
<p><strong>Error if multiple indexes include <code>default =
true</code></strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17011">#17011</a>)</p>
<p>Previously, uv would silently accept multiple indexes with
<code>default = true</code> and use the first one. Now, uv will error if
multiple indexes are marked as the default.</p>
<p>You cannot opt out of this behavior. Remove <code>default =
true</code> from all but one index.</p>
</li>
<li>
<p><strong>Error when an <code>explicit</code> index is unnamed</strong>
(<a
href="https://redirect.github.com/astral-sh/uv/pull/17777">#17777</a>)</p>
<p>Explicit indexes can only be used via the
<code>[tool.uv.sources]</code> table, which requires referencing the
index by name. Previously, uv would silently accept unnamed explicit
indexes, which could never be referenced. Now, uv will error if an
explicit index does not have a name.</p>
<p>You cannot opt out of this behavior. Add a <code>name</code> to the
explicit index or remove the entry.</p>
</li>
<li>
<p><strong>Install alternative Python executables using their
implementation name</strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17756">#17756</a>,
<a
href="https://redirect.github.com/astral-sh/uv/pull/17760">#17760</a>)</p>
<p>Previously, <code>uv python install</code> would install PyPy,
GraalPy, and Pyodide executables with names like <code>python3.10</code>
into the bin directory. Now, these executables will be named using their
implementation name, e.g., <code>pypy3.10</code>,
<code>graalpy3.10</code>, and <code>pyodide3.12</code>, to avoid
conflicting with CPython installations.</p>
<p>You cannot opt out of this behavior.</p>
</li>
<li>
<p><strong>Respect global Python version pins in <code>uv tool
run</code> and <code>uv tool install</code></strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/14112">#14112</a>)</p>
<p>Previously, <code>uv tool run</code> and <code>uv tool install</code>
did not respect the global Python version pin (set via <code>uv python
pin --global</code>). Now, these commands will use the global Python
version when no explicit version is requested.</p>
<p>For <code>uv tool install</code>, if the tool is already installed,
the Python version will not change unless <code>--reinstall</code> or
<code>--python</code> is provided. If the tool was previously installed
with an explicit <code>--python</code> flag, the global pin will not
override it.</p>
<p>You can opt out of this behavior by providing an explicit
<code>--python</code> flag.</p>
</li>
<li>
<p><strong>Remove Debian Bookworm, Alpine 3.21, and Python 3.8 Docker
images</strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17755">#17755</a>)</p>
<p>The Debian Bookworm and Alpine 3.21 images were replaced by Debian
Trixie and Alpine 3.22 as defaults in <a
href="https://redirect.github.com/astral-sh/uv/pull/15352">uv 0.9</a>.
These older images are now removed. Python 3.8 images are also removed,
as Python 3.8 is no longer supported in the Trixie or Alpine base
images.</p>
<p>The following image tags are no longer published:</p>
<ul>
<li><code>uv:bookworm</code>, <code>uv:bookworm-slim</code></li>
<li><code>uv:alpine3.21</code></li>
<li><code>uv:python3.8-*</code></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/astral-sh/uv/blob/main/CHANGELOG.md">uv's
changelog</a>.</em></p>
<blockquote>
<h2>0.10.0</h2>
<p>Since we released uv <a
href="https://github.com/astral-sh/uv/releases/tag/0.9.0">0.9.0</a> in
October of 2025, we've accumulated various changes that improve
correctness and user experience, but could break some workflows. This
release contains those changes; many have been marked as breaking out of
an abundance of caution. We expect most users to be able to upgrade
without making changes.</p>
<p>This release also includes the stabilization of preview features.
Python upgrades are now stable, including the <code>uv python
upgrade</code> command, <code>uv python install --upgrade</code>, and
automatically upgrading Python patch versions in virtual environments
when a new version is installed. The <code>add-bounds</code> and
<code>extra-build-dependencies</code> settings are now stable. Finally,
the <code>uv workspace dir</code> and <code>uv workspace list</code>
utilities for writing scripts against workspace members are now
stable.</p>
<p>There are no breaking changes to <a
href="https://docs.astral.sh/uv/concepts/build-backend/"><code>uv_build</code></a>.
If you have an upper bound in your <code>[build-system]</code> table,
you should update it, e.g., from <code>&lt;0.10.0</code> to
<code>&lt;0.11.0</code>.</p>
<h3>Breaking changes</h3>
<ul>
<li>
<p><strong>Require <code>--clear</code> to remove existing virtual
environments in <code>uv venv</code></strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17757">#17757</a>)</p>
<p>Previously, <code>uv venv</code> would prompt for confirmation before
removing an existing virtual environment in interactive contexts, and
remove it without confirmation in non-interactive contexts. Now,
<code>uv venv</code> requires the <code>--clear</code> flag to remove an
existing virtual environment. A warning for this change was added in <a
href="https://github.com/astral-sh/uv/blob/main/changelogs/0.8.x.md#breaking-changes">uv
0.8</a>.</p>
<p>You can opt out of this behavior by passing the <code>--clear</code>
flag or setting <code>UV_VENV_CLEAR=1</code>.</p>
</li>
<li>
<p><strong>Error if multiple indexes include <code>default =
true</code></strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17011">#17011</a>)</p>
<p>Previously, uv would silently accept multiple indexes with
<code>default = true</code> and use the first one. Now, uv will error if
multiple indexes are marked as the default.</p>
<p>You cannot opt out of this behavior. Remove <code>default =
true</code> from all but one index.</p>
</li>
<li>
<p><strong>Error when an <code>explicit</code> index is unnamed</strong>
(<a
href="https://redirect.github.com/astral-sh/uv/pull/17777">#17777</a>)</p>
<p>Explicit indexes can only be used via the
<code>[tool.uv.sources]</code> table, which requires referencing the
index by name. Previously, uv would silently accept unnamed explicit
indexes, which could never be referenced. Now, uv will error if an
explicit index does not have a name.</p>
<p>You cannot opt out of this behavior. Add a <code>name</code> to the
explicit index or remove the entry.</p>
</li>
<li>
<p><strong>Install alternative Python executables using their
implementation name</strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17756">#17756</a>,
<a
href="https://redirect.github.com/astral-sh/uv/pull/17760">#17760</a>)</p>
<p>Previously, <code>uv python install</code> would install PyPy,
GraalPy, and Pyodide executables with names like <code>python3.10</code>
into the bin directory. Now, these executables will be named using their
implementation name, e.g., <code>pypy3.10</code>,
<code>graalpy3.10</code>, and <code>pyodide3.12</code>, to avoid
conflicting with CPython installations.</p>
<p>You cannot opt out of this behavior.</p>
</li>
<li>
<p><strong>Respect global Python version pins in <code>uv tool
run</code> and <code>uv tool install</code></strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/14112">#14112</a>)</p>
<p>Previously, <code>uv tool run</code> and <code>uv tool install</code>
did not respect the global Python version pin (set via <code>uv python
pin --global</code>). Now, these commands will use the global Python
version when no explicit version is requested.</p>
<p>For <code>uv tool install</code>, if the tool is already installed,
the Python version will not change unless <code>--reinstall</code> or
<code>--python</code> is provided. If the tool was previously installed
with an explicit <code>--python</code> flag, the global pin will not
override it.</p>
<p>You can opt out of this behavior by providing an explicit
<code>--python</code> flag.</p>
</li>
<li>
<p><strong>Remove Debian Bookworm, Alpine 3.21, and Python 3.8 Docker
images</strong> (<a
href="https://redirect.github.com/astral-sh/uv/pull/17755">#17755</a>)</p>
<p>The Debian Bookworm and Alpine 3.21 images were replaced by Debian
Trixie and Alpine 3.22 as defaults in <a
href="https://redirect.github.com/astral-sh/uv/pull/15352">uv 0.9</a>.
These older images are now removed. Python 3.8 images are also removed,
as Python 3.8 is no longer supported in the Trixie or Alpine base
images.</p>
<p>The following image tags are no longer published:</p>
<ul>
<li><code>uv:bookworm</code>, <code>uv:bookworm-slim</code></li>
<li><code>uv:alpine3.21</code></li>
<li><code>uv:python3.8-*</code></li>
</ul>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/astral-sh/uv/commit/0ba432459aa4e84d793fd8cfc98d13cf619316bb"><code>0ba4324</code></a>
Bump version to 0.10.0 (<a
href="https://redirect.github.com/astral-sh/uv/issues/17882">#17882</a>)</li>
<li><a
href="https://github.com/astral-sh/uv/commit/d2ab2d02085fbf7e25a5f27d144b2d533654288d"><code>d2ab2d0</code></a>
Stabilize Python upgrades (<a
href="https://redirect.github.com/astral-sh/uv/issues/17766">#17766</a>)</li>
<li><a
href="https://github.com/astral-sh/uv/commit/f3d50129c669960b8753deb002f42cec096042e5"><code>f3d5012</code></a>
Update uv test features to use <code>test-</code> as a prefix (<a
href="https://redirect.github.com/astral-sh/uv/issues/17860">#17860</a>)</li>
<li><a
href="https://github.com/astral-sh/uv/commit/ba66db881497818f22115a8fa9a94642600f491f"><code>ba66db8</code></a>
Avoid invalidating the lockfile versions after an exclude newer change
(<a
href="https://redirect.github.com/astral-sh/uv/issues/17721">#17721</a>)</li>
<li><a
href="https://github.com/astral-sh/uv/commit/8ed16f16874ea8393c31014fa09ccbd29bd43ca1"><code>8ed16f1</code></a>
Bail when trying to attach ambiguous credentials instead of picking an
arbitr...</li>
<li><a
href="https://github.com/astral-sh/uv/commit/aaaad23c32dd1b951b7b59a942f7adf8bd956998"><code>aaaad23</code></a>
Bump the <code>uv format</code> ruff version to 0.15.0 (<a
href="https://redirect.github.com/astral-sh/uv/issues/17838">#17838</a>)</li>
<li><a
href="https://github.com/astral-sh/uv/commit/4ae86f9b0a5a5699732bd72d653684cd2e3336f9"><code>4ae86f9</code></a>
Respect global Python version pins in <code>uv tool run</code> and
<code>uv tool install</code> (<a
href="https://redirect.github.com/astral-sh/uv/issues/1">#1</a>...</li>
<li><a
href="https://github.com/astral-sh/uv/commit/3632202197fdd997e1ed59c5530c6e47e1a4228e"><code>3632202</code></a>
Require <code>--clear</code> to remove virtual environments (<a
href="https://redirect.github.com/astral-sh/uv/issues/17757">#17757</a>)</li>
<li><a
href="https://github.com/astral-sh/uv/commit/bd08ee3c4ed75bd2ad85fa8d25db9def80a58fc7"><code>bd08ee3</code></a>
Error when an <code>explicit</code> index is unnamed (<a
href="https://redirect.github.com/astral-sh/uv/issues/17777">#17777</a>)</li>
<li><a
href="https://github.com/astral-sh/uv/commit/3ba3fe355f6902bd327fecf0063e60b8a9d6cc39"><code>3ba3fe3</code></a>
Install Pyodide executables as <code>pyodide</code> instead of
<code>python</code> (<a
href="https://redirect.github.com/astral-sh/uv/issues/17760">#17760</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/astral-sh/uv/compare/0.9.28...0.10.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: dependabot[bot]

pyproject.toml

@@ -114,7 +114,7 @@ pip = ">=23.0"
 pipenv = ">=2023.11.5"
 poetry = "^1.7"
 pdm = "^2.11"
-uv = "0.9.28"  # keep pinned to exact version, until a v1.0.0 is released
+uv = "0.10.0"  # keep pinned to exact version, until a v1.0.0 is released